Merge pull request #1758 from SvenDowideit/31may2016-docs-updates

31may2016 docs updates
Merge pull request #1762 from SvenDowideit/more-docs-validation-cleanups
2016-06-01 14:43:55 -07:00 · 2016-06-01 18:27:09 +00:00 · 2016-06-01 17:43:13 +00:00 · 2016-05-31 16:39:01 +00:00 · 2016-05-31 16:37:57 +00:00 · 2016-05-31 16:37:12 +00:00
40 changed files with 240 additions and 204 deletions
--- a/docs/Dockerfile
+++ b/docs/Dockerfile
@ -1,18 +1,9 @@
-FROM docs/base:latest
-MAINTAINER Mary Anthony <mary@docker.com> (@moxiegirl)
-
-RUN svn checkout https://github.com/docker/docker/trunk/docs /docs/content/engine
-RUN svn checkout https://github.com/docker/compose/trunk/docs /docs/content/compose
-RUN svn checkout https://github.com/docker/swarm/trunk/docs /docs/content/swarm
-RUN svn checkout https://github.com/docker/machine/trunk/docs /docs/content/machine
-RUN svn checkout https://github.com/docker/notary/trunk/docs /docs/content/notary
-RUN svn checkout https://github.com/docker/kitematic/trunk/docs /docs/content/kitematic
-RUN svn checkout https://github.com/docker/toolbox/trunk/docs /docs/content/toolbox
-RUN svn checkout https://github.com/docker/opensource/trunk/docs /docs/content/opensource
+FROM docs/base:oss
+MAINTAINER Docker Docs <docs@docker.com>

 ENV PROJECT=registry

 # To get the git info for this repo
 COPY . /src
-
+RUN rm -rf /docs/content/$PROJECT/
 COPY . /docs/content/$PROJECT/
--- a/docs/Makefile
+++ b/docs/Makefile
@ -1,17 +1,4 @@
-.PHONY: all binary build cross default docs docs-build docs-shell shell test test-unit test-integration test-integration-cli test-docker-py validate
-
-# env vars passed through directly to Docker's build scripts
-# to allow things like `make DOCKER_CLIENTONLY=1 binary` easily
-# `docs/sources/contributing/devenvironment.md ` and `project/PACKAGERS.md` have some limited documentation of some of these
-DOCKER_ENVS := \
-	-e BUILDFLAGS \
-	-e DOCKER_CLIENTONLY \
-	-e DOCKER_EXECDRIVER \
-	-e DOCKER_GRAPHDRIVER \
-	-e TESTDIRS \
-	-e TESTFLAGS \
-	-e TIMEOUT
-# note: we _cannot_ add "-e DOCKER_BUILDTAGS" here because even if it's unset in the shell, that would shadow the "ENV DOCKER_BUILDTAGS" set in our Dockerfile, which is very important for our official builds
+.PHONY: all default docs docs-build docs-shell shell test

 # to allow `make DOCSDIR=docs docs-shell` (to create a bind mount in docs)
 DOCS_MOUNT := $(if $(DOCSDIR),-v $(CURDIR)/$(DOCSDIR):/$(DOCSDIR))
@ -25,9 +12,8 @@ HUGO_BASE_URL=$(shell test -z "$(DOCKER_IP)" && echo localhost || echo "$(DOCKER
 HUGO_BIND_IP=0.0.0.0

 GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD 2>/dev/null)
-DOCKER_IMAGE := docker$(if $(GIT_BRANCH),:$(GIT_BRANCH))
-DOCKER_DOCS_IMAGE := docs-base$(if $(GIT_BRANCH),:$(GIT_BRANCH))
-
+GIT_BRANCH_CLEAN := $(shell echo $(GIT_BRANCH) | sed -e "s/[^[:alnum:]]/-/g")
+DOCKER_DOCS_IMAGE := registry-docs$(if $(GIT_BRANCH_CLEAN),:$(GIT_BRANCH_CLEAN))

 DOCKER_RUN_DOCS := docker run --rm -it $(DOCS_MOUNT) -e AWS_S3_BUCKET -e NOCACHE

@ -42,14 +28,11 @@ docs: docs-build
 docs-draft: docs-build
 	$(DOCKER_RUN_DOCS) -p $(if $(DOCSPORT),$(DOCSPORT):)8000 -e DOCKERHOST "$(DOCKER_DOCS_IMAGE)" hugo server --buildDrafts="true" --port=$(DOCSPORT) --baseUrl=$(HUGO_BASE_URL) --bind=$(HUGO_BIND_IP)

-
 docs-shell: docs-build
 	$(DOCKER_RUN_DOCS) -p $(if $(DOCSPORT),$(DOCSPORT):)8000 "$(DOCKER_DOCS_IMAGE)" bash

-
 docs-build:
-#	( git remote | grep -v upstream ) || git diff --name-status upstream/release..upstream/docs ./ > ./changed-files
-#	echo "$(GIT_BRANCH)" > GIT_BRANCH
-#	echo "$(AWS_S3_BUCKET)" > AWS_S3_BUCKET
-#	echo "$(GITCOMMIT)" > GITCOMMIT
 	docker build -t "$(DOCKER_DOCS_IMAGE)" .
+
+test: docs-build
+	$(DOCKER_RUN_DOCS) "$(DOCKER_DOCS_IMAGE)"
--- a/docs/compatibility.md
+++ b/docs/compatibility.md
@ -1,8 +1,11 @@
 <!--[metadata]>
 +++
-title = "registry Compatibility"
+title = "Compatibility"
 description = "describes get by digest pitfall"
 keywords = ["registry, manifest, images, tags, repository, distribution, digest"]
+[menu.main]
+parent="smn_registry_ref"
+weight=9
 +++
 <![end-metadata]-->

@ -15,7 +18,7 @@ will cause the Engine to receive a manifest it cannot use and the pull will fail

 ## Registry Manifest Support

-Historically, the registry has supported a [single manifest type](https://github.com/docker/distribution/blob/master/docs/spec/manifest-v2-1.md)
+Historically, the registry has supported a [single manifest type](./spec/manifest-v2-1.md)
 known as _Schema 1_.

