Can now dynamically set the docker config directory through an
environment variable.
export DOCKER_CONFIG=/path/to/docker_config/
Default behavior remains the same, e.g. ~/.docker
Documentation for change added to the https.md docs.
Docker-DCO-1.1-Signed-off-by: James A. Kyle <james@jameskyle.org> (github: jameskyle)
Upstream-commit: c0471ee35aa58a99b423ad914301194e8f3663c1
Component: engine
This lets you specify custom client TLS certificates and CA root for a
specific registry hostname. Docker will then verify the registry
against the CA and present the client cert when talking to that
registry. This allows the registry to verify that the client has a
proper key, indicating that the client is allowed to access the
images.
A custom cert is configured by creating a directory in
/etc/docker/certs.d with the same name as the registry hostname. Inside
this directory all *.crt files are added as CA Roots (if none exists,
the system default is used) and pair of files <filename>.key and
<filename>.cert indicate a custom certificate to present to the registry.
If there are multiple certificates each one will be tried in
alphabetical order, proceeding to the next if we get a 403 of 5xx
response.
So, an example setup would be:
/etc/docker/certs.d/
└── localhost
├── client.cert
├── client.key
└── localhost.crt
A simple way to test this setup is to use an apache server to host a
registry. Just copy a registry tree into the apache root, here is an
example one containing the busybox image:
http://people.gnome.org/~alexl/v1.tar.gz
Then add this conf file as /etc/httpd/conf.d/registry.conf:
# This must be in the root context, otherwise it causes a re-negotiation
# which is not supported by the tls implementation in go
SSLVerifyClient optional_no_ca
<Location /v1>
Action cert-protected /cgi-bin/cert.cgi
SetHandler cert-protected
Header set x-docker-registry-version "0.6.2"
SetEnvIf Host (.*) custom_host=$1
Header set X-Docker-Endpoints "%{custom_host}e"
</Location>
And this as /var/www/cgi-bin/cert.cgi
#!/bin/bash
if [ "$HTTPS" != "on" ]; then
echo "Status: 403 Not using SSL"
echo "x-docker-registry-version: 0.6.2"
echo
exit 0
fi
if [ "$SSL_CLIENT_VERIFY" == "NONE" ]; then
echo "Status: 403 Client certificate invalid"
echo "x-docker-registry-version: 0.6.2"
echo
exit 0
fi
echo "Content-length: $(stat --printf='%s' $PATH_TRANSLATED)"
echo "x-docker-registry-version: 0.6.2"
echo "X-Docker-Endpoints: $SERVER_NAME"
echo "X-Docker-Size: 0"
echo
cat $PATH_TRANSLATED
This will return 403 for all accessed to /v1 unless *any* client cert
is presented. Obviously a real implementation would verify more details
about the certificate.
Example client certs can be generated with:
openssl genrsa -out client.key 1024
openssl req -new -x509 -text -key client.key -out client.cert
Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
Upstream-commit: 05243104fc0a0ef9537766cf5bd920824665eb78
Component: engine
* Added User Guide section outlines.
* Added User Guide to menu.
* Moved HTTPS example to articles.
* Replaced Hello World example with User Guide.
* Moved use cases out of examples.
* Updated Introduction to add User Guide.
* Redirected migrated /use and /articles links.
* Added Docker.io section
* Added Dockerized section
* Added Using Docker section
* Added Docker Images section
* Added Docker Links section
* Added Docker Volumes section
Docker-DCO-1.1-Signed-off-by: James Turnbull <james@lovedthanlost.net> (github: jamtur01)
Upstream-commit: a7b2c4804b2d98c2b5622db40d3d70b88529d7fe
Component: engine
I found a bunch of issues where we have "-<opt>" instead of "--<opt>".
Also a couple of other issues, like "-notrunc", which is now "--no-trunc"
Fixes#5963
Docker-DCO-1.1-Signed-off-by: Brian Goff <cpuguy83@gmail.com> (github: cpuguy83)
Upstream-commit: 6d9e64b27bbee9bb699ebc0f0ff98bb7f56961b3
Component: engine
This PR aims to increase the consistency across the docs for
code blocks and code/comment/output markings.
Rule followed here is "what's visible on the screen should be reflected"
Issue:
- Docs had various code blocks showing: comments, commands & outputs.
- All three of these items were inconsistently marked.
Some examples as to how this PR aims to introduce improvements:
1. Removed `> ` from in front of the "outputs". Eg,
` > REPOSITORY TAG ID CREATED` replaced with:
` REPOSITORY TAG ID CREATED`.
2. Introduced `$` for commands. Eg,
` sudo chkconfig docker on` replaced with:
` $ sudo chkconfig docker on`
3. Comments:
` > # ` replaced with:
` # `.
> Please note:
> Due to a vast amount of items reviewed and changed for this PR, there
> might be some individually incorrect replacements OR patterns of incorrect
> replacements. This PR needs to be reviewed and if there is anything missing,
> it should be improved or amended.
Closes:
https://github.com/dotcloud/docker/issues/5286
Docker-DCO-1.1-Signed-off-by: O.S. Tezer <ostezer@gmail.com> (github: ostezer)
Upstream-commit: f87a97f7df838742a602f1984f4552b803e3f92d
Component: engine
relative paths, and also fixed some broken images.
There are still more todo - next PR I think :)
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@fosiki.com> (github: SvenDowideit)
Upstream-commit: ada86fc5b736d8b3209429c584384fd9974a148a
Component: engine
- Remove redundant chars and all errors caused by RST->MD conversion.
e.g. [/#, /\, \<, />, etc.]
- Fix broken inter-document links
- Fix outbound links no-longer active or changed
- Fix lists
- Fix code blocks
- Correct apostrophes
- Replace redundant inline note marks for code with code marks
- Fix broken image links
- Remove non-functional title links
- Correct broken cross-docs links
- Improve readability
Note: This PR does not try to fix/amend:
- Grammatical errors
- Lexical errors
- Linguistic-logic errors etc.
It just aims to fix main structural or conversion errors to serve as
a base for further amendments that will cover others including but
not limited to those mentioned above.
Docker-DCO-1.1-Signed-off-by: O.S. Tezer <ostezer@gmail.com> (github: ostezer)
Update:
- Fix backtick issues
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
Upstream-commit: c932667cd26f00bb64ddf0c1a7c7de3ac95aa4be
Component: engine
move the contributing hook into contrib, and use curl in the same way as the gofmt above
Upstream-commit: bbfc531b51cb17e97022ff0e904f91faac48713f
Component: engine
mkimage-rinse.sh requires rinse, which is not readily available on
CentOS or Fedora. Plus, creating a base image is trivial with yum
alone.
Docker-DCO-1.1-Signed-off-by: Chris St. Pierre <chris.a.st.pierre@gmail.com> (github: stpierre)
Upstream-commit: d419da7227826e84e9375ece4fd9d4978a42cbf7
Component: engine
and remove the fmt-check one we don't document
tianon tells me they're called GitHub, not Github :)
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@fosiki.com> (github: SvenDowideit)
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
Upstream-commit: 7c55cbd4c9da88ffb4b1a325ba2e5435e337a3af
Component: engine
