Skip to content

Commit 9cab05f

Browse files
baronfelbaronfel
authored
Merge pull request #572 from dotnet/document-insecure-registry-connection
Add docs about supporting insecure registries
2 parents 990f5d5 + d4772e8 commit 9cab05f

File tree

1 file changed

+35
-0
lines changed

1 file changed

+35
-0
lines changed

docs/RegistryAuthentication.md

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -79,3 +79,38 @@ When pushing to Docker Hub, images _must_ include the user's login as a prefix -
7979

8080
GitHub Packages requires authentication even for 'public' containers, so you will need to [authenticate to GitHub Packages](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#authenticating-to-the-container-registry) before publishing containers.
8181

82+
## Using insecure registries
83+
84+
Most registry access is assumed to be secure, meaning HTTPS is used to interact with the registry. However, not all registries are configured with TLS certificates - especially in situations like a
85+
private corporate registry behind a VPN. To support these use cases, container tools provide ways of declaring that a specific registry uses insecure communication.
86+
87+
Starting in .NET 8.0.400, the SDK understands these configuration files and formats and will automatically use that configuration to determine if HTTP or HTTPS should be used.
88+
Configuring a registry for insecure communication varies based on your container tool of choice.
89+
90+
### Docker
91+
92+
Docker stores its registry configuration in the [daemon configuration](https://docs.docker.com/config/daemon/#configuration-file). To add new insecure registries, new hosts are added to the `"insecure-registries"` array property:
93+
94+
```json
95+
{
96+
"insecure-registries": [
97+
"registry.mycorp.net"
98+
]
99+
}
100+
```
101+
102+
> [!NOTE]
103+
> You must restart the Docker daemon to apply any changes to this file.
104+
105+
### Podman
106+
107+
Podman uses a [`registries.conf`](https://podman-desktop.io/docs/containers/registries#setting-up-a-registry-with-an-insecure-certificate) TOML file to store registry connection information. This file typically lives at `/etc/containers/registries.conf`. To add new insecure registries, a TOML section is added to hold the settings for the registry, then the `insecure` option must be set to `true`.
108+
109+
```toml
110+
[[registry]]
111+
location = "registry.mycorp.net"
112+
insecure = true
113+
```
114+
115+
> [!NOTE]
116+
> You must restart Podman to apply any changes to this file

0 commit comments

Comments
 (0)