 With the move toward multiple architecture images the distribution project
--- a/docs/configuration.md
+++ b/docs/configuration.md
@ -1667,7 +1667,7 @@ The TCP address to connect to, including a port number.
      username: [username]
      password: [password]

-Proxy enables a registry to be configured as a pull through cache to the official Docker Hub.  See [mirror](mirror.md) for more information. Pushing to a registry configured as a pull through cache is currently unsupported.
+Proxy enables a registry to be configured as a pull through cache to the official Docker Hub.  See [mirror](recipes/mirror.md) for more information. Pushing to a registry configured as a pull through cache is currently unsupported.

 <table>
  <tr>
--- a/docs/deploying.md
+++ b/docs/deploying.md
@ -11,7 +11,7 @@ weight=3

 # Deploying a registry server

-You need to [install Docker version 1.6.0 or newer](https://docs.docker.com/installation/).
+You need to [install Docker version 1.6.0 or newer](/engine/installation/index.md).

 ## Running on localhost

@ -39,7 +39,7 @@ To stop your registry, you would:

 ## Storage

-By default, your registry data is persisted as a [docker volume](https://docs.docker.com/userguide/dockervolumes/) on the host filesystem. Properly understanding volumes is essential if you want to stick with a local filesystem storage.
+By default, your registry data is persisted as a [docker volume](/engine/userguide/containers/dockervolumes.md) on the host filesystem. Properly understanding volumes is essential if you want to stick with a local filesystem storage.

 Specifically, you might want to point your volume location to a specific place in order to more easily access your registry data. To do so you can:

@ -49,7 +49,7 @@ Specifically, you might want to point your volume location to a specific place i

 ### Alternatives

-You should usually consider using [another storage backend](https://github.com/docker/distribution/blob/master/docs/storagedrivers.md) instead of the local filesystem. Use the [storage configuration options](https://github.com/docker/distribution/blob/master/docs/configuration.md#storage) to configure an alternate storage backend.
+You should usually consider using [another storage backend](./storage-drivers/index.md) instead of the local filesystem. Use the [storage configuration options](./configuration.md#storage) to configure an alternate storage backend.

 Using one of these will allow you to more easily scale your registry, and leverage your storage redundancy and availability features. 

@ -180,7 +180,7 @@ Seeing X509 errors is usually a sign you are trying to use self-signed certifica

 ### Alternatives

-1. You may want to leverage more advanced basic auth implementations through a proxy design, in front of the registry. You will find examples of such patterns in the [recipes list](recipes.md).
+1. You may want to leverage more advanced basic auth implementations through a proxy design, in front of the registry. You will find examples of such patterns in the [recipes list](recipes/index.md).

 2. Alternatively, the Registry also supports delegated authentication, redirecting users to a specific, trusted token server. That approach requires significantly more investment, and only makes sense if you want to fully configure ACLs and more control over the Registry integration into your global authorization and authentication systems.

@ -192,7 +192,7 @@ Beware that you will have to implement your own authentication service for this

 As your registry configuration grows more complex, dealing with it can quickly become tedious.

-It's highly recommended to use [Docker Compose](https://docs.docker.com/compose/) to facilitate operating your registry. 
+It's highly recommended to use [Docker Compose](/compose/index.md) to facilitate operating your registry. 

 Here is a simple `docker-compose.yml` example that condenses everything explained so far:

@ -226,7 +226,7 @@ You will find more specific and advanced informations in the following sections:

 - [Configuration reference](configuration.md)
 - [Working with notifications](notifications.md)
- - [Advanced "recipes"](recipes.md)
+ - [Advanced "recipes"](recipes/index.md)
 - [Registry API](spec/api.md)
- - [Storage driver model](storagedrivers.md)
+ - [Storage driver model](storage-drivers/index.md)
 - [Token authentication](spec/auth/token.md)
--- a/docs/garbage-collection.md
+++ b/docs/garbage-collection.md
@ -3,6 +3,9 @@
 title = "Garbage Collection"
 description = "High level discussion of garbage collection"
 keywords = ["registry, garbage, images, tags, repository, distribution"]
+[menu.main]
+parent="smn_registry_ref"
+weight=4
 +++
 <![end-metadata]-->

--- a/docs/help.md
+++ b/docs/help.md
@ -21,4 +21,4 @@ If you want to report a bug:
 - be sure to first read about [how to contribute](https://github.com/docker/distribution/blob/master/CONTRIBUTING.md)
 - you can then do so on the [GitHub project bugtracker](https://github.com/docker/distribution/issues)

-You can also find out more about the Docker's project [Getting Help resources](https://docs.docker.com/opensource/get-help/).
+You can also find out more about the Docker's project [Getting Help resources](/opensource/get-help.md).
--- a/docs/index.md
+++ b/docs/index.md
@ -1,11 +1,12 @@
 <!--[metadata]>
 +++
-title = "Docker Registry"
+title = "Registry Overview"
 description = "High-level overview of the Registry"
 keywords = ["registry, on-prem, images, tags, repository, distribution"]
+aliases = ["/registry/overview/"]
 [menu.main]
-identifier="smn_registry"
-parent="mn_components"
+parent="smn_registry"
+weight=1
 +++
 <![end-metadata]-->

@ -28,7 +29,7 @@ You should use the Registry if you want to:

 Users looking for a zero maintenance, ready-to-go solution are encouraged to head-over to the [Docker Hub](https://hub.docker.com), which provides a free-to-use, hosted Registry, plus additional features (organization accounts, automated builds, and more).

-Users looking for a commercially supported version of the Registry should look into [Docker Trusted Registry](https://docs.docker.com/docker-trusted-registry/).
+Users looking for a commercially supported version of the Registry should look into [Docker Trusted Registry](/docker-trusted-registry/overview.md).

