Commit graph

426 commits

Author SHA1 Message Date
Felix Bünemann
4ecb17cc4c registry: support whitelisting letsencrypt hosts
This adds a configuration setting `HTTP.TLS.LetsEncrypt.Hosts` which can
be set to a list of hosts that the registry will whitelist for retrieving
certificates from Let's Encrypt. HTTPS connections with SNI hostnames
that are not whitelisted will be closed with an "unknown host" error.
It is required to avoid lots of unsuccessful registrations attempts that
are triggered by malicious clients connecting with bogus SNI hostnames.

NOTE: Due to a bug in the deprecated vendored rsc.io/letsencrypt library
clearing the host list requires deleting or editing of the cachefile to
reset the hosts list to null.

Signed-off-by: Felix Buenemann <felix.buenemann@gmail.com>
2018-02-01 21:16:58 +01:00
Derek McGowan
f411848591
Merge pull request #2447 from tifayuki/cloudfront-s3-filter
add s3 region filters for cloudfront
2017-12-07 10:04:35 -08:00
tifayuki
e8ecc6dc55 add s3 region filters for cloudfront
Signed-off-by: tifayuki <tifayuki@gmail.com>
2017-12-01 15:58:58 -08:00
Misty Stanley-Jones
fda42e5ef9 Fix keyword format for downstream docs
Signed-off-by: Misty Stanley-Jones <misty@docker.com>
2017-10-24 15:26:28 -07:00
Jon Johnson
3d7803ec8c Fix typo in api spec
Signed-off-by: Jon Johnson <jonjohnson@google.com>
2017-07-28 10:13:32 -07:00
Stephen Day
cb851f6598 Merge pull request #2345 from mstanleyjones/put-back-image
Put back v2-registry-auth.png
2017-07-24 15:01:48 -07:00
Misty Stanley-Jones
1d95716792 Put back v2-registry-auth.png
Signed-off-by: Misty Stanley-Jones <misty@docker.com>
2017-07-24 14:27:16 -07:00
Stephen J Day
5e5156afa3
api: url typo in specification
Signed-off-by: Stephen J Day <stephen.day@docker.com>
2017-07-18 14:48:55 -07:00
Ina Panova
5ccd03d28a Fixing image manifest schema2 medaitype typo in docs.
Signed-off-by: Ina Panova <ipanova@redhat.com>
2017-06-23 12:25:52 +02:00
Misty Stanley-Jones
b0f98e9382 Put architecture.md back into distribution repo
Signed-off-by: Misty Stanley-Jones <misty@docker.com>
2017-05-23 11:24:11 -07:00
Derek McGowan
ce936a8591 Merge pull request #2262 from m-masataka/add_description_of_timeout
DOC:configuration.md: Change description of interval.
2017-05-05 11:45:43 -07:00
Masataka Mizukoshi
7d8dab5fdc DOC:configuration.md: Change description of interval.
Signed-off-by: Masataka Mizukoshi <m.mizukoshi.wakuwaku@gmail.com>
2017-05-04 19:14:29 +00:00
Luis Lobo Borobia
212f47c318
Fixed #htpasswd link
Fixed #htpasswd link

