forked from TrueCloudLab/distribution
Merge pull request #6912 from perlun/patch-1
nginx.md: Add note about potential security isues
This commit is contained in:
commit
3aa9c1e8f8
1 changed files with 5 additions and 0 deletions
|
@ -38,6 +38,11 @@ you want through the secondary authentication mechanism implemented inside your
|
||||||
proxy, it also requires that you move TLS termination from the Registry to the
|
proxy, it also requires that you move TLS termination from the Registry to the
|
||||||
proxy itself.
|
proxy itself.
|
||||||
|
|
||||||
|
> ***NOTE:*** Docker does not recommend binding your registry to `localhost:5000` without
|
||||||
|
> authentication. This creates a potential loophole in your Docker Registry security.
|
||||||
|
> As a result, anyone who can log on to the server where your Docker Registry is running
|
||||||
|
> can push images without authentication.
|
||||||
|
|
||||||
Furthermore, introducing an extra http layer in your communication pipeline
|
Furthermore, introducing an extra http layer in your communication pipeline
|
||||||
makes it more complex to deploy, maintain, and debug. Make sure the extra
|
makes it more complex to deploy, maintain, and debug. Make sure the extra
|
||||||
complexity is required.
|
complexity is required.
|
||||||
|
|
Loading…
Reference in a new issue