daniel
/
distribution
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update insecure.md (#4318)

master
Wang Jie 2017-08-23 07:45:22 +08:00 committed by Misty Stanley-Jones
parent e98a162c62
commit 3ae7d9ca65
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
docs/insecure.md
View File

@ -9,10 +9,10 @@ issued by a known CA, you can choose to use self-signed certificates, or use
your registry over an unencrypted HTTP connection. Either of these choices your registry over an unencrypted HTTP connection. Either of these choices
involves security trade-offs and additional configuration steps. involves security trade-offs and additional configuration steps.
## Deploying a plain HTTP registry ## Deploy a plain HTTP registry
> **Warning**: > **Warning**:
> it's not possible to use an insecure registry with basic authentication. > It's not possible to use an insecure registry with basic authentication.
{:.warning} {:.warning}
This procedure configures Docker to entirely disregard security for your This procedure configures Docker to entirely disregard security for your
@ -51,10 +51,10 @@ isolated testing or in a tightly controlled, air-gapped environment.
Repeat these steps on every Engine host that wants to access your registry. Repeat these steps on every Engine host that wants to access your registry.
## Using self-signed certificates ## Use self-signed certificates
> **Warning**: > **Warning**:
> using this along with basic authentication requires to **also** trust the certificate into the OS cert store for some versions of docker (see below) > Using this along with basic authentication requires to **also** trust the certificate into the OS cert store for some versions of docker (see below)
{:.warning} {:.warning}
This is more secure than the insecure registry solution. This is more secure than the insecure registry solution.
@ -71,7 +71,7 @@ This is more secure than the insecure registry solution.
Be sure to use the name `myregistrydomain.com` as a CN. Be sure to use the name `myregistrydomain.com` as a CN.
2. Use the result to [start your registry with TLS enabled](./deploying.md#get-a-certificate) 2. Use the result to [start your registry with TLS enabled](./deploying.md#get-a-certificate).
3. Instruct every Docker daemon to trust that certificate. The way to do this 3. Instruct every Docker daemon to trust that certificate. The way to do this
depends on your OS. depends on your OS.
@ -103,7 +103,7 @@ This is more secure than the insecure registry solution.
Restart Docker. Restart Docker.
## Troubleshooting insecure registry ## Troubleshoot insecure registry
This sections lists some common failures and how to recover from them. This sections lists some common failures and how to recover from them.
@ -160,6 +160,6 @@ Then, select the following options:
* Click **Browser**, and select **Trusted Root Certificate Authorities** * Click **Browser**, and select **Trusted Root Certificate Authorities**
* Click **Finish** * Click **Finish**
[Learn more about managing TLS certificates](https://technet.microsoft.com/en-us/library/cc754841(v=ws.11).aspx#BKMK_addlocal) [Learn more about managing TLS certificates](https://technet.microsoft.com/en-us/library/cc754841(v=ws.11).aspx#BKMK_addlocal).
After adding the CA certificate to Windows, restart Docker for Windows. After adding the CA certificate to Windows, restart Docker for Windows.