daniel
/
distribution
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #6912 from perlun/patch-1 

nginx.md: Add note about potential security isues
master
L-Hudson 2019-01-23 15:17:53 -05:00 committed by GitHub
parent b98fb58a09 43b914b687
commit 3aa9c1e8f8
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docs/recipes/nginx.md
View File

@ -38,6 +38,11 @@ you want through the secondary authentication mechanism implemented inside your
proxy, it also requires that you move TLS termination from the Registry to the proxy, it also requires that you move TLS termination from the Registry to the
proxy itself. proxy itself.
> ***NOTE:*** Docker does not recommend binding your registry to `localhost:5000` without
> authentication. This creates a potential loophole in your Docker Registry security.
> As a result, anyone who can log on to the server where your Docker Registry is running
> can push images without authentication.
Furthermore, introducing an extra http layer in your communication pipeline Furthermore, introducing an extra http layer in your communication pipeline
makes it more complex to deploy, maintain, and debug. Make sure the extra makes it more complex to deploy, maintain, and debug. Make sure the extra
complexity is required. complexity is required.