Merge pull request #853 from dmp42/4.docs-2.1

Additional fixes
2015-08-11 14:32:57 -07:00 · 2015-08-11 14:32:57 -07:00 · 7b0d831e6d
commit 7b0d831e6d
parent c78bfc5c59 c198f8f279
4 changed files with 41 additions and 39 deletions
--- a/docs/configuration.md
+++ b/docs/configuration.md
@ -49,7 +49,7 @@ Typically, create a new configuration file from scratch, and call it `config.yml
      -v `pwd`/config.yml:/etc/docker/registry/config.yml \
      registry:2

-You can (and probably should) use [this a starting point](https://github.com/docker/distribution/blob/master/cmd/registry/config-example.yml).
+You can (and probably should) use [this as a starting point](https://github.com/docker/distribution/blob/master/cmd/registry/config-example.yml).

 ## List of configuration options

--- a/docs/deploying.md
+++ b/docs/deploying.md
@ -78,6 +78,12 @@ You should now be able to access your registry from another docker host:
    docker push myregistrydomain.com:5000/ubuntu
    docker pull myregistrydomain.com:5000/ubuntu

+#### Gotcha
+
+A certificate issuer may supply you with an *intermediate* certificate. In this case, you must combine your certificate with the intermediate's to form a *certificate bundle*. You can do this using the `cat` command: 
+
+    cat server.crt intermediate-certificates.pem > certs/domain.crt
+
 ### Alternatives

 While rarely advisable, you may want to use self-signed certificates instead, or use your registry in an insecure fashion. You will find instructions [here](insecure.md).
@ -90,7 +96,7 @@ Except for registries running on secure local networks, registries should always

 The simplest way to achieve access restriction is through basic authentication (this is very similar to other web servers' basic authentication mechanism).

-> :warning: You **cannot** use authentication with an insecure registry. You have to [configure TLS first](#running-a-domain-registry) for this to work.
+:warning: You **cannot** use authentication with an insecure registry. You have to [configure TLS first](#running-a-domain-registry) for this to work.

 First create a password file with one entry for the user "testuser", with password "testpassword":

--- a/docs/insecure.md
+++ b/docs/insecure.md
@ -38,11 +38,9 @@ This basically tells Docker to entirely disregard security for your registry.

 Generate your own certificate:

-```
    mkdir -p certs && openssl req \
      -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
      -x509 -days 365 -out certs/domain.crt
-```

 Be sure to use the name `myregistrydomain.com` as a CN.

--- a/docs/nginx.md
+++ b/docs/nginx.md
@ -130,16 +130,14 @@ That's certainly because you are using a self-signed certificate, despite the wa
 If you really insist on using these, you have to trust it at the OS level.

 Usually, on Ubuntu this is done with:
-```
+
    cp auth/domain.crt /usr/local/share/ca-certificates/myregistrydomain.com.crt
    update-ca-certificates
-```

 ... and on RedHat with:
-```
+
    cp auth/domain.crt /etc/pki/ca-trust/source/anchors/myregistrydomain.com.crt
    update-ca-trust
-```

 Now: