0ct0pu5/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
15681 commits 14 branches 412 tags 338 MiB
Commit graph

211 commits

Author SHA1 Message Date
Zhang Wei
40486d9709 docs: fix a typo in registry_mirror.md 
Signed-off-by: Zhang Wei <zhangwei555@huawei.com>
 2015-02-09 10:04:55 +08:00
Wei-Ting Kuo
2f69da2a5e Update certificates.md 
`openssl req -new -x509 -text -key client.key -out client.cert` creates a self-sign certificate but not a certificate request.

Signed-off-by: Wei-Ting Kuo <waitingkuo0527@gmail.com>
 2015-02-09 04:36:00 +08:00
unclejack
0b2f734462 docs/articles/systemd: correct --storage-driver 
Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com>
 2015-02-06 10:52:09 +02:00
Thell 'Bo' Fowler
cb3be586d6 Update dockerfile_best-practices.md 
Signed-off-by: Thell Fowler <Thell@tbfowler.name>
 2015-01-31 11:02:09 -06:00
Phil Estes
6a1da678de Add missing $HOST in a couple places in HTTPS/TLS setup docs 
Fix typos in setup docs where tcp://:2376 is used without the $HOST
parameter.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
 2015-01-30 11:20:50 -05:00
Fred Lifton
5b9b5aff06 Merge pull request #10293 from SvenDowideit/test-9952 
comment out the docker and curl lines we'll run later
 2015-01-29 10:18:53 -08:00
Phil Estes
5945de43b0 Fix incorrect IPv6 addresses/subnet notations in docs 
Fixes a few typos in IPv6 addresses. Will make it easier for users who
actually try and copy/paste or use the example addresses directly.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
 2015-01-27 22:45:43 -05:00
Michael Crosby
e04cc93a2c Merge pull request #10113 from imreFitos/master 
docs: remove NAT rule when removing bridge
 2015-01-27 11:22:53 -08:00
James Turnbull
d3a6a53fa5 Merge pull request #10292 from SvenDowideit/pr_out_update_using_supervisord_md 
Update using_supervisord.md
 2015-01-23 00:09:25 -05:00
Sven Dowideit
eaf1b88212 comment out the docker and curl lines we'll run later 
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@docker.com> (github: SvenDowideit)
 2015-01-23 12:31:39 +10:00
GennadySpb
99dc224d85 Update using_supervisord.md 
Fix factual error

change made by: GennadySpb <lipenkov@gmail.com>

Signed-off-by: Sven Dowideit <SvenDowideit@docker.com>
 2015-01-23 10:43:57 +10:00
Lorenz Leutgeb
a51554988e Fix inconsistent formatting 
Colon was bold, but regular at other occurences.

Blame cf27b310c4

Signed-off-by: Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
 2015-01-22 21:46:01 +01:00
Lorenz Leutgeb
048b20e58a doc: Minor semantical/editorial fixes in HTTPS article 
"read-only" vs. "only readable by you"

Refer to:
https://github.com/docker/docker/pull/9952#discussion_r22690266

Signed-off-by: Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
 2015-01-22 21:37:39 +01:00
Lorenz Leutgeb
6ca2875e58 doc: Editorial changes as suggested by @fredlf 
Refer to:
 * https://github.com/docker/docker/pull/9952#discussion_r22686652
 * https://github.com/docker/docker/pull/9952#discussion_r22686804

Signed-off-by: Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
 2015-01-22 21:37:39 +01:00
Lorenz Leutgeb
02a793c6a1 doc: Improve article on HTTPS 
* Adjust header to match _page_title
 * Add instructions on deletion of CSRs and setting permissions
 * Simplify some path expressions and commands
 * Consqeuently use ~ instead of ${HOME}
 * Precise formulation ('key' vs. 'public key')
 * Fix wrong indentation of output of `openssl req`
 * Use dash ('--') instead of minus ('-')

Remark on permissions:

It's not a problem to `chmod 0400` the private keys, because the
Docker daemon runs as root (can read the file anyway) and the Docker
client runs as user.

