forked from TrueCloudLab/distribution
Update insecure.md (#4318)
This commit is contained in:
parent
e98a162c62
commit
3ae7d9ca65
1 changed files with 7 additions and 7 deletions
|
@ -9,10 +9,10 @@ issued by a known CA, you can choose to use self-signed certificates, or use
|
||||||
your registry over an unencrypted HTTP connection. Either of these choices
|
your registry over an unencrypted HTTP connection. Either of these choices
|
||||||
involves security trade-offs and additional configuration steps.
|
involves security trade-offs and additional configuration steps.
|
||||||
|
|
||||||
## Deploying a plain HTTP registry
|
## Deploy a plain HTTP registry
|
||||||
|
|
||||||
> **Warning**:
|
> **Warning**:
|
||||||
> it's not possible to use an insecure registry with basic authentication.
|
> It's not possible to use an insecure registry with basic authentication.
|
||||||
{:.warning}
|
{:.warning}
|
||||||
|
|
||||||
This procedure configures Docker to entirely disregard security for your
|
This procedure configures Docker to entirely disregard security for your
|
||||||
|
@ -51,10 +51,10 @@ isolated testing or in a tightly controlled, air-gapped environment.
|
||||||
Repeat these steps on every Engine host that wants to access your registry.
|
Repeat these steps on every Engine host that wants to access your registry.
|
||||||
|
|
||||||
|
|
||||||
## Using self-signed certificates
|
## Use self-signed certificates
|
||||||
|
|
||||||
> **Warning**:
|
> **Warning**:
|
||||||
> using this along with basic authentication requires to **also** trust the certificate into the OS cert store for some versions of docker (see below)
|
> Using this along with basic authentication requires to **also** trust the certificate into the OS cert store for some versions of docker (see below)
|
||||||
{:.warning}
|
{:.warning}
|
||||||
|
|
||||||
This is more secure than the insecure registry solution.
|
This is more secure than the insecure registry solution.
|
||||||
|
@ -71,7 +71,7 @@ This is more secure than the insecure registry solution.
|
||||||
|
|
||||||
Be sure to use the name `myregistrydomain.com` as a CN.
|
Be sure to use the name `myregistrydomain.com` as a CN.
|
||||||
|
|
||||||
2. Use the result to [start your registry with TLS enabled](./deploying.md#get-a-certificate)
|
2. Use the result to [start your registry with TLS enabled](./deploying.md#get-a-certificate).
|
||||||
|
|
||||||
3. Instruct every Docker daemon to trust that certificate. The way to do this
|
3. Instruct every Docker daemon to trust that certificate. The way to do this
|
||||||
depends on your OS.
|
depends on your OS.
|
||||||
|
@ -103,7 +103,7 @@ This is more secure than the insecure registry solution.
|
||||||
Restart Docker.
|
Restart Docker.
|
||||||
|
|
||||||
|
|
||||||
## Troubleshooting insecure registry
|
## Troubleshoot insecure registry
|
||||||
|
|
||||||
This sections lists some common failures and how to recover from them.
|
This sections lists some common failures and how to recover from them.
|
||||||
|
|
||||||
|
@ -160,6 +160,6 @@ Then, select the following options:
|
||||||
* Click **Browser**, and select **Trusted Root Certificate Authorities**
|
* Click **Browser**, and select **Trusted Root Certificate Authorities**
|
||||||
* Click **Finish**
|
* Click **Finish**
|
||||||
|
|
||||||
[Learn more about managing TLS certificates](https://technet.microsoft.com/en-us/library/cc754841(v=ws.11).aspx#BKMK_addlocal)
|
[Learn more about managing TLS certificates](https://technet.microsoft.com/en-us/library/cc754841(v=ws.11).aspx#BKMK_addlocal).
|
||||||
|
|
||||||
After adding the CA certificate to Windows, restart Docker for Windows.
|
After adding the CA certificate to Windows, restart Docker for Windows.
|
||||||
|
|
Loading…
Reference in a new issue