Skip to content

Secure localhost registry (carry of #8898)#9124

Merged
erikh merged 2 commits intomoby:masterfrom
erikh:secure-localhost
Nov 12, 2014
Merged

Secure localhost registry (carry of #8898)#9124
erikh merged 2 commits intomoby:masterfrom
erikh:secure-localhost

Conversation

@erikh
Copy link
Copy Markdown
Contributor

@erikh erikh commented Nov 12, 2014

This carries @proppy's localhost registry patch but makes one big modification: all 127.0.0.1 registries are always treated as insecure.

/cc @tiborvass

@proppy
registry: default --insecure-registry to localhost and 127.0.0.1
28ee373 
Signed-off-by: Johan Euphrosine <proppy@google.com>
@erikh erikh mentioned this pull request Nov 12, 2014
Closed
proppy
proppy reviewed Nov 12, 2014
View reviewed changes
registry/registry_test.go Outdated
Copy link
Copy Markdown
Contributor

@proppy proppy Nov 12, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you need to merge those tests with the existing ones.

Copy link
Copy Markdown
Contributor Author

@erikh erikh Nov 12, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I blame git rebase. Will do later today.

Copy link
Copy Markdown
Contributor

@tiborvass tiborvass Nov 12, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@erikh i thought this was merged already in master

Copy link
Copy Markdown
Contributor

@proppy proppy Nov 12, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, but the test changed a bit.

Copy link
Copy Markdown
Contributor

@tiborvass tiborvass Nov 12, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you rebase to make sure?

registry: always treat 127.0.0.1 as insecure for all cases anytime an…
11380a1 
…ywhere

Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
@erikh
Copy link
Copy Markdown
Contributor Author

erikh commented Nov 12, 2014

rebased and corrected tests.

@tiborvass
Copy link
Copy Markdown
Contributor

tiborvass commented Nov 12, 2014

@unclejack @proppy can you please test that localhost does not need insecure registry flag?

@unclejack
Copy link
Copy Markdown
Contributor

unclejack commented Nov 12, 2014

@tiborvass I'm on it, the tests are passing and I'm going to test the change now.

@proppy
Copy link
Copy Markdown
Contributor

proppy commented Nov 12, 2014

@unclejack @proppy can you please test that localhost does not need insecure registry flag?

This is already tested here:

        {"127.0.0.1:5000", []string{"127.0.0.1:5000"}, false},
+       {"localhost", []string{}, false},
+       {"localhost:5000", []string{}, false},
+       {"127.0.0.1", []string{}, false},

@erikh
Copy link
Copy Markdown
Contributor Author

erikh commented Nov 12, 2014

The updated behavior treats all 127.0.0.1/localhost references as insecure, so technically, it’s testing something different. I’d like to leave it in.

On Nov 12, 2014, at 2:37 PM, Johan Euphrosine notifications@github.com wrote:

@unclejack https://github.com/unclejack @proppy https://github.com/proppy can you please test that localhost does not need insecure registry flag?

This is already tested here:

    {"127.0.0.1:5000", []string{"127.0.0.1:5000"}, false},

@tiborvass
Copy link
Copy Markdown
Contributor

tiborvass commented Nov 12, 2014

I confirm this works as expected. LGTM

@unclejack
Copy link
Copy Markdown
Contributor

unclejack commented Nov 12, 2014

localhost works without requiring --insecure-registry, non-localhost requires --insecure-registry, --insecure-registry works as intended and pulling from the Hub still works properly with this PR.

LGTM

@tiborvass
Copy link
Copy Markdown
Contributor

tiborvass commented Nov 12, 2014

Someone please merge when you're ready

erikh pushed a commit that referenced this pull request Nov 12, 2014
Merge pull request #9124 from erikh/secure-localhost
3338238 
Secure localhost registry (carry of #8898)
@erikh erikh merged commit 3338238 into moby:master Nov 12, 2014
@erikh
Copy link
Copy Markdown
Contributor Author

erikh commented Nov 12, 2014

KAPOW!

@SvenDowideit
Copy link
Copy Markdown
Contributor

SvenDowideit commented Nov 13, 2014

OI! where's the documentation for this?

@tiborvass tiborvass added this to the 1.3.2 milestone Nov 13, 2014
@tiborvass
Copy link
Copy Markdown
Contributor

tiborvass commented Nov 17, 2014

@SvenDowideit for the record, I rewrote the whole section: tiborvass@5937663

It's from #9100

@tiborvass tiborvass mentioned this pull request Nov 20, 2014
Closed
This was referenced Nov 26, 2014
Open
Closed
@thaJeztah thaJeztah mentioned this pull request Oct 27, 2019
Closed
@thaJeztah thaJeztah mentioned this pull request Sep 23, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

1.3.2

Development

Successfully merging this pull request may close these issues.

5 participants

@erikh @tiborvass @unclejack @proppy @SvenDowideit