* Add instructions to remove also proxy_set_header Host
Add instructions to remove also proxy_set_header Host when using ELB.
In my case I only had commented out X-Real-IP, X-Forwarded-For, X-Forwarded-Proto, but not Host, and I was getting lots of retrys in Docker. Commenting the proxy_set_header Host fixed the issue, as recommended in https://github.com/moby/moby/issues/16949
* Update fedora.md
add warning class to blogquote
* Update linux-postinstall.md
add warning class to blogquote
* Update ubuntu.md
add warning class to blogquote
* Update https.md
add warning class to blogquote
* Update swarm_manager_locking.md
add warning class to blogquote
* Update dockerlinks.md
add warning class to blogquote
* Update deploying.md
add warning class to blogquote
* Update deploying.md
add warning class to blogquote
* Update insecure.md
add warning class to blogquote
* Update discovery.md
add warning class to blogquote
* Update dockerd.yaml
add warning class to blogquote
* Update docker_secret_rm.yaml
add warning class to blogquote
* Update docker_service_rm.yaml
add warning class to blogquote
* Update docker_secret_rm.yaml
add warning class to blogquote
* Update scale-your-cluster.md
add warning class to blogquote
* Update resource_constraints.md
add warning class to blogquote
* Update binaries.md
add warning class to blogquote
* Update content_trust.md
add warning class to blogquote
* Update secrets.md
add warning class to blogquote
* Update index.md
add warning class to blogquote
* Update install-sandbox-2.md
add warning class to blogquote
* Update docker-toolbox.md
add warning class to blogquote
* Update index.md
add warning class to blogquote
* Update centos.md
add warning class to blogquote
* Update debian.md
add warning class to blogquote
* Update faqs.md
add linebreak after Looking for popular FAQs on Docker for Windows?
* Update install.md
add linebreake after **Already have Docker for Windows?**
* Revert "Update dockerd.yaml"
This reverts commit 3a98eb86f700ade8941483546c33f69a9dab8ac3.
* Revert "Update docker_secret_rm.yaml"
This reverts commit 5dc1e75f37033932486c11287052b7d64bf83e55.
* Revert "Update docker_service_rm.yaml"
This reverts commit a983380a5625b471f1a03f8ed2301ead72f98f1b.
* Revert "Update docker_secret_rm.yaml"
This reverts commit 4c454b883c300e26fbb056b954bb49ec2933b172.
* First pass of tabs-based organization
* Improvements
* Second pass at tabs org
* Move tab highlighting to Liquid instead of JS
* Adding forwarding links for in-product TOCs
* Move to pre-rendered left-navs instead of post-load JS for TOC sync
* Optimizations and nosync-ing the Reference section
* Optimizations, fix Cloud YAML
* Make a "Sample applications" node
* Update index.md
* Tabs CSS fixes and 12-factor reposition
* Theme Start (#1709)
* Hooking up nav to real TOC data, formatting fixes
* Fixing JS error
* Layout updates, dark themes, tons o stuff (#1971)
* Add cookie saving for day/night mode
* Newsite tabs (#2004)
* Layout updates, dark themes, tons o stuff
* Update themes
Theme updates + scaffolding
* Update style.css
* Update style-alt.css
* Missing font fixes
* Import Open Sans from Google
* Font fix, archive removal in TOC, favicon, Feedback img fix
* Oops, returning -webkit-font-smoothing: antialiased;
* Add old favicon.ico
* Make archives a non-tiered link
* Reorder docs archive to newest-first, add local instructions
* Commenting out day/night switch for now
* Fix 'rate this page'
* Rate this page fixes
* Autocomplete and Docker Cloud fixes
* Open tree to current page
* Adding indentation for nav collapse in
* Ensure left nav visibly displays the current topic
* Update flex layout
- adjust rescale
- code block styles
* add focus to search
- force code block color (for now)
- increase section max-width
* increase content padding
- add padding to toc for wrapping long strings.
