Merge pull request #6912 from perlun/patch-1

nginx.md: Add note about potential security isues
This commit is contained in:
L-Hudson 2019-01-23 15:17:53 -05:00 committed by GitHub
commit 3aa9c1e8f8

View file

@ -38,6 +38,11 @@ you want through the secondary authentication mechanism implemented inside your
proxy, it also requires that you move TLS termination from the Registry to the proxy, it also requires that you move TLS termination from the Registry to the
proxy itself. proxy itself.
> ***NOTE:*** Docker does not recommend binding your registry to `localhost:5000` without
> authentication. This creates a potential loophole in your Docker Registry security.
> As a result, anyone who can log on to the server where your Docker Registry is running
> can push images without authentication.
Furthermore, introducing an extra http layer in your communication pipeline Furthermore, introducing an extra http layer in your communication pipeline
makes it more complex to deploy, maintain, and debug. Make sure the extra makes it more complex to deploy, maintain, and debug. Make sure the extra
complexity is required. complexity is required.