Signed-off-by: Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
 2015-01-22 21:37:39 +01:00
Fred Lifton
e6a70a6f81 Merge pull request #10135 from coolljt0725/update_link_docs 
Update the docs for --link accept container id
 2015-01-19 18:12:50 -08:00
Lei Jitang
750373875e Update the docs for --link accept container id 
Signed-off-by: Lei Jitang <leijitang@huawei.com>
 2015-01-19 09:57:44 +08:00
imre Fitos
73baa673c7 fix typo 'setup/set up' 
Signed-off-by: imre Fitos <imre.fitos+github@gmail.com>
 2015-01-17 11:21:25 -05:00
Jessie Frazelle
00d19150bb Merge pull request #9941 from SvenDowideit/build-pull-option-docs 
Add build --pull and evenets --filter flags to the docs for 1.4
 2015-01-16 13:49:56 -08:00
imre Fitos
457f212373 start docker before checking for updated NAT rule 
Signed-off-by: imre Fitos <imre.fitos+github@gmail.com>
 2015-01-15 21:32:38 -05:00
Fred Lifton
22437eb960 Merge pull request #9937 from SvenDowideit/add-https-test 
Add a containerised test for the https cert doc
 2015-01-15 17:53:40 -08:00
imre Fitos
d10d0e568e docs: remove NAT rule when removing bridge 
Signed-off-by: imre Fitos <imre.fitos+github@gmail.com>
 2015-01-14 23:06:13 -05:00
Sven Dowideit
18a2c77435 Add build --pull and evenets --filter flags to the docs for 1.4 
Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>
 2015-01-15 15:20:48 +13:00
Sven Dowideit
d5df948829 Add a note that remote and Boot2Docker users should not type sudo 
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@docker.com> (github: SvenDowideit)
 2015-01-13 21:40:14 -05:00
Malte Janduda
c03e15c9da IPv6 docs: The ARP cache is called NDP neighbor cache in IPv6 
Signed-off-by: Malte Janduda <mail@janduda.net>
 2015-01-14 00:20:17 +01:00
Phil Estes
30eff2720a Properly handle containers which pre-date the resolv.conf update feature 
This fixes the container start issue for containers which were started
on a daemon prior to the resolv.conf updater PR. The update code will
now safely ignore these containers (given they don't have a sha256 hash
to compare against) and will not attempt to update the resolv.conf
through their lifetime.

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
 2015-01-10 00:48:41 -05:00
James Turnbull
ef2d6dda0f Merge pull request #9948 from tangicolin/improve-doc-networking 
Improve networking documentation with default mac address range
 2015-01-09 07:44:49 -05:00
Malte Janduda
813ff7f19d Adding IPv6 network support to docker 
Signed-off-by: Malte Janduda <mail@janduda.net>
 2015-01-09 00:13:09 +01:00
Alexander Morozov
92af1f0145 Merge pull request #9648 from estesp/9202-update-resolvconf 
Update container resolv.conf when host network changes /etc/resolv.conf
 2015-01-08 14:06:55 -08:00
Phil Estes
63a7ccdd23 Update container resolv.conf when host network changes /etc/resolv.conf 
Only modifies non-running containers resolv.conf bind mount, and only if
the container has an unmodified resolv.conf compared to its contents at
container start time (so we don't overwrite manual/automated changes
within the container runtime). For containers which are running when
the host resolv.conf changes, the update will only be applied to the
container version of resolv.conf when the container is "bounced" down
and back up (e.g. stop/start or restart)

Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
 2015-01-08 14:15:13 -05:00
Tangi COLIN
b69580615f Rewritten as the requested SvenDowideit 
Signed-off-by: Tangi COLIN <tangicolin@gmail.com>
 2015-01-08 09:33:08 +01:00
tangicolin
d9ec04e18d Improve networking documentation with default mac address range 
since we can control it with --mac-address.

Signed-off-by: Tangi COLIN <tangicolin@gmail.com>
 2015-01-07 11:01:32 +01:00
Sven Dowideit
cf27b310c4 Add a containerised test for the https cert doc 
Docker-DCO-1.1-Signed-off-by: Sven Dowideit <SvenDowideit@docker.com> (github: SvenDowideit)
 2015-01-07 16:19:47 +10:00
Sven Dowideit
2f588c69f2 Merge pull request #9896 from flowlo/doc-https 
doc: Improve article on HTTPS
 2015-01-07 10:21:07 +10:00
Lorenz Leutgeb
26187bd851 doc: Fix curl invocation 
Using --insecure is (you guessed it) *insecure* as the server side
certificate is not being validated. To offer the same degree of
security as invocations of the docker client in "Secure by default"
with cURL, the trusted CA certificate must be supplied.

