4ecb17cc4c
This adds a configuration setting `HTTP.TLS.LetsEncrypt.Hosts` which can be set to a list of hosts that the registry will whitelist for retrieving certificates from Let's Encrypt. HTTPS connections with SNI hostnames that are not whitelisted will be closed with an "unknown host" error. It is required to avoid lots of unsuccessful registrations attempts that are triggered by malicious clients connecting with bogus SNI hostnames. NOTE: Due to a bug in the deprecated vendored rsc.io/letsencrypt library clearing the host list requires deleting or editing of the cachefile to reset the hosts list to null. Signed-off-by: Felix Buenemann <felix.buenemann@gmail.com> |
||
|---|---|---|
| .. | ||
| spec | ||
| architecture.md | ||
| configuration.md | ||
| README.md | ||
The docs have been moved!
The documentation for Registry has been merged into the general documentation repo. Commit history has been preserved.
The docs for Registry are now here: https://github.com/docker/docker.github.io/tree/master/registry
Note: The definitive ./spec directory directory and configuration.md file will be maintained in this repository and be refreshed periodically in the general documentation repo.
As always, the docs in the general repo remain open-source and we appreciate your feedback and pull requests!