From acc395fca6aff474117b3e4242141131d5dc6113 Mon Sep 17 00:00:00 2001 From: Per Lundberg Date: Wed, 20 Jun 2018 16:28:10 +0300 Subject: [PATCH 1/3] nginx.md: Add note about potential security isues I thought about this while setting this up, and then found this guide (I was setting it up without the guide first.) The potential security implications are important, so I think we should mention them here on this web page. (We could even go further by outright _warning_ people about this, but perhaps letting people know about it so they can make an informed decision is a better way to go. This can be perfectly fine for certain intranet scenarios.) --- registry/recipes/nginx.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/registry/recipes/nginx.md b/registry/recipes/nginx.md index 73370f7e0f..81c448467b 100644 --- a/registry/recipes/nginx.md +++ b/registry/recipes/nginx.md @@ -38,6 +38,12 @@ you want through the secondary authentication mechanism implemented inside your proxy, it also requires that you move TLS termination from the Registry to the proxy itself. +> Another important thing to note is that by binding your registry to +> `localhost:5000` without authentication, you open up a potential loophole in +> your Docker Registry security - anyone who can log on to the server where your +> Docker Registry is running can push images to your registry, without +> authentication. This could have potentially devastating effects. + Furthermore, introducing an extra http layer in your communication pipeline makes it more complex to deploy, maintain, and debug. Make sure the extra complexity is required. From e88b98fcc4c1cf3799a65e42ab7c340f68f4080e Mon Sep 17 00:00:00 2001 From: Anne Henmi <41210220+ahh-docker@users.noreply.github.com> Date: Wed, 2 Jan 2019 08:51:16 -0700 Subject: [PATCH 2/3] Update nginx.md wording --- registry/recipes/nginx.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/registry/recipes/nginx.md b/registry/recipes/nginx.md index 81c448467b..1f039f6114 100644 --- a/registry/recipes/nginx.md +++ b/registry/recipes/nginx.md @@ -38,11 +38,10 @@ you want through the secondary authentication mechanism implemented inside your proxy, it also requires that you move TLS termination from the Registry to the proxy itself. -> Another important thing to note is that by binding your registry to -> `localhost:5000` without authentication, you open up a potential loophole in -> your Docker Registry security - anyone who can log on to the server where your -> Docker Registry is running can push images to your registry, without -> authentication. This could have potentially devastating effects. +> ***NOTE:*** Docker does not recommend binding your registry to `localhost:5000` without +> authentication. This creates a potential loophole in your Docker Registry security. +> As a result, anyone with access to your Docker Registry can push images without +> authentication. Furthermore, introducing an extra http layer in your communication pipeline makes it more complex to deploy, maintain, and debug. Make sure the extra From 64261850faabf31f281a2b1c2a380cceae919d41 Mon Sep 17 00:00:00 2001 From: Anne Henmi <41210220+ahh-docker@users.noreply.github.com> Date: Tue, 22 Jan 2019 16:16:38 -0700 Subject: [PATCH 3/3] Update nginx.md Fixed security warning, changed to "anyone who can log on to the server where your Docker Registry is running" --- registry/recipes/nginx.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/registry/recipes/nginx.md b/registry/recipes/nginx.md index 1f039f6114..6673b2a22b 100644 --- a/registry/recipes/nginx.md +++ b/registry/recipes/nginx.md @@ -40,8 +40,8 @@ proxy itself. > ***NOTE:*** Docker does not recommend binding your registry to `localhost:5000` without > authentication. This creates a potential loophole in your Docker Registry security. -> As a result, anyone with access to your Docker Registry can push images without -> authentication. +> As a result, anyone who can log on to the server where your Docker Registry is running +> can push images without authentication. Furthermore, introducing an extra http layer in your communication pipeline makes it more complex to deploy, maintain, and debug. Make sure the extra