* grid adjustment
- grid
- content and wrapper adjustments for mobile
* left/right sidebar adjustments
- refine position on scroll for toc on landing
- add default height to compensate for upcoming position absolute
onScroll
* side bar overflow
- hidden on X-scroll
* fix version button
- override bstrap defaults
* tabs + buttons
* update landing svgs
* fix sidebar height
set to 100% on landing pre-affix
* Update blurb about engine/editions on front page
* add side menu to mobile collapse menu
* update classnames
* overall mobile tweaks
* Right-nav highlighting and auto-scroll
* Slightly slower right-nav highlighting, correct version
* add toggle menus for small devices
* Fixing JS error/Docker 1.13>17.03
* header updates
* re-add fan to header
* update transition time
* Add first 20 words to Twitter card
* fixed width of components
- lockdown elements on rescale (wil need more TLC)
* set max-width of content
* Left and right nav resizing w/footer scroll and window resize
* update links on landing page
* Fix for overzealous resizing, JS redundancies
* Fix for JS error on homepage
* JS error fixes
* toggle adjustments
- wrap toggle button
* add tab width
* version button type
* version button both headers
* tabs - fix typo
* landing page grid
* components
* Share images, JS fixes, Marketo removal
* Anchor links fix
* Fix for black space on mobile
* Restore hamburger (partial)
* Update run.md
Minor grammar cleanup.
* Update apparmor.md
I'm a little confused about which one is better to be used here, a period (.) or a colon (:), as a command is given below. Or both are OK, and we only have to keep consistency in a single page.
* Update apparmor.md
Fixed the indentation for the codeblock (indented by 4 spaces). Thank you for your careful review.
* Replacing service with secret
* Update networking.md
fix typo with triple "m" for command word
* Update run.md
Address PR feedback.
* Update install instructions to latest version
* Added "related topics" section
* Add documentation for mem_swappiness
* Update to new Docker version scheme (#1926)
* mem_swappiness for current version and v1
* merge other changes, fix typo
* There is no OpenSuSE and there never was
though we had SuSE and S.u.S.E.
* Add release notes for 1.12.6-cs9 (#2028)
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
* need sudo to access key cache (#1931)
* need sudo to access key cache
* List other keyservers to try for cs-engine install (#2033)
* List other keyservers to try for cs-engine install
Sometimes ha.pool.sks-keyservers.net goes down, so let's provide some
other keyservers to try in such cases.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
* Update work_issue.md (#2030)
Change "re-start" to "restart". Though not included in "Prefered usages" in the documentation guide, but I think "restart" is better and used more frequently. Besides, some other docs here, such as "Keep containers alive during daemon downtime" of "Admin Guide", also use "restart".
* Update create_pr.md (#2015)
* Update work_issue.md (#2013)
Change "id" to "ID" except for those in code.
* Update set_up_dev.md (#2011)
Add periods (.) in some steps.
* Update set_up_dev.md (#2010)
Apply Oxford Comma as described in the documentation guide.
* Update create_pr.md (#2014)
Delete an extra space.
* Update trust_key_mng.md (#1883)
* Update trust_key_mng.md
* Update trust_key_mng.md
I don‘t know how the whitespace appears, and it seems that it appears because something happened related to its original format (right-aligned pipe characters) and my change. Still unknown.
Now I've deleted some redundant whitespace.
* Update
I don‘t know how the whitespace appears, and it seems that it appears because something happened related to its original format (right-aligned pipe characters) and my change. Still unknown.
Now I've deleted some redundant whitespace.
* Update content_trust.md (#1912)
* Update content_trust.md
* update deprecation policy
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
* Update info about how to check whether Docker is running
* Updated docs to reflect edge channel
Signed-off-by: French Ben <frenchben@docker.com>
* Updated wording for SP creation
Signed-off-by: French Ben <frenchben@docker.com>
* beta to edge, cloud features first draft
added cloud images
Signed-off-by: Victoria Bialas <victoria.bialas@docker.com>
* Distinguish between cloud stack file and stack file
* Added EE links
Signed-off-by: French Ben <frenchben@docker.com>
* Use variables
Signed-off-by: French Ben <frenchben@docker.com>
* Replace deprecated MAINTAINER with LABEL (#1445)
Replace MAINTAINER instruction with LABEL as MAINTAINER was deprecated in https://github.com/docker/docker/pull/25466
* Updates for Docker CE and Docker EE
* Updated DDC launch button
Signed-off-by: French Ben <frenchben@docker.com>
* added Docker Cloud topics for Mac and Windows
Signed-off-by: Victoria Bialas <victoria.bialas@docker.com>
* d4mac, d4win stable and beta release notes for 17.03.0
Signed-off-by: Victoria Bialas <victoria.bialas@docker.com>
Only append "additional" Docker-Distribution-Api-Version header in case
none were received from upstream.
