daniel
/
distribution
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update insecure.md (#4318)

master
Wang Jie 2017-08-23 07:45:22 +08:00 committed by Misty Stanley-Jones
parent e98a162c62
commit 3ae7d9ca65
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
docs/insecure.md
View File

@ -9,10 +9,10 @@ issued by a known CA, you can choose to use self-signed certificates, or use
your registry over an unencrypted HTTP connection. Either of these choices
involves security trade-offs and additional configuration steps.
## Deploying a plain HTTP registry
## Deploy a plain HTTP registry
> **Warning**:
> it's not possible to use an insecure registry with basic authentication.
> It's not possible to use an insecure registry with basic authentication.
{:.warning}
This procedure configures Docker to entirely disregard security for your
@ -51,10 +51,10 @@ isolated testing or in a tightly controlled, air-gapped environment.
Repeat these steps on every Engine host that wants to access your registry.
## Using self-signed certificates
## Use self-signed certificates
> **Warning**:
> using this along with basic authentication requires to **also** trust the certificate into the OS cert store for some versions of docker (see below)
> Using this along with basic authentication requires to **also** trust the certificate into the OS cert store for some versions of docker (see below)
{:.warning}
This is more secure than the insecure registry solution.
@ -71,7 +71,7 @@ This is more secure than the insecure registry solution.
Be sure to use the name `myregistrydomain.com` as a CN.
2. Use the result to [start your registry with TLS enabled](./deploying.md#get-a-certificate)
2. Use the result to [start your registry with TLS enabled](./deploying.md#get-a-certificate).
3. Instruct every Docker daemon to trust that certificate. The way to do this
depends on your OS.
@ -103,7 +103,7 @@ This is more secure than the insecure registry solution.
Restart Docker.
## Troubleshooting insecure registry
## Troubleshoot insecure registry
This sections lists some common failures and how to recover from them.
@ -160,6 +160,6 @@ Then, select the following options:
* Click **Browser**, and select **Trusted Root Certificate Authorities**
* Click **Finish**
[Learn more about managing TLS certificates](https://technet.microsoft.com/en-us/library/cc754841(v=ws.11).aspx#BKMK_addlocal)
[Learn more about managing TLS certificates](https://technet.microsoft.com/en-us/library/cc754841(v=ws.11).aspx#BKMK_addlocal).
After adding the CA certificate to Windows, restart Docker for Windows.