registry/docs/insecure.md

168 lines
5.7 KiB
Markdown
Raw Normal View History

---
description: Deploying a Registry in an insecure fashion
keywords: registry, on-prem, images, tags, repository, distribution, insecure
title: Test an insecure registry
---
2020-07-03 14:25:54 +00:00
{% include registry.md %}
While it's highly recommended to secure your registry using a TLS certificate
issued by a known CA, you can choose to use self-signed certificates, or use
your registry over an unencrypted HTTP connection. Either of these choices
involves security trade-offs and additional configuration steps.
2017-08-22 23:45:22 +00:00
## Deploy a plain HTTP registry
add warning class and a linebreake to the warning blogquote (#2937) * Update fedora.md add warning class to blogquote * Update linux-postinstall.md add warning class to blogquote * Update ubuntu.md add warning class to blogquote * Update https.md add warning class to blogquote * Update swarm_manager_locking.md add warning class to blogquote * Update dockerlinks.md add warning class to blogquote * Update deploying.md add warning class to blogquote * Update deploying.md add warning class to blogquote * Update insecure.md add warning class to blogquote * Update discovery.md add warning class to blogquote * Update dockerd.yaml add warning class to blogquote * Update docker_secret_rm.yaml add warning class to blogquote * Update docker_service_rm.yaml add warning class to blogquote * Update docker_secret_rm.yaml add warning class to blogquote * Update scale-your-cluster.md add warning class to blogquote * Update resource_constraints.md add warning class to blogquote * Update binaries.md add warning class to blogquote * Update content_trust.md add warning class to blogquote * Update secrets.md add warning class to blogquote * Update index.md add warning class to blogquote * Update install-sandbox-2.md add warning class to blogquote * Update docker-toolbox.md add warning class to blogquote * Update index.md add warning class to blogquote * Update centos.md add warning class to blogquote * Update debian.md add warning class to blogquote * Update faqs.md add linebreak after Looking for popular FAQs on Docker for Windows? * Update install.md add linebreake after **Already have Docker for Windows?** * Revert "Update dockerd.yaml" This reverts commit 3a98eb86f700ade8941483546c33f69a9dab8ac3. * Revert "Update docker_secret_rm.yaml" This reverts commit 5dc1e75f37033932486c11287052b7d64bf83e55. * Revert "Update docker_service_rm.yaml" This reverts commit a983380a5625b471f1a03f8ed2301ead72f98f1b. * Revert "Update docker_secret_rm.yaml" This reverts commit 4c454b883c300e26fbb056b954bb49ec2933b172.
2017-04-25 18:33:27 +00:00
> **Warning**:
2017-08-22 23:45:22 +00:00
> It's not possible to use an insecure registry with basic authentication.
add warning class and a linebreake to the warning blogquote (#2937) * Update fedora.md add warning class to blogquote * Update linux-postinstall.md add warning class to blogquote * Update ubuntu.md add warning class to blogquote * Update https.md add warning class to blogquote * Update swarm_manager_locking.md add warning class to blogquote * Update dockerlinks.md add warning class to blogquote * Update deploying.md add warning class to blogquote * Update deploying.md add warning class to blogquote * Update insecure.md add warning class to blogquote * Update discovery.md add warning class to blogquote * Update dockerd.yaml add warning class to blogquote * Update docker_secret_rm.yaml add warning class to blogquote * Update docker_service_rm.yaml add warning class to blogquote * Update docker_secret_rm.yaml add warning class to blogquote * Update scale-your-cluster.md add warning class to blogquote * Update resource_constraints.md add warning class to blogquote * Update binaries.md add warning class to blogquote * Update content_trust.md add warning class to blogquote * Update secrets.md add warning class to blogquote * Update index.md add warning class to blogquote * Update install-sandbox-2.md add warning class to blogquote * Update docker-toolbox.md add warning class to blogquote * Update index.md add warning class to blogquote * Update centos.md add warning class to blogquote * Update debian.md add warning class to blogquote * Update faqs.md add linebreak after Looking for popular FAQs on Docker for Windows? * Update install.md add linebreake after **Already have Docker for Windows?** * Revert "Update dockerd.yaml" This reverts commit 3a98eb86f700ade8941483546c33f69a9dab8ac3. * Revert "Update docker_secret_rm.yaml" This reverts commit 5dc1e75f37033932486c11287052b7d64bf83e55. * Revert "Update docker_service_rm.yaml" This reverts commit a983380a5625b471f1a03f8ed2301ead72f98f1b. * Revert "Update docker_secret_rm.yaml" This reverts commit 4c454b883c300e26fbb056b954bb49ec2933b172.