 ## Requirements

--- a/docs/insecure.md
+++ b/docs/insecure.md
@ -3,6 +3,9 @@
 title = "Testing an insecure registry"
 description = "Deploying a Registry in an insecure fashion"
 keywords = ["registry, on-prem, images, tags, repository, distribution, insecure"]
+[menu.main]
+parent="smn_registry_ref"
+weight=5
 +++
 <![end-metadata]-->

@ -60,7 +63,7 @@ This is more secure than the insecure registry solution.  You must configure eve

 2. Be sure to use the name `myregistrydomain.com` as a CN.

-3. Use the result to [start your registry with TLS enabled](https://github.com/docker/distribution/blob/master/docs/deploying.md#get-a-certificate)
+3. Use the result to [start your registry with TLS enabled](./deploying.md#get-a-certificate)

 4. Instruct every docker daemon to trust that certificate.

--- a/docs/introduction.md
+++ b/docs/introduction.md
@ -19,7 +19,7 @@ Users interact with a registry by using docker push and pull commands.

  > Example: `docker pull registry-1.docker.io/distribution/registry:2.1`.

-Storage itself is delegated to drivers. The default storage driver is the local posix filesystem, which is suitable for development or small deployments. Additional cloud-based storage drivers like S3, Microsoft Azure, OpenStack Swift and Aliyun OSS are also supported. People looking into using other storage backends may do so by writing their own driver implementing the [Storage API](storagedrivers.md).
+Storage itself is delegated to drivers. The default storage driver is the local posix filesystem, which is suitable for development or small deployments. Additional cloud-based storage drivers like S3, Microsoft Azure, OpenStack Swift and Aliyun OSS are also supported. People looking into using other storage backends may do so by writing their own driver implementing the [Storage API](storage-drivers/index.md).

 Since securing access to your hosted images is paramount, the Registry natively supports TLS and basic authentication.

@ -34,7 +34,7 @@ Image names as used in typical docker commands reflect their origin:
 * `docker pull ubuntu` instructs docker to pull an image named `ubuntu` from the official Docker Hub. This is simply a shortcut for the longer `docker pull docker.io/library/ubuntu` command
 * `docker pull myregistrydomain:port/foo/bar` instructs docker to contact the registry located at `myregistrydomain:port` to find the image `foo/bar`

-You can find out more about the various Docker commands dealing with images in the [official Docker engine documentation](https://docs.docker.com/reference/commandline/cli/).
+You can find out more about the various Docker commands dealing with images in the [official Docker engine documentation](/engine/reference/commandline/cli.md).

 ## Use cases

--- a/docs/overview.md
+++ b/docs/overview.md
@ -1,10 +1,12 @@
 <!--[metadata]>
 +++
-title = "Registry Overview"
+title = "Docker Registry"
 description = "High-level overview of the Registry"
 keywords = ["registry, on-prem, images, tags, repository, distribution"]
+type = "menu"
 [menu.main]
-parent="smn_registry"
+identifier="smn_registry"
+parent="mn_components"
 +++
 <![end-metadata]-->

@ -17,5 +19,5 @@ The Docker Registry documentation includes the following topics:
 * [Deploying a registry server](deploying.md)
 * [Registry Configuration Reference](configuration.md)
 * [Notifications](notifications.md)
-* [Recipes](recipes.md)
+* [Recipes](recipes/index.md)
 * [Getting help](help.md)
--- a/docs/recipes/apache.md
+++ b/docs/recipes/apache.md
@ -3,6 +3,8 @@
 title = "Authenticating proxy with apache"
 description = "Restricting access to your registry using an apache proxy"
 keywords = ["registry, on-prem, images, tags, repository, distribution, authentication, proxy, apache, httpd, TLS, recipe, advanced"]
+[menu.main]
+parent="smn_recipes"
 +++
 <![end-metadata]-->

@ -16,7 +18,7 @@ Usually, that includes enterprise setups using LDAP/AD on the backend and a SSO

 ### Alternatives

-If you just want authentication for your registry, and are happy maintaining users access separately, you should really consider sticking with the native [basic auth registry feature](deploying.md#native-basic-auth). 
+If you just want authentication for your registry, and are happy maintaining users access separately, you should really consider sticking with the native [basic auth registry feature](../deploying.md#native-basic-auth). 

 ### Solution

@ -34,7 +36,7 @@ Furthermore, introducing an extra http layer in your communication pipeline will

 ## Setting things up

-Read again [the requirements](recipes.md#requirements).
+Read again [the requirements](index.md#requirements).

 Ready?

--- a/docs/recipes/building.md
+++ b/docs/recipes/building.md
@ -3,6 +3,8 @@
 title = "Build instructions"
 description = "Explains how to build & hack on the registry"
 keywords = ["registry, on-prem, images, tags, repository, distribution, build, recipe, advanced"]
+[menu.main]
+parent="smn_recipes"
 +++
 <![end-metadata]-->

--- a/docs/recipes/index.md
+++ b/docs/recipes/index.md
@ -1,11 +1,11 @@
 <!--[metadata]>
 +++
-title = "Recipes"
+title = "Recipes Overview"
 description = "Fun stuff to do with your registry"
 keywords = ["registry, on-prem, images, tags, repository, distribution, recipes, advanced"]
 [menu.main]
-parent="smn_registry"
-weight=7
+parent="smn_recipes"
+weight=-10
 +++
 <![end-metadata]-->

@ -17,7 +17,7 @@ Most users are not expected to have a use for these.

 ## Requirements

-You should have followed entirely the basic [deployment guide](deploying.md).
+You should have followed entirely the basic [deployment guide](../deploying.md).

 If you have not, please take the time to do so.

