Revert "Revert "Merge branch 'master' of github.com:docker/docs-private into test-branch-2""
This reverts commit 88038ffd3a
.
This commit is contained in:
parent
88038ffd3a
commit
f04f6208b9
@ -322,15 +322,15 @@ $ docker service create \
|
|||||||
--secret domain.key \
|
--secret domain.key \
|
||||||
--constraint 'node.labels.registry==true' \
|
--constraint 'node.labels.registry==true' \
|
||||||
--mount type=bind,src=/mnt/registry,dst=/var/lib/registry \
|
--mount type=bind,src=/mnt/registry,dst=/var/lib/registry \
|
||||||
-e REGISTRY_HTTP_ADDR=0.0.0.0:80 \
|
-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
|
||||||
-e REGISTRY_HTTP_TLS_CERTIFICATE=/run/secrets/domain.crt \
|
-e REGISTRY_HTTP_TLS_CERTIFICATE=/run/secrets/domain.crt \
|
||||||
-e REGISTRY_HTTP_TLS_KEY=/run/secrets/domain.key \
|
-e REGISTRY_HTTP_TLS_KEY=/run/secrets/domain.key \
|
||||||
--publish published=80,target=80 \
|
--publish published=443,target=443 \
|
||||||
--replicas 1 \
|
--replicas 1 \
|
||||||
registry:2
|
registry:2
|
||||||
```
|
```
|
||||||
|
|
||||||
You can access the service on port 80 of any swarm node. Docker sends the
|
You can access the service on port 443 of any swarm node. Docker sends the
|
||||||
requests to the node which is running the service.
|
requests to the node which is running the service.
|
||||||
|
|
||||||
## Load balancing considerations
|
## Load balancing considerations
|
||||||
@ -458,8 +458,8 @@ secrets.
|
|||||||
You may want to leverage more advanced basic auth implementations by using a
|
You may want to leverage more advanced basic auth implementations by using a
|
||||||
proxy in front of the registry. See the [recipes list](recipes/index.md).
|
proxy in front of the registry. See the [recipes list](recipes/index.md).
|
||||||
|
|
||||||
The registry also supports delegated authentiation, which redirects users to a
|
The registry also supports delegated authentication which redirects users to a
|
||||||
specific, trusted token server. This approach is more complicated to set up, and
|
specific trusted token server. This approach is more complicated to set up, and
|
||||||
only makes sense if you need to fully configure ACLs and need more control over
|
only makes sense if you need to fully configure ACLs and need more control over
|
||||||
the registry's integration into your global authorization and authentication
|
the registry's integration into your global authorization and authentication
|
||||||
systems. Refer to the following [background information](spec/auth/token.md) and
|
systems. Refer to the following [background information](spec/auth/token.md) and
|
||||||
|
Loading…
Reference in New Issue
Block a user