2017-04-25 18:33:27 +00:00
{:.warning}
This procedure configures Docker to entirely disregard security for your
registry. This is **very** insecure and is not recommended. It exposes your
registry to trivial man-in-the-middle (MITM) attacks. Only use this solution for
isolated testing or in a tightly controlled, air-gapped environment.
1. Edit the `daemon.json` file, whose default location is
`/etc/docker/daemon.json` on Linux or
`C:\ProgramData\docker\config\daemon.json` on Windows Server. If you use
2019-01-11 18:23:58 +00:00
Docker Desktop for Mac or Docker Desktop for Windows, click the Docker icon, choose
**Preferences** (Mac) or **Settings** (Windows), and choose **Docker Engine**.
If the `daemon.json` file does not exist, create it. Assuming there are no
other settings in the file, it should have the following contents:
```json
{
"insecure-registries" : ["myregistrydomain.com:5000"]
}
```
Substitute the address of your insecure registry for the one in the example.
With insecure registries enabled, Docker goes through the following steps:
- First, try using HTTPS.
- If HTTPS is available but the certificate is invalid, ignore the error
about the certificate.
2017-06-02 17:00:58 +00:00
- If HTTPS is not available, fall back to HTTP.
2. Restart Docker for the changes to take effect.
Repeat these steps on every Engine host that wants to access your registry.
2017-08-22 23:45:22 +00:00
## Use self-signed certificates
add warning class and a linebreake to the warning blogquote (#2937) * Update fedora.md add warning class to blogquote * Update linux-postinstall.md add warning class to blogquote * Update ubuntu.md add warning class to blogquote * Update https.md add warning class to blogquote * Update swarm_manager_locking.md add warning class to blogquote * Update dockerlinks.md add warning class to blogquote * Update deploying.md add warning class to blogquote * Update deploying.md add warning class to blogquote * Update insecure.md add warning class to blogquote * Update discovery.md add warning class to blogquote * Update dockerd.yaml add warning class to blogquote * Update docker_secret_rm.yaml add warning class to blogquote * Update docker_service_rm.yaml add warning class to blogquote * Update docker_secret_rm.yaml add warning class to blogquote * Update scale-your-cluster.md add warning class to blogquote * Update resource_constraints.md add warning class to blogquote * Update binaries.md add warning class to blogquote * Update content_trust.md add warning class to blogquote * Update secrets.md add warning class to blogquote * Update index.md add warning class to blogquote * Update install-sandbox-2.md add warning class to blogquote * Update docker-toolbox.md add warning class to blogquote * Update index.md add warning class to blogquote * Update centos.md add warning class to blogquote * Update debian.md add warning class to blogquote * Update faqs.md add linebreak after Looking for popular FAQs on Docker for Windows? * Update install.md add linebreake after **Already have Docker for Windows?** * Revert "Update dockerd.yaml" This reverts commit 3a98eb86f700ade8941483546c33f69a9dab8ac3. * Revert "Update docker_secret_rm.yaml" This reverts commit 5dc1e75f37033932486c11287052b7d64bf83e55. * Revert "Update docker_service_rm.yaml" This reverts commit a983380a5625b471f1a03f8ed2301ead72f98f1b. * Revert "Update docker_secret_rm.yaml" This reverts commit 4c454b883c300e26fbb056b954bb49ec2933b172.
2017-04-25 18:33:27 +00:00
> **Warning**:
2017-08-22 23:45:22 +00:00
> Using this along with basic authentication requires to **also** trust the certificate into the OS cert store for some versions of docker (see below)
add warning class and a linebreake to the warning blogquote (#2937) * Update fedora.md add warning class to blogquote * Update linux-postinstall.md add warning class to blogquote * Update ubuntu.md add warning class to blogquote * Update https.md add warning class to blogquote * Update swarm_manager_locking.md add warning class to blogquote * Update dockerlinks.md add warning class to blogquote * Update deploying.md add warning class to blogquote * Update deploying.md add warning class to blogquote * Update insecure.md add warning class to blogquote * Update discovery.md add warning class to blogquote * Update dockerd.yaml add warning class to blogquote * Update docker_secret_rm.yaml add warning class to blogquote * Update docker_service_rm.yaml add warning class to blogquote * Update docker_secret_rm.yaml add warning class to blogquote * Update scale-your-cluster.md add warning class to blogquote * Update resource_constraints.md add warning class to blogquote * Update binaries.md add warning class to blogquote * Update content_trust.md add warning class to blogquote * Update secrets.md add warning class to blogquote * Update index.md add warning class to blogquote * Update install-sandbox-2.md add warning class to blogquote * Update docker-toolbox.md add warning class to blogquote * Update index.md add warning class to blogquote * Update centos.md add warning class to blogquote * Update debian.md add warning class to blogquote * Update faqs.md add linebreak after Looking for popular FAQs on Docker for Windows? * Update install.md add linebreake after **Already have Docker for Windows?** * Revert "Update dockerd.yaml" This reverts commit 3a98eb86f700ade8941483546c33f69a9dab8ac3. * Revert "Update docker_secret_rm.yaml" This reverts commit 5dc1e75f37033932486c11287052b7d64bf83e55. * Revert "Update docker_service_rm.yaml" This reverts commit a983380a5625b471f1a03f8ed2301ead72f98f1b. * Revert "Update docker_secret_rm.yaml" This reverts commit 4c454b883c300e26fbb056b954bb49ec2933b172.