--- a/docs/recipes/menu.md
+++ b/docs/recipes/menu.md
@ -0,0 +1,22 @@
+<!--[metadata]>
+++
+title = "Recipes"
+description = "Registry Recipes"
+keywords = ["registry, on-prem, images, tags, repository, distribution"]
+type = "menu"
+[menu.main]
+identifier="smn_recipes"
+parent="smn_registry"
+weight=6
+++
+<![end-metadata]-->
+
+# Recipes
+
+## The List
+
+ * [using Apache as an authenticating proxy](apache.md)
+ * [using Nginx as an authenticating proxy](nginx.md)
+ * [running a Registry on OS X](osx-setup-guide.md)
+ * [hacking the registry: build instructions](building.md)
+ * [mirror the Docker Hub](mirror.md)
--- a/docs/recipes/mirror.md
+++ b/docs/recipes/mirror.md
@ -3,6 +3,8 @@
 title = "Mirroring Docker Hub"
 description = "Setting-up a local mirror for Docker Hub images"
 keywords = ["registry, on-prem, images, tags, repository, distribution, mirror, Hub, recipe, advanced"]
+[menu.main]
+parent="smn_recipes"
 +++
 <![end-metadata]-->

--- a/docs/recipes/nginx.md
+++ b/docs/recipes/nginx.md
@ -3,6 +3,8 @@
 title = "Authenticating proxy with nginx"
 description = "Restricting access to your registry using a nginx proxy"
 keywords = ["registry, on-prem, images, tags, repository, distribution, nginx, proxy, authentication, TLS, recipe, advanced"]
+[menu.main]
+parent="smn_recipes"
 +++
 <![end-metadata]-->

@ -17,7 +19,7 @@ Usually, that includes enterprise setups using LDAP/AD on the backend and a SSO

 ### Alternatives

-If you just want authentication for your registry, and are happy maintaining users access separately, you should really consider sticking with the native [basic auth registry feature](deploying.md#native-basic-auth).
+If you just want authentication for your registry, and are happy maintaining users access separately, you should really consider sticking with the native [basic auth registry feature](../deploying.md#native-basic-auth).

 ### Solution

@ -53,7 +55,7 @@ Otherwise nginx will reset the ELB's values, and the requests will not be routed

 ## Setting things up

-Read again [the requirements](recipes.md#requirements).
+Read again [the requirements](index.md#requirements).

 Ready?

@ -182,7 +184,7 @@ Now, start your stack:

 Login with a "push" authorized user (using `testuser` and `testpassword`), then tag and push your first image:

-    docker login -p=testuser -u=testpassword -e=root@example.ch myregistrydomain.com:5043
+    docker login -u=testuser -p=testpassword -e=root@example.ch myregistrydomain.com:5043
    docker tag ubuntu myregistrydomain.com:5043/test
    docker push myregistrydomain.com:5043/test
    docker pull myregistrydomain.com:5043/test
--- a/docs/recipes/osx-setup-guide.md
+++ b/docs/recipes/osx-setup-guide.md
@ -3,6 +3,8 @@
 title = "Running on OS X"
 description = "Explains how to run a registry on OS X"
 keywords = ["registry, on-prem, images, tags, repository, distribution, OS X, recipe, advanced"]
+[menu.main]
+parent="smn_recipes"
 +++
 <![end-metadata]-->

@ -16,7 +18,7 @@ This is useful if you intend to run a registry server natively on OS X.

 You can start a VM on OS X, and deploy your registry normally as a container using Docker inside that VM.

-The simplest road to get there is traditionally to use the [docker Toolbox](https://www.docker.com/toolbox), or [docker-machine](https://docs.docker.com/machine/), which usually relies on the [boot2docker](http://boot2docker.io/) iso inside a VirtualBox VM.
+The simplest road to get there is traditionally to use the [docker Toolbox](https://www.docker.com/toolbox), or [docker-machine](/machine/index.md), which usually relies on the [boot2docker](http://boot2docker.io/) iso inside a VirtualBox VM.

 ### Solution

--- a/docs/recipes/osx/com.docker.registry.plist
+++ b/docs/recipes/osx/com.docker.registry.plist
--- a/docs/recipes/osx/config.yml
+++ b/docs/recipes/osx/config.yml
--- a/docs/spec/api.md
+++ b/docs/spec/api.md
@ -618,26 +618,6 @@ The "digest" parameter must be included with the PUT request. Please see the
 [_Completed Upload_](#completed-upload) section for details on the parameters
 and expected responses.

-Additionally, the upload can be completed with a single `POST` request to
-the uploads endpoint, including the "size" and "digest" parameters:
-
-```
-POST /v2/<name>/blobs/uploads/?digest=<digest>
-Content-Length: <size of layer>
-Content-Type: application/octet-stream
-
-<Layer Binary Data>
-```
-
-On the registry service, this should allocate a download, accept and verify
-the data and return the same  response as the final chunk of an upload. If the
-POST request fails collecting the data in any way, the registry should attempt
-to return an error response to the client with the `Location` header providing
-a place to continue the download.
-
-The single `POST` method is provided for convenience and most clients should
-implement `POST` + `PUT` to support reliable resume of uploads.
-
 ##### Chunked Upload

 To carry out an upload of a chunk, the client can specify a range header and
--- a/docs/spec/api.md.tmpl
+++ b/docs/spec/api.md.tmpl
@ -618,26 +618,6 @@ The "digest" parameter must be included with the PUT request. Please see the
 [_Completed Upload_](#completed-upload) section for details on the parameters
 and expected responses.

-Additionally, the upload can be completed with a single `POST` request to
-the uploads endpoint, including the "size" and "digest" parameters:
-
-```
-POST /v2/<name>/blobs/uploads/?digest=<digest>
-Content-Length: <size of layer>
-Content-Type: application/octet-stream
-
-<Layer Binary Data>
-```
-
-On the registry service, this should allocate a download, accept and verify
-the data and return the same  response as the final chunk of an upload. If the
-POST request fails collecting the data in any way, the registry should attempt
-to return an error response to the client with the `Location` header providing
-a place to continue the download.
-
-The single `POST` method is provided for convenience and most clients should
-implement `POST` + `PUT` to support reliable resume of uploads.
-
 ##### Chunked Upload

 To carry out an upload of a chunk, the client can specify a range header and
--- a/docs/spec/auth/index.md
+++ b/docs/spec/auth/index.md
@ -3,6 +3,9 @@
 title = "Docker Registry Token Authentication"
 description = "Docker Registry v2 authentication schema"
 keywords = ["registry, on-prem, images, tags, repository, distribution, authentication, advanced"]
+[menu.main]
+parent="smn_registry_ref"
+weight=100
 +++
 <![end-metadata]-->

