Merge pull request #6912 from perlun/patch-1

nginx.md: Add note about potential security isues
2019-01-23 15:17:53 -05:00 · 2019-01-23 15:17:53 -05:00 · 3aa9c1e8f8
parent b98fb58a09 43b914b687
commit 3aa9c1e8f8
1 changed files with 5 additions and 0 deletions
--- a/docs/recipes/nginx.md
+++ b/docs/recipes/nginx.md
@ -38,6 +38,11 @@ you want through the secondary authentication mechanism implemented inside your
 proxy, it also requires that you move TLS termination from the Registry to the
 proxy itself.

+> ***NOTE:*** Docker does not recommend binding your registry to `localhost:5000` without
+> authentication. This creates a potential loophole in your Docker Registry security.
+> As a result, anyone who can log on to the server where your Docker Registry is running 
+> can push images without authentication. 
+
 Furthermore, introducing an extra http layer in your communication pipeline
 makes it more complex to deploy, maintain, and debug. Make sure the extra
 complexity is required.