Signed-off-by: Luis Lobo Borobia <luislobo@gmail.com>
2017-05-03 23:19:44 -05:00
Masataka Mizukoshi
05ac637aec DOC:configuration.md: Change description of interval.
Signed-off-by: Masataka Mizukoshi <m.mizukoshi.wakuwaku@gmail.com>
2017-05-01 09:28:32 +00:00
Misty Stanley-Jones
6ee03f5da7 Improve formatting of configuration.md
Signed-off-by: Misty Stanley-Jones <misty@docker.com>
2016-12-29 11:32:31 -08:00
Joao Fernandes
a24f2a6d78 Format configuration.md with code fences to avoid render issues
Signed-off-by: Joao Fernandes <joao.fernandes@docker.com>
2016-12-15 14:35:24 -08:00
Antonio Murdaca
0fb25dd094
registry/handles/app: always append default urls regexps
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-05 20:28:51 +01:00
Misty Stanley-Jones
8e703afdc6 Fix doubled words
Signed-off-by: Misty Stanley-Jones <misty@docker.com>
2016-11-28 11:29:11 -08:00
Derek McGowan
8d096a4f42 Merge pull request #1969 from TrumanLing/master
api.md:fix disordered placement of section "Deleting a Layer"
2016-11-23 13:59:17 -08:00
Derek McGowan
e10634f8c3
Update scope specification for resource class
Update grammar to support a resource class. Add
example for plugin repository class.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-11-21 13:32:12 -08:00
Derek McGowan
9cc7c94e4e Merge pull request #2052 from RichardScothern/fix-links
Fix storage driver links
2016-11-11 09:05:44 -08:00
Richard Scothern
09b2d06d5d Fix storage driver links
Signed-off-by: Richard Scothern <richard.scothern@docker.com>
2016-11-10 14:28:28 -08:00
Victor Vieux
b82a2efc33 switch to v1 and remove .image
Signed-off-by: Victor Vieux <vieux@docker.com>
2016-11-10 11:39:15 -08:00
LingFaKe
0c42a73b70 api.md/api.md.tmpl:format wrong style of section "Deleting a Layer"
Signed-off-by: Ling FaKe <lingfake@huawei.com>
2016-10-19 09:07:13 +08:00
Derek McGowan
4dd19db95b Merge pull request #2007 from qar/fix/docs
Fix documentation typo
2016-10-17 11:40:35 -07:00
Qiao Anran
3d703a0b82
Fix documentation typo
Signed-off-by: Qiao Anran <qiaoanran@gmail.com>
2016-10-17 14:58:29 +08:00
Misty Stanley-Jones
f180e9a934 Convert Markdown frontmatter to YAML
Some frontmatter such as the weights, menu stuff, etc is no longer used
'draft=true' becomes 'published: false'

Signed-off-by: Misty Stanley-Jones <misty@docker.com>
2016-10-14 15:59:19 -07:00
Misty Stanley-Jones
3ac8dea66a Add back configuration.md and add clarification to README.md
Signed-off-by: Misty Stanley-Jones <misty@docker.com>
2016-10-13 11:49:49 -07:00
John Mulhausen
da8bcbb302 Remove old documentation source, add README on migration
Signed-off-by: John Mulhausen <john@docker.com>
2016-10-13 11:49:17 -07:00
Richard Scothern
99cb7c0946 Merge pull request #1973 from dmcgowan/clarify-oauth-docs
Add note about implementation of oauth2
2016-09-26 16:28:29 -07:00
Derek McGowan
f193270c89
Add note about implementation of oauth2
Reading the oauth2 token documentation is misleading as it makes
no mention of it being a newer feature which may not be supported
by the token server. Add a note mentioning if it is not supported
to refer to the token documentation for getting a token.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-09-26 15:39:00 -07:00
Richard Scothern
cfad4321c1 Merge pull request #1957 from nwt/notification-filtering
Add notification filtering by target media type
2016-09-19 10:41:03 -07:00
Noah Treuhaft
ad6bb66faf Add notification filtering by target media type
The Hub registry generates a large volume of notifications, many of
which are uninteresting based on target media type.  Discarding them
within the notification endpoint consumes considerable resources that
could be saved by discarding them within the registry.  To that end,
this change adds registry configuration options to restrict the
notifications sent to an endpoint based on target media type.

Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
2016-09-16 12:01:03 -07:00
Noah Treuhaft
4034ff65f0 Add configuration option to disable access logging
Access logging is great.  Access logging you can turn off is even
better.  This change adds a configuration option for that.

Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
2016-09-14 14:33:30 -07:00
Richard Scothern
49c1a62cb2 Merge pull request #1940 from dmcgowan/lets-encrypt-port-note
Add note about required let's encrypt port
2016-09-01 16:13:18 -07:00
Derek McGowan
279c02a3ce
Add note about required let's encrypt port
Let's Encrypt uses tls-sni to validate the certificate
on the standard https port 443. If the registry is
outwardly listening on a different port Let's Encrypt
will not issue a certificate.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-09-01 15:11:44 -07:00
Fabio Berchtold
7dcac52f18 Add v2 signature signing to S3 storage driver (#1800)
* Add v2 signature signing to S3 storage driver