--- a/docs/spec/auth/jwt.md
+++ b/docs/spec/auth/jwt.md
@ -5,6 +5,7 @@ description = "Describe the reference implementation of the Docker Registry v2 a
 keywords = ["registry, on-prem, images, tags, repository, distribution, JWT authentication, advanced"]
 [menu.main]
 parent="smn_registry_ref"
+weight=101
 +++
 <![end-metadata]-->

@ -69,8 +70,17 @@ Token has 3 main parts:

    The header of a JSON Web Token is a standard JOSE header. The "typ" field
    will be "JWT" and it will also contain the "alg" which identifies the
-    signing algorithm used to produce the signature. It will also usually have
-    a "kid" field, the ID of the key which was used to sign the token.
+    signing algorithm used to produce the signature. It also must have a "kid"
+    field, representing the ID of the key which was used to sign the token.
+
+    The "kid" field has to be in a libtrust fingerprint compatible format.
+    Such a format can be generated by following steps:
+
+    1.  Take the DER encoded public key which the JWT token was signed against.
+
+    2.  Create a SHA256 hash out of it and truncate to 240bits.
+
+    3.  Split the result into 12 base32 encoded groups with `:` as delimiter.

    Here is an example JOSE Header for a JSON Web Token (formatted with
    whitespace for readability):
--- a/docs/spec/auth/oauth.md
+++ b/docs/spec/auth/oauth.md
@ -5,6 +5,7 @@ description = "Specifies the Docker Registry v2 authentication"
 keywords = ["registry, on-prem, images, tags, repository, distribution, oauth2, advanced"]
 [menu.main]
 parent="smn_registry_ref"
+weight=102
 +++
 <![end-metadata]-->

@ -170,12 +171,12 @@ grant_type=password&username=johndoe&password=A3ddj3w&service=hub.docker.io&clie
 HTTP/1.1 200 OK
 Content-Type: application/json

-{"refresh_token":"kas9Da81Dfa8","access_token":"eyJhbGciOiJFUzI1NiIsInR5","expires_in":"900","scope":""}
-````
+{"refresh_token":"kas9Da81Dfa8","access_token":"eyJhbGciOiJFUzI1NiIsInR5","expires_in":900,"scope":""}
+```

 #### Example refreshing an Access Token

-````
+```
 POST /token HTTP/1.1
 Host: auth.docker.io
 Content-Type: application/x-www-form-urlencoded
@ -185,6 +186,6 @@ grant_type=refresh_token&refresh_token=kas9Da81Dfa8&service=registry-1.docker.io
 HTTP/1.1 200 OK
 Content-Type: application/json

-{"refresh_token":"kas9Da81Dfa8","access_token":"eyJhbGciOiJFUzI1NiIsInR5":"expires_in":"900","scope":"repository:samalba/my-app:pull,repository:samalba/my-app:push"}
-````
+{"refresh_token":"kas9Da81Dfa8","access_token":"eyJhbGciOiJFUzI1NiIsInR5":"expires_in":900,"scope":"repository:samalba/my-app:pull,repository:samalba/my-app:push"}
+```

--- a/docs/spec/auth/scope.md
+++ b/docs/spec/auth/scope.md
@ -5,6 +5,7 @@ description = "Describes the scope and access fields used for registry authoriza
 keywords = ["registry, on-prem, images, tags, repository, distribution, advanced, access, scope"]
 [menu.main]
 parent="smn_registry_ref"
+weight=103
 +++
 <![end-metadata]-->

@ -56,7 +57,7 @@ it.
 The resource name represent the name which identifies a resource for a resource
 provider. A resource is identified by this name and the provided resource type.
 An example of a resource name would be the name component of an image tag, such
-as "samalba/myapp".
+as "samalba/myapp" or "hostname/samalba/myapp".

 ### Resource Actions

@ -83,16 +84,24 @@ scopes.
 scope                   := resourcescope [ ' ' resourcescope ]*
 resourcescope           := resourcetype  ":" resourcename  ":" action [ ',' action ]*
 resourcetype            := /[a-z]*/
-resourcename            := component [ '/' component ]*
+resourcename            := [ hostname '/' ] component [ '/' component ]*
+hostname                := hostcomponent ['.' hostcomponent]* [':' port-number]
+hostcomponent           := /([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])/
+port-number             := /[0-9]+/
 action                  := /[a-z]*/
 component               := alpha-numeric [ separator alpha-numeric ]*
 alpha-numeric           := /[a-z0-9]+/
 separator               := /[_.]|__|[-]*/
 ```
 Full reference grammar is defined
-(here)[https://godoc.org/github.com/docker/distribution/reference]. Currently
-the scope name grammar is a subset of the reference grammar without support
-for hostnames.
+[here](https://godoc.org/github.com/docker/distribution/reference). Currently
+the scope name grammar is a subset of the reference grammar.
+
+> **NOTE:** that the `resourcename` may contain one `:` due to a possible port
+> number in the hostname component of the `resourcename`, so a naive
+> implementation that interprets the first three `:`-delimited tokens of a
+> `scope` to be the `resourcetype`, `resourcename`, and a list of `action`
+> would be insufficient.

 ## Resource Provider Use

--- a/docs/spec/auth/token.md
+++ b/docs/spec/auth/token.md
@ -5,6 +5,7 @@ description = "Specifies the Docker Registry v2 authentication"
 keywords = ["registry, on-prem, images, tags, repository, distribution, Bearer authentication, advanced"]
 [menu.main]
 parent="smn_registry_ref"
+weight=104
 +++
 <![end-metadata]-->

@ -238,7 +239,7 @@ authenticate to the audience service (within the indicated window of time):
 HTTP/1.1 200 OK
 Content-Type: application/json

-{"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6IlBZWU86VEVXVTpWN0pIOjI2SlY6QVFUWjpMSkMzOlNYVko6WEdIQTozNEYyOjJMQVE6WlJNSzpaN1E2In0.eyJpc3MiOiJhdXRoLmRvY2tlci5jb20iLCJzdWIiOiJqbGhhd24iLCJhdWQiOiJyZWdpc3RyeS5kb2NrZXIuY29tIiwiZXhwIjoxNDE1Mzg3MzE1LCJuYmYiOjE0MTUzODcwMTUsImlhdCI6MTQxNTM4NzAxNSwianRpIjoidFlKQ08xYzZjbnl5N2tBbjBjN3JLUGdiVjFIMWJGd3MiLCJhY2Nlc3MiOlt7InR5cGUiOiJyZXBvc2l0b3J5IiwibmFtZSI6InNhbWFsYmEvbXktYXBwIiwiYWN0aW9ucyI6WyJwdXNoIl19XX0.QhflHPfbd6eVF4lM9bwYpFZIV0PfikbyXuLx959ykRTBpe3CYnzs6YBK8FToVb5R47920PVLrh8zuLzdCr9t3w", "expires_in": "3600","issued_at": "2009-11-10T23:00:00Z"}
+{"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6IlBZWU86VEVXVTpWN0pIOjI2SlY6QVFUWjpMSkMzOlNYVko6WEdIQTozNEYyOjJMQVE6WlJNSzpaN1E2In0.eyJpc3MiOiJhdXRoLmRvY2tlci5jb20iLCJzdWIiOiJqbGhhd24iLCJhdWQiOiJyZWdpc3RyeS5kb2NrZXIuY29tIiwiZXhwIjoxNDE1Mzg3MzE1LCJuYmYiOjE0MTUzODcwMTUsImlhdCI6MTQxNTM4NzAxNSwianRpIjoidFlKQ08xYzZjbnl5N2tBbjBjN3JLUGdiVjFIMWJGd3MiLCJhY2Nlc3MiOlt7InR5cGUiOiJyZXBvc2l0b3J5IiwibmFtZSI6InNhbWFsYmEvbXktYXBwIiwiYWN0aW9ucyI6WyJwdXNoIl19XX0.QhflHPfbd6eVF4lM9bwYpFZIV0PfikbyXuLx959ykRTBpe3CYnzs6YBK8FToVb5R47920PVLrh8zuLzdCr9t3w", "expires_in": 3600,"issued_at": "2009-11-10T23:00:00Z"}
 ```