Signed-off-by: forkbomber <forkbomber@users.noreply.github.com>
Update grammar to support a resource class. Add
example for plugin repository class.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Apple has changed their branding guidelines from 'OS X' to 'macOS'
so we should update ours to be within trademark / branding
guidelines. See http://www.apple.com/macos/sierra/
Signed-off-by: Misty Stanley-Jones <misty@docker.com>
Some frontmatter such as the weights, menu stuff, etc is no longer used
'draft=true' becomes 'published: false'
Signed-off-by: Misty Stanley-Jones <misty@docker.com>
Reading the oauth2 token documentation is misleading as it makes
no mention of it being a newer feature which may not be supported
by the token server. Add a note mentioning if it is not supported
to refer to the token documentation for getting a token.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
The Hub registry generates a large volume of notifications, many of
which are uninteresting based on target media type. Discarding them
within the notification endpoint consumes considerable resources that
could be saved by discarding them within the registry. To that end,
this change adds registry configuration options to restrict the
notifications sent to an endpoint based on target media type.
Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
Access logging is great. Access logging you can turn off is even
better. This change adds a configuration option for that.
Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
Let's Encrypt uses tls-sni to validate the certificate
on the standard https port 443. If the registry is
outwardly listening on a different port Let's Encrypt
will not issue a certificate.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Previously, the specificiation incorrectly bound the fates of `urls` and
foreign layers. These are complementary but unrelated features, in that
the `urls` field may be populated for layers that aren't foreign. The
type of the layer only dictates the push behavior of the layer, rather
than involving where it came from.
For example, one may pull a foreign layer from a registry, but they may
not push it back to another registry. Conversely, a layer that has no
restrictions on push/pull behavior may be fetched via `urls` entries.
Signed-off-by: Stephen J Day <stephen.day@docker.com>
This change to the S3 Move method uses S3's multipart upload API to copy
objects whose size exceeds a threshold. Parts are copied concurrently.
The level of concurrency, part size, and threshold are all configurable
with reasonable defaults.
Using the multipart upload API has two benefits.
* The S3 Move method can now handle objects over 5 GB, fixing #886.
* Moving most objects, and espectially large ones, is faster. For
example, moving a 1 GB object averaged 30 seconds but now averages 10.
Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
This is already supported by ncw/swift, so we just need to pass the
parameters from the storage driver.
Signed-off-by: Stefan Majewsky <stefan.majewsky@sap.com>
* Add Object ACL Support to the S3 Storage Backend
Signed-off-by: Frank Chen <frankchn@gmail.com>
* Made changes per @RichardScothern's comments
Signed-off-by: Frank Chen <frankchn@gmail.com>
* Fix Typos
Signed-off-by: Frank Chen <frankchn@gmail.com>
This adds the `--live-restore` option to the documentation.
Also synched usage description in the documentation
with the actual description, and re-phrased some
flag descriptions to be a bit more consistent.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 64a8317a5a306dffd0ec080d9ec5b4ceb2479a01)
Signed-off-by: Tibor Vass <tibor@docker.com>
Updates the v1 search endpoint to also support v2 auth when an identity token is given.
Only search v1 endpoint is supported since there is not v2 search currently defined to replace it.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
(cherry picked from commit 19d48f0b8ba59eea9f2cac4ad1c7977712a6b7ac)
Signed-off-by: Tibor Vass <tibor@docker.com>
Until we have some experience hosting foreign layer manifests, the Hub
operators wish to limit foreign layers on Hub. To that end, this change
adds registry configuration options to restrict the URLs that may appear
in pushed manifests.
Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
This fix tries to fix logrus formatting by removing `f` from
`logrus.[Error|Warn|Debug|Fatal|Panic|Info]f` when formatting string
is not present.
