Commit Graph

125 Commits

Author SHA1 Message Date
Felix Bünemann
4ecb17cc4c registry: support whitelisting letsencrypt hosts
This adds a configuration setting `HTTP.TLS.LetsEncrypt.Hosts` which can
be set to a list of hosts that the registry will whitelist for retrieving
certificates from Let's Encrypt. HTTPS connections with SNI hostnames
that are not whitelisted will be closed with an "unknown host" error.
It is required to avoid lots of unsuccessful registrations attempts that
are triggered by malicious clients connecting with bogus SNI hostnames.

NOTE: Due to a bug in the deprecated vendored rsc.io/letsencrypt library
clearing the host list requires deleting or editing of the cachefile to
reset the hosts list to null.

Signed-off-by: Felix Buenemann <felix.buenemann@gmail.com>
2018-02-01 21:16:58 +01:00
tifayuki
e8ecc6dc55 add s3 region filters for cloudfront
Signed-off-by: tifayuki <tifayuki@gmail.com>
2017-12-01 15:58:58 -08:00
Derek McGowan
ce936a8591 Merge pull request #2262 from m-masataka/add_description_of_timeout
DOC:configuration.md: Change description of interval.
2017-05-05 11:45:43 -07:00
Masataka Mizukoshi
7d8dab5fdc DOC:configuration.md: Change description of interval.
Signed-off-by: Masataka Mizukoshi <m.mizukoshi.wakuwaku@gmail.com>
2017-05-04 19:14:29 +00:00
Luis Lobo Borobia
212f47c318
Fixed #htpasswd link
Fixed #htpasswd link

Signed-off-by: Luis Lobo Borobia <luislobo@gmail.com>
2017-05-03 23:19:44 -05:00
Masataka Mizukoshi
05ac637aec DOC:configuration.md: Change description of interval.
Signed-off-by: Masataka Mizukoshi <m.mizukoshi.wakuwaku@gmail.com>
2017-05-01 09:28:32 +00:00
Misty Stanley-Jones
6ee03f5da7 Improve formatting of configuration.md
Signed-off-by: Misty Stanley-Jones <misty@docker.com>
2016-12-29 11:32:31 -08:00
Joao Fernandes
a24f2a6d78 Format configuration.md with code fences to avoid render issues
Signed-off-by: Joao Fernandes <joao.fernandes@docker.com>
2016-12-15 14:35:24 -08:00
Antonio Murdaca
0fb25dd094
registry/handles/app: always append default urls regexps
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-05 20:28:51 +01:00
Richard Scothern
09b2d06d5d Fix storage driver links
Signed-off-by: Richard Scothern <richard.scothern@docker.com>
2016-11-10 14:28:28 -08:00
Misty Stanley-Jones
f180e9a934 Convert Markdown frontmatter to YAML
Some frontmatter such as the weights, menu stuff, etc is no longer used
'draft=true' becomes 'published: false'

Signed-off-by: Misty Stanley-Jones <misty@docker.com>
2016-10-14 15:59:19 -07:00
Richard Scothern
cfad4321c1 Merge pull request #1957 from nwt/notification-filtering
Add notification filtering by target media type
2016-09-19 10:41:03 -07:00
Noah Treuhaft
ad6bb66faf Add notification filtering by target media type
The Hub registry generates a large volume of notifications, many of
which are uninteresting based on target media type.  Discarding them
within the notification endpoint consumes considerable resources that
could be saved by discarding them within the registry.  To that end,
this change adds registry configuration options to restrict the
notifications sent to an endpoint based on target media type.

Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
2016-09-16 12:01:03 -07:00
Noah Treuhaft
4034ff65f0 Add configuration option to disable access logging
Access logging is great.  Access logging you can turn off is even
better.  This change adds a configuration option for that.

Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
2016-09-14 14:33:30 -07:00
Derek McGowan
279c02a3ce
Add note about required let's encrypt port
Let's Encrypt uses tls-sni to validate the certificate
on the standard https port 443. If the registry is
outwardly listening on a different port Let's Encrypt
will not issue a certificate.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-09-01 15:11:44 -07:00
Richard Scothern
010e063270 Merge pull request #1906 from nwt/s3-multipart-copy
Use multipart upload API in S3 Move method
2016-08-17 15:22:32 -07:00
Noah Treuhaft
63468ef4a8 Use multipart upload API in S3 Move method
This change to the S3 Move method uses S3's multipart upload API to copy
objects whose size exceeds a threshold.  Parts are copied concurrently.
The level of concurrency, part size, and threshold are all configurable
with reasonable defaults.

Using the multipart upload API has two benefits.

* The S3 Move method can now handle objects over 5 GB, fixing #886.

* Moving most objects, and espectially large ones, is faster.  For
  example, moving a 1 GB object averaged 30 seconds but now averages 10.

Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
2016-08-16 10:53:24 -07:00
Adam Duke
ac009c86f1 Allow registry clients to connect via http2
Http2 will be enabled by default and can be disabled with a configuration option.

Signed-off-by: Adam Duke <adam.v.duke@gmail.com>
2016-08-13 22:07:42 -04:00
Noah Treuhaft
61e5803b56 Add control over validation of URLs in pushed manifests
Until we have some experience hosting foreign layer manifests, the Hub
operators wish to limit foreign layers on Hub. To that end, this change
adds registry configuration options to restrict the URLs that may appear
in pushed manifests.

Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
2016-07-19 14:38:42 -07:00
Richard Scothern
015df6cdea Add documentation for let's encrypt
Signed-off-by: Richard Scothern <richard.scothern@docker.com>
2016-06-13 11:45:18 -07:00
allencloud
db90724ab0 fix typos
Signed-off-by: allencloud <allen.sun@daocloud.io>
2016-06-02 23:03:27 +08:00
Sven Dowideit
1b9ab303a4 Merge pull request #1735 from SvenDowideit/move-menu-page
Make the index.html files the visible overview menu entry
2016-05-31 09:32:53 -07:00
Sven Dowideit
3069a04b8c Make the index.html files the visible overview menu entry
And move menu entry definition into a page that the user has no reason to navigate to

Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>
2016-05-28 01:02:40 +00:00
Richard Scothern
0c15ab6952 Remove signature store from registry. Return a generated signature for manifest
pull.

Signed-off-by: Richard Scothern <richard.scothern@docker.com>
2016-05-27 13:19:26 -07:00
Richard Scothern
c047d34b22 Merge pull request #1695 from tonyhb/add-regulator-to-filesystem
Add regulator to filesystem
2016-05-04 10:05:51 -07:00
Tony Holdstock-Brown
d0352a7448 Add documentation
Signed-off-by: Tony Holdstock-Brown <tony@docker.com>
2016-05-03 09:33:25 -07:00
Andrew Hsu
fe9509f8f3 added config doc for redirect middleware
Signed-off-by: Andrew Hsu <andrewhsu@acm.org> (github: andrewhsu)
2016-04-25 11:52:39 -07:00
Mary Anthony
6018bdf58a Updating example
Signed-off-by: Mary Anthony <mary@docker.com>
2016-03-29 09:53:13 -07:00
Mary Anthony
188206eede Fixes and closes #925
Seconds to minutes as per code
Correction per Derek
Clarifying failure case

Signed-off-by: Mary Anthony <mary@docker.com>

Clarifying failure case

Signed-off-by: Mary Anthony <mary@docker.com>
2016-03-29 06:17:29 -07:00
Sebastiaan van Stijn
a92c93d770 Fix broken links in configuration
HTML links are not converted by HUGO, so will work
on GitHub, but not in the online documentation.

Converted the HTML table (and links) to Markdown
to fix broken links.

