This fixes registry endpoints to return the proper `application/json`
content-type for JSON content, also updating spec examples for that.
As per IETF specification and IANA registry [0], the `application/json`
type is a binary media, so the content-type label does not need any
text-charset selector. Additionally, the media type definition
explicitly states that it has no required nor optional parameters,
which makes the current registry headers non-compliant.
[0]: https://www.iana.org/assignments/media-types/application/json
Signed-off-by: Luca Bruno <lucab@debian.org>
This is done by draining the connections for configured time after registry receives a SIGTERM signal.
This adds a `draintimeout` setting under `HTTP`. Registry doesn't drain
if draintimeout is not provided.
Signed-off-by: Manish Tomar <manish.tomar@docker.com>
I thought about this while setting this up, and then found this guide (I was setting it up without the guide first.)
The potential security implications are important, so I think we should mention them here on this web page. (We could even go further by outright _warning_ people about this, but perhaps letting people know about it so they can make an informed decision is a better way to go. This can be perfectly fine for certain intranet scenarios.)
at the first iteration, only the following metrics are collected:
- HTTP metrics of each API endpoint
- cache counter for request/hit/miss
- histogram of storage actions, including:
GetContent, PutContent, Stat, List, Move, and Delete
Signed-off-by: tifayuki <tifayuki@gmail.com>
This adds a configuration setting `HTTP.TLS.LetsEncrypt.Hosts` which can
be set to a list of hosts that the registry will whitelist for retrieving
certificates from Let's Encrypt. HTTPS connections with SNI hostnames
that are not whitelisted will be closed with an "unknown host" error.
It is required to avoid lots of unsuccessful registrations attempts that
are triggered by malicious clients connecting with bogus SNI hostnames.
NOTE: Due to a bug in the deprecated vendored rsc.io/letsencrypt library
clearing the host list requires deleting or editing of the cachefile to
reset the hosts list to null.
Signed-off-by: Felix Buenemann <felix.buenemann@gmail.com>
* Reword lots of instances of 'will'
* Reword lots of instances of won't
* Reword lots of instances of we'll
* Eradicate you'll
* Eradicate 'be able to' type of phrases
* Eradicate 'unable to' type of phrases
* Eradicate 'has / have to' type of phrases
* Eradicate 'note that' type of phrases
* Eradicate 'in order to' type of phrases
* Redirect to official Chef and Puppet docs
* Eradicate gratuitous 'please'
* Reduce use of e.g.
* Reduce use of i.e.
* Reduce use of N.B.
* Get rid of 'sexagesimal' and correct some errors
* Improve Cloudfront notes regarding private buckets
* Point to CloudFront docs
This is better than outlining the steps specifically. The API steps will be different and the specific parts of the web UI may change over time. Amazon's docs are more likely to be up to date.
Using a daemon configuration file is preferred over
using command-line flags, as it allows reloading
this configuration without restarting the
daemon.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
If htpasswd authentication option is configured but the htpasswd file is
missing, populate it with a default user and automatically generated
password.
The password will be printed to stdout.
Signed-off-by: Liron Levin <liron@twistlock.com>
As the `--label` option is used before in `docker node update --label-add registry=true node1`, the Docker registry should be restricted to only run on `node1` - and nowhere else. So the `docker service create` command has to use the option `--constraint 'node.labels.registry==true` instead of `--label registry=true`- because it is a contraint, where to run the Registry - we don´t just want to set a label again.
* for all links to , changed to full path
Signed-off-by: Victoria Bialas <victoria.bialas@docker.com>
* fixed link in Swarm Tutorial per review comments
Signed-off-by: Victoria Bialas <victoria.bialas@docker.com>
* Reorganize registry deployment guide
Also add information about pushing non-distributable
layers to private registries
Also add an example of running a registry as a swarm service
* Add instructions to remove also proxy_set_header Host
Add instructions to remove also proxy_set_header Host when using ELB.
In my case I only had commented out X-Real-IP, X-Forwarded-For, X-Forwarded-Proto, but not Host, and I was getting lots of retrys in Docker. Commenting the proxy_set_header Host fixed the issue, as recommended in https://github.com/moby/moby/issues/16949
* Update fedora.md
add warning class to blogquote
* Update linux-postinstall.md
add warning class to blogquote
* Update ubuntu.md
add warning class to blogquote
* Update https.md
add warning class to blogquote
* Update swarm_manager_locking.md
add warning class to blogquote
* Update dockerlinks.md
add warning class to blogquote
* Update deploying.md
add warning class to blogquote
* Update deploying.md
add warning class to blogquote
* Update insecure.md
add warning class to blogquote
* Update discovery.md
add warning class to blogquote
* Update dockerd.yaml
add warning class to blogquote
* Update docker_secret_rm.yaml
add warning class to blogquote
* Update docker_service_rm.yaml
add warning class to blogquote
* Update docker_secret_rm.yaml
add warning class to blogquote
* Update scale-your-cluster.md
add warning class to blogquote
* Update resource_constraints.md
add warning class to blogquote
* Update binaries.md
add warning class to blogquote
* Update content_trust.md
add warning class to blogquote
* Update secrets.md
add warning class to blogquote
* Update index.md
add warning class to blogquote
* Update install-sandbox-2.md
add warning class to blogquote
* Update docker-toolbox.md
add warning class to blogquote
* Update index.md
add warning class to blogquote
* Update centos.md
add warning class to blogquote
* Update debian.md
add warning class to blogquote
* Update faqs.md
add linebreak after Looking for popular FAQs on Docker for Windows?
* Update install.md
add linebreake after **Already have Docker for Windows?**
* Revert "Update dockerd.yaml"
This reverts commit 3a98eb86f700ade8941483546c33f69a9dab8ac3.
* Revert "Update docker_secret_rm.yaml"
This reverts commit 5dc1e75f37033932486c11287052b7d64bf83e55.
* Revert "Update docker_service_rm.yaml"
This reverts commit a983380a5625b471f1a03f8ed2301ead72f98f1b.
* Revert "Update docker_secret_rm.yaml"
This reverts commit 4c454b883c300e26fbb056b954bb49ec2933b172.