From b588970105270e1de92b2f6e272904be9f155b74 Mon Sep 17 00:00:00 2001 From: Lenny Linux Date: Tue, 25 Apr 2017 13:33:27 -0500 Subject: [PATCH] add warning class and a linebreake to the warning blogquote (#2937) * Update fedora.md add warning class to blogquote * Update linux-postinstall.md add warning class to blogquote * Update ubuntu.md add warning class to blogquote * Update https.md add warning class to blogquote * Update swarm_manager_locking.md add warning class to blogquote * Update dockerlinks.md add warning class to blogquote * Update deploying.md add warning class to blogquote * Update deploying.md add warning class to blogquote * Update insecure.md add warning class to blogquote * Update discovery.md add warning class to blogquote * Update dockerd.yaml add warning class to blogquote * Update docker_secret_rm.yaml add warning class to blogquote * Update docker_service_rm.yaml add warning class to blogquote * Update docker_secret_rm.yaml add warning class to blogquote * Update scale-your-cluster.md add warning class to blogquote * Update resource_constraints.md add warning class to blogquote * Update binaries.md add warning class to blogquote * Update content_trust.md add warning class to blogquote * Update secrets.md add warning class to blogquote * Update index.md add warning class to blogquote * Update install-sandbox-2.md add warning class to blogquote * Update docker-toolbox.md add warning class to blogquote * Update index.md add warning class to blogquote * Update centos.md add warning class to blogquote * Update debian.md add warning class to blogquote * Update faqs.md add linebreak after Looking for popular FAQs on Docker for Windows? * Update install.md add linebreake after **Already have Docker for Windows?** * Revert "Update dockerd.yaml" This reverts commit 3a98eb86f700ade8941483546c33f69a9dab8ac3. * Revert "Update docker_secret_rm.yaml" This reverts commit 5dc1e75f37033932486c11287052b7d64bf83e55. * Revert "Update docker_service_rm.yaml" This reverts commit a983380a5625b471f1a03f8ed2301ead72f98f1b. * Revert "Update docker_secret_rm.yaml" This reverts commit 4c454b883c300e26fbb056b954bb49ec2933b172. --- docs/deploying.md | 10 +++++++--- docs/insecure.md | 8 ++++++-- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/docs/deploying.md b/docs/deploying.md index 163f74efd..4f68661d3 100644 --- a/docs/deploying.md +++ b/docs/deploying.md @@ -147,7 +147,9 @@ Except for registries running on secure local networks, registries should always The simplest way to achieve access restriction is through basic authentication (this is very similar to other web servers' basic authentication mechanism). -> **Warning**: You **cannot** use authentication with an insecure registry. You have to [configure TLS first](deploying.md#running-a-domain-registry) for this to work. +> **Warning**: +> You **cannot** use authentication with an insecure registry. You have to [configure TLS first](deploying.md#running-a-domain-registry) for this to work. +{:.warning} First create a password file with one entry for the user "testuser", with password "testpassword": @@ -212,7 +214,9 @@ registry: - /path/auth:/auth ``` -> **Warning**: replace `/path` by whatever directory that holds your `certs` and `auth` folder from above. +> **Warning**: +> replace `/path` by whatever directory that holds your `certs` and `auth` folder from above. +{:.warning} You can then start your registry with a simple @@ -227,4 +231,4 @@ You will find more specific and advanced information in the following sections: - [Advanced "recipes"](recipes/index.md) - [Registry API](spec/api.md) - [Storage driver model](storage-drivers/index.md) - - [Token authentication](spec/auth/token.md) \ No newline at end of file + - [Token authentication](spec/auth/token.md) diff --git a/docs/insecure.md b/docs/insecure.md index 2f8e19a6b..e629d4b57 100644 --- a/docs/insecure.md +++ b/docs/insecure.md @@ -13,7 +13,9 @@ configuration. ## Deploying a plain HTTP registry -> **Warning**: it's not possible to use an insecure registry with basic authentication. +> **Warning**: +> it's not possible to use an insecure registry with basic authentication. +{:.warning} This basically tells Docker to entirely disregard security for your registry. While this is relatively easy to configure the daemon in this way, it is @@ -44,7 +46,9 @@ environment. ## Using self-signed certificates -> **Warning**: using this along with basic authentication requires to **also** trust the certificate into the OS cert store for some versions of docker (see below) +> **Warning**: +> using this along with basic authentication requires to **also** trust the certificate into the OS cert store for some versions of docker (see below) +{:.warning} This is more secure than the insecure registry solution. You must configure every docker daemon that wants to access your registry