--- a/docs/spec/index.md
+++ b/docs/spec/index.md
@ -1,18 +1,17 @@
 <!--[metadata]>
 +++
-title = "Reference"
+title = "Reference Overview"
 description = "Explains registry JSON objects"
 keywords = ["registry, service, images, repository,  json"]
 [menu.main]
-identifier="smn_registry_ref"
-parent="smn_registry"
-weight=7
+parent="smn_registry_ref"
+weight=-1
 +++
 <![end-metadata]-->

 # Docker Registry Reference

 * [HTTP API V2](api.md)
-* [Storage Driver](../storagedrivers.md)
+* [Storage Driver](../storage-drivers/index.md)
 * [Token Authentication Specification](auth/token.md)
 * [Token Authentication Implementation](auth/jwt.md)
--- a/docs/spec/manifest-v2-2.md
+++ b/docs/spec/manifest-v2-2.md
@ -76,7 +76,7 @@ image manifest based on the Content-Type returned in the HTTP response.
    - **`digest`** *string*

        The digest of the content, as defined by the
-        [Registry V2 HTTP API Specificiation](https://docs.docker.com/registry/spec/api/#digest-parameter).
+        [Registry V2 HTTP API Specificiation](api.md#digest-parameter).

    - **`platform`** *object*

@ -191,7 +191,7 @@ image. It's the direct replacement for the schema-1 manifest.
    - **`digest`** *string*

        The digest of the content, as defined by the
-        [Registry V2 HTTP API Specificiation](https://docs.docker.com/registry/spec/api/#digest-parameter).
+        [Registry V2 HTTP API Specificiation](api.md#digest-parameter).

 - **`layers`** *array*

@ -214,7 +214,7 @@ image. It's the direct replacement for the schema-1 manifest.
    - **`digest`** *string*

        The digest of the content, as defined by the
-        [Registry V2 HTTP API Specificiation](https://docs.docker.com/registry/spec/api/#digest-parameter).
+        [Registry V2 HTTP API Specificiation](api.md#digest-parameter).

 ## Example Image Manifest

--- a/docs/spec/menu.md
+++ b/docs/spec/menu.md
@ -0,0 +1,13 @@
+<!--[metadata]>
+++
+title = "Reference"
+description = "Explains registry JSON objects"
+keywords = ["registry, service, images, repository,  json"]
+type = "menu"
+[menu.main]
+identifier="smn_registry_ref"
+parent="smn_registry"
+weight=7
+++
+<![end-metadata]-->
+
--- a/docs/storage-drivers/azure.md
+++ b/docs/storage-drivers/azure.md
@ -3,6 +3,8 @@
 title = "Microsoft Azure storage driver"
 description = "Explains how to use the Azure storage drivers"
 keywords = ["registry, service, driver, images, storage,  azure"]
+[menu.main]
+parent = "smn_storagedrivers"
 +++
 <![end-metadata]-->

--- a/docs/storage-drivers/filesystem.md
+++ b/docs/storage-drivers/filesystem.md
@ -3,6 +3,8 @@
 title = "Filesystem storage driver"
 description = "Explains how to use the filesystem storage drivers"
 keywords = ["registry, service, driver, images, storage,  filesystem"]
+[menu.main]
+parent="smn_storagedrivers"
 +++
 <![end-metadata]-->

--- a/docs/storage-drivers/gcs.md
+++ b/docs/storage-drivers/gcs.md
@ -3,6 +3,8 @@
 title = "GCS storage driver"
 description = "Explains how to use the Google Cloud Storage drivers"
 keywords = ["registry, service, driver, images, storage,  gcs, google, cloud"]
+[menu.main]
+parent="smn_storagedrivers"
 +++
 <![end-metadata]-->