This fix fixes#23459.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
In Go's header parsing, the same header multiple times results in multiple entries in the `r.Header[...]` slice, but Go does no further parsing beyond that (and in https://golang.org/cl/4528086 it was determined that until/unless the stdlib itself needs it, Go will not do so).
The consequence here for parsing of `Accept:` headers is that we support the way Go outputs headers, but not all language HTTP libraries have a facility to output multiple headers instead of a single list header.
This change ensures that the following (valid) header blocks all parse to the same result for the purposes of what is being tested here:
```
Accept: a/b
Accept: b/c
Accept: d/e
```
```
Accept: a/b; q=0.5, b/c
Accept: d/e
```
```
Accept: a/b; q=0.1, b/c; q=0.2, d/e; q=0.8
```
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
The client may need the content digest to delete a manifest using the digest used by the registry.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
This fix tries to address the issue raised in #23055.
Currently `docker search` result caps at 25 and there is
no way to allow getting more results (if exist).
This fix adds the flag `--limit` so that it is possible
to return more results from the `docker search`.
Related documentation has been updated.
Additional tests have been added to cover the changes.
This fix fixes#23055.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Go will fail to parse the examples since an int is expected rather than a string for the "expires in" value
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
This lets us access registry config within middleware for additional
configuration of whatever it is that you're overriding.
Signed-off-by: Tony Holdstock-Brown <tony@docker.com>
… and refactor a little bit some daemon on the way.
- Move `SearchRegistryForImages` to a new file (`daemon/search.go`) as
`daemon.go` is getting pretty big.
- `registry.Service` is now an interface (allowing us to decouple it a
little bit and thus unit test easily).
- Add some unit test for `SearchRegistryForImages`.
- Use UniqueExactMatch for search filters
- And use empty restore id for now in client.ContainerStart.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
go1.5 doesn't export http.StatusTooManyRequests while
go1.6 does. Fix this by hardcoding the status code for now.
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
This commit refactors base.regulator into the 2.4 interfaces and adds a
filesystem configuration option `maxthreads` to configure the regulator.
By default `maxthreads` is set to 100. This means the FS driver is
limited to 100 concurrent blocking file operations. Any subsequent
operations will block in Go until previous filesystem operations
complete.
This ensures that the registry can never open thousands of simultaneous
threads from os filesystem operations.
Note that `maxthreads` can never be less than 25.
Add test case covering parsable string maxthreads
Signed-off-by: Tony Holdstock-Brown <tony@docker.com>
subsequent close.
When a blob upload is cancelled close the blobwriter before removing
upload state to ensure old hashstates don't persist.
Signed-off-by: Richard Scothern <richard.scothern@docker.com>
It's easily possible for a flood of requests to trigger thousands of
concurrent file accesses on the storage driver. Each file I/O call creates
a new OS thread that is not reaped by the Golang runtime. By limiting it
to only 100 at a time we can effectively bound the number of OS threads
in use by the storage driver.
Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
Signed-off-by: Tony Holdstock-Brown <tony@docker.com>
Use sockets.DialerFromEnvironment, as is done in other places,
to transparently support SOCKS proxy config from ALL_PROXY
environment variable.
Requires the *engine* have the ALL_PROXY env var set, which
doesn't seem ideal. Maybe it should be a CLI option somehow?
Only tested with push and a v2 registry so far. I'm happy to look
further into testing more broadly, but I wanted to get feedback on
the general idea first.
Signed-off-by: Brett Higgins <brhiggins@arbor.net>
This fix tries to address the issue in #22244 where the remote
API `/auth` will not set the default value of `serveraddress`
if not provided. This behavior happens after only in 1.11.0
and is a regression as in 1.10.3 `serveraddress` will be assigned
with `IndexServer` if no value is provided.
The default value `IndexServer` is assigned to `serveraddress` if
no value provided in this fix.
An integration test `TestAuthApi` has been added to cover this change
This fix fixes#22244.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Not just when Commit()ing the result. This fixes some errors I observed
when the layer (i.e. the DLO) is Stat()ed immediately after closing,
and reports the wrong file size because the container listing is not
yet up-to-date.
