diff --git a/docs/deploying.md b/docs/deploying.md index 163f74ef..4f68661d 100644 --- a/docs/deploying.md +++ b/docs/deploying.md @@ -147,7 +147,9 @@ Except for registries running on secure local networks, registries should always The simplest way to achieve access restriction is through basic authentication (this is very similar to other web servers' basic authentication mechanism). -> **Warning**: You **cannot** use authentication with an insecure registry. You have to [configure TLS first](deploying.md#running-a-domain-registry) for this to work. +> **Warning**: +> You **cannot** use authentication with an insecure registry. You have to [configure TLS first](deploying.md#running-a-domain-registry) for this to work. +{:.warning} First create a password file with one entry for the user "testuser", with password "testpassword": @@ -212,7 +214,9 @@ registry: - /path/auth:/auth ``` -> **Warning**: replace `/path` by whatever directory that holds your `certs` and `auth` folder from above. +> **Warning**: +> replace `/path` by whatever directory that holds your `certs` and `auth` folder from above. +{:.warning} You can then start your registry with a simple @@ -227,4 +231,4 @@ You will find more specific and advanced information in the following sections: - [Advanced "recipes"](recipes/index.md) - [Registry API](spec/api.md) - [Storage driver model](storage-drivers/index.md) - - [Token authentication](spec/auth/token.md) \ No newline at end of file + - [Token authentication](spec/auth/token.md) diff --git a/docs/insecure.md b/docs/insecure.md index 2f8e19a6..e629d4b5 100644 --- a/docs/insecure.md +++ b/docs/insecure.md @@ -13,7 +13,9 @@ configuration. ## Deploying a plain HTTP registry -> **Warning**: it's not possible to use an insecure registry with basic authentication. +> **Warning**: +> it's not possible to use an insecure registry with basic authentication. +{:.warning} This basically tells Docker to entirely disregard security for your registry. While this is relatively easy to configure the daemon in this way, it is @@ -44,7 +46,9 @@ environment. ## Using self-signed certificates -> **Warning**: using this along with basic authentication requires to **also** trust the certificate into the OS cert store for some versions of docker (see below) +> **Warning**: +> using this along with basic authentication requires to **also** trust the certificate into the OS cert store for some versions of docker (see below) +{:.warning} This is more secure than the insecure registry solution. You must configure every docker daemon that wants to access your registry