2017-04-25 18:33:27 +00:00
{:.warning}
This is more secure than the insecure registry solution.
1. Generate your own certificate:
```bash
$ mkdir -p certs
$ openssl req \
-newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
-addext "subjectAltName = DNS:myregistry.domain.com" \
-x509 -days 365 -out certs/domain.crt
```
Be sure to use the name `myregistrydomain.com` as a CN.
2017-08-22 23:45:22 +00:00
2. Use the result to [start your registry with TLS enabled](./deploying.md#get-a-certificate).
3. Instruct every Docker daemon to trust that certificate. The way to do this
depends on your OS.
- **Linux**: Copy the `domain.crt` file to
`/etc/docker/certs.d/myregistrydomain.com:5000/ca.crt` on every Docker
host. You do not need to restart Docker.
- **Windows Server**:
1. Open Windows Explorer, right-click the `domain.crt`
file, and choose Install certificate. When prompted, select the following
options:
| Store location | local machine |
| Place all certificates in the following store | selected |
2. Click **Browser** and select **Trusted Root Certificate Authorities**.
3. Click **Finish**. Restart Docker.
- **Docker Desktop for Mac**: Follow the instructions in
[Adding custom CA certificates](../docker-for-mac/index.md#add-tls-certificates){: target="_blank" rel="noopener" class="_"}.
Restart Docker.
- **Docker Desktop for Windows**: Follow the instructions in
[Adding custom CA certificates](../docker-for-windows/index.md#adding-tls-certificates){: target="_blank" rel="noopener" class="_"}.
Restart Docker.
2017-08-22 23:45:22 +00:00
## Troubleshoot insecure registry
This section lists some common failures and how to recover from them.
### Failing...
Failing to configure the Engine daemon and trying to pull from a registry that is not using
TLS results in the following message:
Docker 17.03 release (#2050) * First pass of tabs-based organization * Improvements * Second pass at tabs org * Move tab highlighting to Liquid instead of JS * Adding forwarding links for in-product TOCs * Move to pre-rendered left-navs instead of post-load JS for TOC sync * Optimizations and nosync-ing the Reference section * Optimizations, fix Cloud YAML * Make a "Sample applications" node * Update index.md * Tabs CSS fixes and 12-factor reposition * Theme Start (#1709) * Hooking up nav to real TOC data, formatting fixes * Fixing JS error * Layout updates, dark themes, tons o stuff (#1971) * Add cookie saving for day/night mode * Newsite tabs (#2004) * Layout updates, dark themes, tons o stuff * Update themes Theme updates + scaffolding * Update style.css * Update style-alt.css * Missing font fixes * Import Open Sans from Google * Font fix, archive removal in TOC, favicon, Feedback img fix * Oops, returning -webkit-font-smoothing: antialiased; * Add old favicon.ico * Make archives a non-tiered link * Reorder docs archive to newest-first, add local instructions * Commenting out day/night switch for now * Fix 'rate this page' * Rate this page fixes * Autocomplete and Docker Cloud fixes * Open tree to current page * Adding indentation for nav collapse in * Ensure left nav visibly displays the current topic * Update flex layout - adjust rescale - code block styles * add focus to search - force code block color (for now) - increase section max-width * increase content padding - add padding to toc for wrapping long strings. * grid adjustment - grid - content and wrapper adjustments for mobile * left/right sidebar adjustments - refine position on scroll for toc on landing - add default height to compensate for upcoming position absolute onScroll * side bar overflow - hidden on X-scroll * fix version button - override bstrap defaults * tabs + buttons * update landing svgs * fix sidebar height set to 100% on landing pre-affix * Update blurb about engine/editions on front page * add side menu to mobile collapse menu * update classnames * overall mobile tweaks * Right-nav highlighting and auto-scroll * Slightly slower right-nav highlighting, correct version * add toggle menus for small devices * Fixing JS error/Docker 1.13>17.03 * header updates * re-add fan to header * update transition time * Add first 20 words to Twitter card * fixed width of components - lockdown elements on rescale (wil need more TLC) * set max-width of content * Left and right nav resizing w/footer scroll and window resize * update links on landing page * Fix for overzealous resizing, JS redundancies * Fix for JS error on homepage * JS error fixes * toggle adjustments - wrap toggle button * add tab width * version button type * version button both headers * tabs - fix typo * landing page grid * components * Share images, JS fixes, Marketo removal * Anchor links fix * Fix for black space on mobile * Restore hamburger (partial) * Update run.md Minor grammar cleanup. * Update apparmor.md I'm a little confused about which one is better to be used here, a period (.) or a colon (:), as a command is given below. Or both are OK, and we only have to keep consistency in a single page. * Update apparmor.md Fixed the indentation for the codeblock (indented by 4 spaces). Thank you for your careful review. * Replacing service with secret * Update networking.md fix typo with triple "m" for command word * Update run.md Address PR feedback. * Update install instructions to latest version * Added "related topics" section * Add documentation for mem_swappiness * Update to new Docker version scheme (#1926) * mem_swappiness for current version and v1 * merge other changes, fix typo * There is no OpenSuSE and there never was though we had SuSE and S.u.S.E. * Add release notes for 1.12.6-cs9 (#2028) Signed-off-by: Brian Goff <cpuguy83@gmail.com> * need sudo to access key cache (#1931) * need sudo to access key cache * List other keyservers to try for cs-engine install (#2033) * List other keyservers to try for cs-engine install Sometimes ha.pool.sks-keyservers.net goes down, so let's provide some other keyservers to try in such cases. Signed-off-by: Brian Goff <cpuguy83@gmail.com> * Update work_issue.md (#2030) Change "re-start" to "restart". Though not included in "Prefered usages" in the documentation guide, but I think "restart" is better and used more frequently. Besides, some other docs here, such as "Keep containers alive during daemon downtime" of "Admin Guide", also use "restart". * Update create_pr.md (#2015) * Update work_issue.md (#2013) Change "id" to "ID" except for those in code. * Update set_up_dev.md (#2011) Add periods (.) in some steps. * Update set_up_dev.md (#2010) Apply Oxford Comma as described in the documentation guide. * Update create_pr.md (#2014) Delete an extra space. * Update trust_key_mng.md (#1883) * Update trust_key_mng.md * Update trust_key_mng.md I don‘t know how the whitespace appears, and it seems that it appears because something happened related to its original format (right-aligned pipe characters) and my change. Still unknown. Now I've deleted some redundant whitespace. * Update I don‘t know how the whitespace appears, and it seems that it appears because something happened related to its original format (right-aligned pipe characters) and my change. Still unknown. Now I've deleted some redundant whitespace. * Update content_trust.md (#1912) * Update content_trust.md * update deprecation policy Signed-off-by: Victor Vieux <victorvieux@gmail.com> * Update info about how to check whether Docker is running * Updated docs to reflect edge channel Signed-off-by: French Ben <frenchben@docker.com> * Updated wording for SP creation Signed-off-by: French Ben <frenchben@docker.com> * beta to edge, cloud features first draft added cloud images Signed-off-by: Victoria Bialas <victoria.bialas@docker.com> * Distinguish between cloud stack file and stack file * Added EE links Signed-off-by: French Ben <frenchben@docker.com> * Use variables Signed-off-by: French Ben <frenchben@docker.com> * Replace deprecated MAINTAINER with LABEL (#1445) Replace MAINTAINER instruction with LABEL as MAINTAINER was deprecated in https://github.com/docker/docker/pull/25466 * Updates for Docker CE and Docker EE * Updated DDC launch button Signed-off-by: French Ben <frenchben@docker.com> * added Docker Cloud topics for Mac and Windows Signed-off-by: Victoria Bialas <victoria.bialas@docker.com> * d4mac, d4win stable and beta release notes for 17.03.0 Signed-off-by: Victoria Bialas <victoria.bialas@docker.com>
2017-03-02 13:54:49 +00:00
```none
FATA[0000] Error response from daemon: v1 ping attempt failed with error:
Get https://myregistrydomain.com:5000/v1/_ping: tls: oversized record received with length 20527.
If this private registry supports only HTTP or HTTPS with an unknown CA certificate, add
`--insecure-registry myregistrydomain.com:5000` to the daemon's arguments.
In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag;
simply place the CA certificate at /etc/docker/certs.d/myregistrydomain.com:5000/ca.crt
