forked from TrueCloudLab/distribution
nginx.md: Add note about potential security isues
I thought about this while setting this up, and then found this guide (I was setting it up without the guide first.) The potential security implications are important, so I think we should mention them here on this web page. (We could even go further by outright _warning_ people about this, but perhaps letting people know about it so they can make an informed decision is a better way to go. This can be perfectly fine for certain intranet scenarios.)
This commit is contained in:
parent
ff7866442a
commit
8112d01b9b
1 changed files with 6 additions and 0 deletions
|
@ -38,6 +38,12 @@ you want through the secondary authentication mechanism implemented inside your
|
|||
proxy, it also requires that you move TLS termination from the Registry to the
|
||||
proxy itself.
|
||||
|
||||
> Another important thing to note is that by binding your registry to
|
||||
> `localhost:5000` without authentication, you open up a potential loophole in
|
||||
> your Docker Registry security - anyone who can log on to the server where your
|
||||
> Docker Registry is running can push images to your registry, without
|
||||
> authentication. This could have potentially devastating effects.
|
||||
|
||||
Furthermore, introducing an extra http layer in your communication pipeline
|
||||
makes it more complex to deploy, maintain, and debug. Make sure the extra
|
||||
complexity is required.
|
||||
|
|
Loading…
Reference in a new issue