nginx.md: Add note about potential security isues

I thought about this while setting this up, and then found this guide (I was setting it up without the guide first.)

The potential security implications are important, so I think we should mention them here on this web page. (We could even go further by outright _warning_ people about this, but perhaps letting people know about it so they can make an informed decision is a better way to go. This can be perfectly fine for certain intranet scenarios.)
This commit is contained in:
Per Lundberg 2018-06-20 16:28:10 +03:00 committed by GitHub
parent ff7866442a
commit 8112d01b9b

View File

@ -38,6 +38,12 @@ you want through the secondary authentication mechanism implemented inside your
proxy, it also requires that you move TLS termination from the Registry to the
proxy itself.
> Another important thing to note is that by binding your registry to
> `localhost:5000` without authentication, you open up a potential loophole in
> your Docker Registry security - anyone who can log on to the server where your
> Docker Registry is running can push images to your registry, without
> authentication. This could have potentially devastating effects.
Furthermore, introducing an extra http layer in your communication pipeline
makes it more complex to deploy, maintain, and debug. Make sure the extra
complexity is required.