Signed-off-by: Stefan Majewsky <stefan.majewsky@sap.com>
The kid value can have an arbitrary format according JOSE specification, but Docker distribution expects a specific format (libtrust fingerprint) to work. This is not written in the documentation so far and is only mentioned in the libtrust source code itself.
Signed-off-by: Fabio Huser <fabio@fh1.ch>
Add link to the official list of $GOOS and $GOARCH values and correct
values that were incorrectly listed in the spec examples.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
If a schema 1 manifest is uploaded with the `disablesignaturestore` option set
to true, then no signatures will exist. Handle this case.
If a schema 1 manifest is pushed, deleted, garbage collected and pushed again, the
repository will contain signature links from the first version, but the blobs will
not exist. Disable the signature store in the garbage-collect command so
signatures are not fetched.
Signed-off-by: Richard Scothern <richard.scothern@docker.com>
In 000dec3c6f, which was only intended to
be a refactoring commit, the behavior of this block subtly changed so
that unknown types of errors would be swallowed instead of propagated.
I noticed this while investigating an error similar to #1539 aka
docker/docker#21290. It appears that during GetContent() for a
hashstate, the Swift proxy produces an error. Since this error was
silently swallowed, an empty []byte is used to restart the hash, then
producing the digest of the empty string instead of the layer's digest.
This PR will not fix the issue, but it should make the actual error more
visible by propagating it into `blobWriter#resumeDigest' and
'blobWriter#validateBlob', respectively.
Signed-off-by: Stefan Majewsky <stefan.majewsky@sap.com>
This commit adds context-specific documentation on StorageDriver,
StorageDriverFactory, and the factory’s Register func, explaining how
the internal registration mechanism should be used.
This documentation follows from the thread starting at
https://github.com/deis/builder/pull/262/files#r56720200.
cc/ @stevvooe
Signed-off-by: Aaron Schlesinger <aschlesinger@deis.com>
Seconds to minutes as per code
Correction per Derek
Clarifying failure case
Signed-off-by: Mary Anthony <mary@docker.com>
Clarifying failure case
Signed-off-by: Mary Anthony <mary@docker.com>
HTML links are not converted by HUGO, so will work
on GitHub, but not in the online documentation.
Converted the HTML table (and links) to Markdown
to fix broken links.
Also added a header for the table, because none
was present.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
If this slice ends up empty after parsing the HTTP response body, it
means the body is not well-formed. We've probably encountered an error
message produced by something that uses a different JSON schema, or
an error that just happens to validate as JSON.
An empty errcode.Errors slice is not a very useful thing to return,
since its Error() output is just `<nil>`. Detect this case, and instend
return an UnexpectedHTTPResponseError.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Going forward, Docker won't use a different default registry on Windows.
This changes Windows to use the standard Docker Hub registry as the
default registry.
There is a plan in place to migrate existing images from the Windows
registry to Hub's normal registry, in advance of the 1.11 release. In
the mean time, images on the Windows registry can be accessed by
prefixing them with `registry-win-tp3.docker.io/`.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Use token handler options for initialization.
Update auth endpoint to set identity token in response.
Update credential store to match distribution interface changes.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Updates registry storage code to use this for better resumable writes.
Implements this interface for the following drivers:
+ Inmemory
+ Filesystem
+ S3
+ Azure
Signed-off-by: Brian Bland <brian.bland@docker.com>
It is possible for a middlebox to lowercase the URL at somepoint causing a
lookup in the auth challenges table to fail. Lowercase hostname before
using as keys to challenge map.
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
the original ```$GOPATH/bin/registry $GOPATH/src/github.com/docker/distribution/cmd/registry/config-example.yml``` leads to the error like
```
Error: unknown command "/Users/EricYang/go/src/github.com/docker/distribution/cmd/registry/config-example.yml" for "registry"
Run 'registry --help' for usage.
```
I think the correct command should be ```registry serve```
Signed-off-by: Eric Yang <EricYang@EricdeMacBook-Pro.local>
Cross repository push tokens were not being cached and could not be used,
now any returned token will be used and the caching is hidden in the getToken function.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Login needs to add an offline token flag to ensure a refresh token is returned by the token endpoint.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
The oauth spec defines using a space to separate parts of a scope.
To better comply with future implementations built on oauth use a space to separate the resource scopes.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)