```
### Docker still complains about the certificate when using authentication?
Docker 17.03 release (#2050) * First pass of tabs-based organization * Improvements * Second pass at tabs org * Move tab highlighting to Liquid instead of JS * Adding forwarding links for in-product TOCs * Move to pre-rendered left-navs instead of post-load JS for TOC sync * Optimizations and nosync-ing the Reference section * Optimizations, fix Cloud YAML * Make a "Sample applications" node * Update index.md * Tabs CSS fixes and 12-factor reposition * Theme Start (#1709) * Hooking up nav to real TOC data, formatting fixes * Fixing JS error * Layout updates, dark themes, tons o stuff (#1971) * Add cookie saving for day/night mode * Newsite tabs (#2004) * Layout updates, dark themes, tons o stuff * Update themes Theme updates + scaffolding * Update style.css * Update style-alt.css * Missing font fixes * Import Open Sans from Google * Font fix, archive removal in TOC, favicon, Feedback img fix * Oops, returning -webkit-font-smoothing: antialiased; * Add old favicon.ico * Make archives a non-tiered link * Reorder docs archive to newest-first, add local instructions * Commenting out day/night switch for now * Fix 'rate this page' * Rate this page fixes * Autocomplete and Docker Cloud fixes * Open tree to current page * Adding indentation for nav collapse in * Ensure left nav visibly displays the current topic * Update flex layout - adjust rescale - code block styles * add focus to search - force code block color (for now) - increase section max-width * increase content padding - add padding to toc for wrapping long strings. * grid adjustment - grid - content and wrapper adjustments for mobile * left/right sidebar adjustments - refine position on scroll for toc on landing - add default height to compensate for upcoming position absolute onScroll * side bar overflow - hidden on X-scroll * fix version button - override bstrap defaults * tabs + buttons * update landing svgs * fix sidebar height set to 100% on landing pre-affix * Update blurb about engine/editions on front page * add side menu to mobile collapse menu * update classnames * overall mobile tweaks * Right-nav highlighting and auto-scroll * Slightly slower right-nav highlighting, correct version * add toggle menus for small devices * Fixing JS error/Docker 1.13>17.03 * header updates * re-add fan to header * update transition time * Add first 20 words to Twitter card * fixed width of components - lockdown elements on rescale (wil need more TLC) * set max-width of content * Left and right nav resizing w/footer scroll and window resize * update links on landing page * Fix for overzealous resizing, JS redundancies * Fix for JS error on homepage * JS error fixes * toggle adjustments - wrap toggle button * add tab width * version button type * version button both headers * tabs - fix typo * landing page grid * components * Share images, JS fixes, Marketo removal * Anchor links fix * Fix for black space on mobile * Restore hamburger (partial) * Update run.md Minor grammar cleanup. * Update apparmor.md I'm a little confused about which one is better to be used here, a period (.) or a colon (:), as a command is given below. Or both are OK, and we only have to keep consistency in a single page. * Update apparmor.md Fixed the indentation for the codeblock (indented by 4 spaces). Thank you for your careful review. * Replacing service with secret * Update networking.md fix typo with triple "m" for command word * Update run.md Address PR feedback. * Update install instructions to latest version * Added "related topics" section * Add documentation for mem_swappiness * Update to new Docker version scheme (#1926) * mem_swappiness for current version and v1 * merge other changes, fix typo * There is no OpenSuSE and there never was though we had SuSE and S.u.S.E. * Add release notes for 1.12.6-cs9 (#2028) Signed-off-by: Brian Goff <cpuguy83@gmail.com> * need sudo to access key cache (#1931) * need sudo to access key cache * List other keyservers to try for cs-engine install (#2033) * List other keyservers to try for cs-engine install Sometimes ha.pool.sks-keyservers.net goes down, so let's provide some other keyservers to try in such cases. Signed-off-by: Brian Goff <cpuguy83@gmail.com> * Update work_issue.md (#2030) Change "re-start" to "restart". Though not included in "Prefered usages" in the documentation guide, but I think "restart" is better and used more frequently. Besides, some other docs here, such as "Keep containers alive during daemon downtime" of "Admin Guide", also use "restart". * Update create_pr.md (#2015) * Update work_issue.md (#2013) Change "id" to "ID" except for those in code. * Update set_up_dev.md (#2011) Add periods (.) in some steps. * Update set_up_dev.md (#2010) Apply Oxford Comma as described in the documentation guide. * Update create_pr.md (#2014) Delete an extra space. * Update trust_key_mng.md (#1883) * Update trust_key_mng.md * Update trust_key_mng.md I don‘t know how the whitespace appears, and it seems that it appears because something happened related to its original format (right-aligned pipe characters) and my change. Still unknown. Now I've deleted some redundant whitespace. * Update I don‘t know how the whitespace appears, and it seems that it appears because something happened related to its original format (right-aligned pipe characters) and my change. Still unknown. Now I've deleted some redundant whitespace. * Update content_trust.md (#1912) * Update content_trust.md * update deprecation policy Signed-off-by: Victor Vieux <victorvieux@gmail.com> * Update info about how to check whether Docker is running * Updated docs to reflect edge channel Signed-off-by: French Ben <frenchben@docker.com> * Updated wording for SP creation Signed-off-by: French Ben <frenchben@docker.com> * beta to edge, cloud features first draft added cloud images Signed-off-by: Victoria Bialas <victoria.bialas@docker.com> * Distinguish between cloud stack file and stack file * Added EE links Signed-off-by: French Ben <frenchben@docker.com> * Use variables Signed-off-by: French Ben <frenchben@docker.com> * Replace deprecated MAINTAINER with LABEL (#1445) Replace MAINTAINER instruction with LABEL as MAINTAINER was deprecated in https://github.com/docker/docker/pull/25466 * Updates for Docker CE and Docker EE * Updated DDC launch button Signed-off-by: French Ben <frenchben@docker.com> * added Docker Cloud topics for Mac and Windows Signed-off-by: Victoria Bialas <victoria.bialas@docker.com> * d4mac, d4win stable and beta release notes for 17.03.0 Signed-off-by: Victoria Bialas <victoria.bialas@docker.com>
2017-03-02 13:54:49 +00:00
When using authentication, some versions of Docker also require you to trust the
certificate at the OS level.
