distribution/registry
Felix Bünemann 4ecb17cc4c registry: support whitelisting letsencrypt hosts
This adds a configuration setting `HTTP.TLS.LetsEncrypt.Hosts` which can
be set to a list of hosts that the registry will whitelist for retrieving
certificates from Let's Encrypt. HTTPS connections with SNI hostnames
that are not whitelisted will be closed with an "unknown host" error.
It is required to avoid lots of unsuccessful registrations attempts that
are triggered by malicious clients connecting with bogus SNI hostnames.

NOTE: Due to a bug in the deprecated vendored rsc.io/letsencrypt library
clearing the host list requires deleting or editing of the cachefile to
reset the hosts list to null.

Signed-off-by: Felix Buenemann <felix.buenemann@gmail.com>
2018-02-01 21:16:58 +01:00
..
api registry: feed the linter by removing redundant err check 2017-09-29 13:27:49 -07:00
auth context: remove definition of Context 2017-08-11 15:53:31 -07:00
client Properly follow relative links when listing tags 2017-11-18 22:04:19 -08:00
handlers registry/handlers: ignore notfound on storage driver healthcheck 2017-08-21 15:04:31 -07:00
listener [Server] Listen and serve on a unix socket 2015-05-11 16:00:14 +03:00
middleware context: remove definition of Context 2017-08-11 15:53:31 -07:00
proxy registry: feed the linter by removing redundant err check 2017-09-29 13:27:49 -07:00
storage add s3 region filters for cloudfront 2017-12-01 15:58:58 -08:00
doc.go Move initialization code from main.go to the registry package 2015-09-09 14:39:31 -07:00
registry_test.go Allow registry clients to connect via http2 2016-08-13 22:07:42 -04:00
registry.go registry: support whitelisting letsencrypt hosts 2018-02-01 21:16:58 +01:00
root.go context: remove definition of Context 2017-08-11 15:53:31 -07:00