Closes #1796
Closes #1606

Signed-off-by: Fabio Berchtold <fabio.berchtold@swisscom.com>

* use Logrus for debug logging

Signed-off-by: Fabio Berchtold <fabio.berchtold@swisscom.com>

* use 'date' instead of 'x-amz-date' in request header

Signed-off-by: Fabio Berchtold <fabio.berchtold@swisscom.com>

* only allow v4 signature signing against AWS S3

Signed-off-by: Fabio Berchtold <fabio.berchtold@swisscom.com>
2016-09-01 13:52:40 -07:00
Stephen J Day
6bcdb38b92
spec/manifest: clarify relationship between urls and foreign layers
Previously, the specificiation incorrectly bound the fates of `urls` and
foreign layers. These are complementary but unrelated features, in that
the `urls` field may be populated for layers that aren't foreign. The
type of the layer only dictates the push behavior of the layer, rather
than involving where it came from.

For example, one may pull a foreign layer from a registry, but they may
not push it back to another registry. Conversely, a layer that has no
restrictions on push/pull behavior may be fetched via `urls` entries.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
2016-08-29 18:34:55 -07:00
Randy Barlow
63b2e74b46
Fix an erroneous comma in documentation JSON.
Signed-off-by: Randy Barlow <randy@electronsweatshop.com>
2016-08-23 13:39:24 -04:00
Ben Bodenmiller
1f248a80a6 improve command formatting
Signed-off-by: Ben Bodenmiller <bbodenmiller@hotmail.com>
2016-08-19 02:33:02 -07:00
Richard Scothern
010e063270 Merge pull request #1906 from nwt/s3-multipart-copy
Use multipart upload API in S3 Move method
2016-08-17 15:22:32 -07:00
Richard Scothern
c4297ef9da Merge pull request #1839 from adamvduke/adamvduke/allow-http2-registry-clients
Allow registry clients to connect via http2
2016-08-16 11:48:06 -07:00
Noah Treuhaft
63468ef4a8 Use multipart upload API in S3 Move method
This change to the S3 Move method uses S3's multipart upload API to copy
objects whose size exceeds a threshold.  Parts are copied concurrently.
The level of concurrency, part size, and threshold are all configurable
with reasonable defaults.

Using the multipart upload API has two benefits.

* The S3 Move method can now handle objects over 5 GB, fixing #886.

* Moving most objects, and espectially large ones, is faster.  For
  example, moving a 1 GB object averaged 30 seconds but now averages 10.

Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
2016-08-16 10:53:24 -07:00
Stefan Majewsky
a7c6bfd59f [swift] support different user-domain and tenant-domain
This is already supported by ncw/swift, so we just need to pass the
parameters from the storage driver.

Signed-off-by: Stefan Majewsky <stefan.majewsky@sap.com>
2016-08-15 11:21:42 +02:00
Adam Duke
ac009c86f1 Allow registry clients to connect via http2
Http2 will be enabled by default and can be disabled with a configuration option.

Signed-off-by: Adam Duke <adam.v.duke@gmail.com>
2016-08-13 22:07:42 -04:00
Frank Chen
87917f3052 Add 'objectAcl' Option to the S3 Storage Backend (#1867)
* Add Object ACL Support to the S3 Storage Backend

Signed-off-by: Frank Chen <frankchn@gmail.com>

* Made changes per @RichardScothern's comments

Signed-off-by: Frank Chen <frankchn@gmail.com>

* Fix Typos

Signed-off-by: Frank Chen <frankchn@gmail.com>
2016-07-27 12:26:57 -07:00
Richard Scothern
2b72dd3927 Merge pull request #1829 from nwt/foreign-layer-host-whitelist
Add a foreign layer URL host whitelist
2016-07-21 16:02:20 -07:00
Noah Treuhaft
61e5803b56 Add control over validation of URLs in pushed manifests
Until we have some experience hosting foreign layer manifests, the Hub
operators wish to limit foreign layers on Hub. To that end, this change
adds registry configuration options to restrict the URLs that may appear
in pushed manifests.

Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
2016-07-19 14:38:42 -07:00
Aaron Lehmann
b0099004e2 Document TOOMANYREQUESTS error code
Add entries with this error code in registry/api/v2/descriptors.go.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-07-12 12:18:54 -06:00
Sven Dowideit
a1c1349eac Stop hugo from making the example URL into a link
Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>
2016-06-27 10:15:26 +10:00