Signed-off-by: Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
 2015-01-05 01:24:33 +01:00
Lorenz Leutgeb
131c62d766 doc: Let OpenSSL handle serial file 
With -CAcreateserial the serial file will be automatically created
and initialized if it is missing.

Signed-off-by: Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
 2015-01-04 21:49:16 +01:00
Lorenz Leutgeb
a3d5f874c1 doc: Spice up generated CA 
Use AES (the successor of DES) to encrypt private key. Further
reading:

 * http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
 * https://ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices.pdf
   "3DES provides about 112 bits of security. This is below the
    recommended minimum of 128 bits, but it's still strong enough. A
    bigger practical problem is that 3DES is much slower than the
    alternatives. Thus, we don't recommend it for performance reasons,
    but it can be kept at the end of the cipher list for
    interoperability with very old clients."

 * http://csrc.nist.gov/publications/nistpubs/800-67-Rev1/SP-800-67-Rev1.pdf

Use SHA256 for our CA. This avoids accidental use of SHA1 or MD5 which
could be default values.

Signed-off-by: Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
 2015-01-04 21:45:06 +01:00
Lorenz Leutgeb
f957f258d7 doc: Do not encrypt private keys 
Do not encrypt private keys in the first place, if the encryption
is stripped anyway.

Signed-off-by: Lorenz Leutgeb <lorenz.leutgeb@gmail.com>
 2015-01-04 21:05:54 +01:00
Eric Windisch
e704dd31e7 Improve security doc 
Moves some information around, expanding information on
user namespaces, pull/load security, cap add/drop.

Also includes various grammar improvements and edits.

Signed-off-by: Eric Windisch <eric@windisch.us>
 2014-12-30 17:32:25 -05:00
Ian Bishop
137ceae913 Update networking.md with new iptables behaviour 
Docker-DCO-1.1-Signed-off-by: Ian Bishop <ianbishop@pace7.com> (github: porjo)
 2014-12-21 12:57:32 +10:00
Sven Dowideit
fbb9223b1a add Scott's link checker script, and fix what it finds 
Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>
 2014-12-16 14:46:25 +10:00
Sven Dowideit
e4b2f802ae Merge pull request #9556 from nealmcb/9555-https-no-sudo 
Fixes #9555: sudo not needed with cert authn
 2014-12-15 15:08:03 +11:00
James Turnbull
c587a3faf6 Merge pull request #9558 from philips/fixup-typo-in-systemd-article 
docs: docker.service not services
 2014-12-09 23:10:17 +11:00
Brandon Philips
2d51d71561 docs: use systemd drop-ins instead of copying 
Copying the entire docker service file isn't necessary to add an
environment variable, instead use a drop-in configuration file. The nice
side-effect is that the user gets any vendor updates to the
docker.service file.

Signed-off-by: Brandon Philips <brandon.philips@coreos.com>
 2014-12-07 18:45:50 -08:00
Brandon Philips
e0792e7ece docs: remove a trailing whitespace 
Signed-off-by: Brandon Philips <brandon.philips@coreos.com>
 2014-12-07 18:45:43 -08:00
Brandon Philips
1ae7be716e docs: docker.service not services 
Minor but important typo in the new systemd guide introduced in #9347.

Signed-off-by: Brandon Philips <brandon.philips@coreos.com>
 2014-12-07 18:35:37 -08:00
Neal McBurnett
ee1ba25218 Fixes #9555: sudo not needed with cert authn 
Signed-off-by: Neal McBurnett <neal@mcburnett.org>
 2014-12-07 14:31:35 -07:00
Sven Dowideit
d53b586ff1 Extract the systemd docs from various places and add a little more 
Signed-off-by: Sven Dowideit <SvenDowideit@docker.com>
 2014-11-27 10:17:46 +10:00
Satnam Singh
b273c447e0 Consistently use sudo docker 
Signed-off-by: Satnam Singh <satnam@raintown.org>
 2014-11-17 17:14:39 -08:00
Andreas Köhler
b95f9c10ff Fix mkdir typo in dockerfile_best-practices.md. 2014-11-10 01:00:05 +01:00