Update DTR/S3 integration settings (#73)

2017-05-09 17:17:47 -07:00 · 2017-05-09 17:17:47 -07:00 · 7f6a83be27
parent 7f1bbd78f2
commit 7f6a83be27
1 changed files with 20 additions and 4 deletions
--- a/datacenter/dtr/2.3/guides/admin/configure/external-storage/s3.md
+++ b/datacenter/dtr/2.3/guides/admin/configure/external-storage/s3.md
@ -85,9 +85,25 @@ user.

 There are also some advanced settings.

-| Field          | Description                                                                                                                                               |
-|:---------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Version 4 auth | Authenticate the requests using AWS signature version 4. [Learn more](http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html) |
-| Use HTTPS      | Secure all requests with HTTPS, or make requests in an insecure way                                                                                       |
+| Field                    | Description                                                                                                                                               |
+|:-------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Signature version 4 auth | Authenticate the requests using AWS signature version 4. [Learn more](http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html) |
+| Use HTTPS                | Secure all requests with HTTPS, or make requests in an insecure way                                                                                       |
+| Skip TLS verification    | Encrypt all traffic, but don't verify the TLS certificate used by the storage backend                                                                     |
+| Root CA certificate      | The public key certificate of the root certificate authority that issued the storage backend certificate                                                  |

 Once you click **Save**, DTR validates the configurations and saves the changes.
+
+## Configure your clients
+
+If you're using a TLS certificate in your storage backend that's not globally
+trusted, you'll have to configure all Docker Engines that push or pull from DTR
+to trust that certificate. When you push or pull an image DTR redirects the
+requests to the storage backend, so if clients don't trust the TLS certificates
+of both DTR and the storage backend, they won't be able to push or pull images.
+[Learn how to configure the Docker client](../../../user/access-dtr/index.md).
+
+And if you've configured DTR to skip TLS verification, you also need to
+configure all Docker Engines that push or pull from DTR to skip TLS
+verification. You do this by adding DTR to
+the [list of insecure registries when starting Docker](https://docs.docker.com/engine/reference/commandline/dockerd/).