--- a/docs/storage-drivers/index.md
+++ b/docs/storage-drivers/index.md
@ -1,7 +1,66 @@
 <!--[metadata]>
 +++
-draft=true
-title = "List of storage drivers"
-description = "Placeholder for redesign"
+title = "Storage Driver overview"
+description = "Explains how to use storage drivers"
+keywords = ["registry, on-prem, images, tags, repository, distribution, storage drivers, advanced"]
+aliases = ["/registry/storagedrivers/"]
+[menu.main]
+parent="smn_storagedrivers"
+identifier="storage_index"
+weight=-1
 +++
 <![end-metadata]-->
+
+
+# Docker Registry Storage Driver
+
+This document describes the registry storage driver model, implementation, and explains how to contribute new storage drivers.
+
+## Provided Drivers
+
+This storage driver package comes bundled with several drivers:
+
+- [inmemory](inmemory.md): A temporary storage driver using a local inmemory map. This exists solely for reference and testing.
+- [filesystem](filesystem.md): A local storage driver configured to use a directory tree in the local filesystem.
+- [s3](s3.md): A driver storing objects in an Amazon Simple Storage Solution (S3) bucket.
+- [azure](azure.md): A driver storing objects in [Microsoft Azure Blob Storage](http://azure.microsoft.com/en-us/services/storage/).
+- [swift](swift.md): A driver storing objects in [Openstack Swift](http://docs.openstack.org/developer/swift/).
+- [oss](oss.md): A driver storing objects in [Aliyun OSS](http://www.aliyun.com/product/oss).
+- [gcs](gcs.md): A driver storing objects in a [Google Cloud Storage](https://cloud.google.com/storage/) bucket.
+
+## Storage Driver API
+
+The storage driver API is designed to model a filesystem-like key/value storage in a manner abstract enough to support a range of drivers from the local filesystem to Amazon S3 or other distributed object storage systems.
+
+Storage drivers are required to implement the `storagedriver.StorageDriver` interface provided in `storagedriver.go`, which includes methods for reading, writing, and deleting content, as well as listing child objects of a specified prefix key.
+
+Storage drivers are intended to be written in Go, providing compile-time
+validation of the `storagedriver.StorageDriver` interface.
+
+## Driver Selection and Configuration
+
+The preferred method of selecting a storage driver is using the `StorageDriverFactory` interface in the `storagedriver/factory` package. These factories provide a common interface for constructing storage drivers with a parameters map. The factory model is based off of the [Register](http://golang.org/pkg/database/sql/#Register) and [Open](http://golang.org/pkg/database/sql/#Open) methods in the builtin [database/sql](http://golang.org/pkg/database/sql) package.
+
+Storage driver factories may be registered by name using the
+`factory.Register` method, and then later invoked by calling `factory.Create`
+with a driver name and parameters map. If no such storage driver can be found,
+`factory.Create` will return an `InvalidStorageDriverError`.
+
+## Driver Contribution
+
+### Writing new storage drivers
+
+To create a valid storage driver, one must implement the
+`storagedriver.StorageDriver` interface and make sure to expose this driver
+via the factory system.
+
+#### Registering
+
+Storage drivers should call `factory.Register` with their driver name in an `init` method, allowing callers of `factory.New` to construct instances of this driver without requiring modification of imports throughout the codebase.
+
+## Testing
+
+Storage driver test suites are provided in
+`storagedriver/testsuites/testsuites.go` and may be used for any storage
+driver written in Go. Tests can be registered using the `RegisterSuite`
+function, which run the same set of tests for any registered drivers.
--- a/docs/storage-drivers/inmemory.md
+++ b/docs/storage-drivers/inmemory.md
@ -3,6 +3,8 @@
 title = "In-memory storage driver"
 description = "Explains how to use the in-memory storage drivers"
 keywords = ["registry, service, driver, images, storage,  in-memory"]
+[menu.main]
+parent="smn_storagedrivers"
 +++
 <![end-metadata]-->

--- a/docs/storage-drivers/menu.md
+++ b/docs/storage-drivers/menu.md
@ -0,0 +1,13 @@
+<!--[metadata]>
+++
+title = "Storage Drivers"
+description = "Storage Drivers"
+keywords = ["registry, on-prem, images, tags, repository, distribution"]
+type = "menu"
+[menu.main]
+identifier="smn_storagedrivers"
+parent="smn_registry"
+weight=7
+++
+<![end-metadata]-->
+
--- a/docs/storage-drivers/oss.md
+++ b/docs/storage-drivers/oss.md
@ -3,6 +3,8 @@
 title = "Aliyun OSS storage driver"
 description = "Explains how to use the Aliyun OSS storage driver"
 keywords = ["registry, service, driver, images, storage, OSS, aliyun"]
+[menu.main]
+parent="smn_storagedrivers"
 +++
 <![end-metadata]-->

--- a/docs/storage-drivers/s3.md
+++ b/docs/storage-drivers/s3.md
@ -3,6 +3,8 @@
 title = "S3 storage driver"
 description = "Explains how to use the S3 storage drivers"
 keywords = ["registry, service, driver, images, storage,  S3"]
+[menu.main]
+parent="smn_storagedrivers"
 +++
 <![end-metadata]-->

@ -198,7 +200,7 @@ The following IAM permissions are required by the registry for push and pull.  S
        "Action": [
          "s3:ListBucket",
          "s3:GetBucketLocation",
-          "s3:ListBucketMultipartUploads",
+          "s3:ListBucketMultipartUploads"
        ],
        "Resource": "arn:aws:s3:::mybucket"
      },
--- a/docs/storage-drivers/swift.md
+++ b/docs/storage-drivers/swift.md
@ -3,6 +3,8 @@
 title = "Swift storage driver"
 description = "Explains how to use the OpenStack swift storage driver"
 keywords = ["registry, service, driver, images, storage,  swift"]
+[menu.main]
+parent="smn_storagedrivers"
 +++
 <![end-metadata]-->