#### Ubuntu
```bash
$ cp certs/domain.crt /usr/local/share/ca-certificates/myregistrydomain.com.crt
update-ca-certificates
```
Docker 17.03 release (#2050) * First pass of tabs-based organization * Improvements * Second pass at tabs org * Move tab highlighting to Liquid instead of JS * Adding forwarding links for in-product TOCs * Move to pre-rendered left-navs instead of post-load JS for TOC sync * Optimizations and nosync-ing the Reference section * Optimizations, fix Cloud YAML * Make a "Sample applications" node * Update index.md * Tabs CSS fixes and 12-factor reposition * Theme Start (#1709) * Hooking up nav to real TOC data, formatting fixes * Fixing JS error * Layout updates, dark themes, tons o stuff (#1971) * Add cookie saving for day/night mode * Newsite tabs (#2004) * Layout updates, dark themes, tons o stuff * Update themes Theme updates + scaffolding * Update style.css * Update style-alt.css * Missing font fixes * Import Open Sans from Google * Font fix, archive removal in TOC, favicon, Feedback img fix * Oops, returning -webkit-font-smoothing: antialiased; * Add old favicon.ico * Make archives a non-tiered link * Reorder docs archive to newest-first, add local instructions * Commenting out day/night switch for now * Fix 'rate this page' * Rate this page fixes * Autocomplete and Docker Cloud fixes * Open tree to current page * Adding indentation for nav collapse in * Ensure left nav visibly displays the current topic * Update flex layout - adjust rescale - code block styles * add focus to search - force code block color (for now) - increase section max-width * increase content padding - add padding to toc for wrapping long strings. * grid adjustment - grid - content and wrapper adjustments for mobile * left/right sidebar adjustments - refine position on scroll for toc on landing - add default height to compensate for upcoming position absolute onScroll * side bar overflow - hidden on X-scroll * fix version button - override bstrap defaults * tabs + buttons * update landing svgs * fix sidebar height set to 100% on landing pre-affix * Update blurb about engine/editions on front page * add side menu to mobile collapse menu * update classnames * overall mobile tweaks * Right-nav highlighting and auto-scroll * Slightly slower right-nav highlighting, correct version * add toggle menus for small devices * Fixing JS error/Docker 1.13>17.03 * header updates * re-add fan to header * update transition time * Add first 20 words to Twitter card * fixed width of components - lockdown elements on rescale (wil need more TLC) * set max-width of content * Left and right nav resizing w/footer scroll and window resize * update links on landing page * Fix for overzealous resizing, JS redundancies * Fix for JS error on homepage * JS error fixes * toggle adjustments - wrap toggle button * add tab width * version button type * version button both headers * tabs - fix typo * landing page grid * components * Share images, JS fixes, Marketo removal * Anchor links fix * Fix for black space on mobile * Restore hamburger (partial) * Update run.md Minor grammar cleanup. * Update apparmor.md I'm a little confused about which one is better to be used here, a period (.) or a colon (:), as a command is given below. Or both are OK, and we only have to keep consistency in a single page. * Update apparmor.md Fixed the indentation for the codeblock (indented by 4 spaces). Thank you for your careful review. * Replacing service with secret * Update networking.md fix typo with triple "m" for command word * Update run.md Address PR feedback. * Update install instructions to latest version * Added "related topics" section * Add documentation for mem_swappiness * Update to new Docker version scheme (#1926) * mem_swappiness for current version and v1 * merge other changes, fix typo * There is no OpenSuSE and there never was though we had SuSE and S.u.S.E. * Add release notes for 1.12.6-cs9 (#2028) Signed-off-by: Brian Goff <cpuguy83@gmail.com> * need sudo to access key cache (#1931) * need sudo to access key cache * List other keyservers to try for cs-engine install (#2033) * List other keyservers to try for cs-engine install Sometimes ha.pool.sks-keyservers.net goes down, so let's provide some other keyservers to try in such cases. Signed-off-by: Brian Goff <cpuguy83@gmail.com> * Update work_issue.md (#2030) Change "re-start" to "restart". Though not included in "Prefered usages" in the documentation guide, but I think "restart" is better and used more frequently. Besides, some other docs here, such as "Keep containers alive during daemon downtime" of "Admin Guide", also use "restart". * Update create_pr.md (#2015) * Update work_issue.md (#2013) Change "id" to "ID" except for