at the first iteration, only the following metrics are collected:
- HTTP metrics of each API endpoint
- cache counter for request/hit/miss
- histogram of storage actions, including:
GetContent, PutContent, Stat, List, Move, and Delete
Signed-off-by: tifayuki <tifayuki@gmail.com>
This adds a configuration setting `HTTP.TLS.LetsEncrypt.Hosts` which can
be set to a list of hosts that the registry will whitelist for retrieving
certificates from Let's Encrypt. HTTPS connections with SNI hostnames
that are not whitelisted will be closed with an "unknown host" error.
It is required to avoid lots of unsuccessful registrations attempts that
are triggered by malicious clients connecting with bogus SNI hostnames.
NOTE: Due to a bug in the deprecated vendored rsc.io/letsencrypt library
clearing the host list requires deleting or editing of the cachefile to
reset the hosts list to null.
Signed-off-by: Felix Buenemann <felix.buenemann@gmail.com>
* Reword lots of instances of 'will'
* Reword lots of instances of won't
* Reword lots of instances of we'll
* Eradicate you'll
* Eradicate 'be able to' type of phrases
* Eradicate 'unable to' type of phrases
* Eradicate 'has / have to' type of phrases
* Eradicate 'note that' type of phrases
* Eradicate 'in order to' type of phrases
* Redirect to official Chef and Puppet docs
* Eradicate gratuitous 'please'
* Reduce use of e.g.
* Reduce use of i.e.
* Reduce use of N.B.
* Get rid of 'sexagesimal' and correct some errors
* Improve Cloudfront notes regarding private buckets
* Point to CloudFront docs
This is better than outlining the steps specifically. The API steps will be different and the specific parts of the web UI may change over time. Amazon's docs are more likely to be up to date.
Using a daemon configuration file is preferred over
using command-line flags, as it allows reloading
this configuration without restarting the
daemon.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
If htpasswd authentication option is configured but the htpasswd file is
missing, populate it with a default user and automatically generated
password.
The password will be printed to stdout.
Signed-off-by: Liron Levin <liron@twistlock.com>
As the `--label` option is used before in `docker node update --label-add registry=true node1`, the Docker registry should be restricted to only run on `node1` - and nowhere else. So the `docker service create` command has to use the option `--constraint 'node.labels.registry==true` instead of `--label registry=true`- because it is a contraint, where to run the Registry - we don´t just want to set a label again.