--- a/docs/storagedrivers.md
+++ b/docs/storagedrivers.md
@ -1,64 +0,0 @@
-<!--[metadata]>
-+++
-title = "Storage Drivers"
-description = "Explains how to use storage drivers"
-keywords = ["registry, on-prem, images, tags, repository, distribution, storage drivers, advanced"]
-aliases = ["/registry/storage-drivers/"]
-[menu.main]
-parent="smn_registry_ref"
-+++
-<![end-metadata]-->
-
-
-# Docker Registry Storage Driver
-
-This document describes the registry storage driver model, implementation, and explains how to contribute new storage drivers.
-
-## Provided Drivers
-
-This storage driver package comes bundled with several drivers:
-
- [inmemory](storage-drivers/inmemory.md): A temporary storage driver using a local inmemory map. This exists solely for reference and testing.
- [filesystem](storage-drivers/filesystem.md): A local storage driver configured to use a directory tree in the local filesystem.
- [s3](storage-drivers/s3.md): A driver storing objects in an Amazon Simple Storage Solution (S3) bucket.
- [azure](storage-drivers/azure.md): A driver storing objects in [Microsoft Azure Blob Storage](http://azure.microsoft.com/en-us/services/storage/).
- [swift](storage-drivers/swift.md): A driver storing objects in [Openstack Swift](http://docs.openstack.org/developer/swift/).
- [oss](storage-drivers/oss.md): A driver storing objects in [Aliyun OSS](http://www.aliyun.com/product/oss).
- [gcs](storage-drivers/gcs.md): A driver storing objects in a [Google Cloud Storage](https://cloud.google.com/storage/) bucket.
-
-## Storage Driver API
-
-The storage driver API is designed to model a filesystem-like key/value storage in a manner abstract enough to support a range of drivers from the local filesystem to Amazon S3 or other distributed object storage systems.
-
-Storage drivers are required to implement the `storagedriver.StorageDriver` interface provided in `storagedriver.go`, which includes methods for reading, writing, and deleting content, as well as listing child objects of a specified prefix key.
-
-Storage drivers are intended to be written in Go, providing compile-time
-validation of the `storagedriver.StorageDriver` interface.
-
-## Driver Selection and Configuration
-
-The preferred method of selecting a storage driver is using the `StorageDriverFactory` interface in the `storagedriver/factory` package. These factories provide a common interface for constructing storage drivers with a parameters map. The factory model is based off of the [Register](http://golang.org/pkg/database/sql/#Register) and [Open](http://golang.org/pkg/database/sql/#Open) methods in the builtin [database/sql](http://golang.org/pkg/database/sql) package.
-
-Storage driver factories may be registered by name using the
-`factory.Register` method, and then later invoked by calling `factory.Create`
-with a driver name and parameters map. If no such storage driver can be found,
-`factory.Create` will return an `InvalidStorageDriverError`.
-
-## Driver Contribution
-
-### Writing new storage drivers
-
-To create a valid storage driver, one must implement the
-`storagedriver.StorageDriver` interface and make sure to expose this driver
-via the factory system.
-
-#### Registering
-
-Storage drivers should call `factory.Register` with their driver name in an `init` method, allowing callers of `factory.New` to construct instances of this driver without requiring modification of imports throughout the codebase.
-
-## Testing
-
-Storage driver test suites are provided in
-`storagedriver/testsuites/testsuites.go` and may be used for any storage
-driver written in Go. Tests can be registered using the `RegisterSuite`
-function, which run the same set of tests for any registered drivers.
Author	SHA1	Message	Date
Sven Dowideit	cb0806cdda	Merge pull request #1758 from SvenDowideit/31may2016-docs-updates 31may2016 docs updates	2016-06-01 14:43:55 -07:00
Sven Dowideit	bcf5b1befe	Merge pull request #1762 from SvenDowideit/more-docs-validation-cleanups Next load of docs validation fixes (cherry picked from commit `bb330cd684`) Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>	2016-06-01 18:27:09 +00:00
Sven Dowideit	f0b9dc30be	Merge pull request #1759 from SvenDowideit/fix-new-doc-metadata Add topics to the menu (cherry picked from commit `e66f9c1440`) Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au> Conflicts: docs/deprecated.md	2016-06-01 17:43:13 +00:00
Sven Dowideit	408c4684fa	Merge pull request #1735 from SvenDowideit/move-menu-page Make the index.html files the visible overview menu entry (cherry picked from commit `1b9ab303a4`) Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>	2016-05-31 16:39:01 +00:00
Richard Scothern	804ad4f001	Merge pull request #1748 from dmcgowan/fix-expires-in-documentation Update auth documentation examples to show "expires in" as int (cherry picked from commit `7f5c6dd882`) Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>	2016-05-31 16:37:57 +00:00
Richard Scothern	61e91a181e	Merge pull request #1741 from leonhartX/master fix broken markdown (cherry picked from commit `b9d6c7c9fb`) Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>	2016-05-31 16:37:12 +00:00
Sven Dowideit	4f20717da9	Merge pull request #1722 from SvenDowideit/cherry-pick-fixes Cherry pick fixes	2016-05-18 09:35:53 +10:00
Derek McGowan	be3289bfe1	Merge pull request #1721 from cyli/change-auth-scope-grammar Hostnames can be optionally supported by the auth spec scope grammar (cherry picked from commit `4a915d6efd`) Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>	2016-05-17 23:35:01 +00:00
Richard Scothern	354d7351ff	Merge pull request #1702 from RichardScothern/api.md Remove the unimplemented monolithic upload section from the API (cherry picked from commit `050a30eac0`) Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>	2016-05-12 02:03:59 +00:00
Olivier Gambier	d15375897b	Merge pull request #1663 from moxiegirl/fix-flags Fixing nginx flag issue identified by customer (cherry picked from commit `4ecea4b311`) Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>	2016-05-12 02:03:35 +00:00
Sven Dowideit	901abf95d5	Merge pull request #1680 from SvenDowideit/use-docs-base-oss convert docs Dockerfiles to use docs/base:oss (cherry picked from commit `b7088d29c6`) Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>	2016-05-12 02:01:07 +00:00
Richard Scothern	338d3ad6b6	Merge pull request #1644 from fh1ch/clarify-kid-format Clarify kid format for JWT token auth in docs (cherry picked from commit `47d14555c0`) Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>	2016-05-12 01:58:19 +00:00
Richard Scothern	e70eed2090	Merge pull request #1641 from RichardScothern/ifollowtherules Correction for JSON example. (cherry picked from commit `9d491698cc`) Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>	2016-05-12 01:55:55 +00:00