those in code. * Update set_up_dev.md (#2011) Add periods (.) in some steps. * Update set_up_dev.md (#2010) Apply Oxford Comma as described in the documentation guide. * Update create_pr.md (#2014) Delete an extra space. * Update trust_key_mng.md (#1883) * Update trust_key_mng.md * Update trust_key_mng.md I don‘t know how the whitespace appears, and it seems that it appears because something happened related to its original format (right-aligned pipe characters) and my change. Still unknown. Now I've deleted some redundant whitespace. * Update I don‘t know how the whitespace appears, and it seems that it appears because something happened related to its original format (right-aligned pipe characters) and my change. Still unknown. Now I've deleted some redundant whitespace. * Update content_trust.md (#1912) * Update content_trust.md * update deprecation policy Signed-off-by: Victor Vieux <victorvieux@gmail.com> * Update info about how to check whether Docker is running * Updated docs to reflect edge channel Signed-off-by: French Ben <frenchben@docker.com> * Updated wording for SP creation Signed-off-by: French Ben <frenchben@docker.com> * beta to edge, cloud features first draft added cloud images Signed-off-by: Victoria Bialas <victoria.bialas@docker.com> * Distinguish between cloud stack file and stack file * Added EE links Signed-off-by: French Ben <frenchben@docker.com> * Use variables Signed-off-by: French Ben <frenchben@docker.com> * Replace deprecated MAINTAINER with LABEL (#1445) Replace MAINTAINER instruction with LABEL as MAINTAINER was deprecated in https://github.com/docker/docker/pull/25466 * Updates for Docker CE and Docker EE * Updated DDC launch button Signed-off-by: French Ben <frenchben@docker.com> * added Docker Cloud topics for Mac and Windows Signed-off-by: Victoria Bialas <victoria.bialas@docker.com> * d4mac, d4win stable and beta release notes for 17.03.0 Signed-off-by: Victoria Bialas <victoria.bialas@docker.com>
2017-03-02 13:54:49 +00:00
#### Red Hat Enterprise Linux
```bash
cp certs/domain.crt /etc/pki/ca-trust/source/anchors/myregistrydomain.com.crt
update-ca-trust
```
Docker 17.03 release (#2050) * First pass of tabs-based organization * Improvements * Second pass at tabs org * Move tab highlighting to Liquid instead of JS * Adding forwarding links for in-product TOCs * Move to pre-rendered left-navs instead of post-load JS for TOC sync * Optimizations and nosync-ing the Reference section * Optimizations, fix Cloud YAML * Make a "Sample applications" node * Update index.md * Tabs CSS fixes and 12-factor reposition * Theme Start (#1709) * Hooking up nav to real TOC data, formatting fixes * Fixing JS error * Layout updates, dark themes, tons o stuff (#1971) * Add cookie saving for day/night mode * Newsite tabs (#2004) * Layout updates, dark themes, tons o stuff * Update themes Theme updates + scaffolding * Update style.css * Update style-alt.css * Missing font fixes * Import Open Sans from Google * Font fix, archive removal in TOC, favicon, Feedback img fix * Oops, returning -webkit-font-smoothing: antialiased; * Add old favicon.ico * Make archives a non-tiered link * Reorder docs archive to newest-first, add local instructions * Commenting out day/night switch for now * Fix 'rate this page' * Rate this page fixes * Autocomplete and Docker Cloud fixes * Open tree to current page * Adding indentation for nav collapse in * Ensure left nav visibly displays the current topic * Update flex layout - adjust rescale - code block styles * add focus to search - force code block color (for now) - increase section max-width * increase content padding - add padding to toc for wrapping long strings. * grid adjustment - grid - content and wrapper adjustments for mobile * left/right sidebar adjustments - refine position on scroll for toc on landing - add default height to compensate for upcoming position absolute onScroll * side bar overflow - hidden on X-scroll * fix version button - override bstrap defaults * tabs + buttons * update landing svgs * fix sidebar height set to 100% on landing pre-affix * Update blurb about engine/editions on front page * add side menu to mobile collapse menu * update classnames * overall mobile tweaks * Right-nav highlighting and auto-scroll * Slightly slower right-nav highlighting, correct version * add toggle menus for small devices * Fixing JS error/Docker 1.13>17.03 * header updates * re-add fan to header * update transition time * Add first 20 words to Twitter card * fixed width of components - lockdown elements on rescale (wil need more TLC) * set max-width of content * Left and right nav resizing w/footer scroll and window resize * update links on landing page * Fix for overzealous resizing, JS