Also added a header for the table, because none
was present.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2016-03-24 10:28:36 -07:00
Richard Scothern
bc9c820e4b Enable URLs returned from the registry to be configured as relative.
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2016-03-23 15:14:32 -07:00
Matt Duch
fcb247dfce registry/storage/driver/s3-aws kms support
Signed-off-by: Matt Duch <matt@learnmetrics.com>
2016-03-11 17:19:01 -06:00
Brian Bland
c03b5fc5ee Merge pull request #1438 from BrianBland/newStorageDriverWriter
Adds new StorageDriver.FileWriter interface
2016-03-11 15:06:07 -08:00
Brian Bland
5967d33342 Removes ceph rados driver in favor of Swift API gateway support
Signed-off-by: Brian Bland <brian.bland@docker.com>
2016-03-10 16:49:08 -08:00
Keerthan Mala
2be1b4ef4f Added support to specifiy custom endpoint
Signed-off-by: Keerthan Reddy Mala <keerthan.mala@gmail.com>
2016-03-09 16:12:20 -07:00
Arthur Baars
307504713f Storagedriver: GCS: add chunksize parameter
Signed-off-by: Arthur Baars <arthur@semmle.com>
2016-03-08 16:38:39 -08:00
Derek McGowan
e8eca4db17 Add documentation for compatibility configuration
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-02-10 15:20:55 -08:00
Omer Cohen
d842645de9 Update configuration.md
fixed broken links

Signed-off-by: Omer Cohen <git@omer.io>
2016-02-03 15:57:55 +02:00
Mary Anthony
cab284d6b2 - Pulling driver specs out of configuruation.md
- Fixing index metadata error
- Entering all the comments
- Updating with the build fixes
- Fix Microsoft link broken
- Fix collocate, colocate, to unambiguous co-locate

Signed-off-by: Mary Anthony <mary@docker.com>
2016-01-21 10:12:46 -08:00
Olivier Gambier
236c19fa30 Merge pull request #1255 from donhcd/convergeSwiftDocs
Help converge disagreeing swift docs
2015-12-22 10:23:13 -08:00
Donald Huang
eb654589db help converge disagreeing swift docs
Signed-off-by: Donald Huang <don.hcd@gmail.com>
2015-12-20 23:22:19 +00:00
gabriell nascimento
74255cd4f2 Fix typo in docs/configuration.md
Signed-off-by: Gabriell Nascimento <gabriellhrn@gmail.com>
2015-12-15 16:14:13 -02:00
Sven Dowideit
9ec49c04fd TOC for configuration page incorrect
Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>
2015-12-01 14:07:55 +10:00
Arthur Baars
59784ecdd0 Storage driver for: Google Cloud Storage (gcs)
Signed-off-by: Arthur Baars <arthur@semmle.com>
2015-10-28 20:21:56 +00:00
Richard Scothern
f9317483d3 Clearer documentation around environment variable overrides
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
2015-10-19 14:52:08 -07:00
Mary Anthony
8e92a8ab00 Updating for Hugo 15 patch
Signed-off-by: Mary Anthony <mary@docker.com>
2015-10-16 12:20:38 -07:00
Stephen Day
dfe60f4cb1 Merge pull request #827 from aaronlehmann/read-only-mode-2
Add a read-only mode as a configuration option
2015-10-15 11:50:31 -07:00
Richard Scothern
4c4112bdcf Merge pull request #1035 from aaronlehmann/host-parameter-alternate
Add http.host parameter
2015-10-13 14:03:48 -07:00
Jason Freidman
1c1917fd5a Update configuration.md
It seems that enabling proxy stops my instance from accepting local pushes, but I can't find mention of that in the docs.

Signed-off-by: Jason Freidman <jason@periscope.io>
2015-10-07 20:02:58 -07:00
Aaron Lehmann
7f83bfd8af Correct the default setting of s3's "secure" parameter in configuration.md
This defaults to true in the code, but the doc claimed it defaults to
false.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-09-30 18:41:06 -07:00