redundancies * Fix for JS error on homepage * JS error fixes * toggle adjustments - wrap toggle button * add tab width * version button type * version button both headers * tabs - fix typo * landing page grid * components * Share images, JS fixes, Marketo removal * Anchor links fix * Fix for black space on mobile * Restore hamburger (partial) * Update run.md Minor grammar cleanup. * Update apparmor.md I'm a little confused about which one is better to be used here, a period (.) or a colon (:), as a command is given below. Or both are OK, and we only have to keep consistency in a single page. * Update apparmor.md Fixed the indentation for the codeblock (indented by 4 spaces). Thank you for your careful review. * Replacing service with secret * Update networking.md fix typo with triple "m" for command word * Update run.md Address PR feedback. * Update install instructions to latest version * Added "related topics" section * Add documentation for mem_swappiness * Update to new Docker version scheme (#1926) * mem_swappiness for current version and v1 * merge other changes, fix typo * There is no OpenSuSE and there never was though we had SuSE and S.u.S.E. * Add release notes for 1.12.6-cs9 (#2028) Signed-off-by: Brian Goff <cpuguy83@gmail.com> * need sudo to access key cache (#1931) * need sudo to access key cache * List other keyservers to try for cs-engine install (#2033) * List other keyservers to try for cs-engine install Sometimes ha.pool.sks-keyservers.net goes down, so let's provide some other keyservers to try in such cases. Signed-off-by: Brian Goff <cpuguy83@gmail.com> * Update work_issue.md (#2030) Change "re-start" to "restart". Though not included in "Prefered usages" in the documentation guide, but I think "restart" is better and used more frequently. Besides, some other docs here, such as "Keep containers alive during daemon downtime" of "Admin Guide", also use "restart". * Update create_pr.md (#2015) * Update work_issue.md (#2013) Change "id" to "ID" except for those in code. * Update set_up_dev.md (#2011) Add periods (.) in some steps. * Update set_up_dev.md (#2010) Apply Oxford Comma as described in the documentation guide. * Update create_pr.md (#2014) Delete an extra space. * Update trust_key_mng.md (#1883) * Update trust_key_mng.md * Update trust_key_mng.md I don‘t know how the whitespace appears, and it seems that it appears because something happened related to its original format (right-aligned pipe characters) and my change. Still unknown. Now I've deleted some redundant whitespace. * Update I don‘t know how the whitespace appears, and it seems that it appears because something happened related to its original format (right-aligned pipe characters) and my change. Still unknown. Now I've deleted some redundant whitespace. * Update content_trust.md (#1912) * Update content_trust.md * update deprecation policy Signed-off-by: Victor Vieux <victorvieux@gmail.com> * Update info about how to check whether Docker is running * Updated docs to reflect edge channel Signed-off-by: French Ben <frenchben@docker.com> * Updated wording for SP creation Signed-off-by: French Ben <frenchben@docker.com> * beta to edge, cloud features first draft added cloud images Signed-off-by: Victoria Bialas <victoria.bialas@docker.com> * Distinguish between cloud stack file and stack file * Added EE links Signed-off-by: French Ben <frenchben@docker.com> * Use variables Signed-off-by: French Ben <frenchben@docker.com> * Replace deprecated MAINTAINER with LABEL (#1445) Replace MAINTAINER instruction with LABEL as MAINTAINER was deprecated in https://github.com/docker/docker/pull/25466 * Updates for Docker CE and Docker EE * Updated DDC launch button Signed-off-by: French Ben <frenchben@docker.com> * added Docker Cloud topics for Mac and Windows Signed-off-by: Victoria Bialas <victoria.bialas@docker.com> * d4mac, d4win stable and beta release notes for 17.03.0 Signed-off-by: Victoria Bialas <victoria.bialas@docker.com>
2017-03-02 13:54:49 +00:00
#### Oracle Linux
```bash
$ update-ca-trust enable
```
2017-06-02 17:00:58 +00:00
Restart Docker for the changes to take effect.
### Windows
Open Windows Explorer, right-click the certificate, and choose
**Install certificate**.
Then, select the following options:
* Store location: local machine
2017-06-02 17:00:58 +00:00
* Check **place all certificates in the following store**
* Click **Browser**, and select **Trusted Root Certificate Authorities**
* Click **Finish**
2017-08-22 23:45:22 +00:00
[Learn more about managing TLS certificates](https://technet.microsoft.com/en-us/library/cc754841(v=ws.11).aspx#BKMK_addlocal).
2019-01-11 18:23:58 +00:00
After adding the CA certificate to Windows, restart Docker Desktop for Windows.