Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

engine: warn more about insecure daemon configurations / deprecate non-tls tcp #19587

Merged
merged 1 commit into from
May 13, 2024
Merged

engine: warn more about insecure daemon configurations / deprecate non-tls tcp #19587

merged 1 commit into from
May 13, 2024

Conversation

dvdksn
Copy link
Collaborator

@dvdksn dvdksn commented Mar 8, 2024
edited
Loading

Description

Makes the warnings about insecure configurations bigger and adds a note that a TCP socket without TLS is deprecated and will be removed

Related issues or tickets

moby/moby#47556
docker/cli#4928

@netlify Netlify
Copy link

netlify bot commented Mar 8, 2024
edited
Loading

Deploy Preview for docsdocker ready!

Name Link
🔨 Latest commit e5552f3
🔍 Latest deploy log https://app.netlify.com/sites/docsdocker/deploys/660d428edddeba0008fff2b7
😎 Deploy Preview https://deploy-preview-19587--docsdocker.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@dvdksn dvdksn changed the title engine: bigger warning about unauthorized access engine: warn more about insecure daemon configurations / deprecate non-tls tcp Apr 3, 2024
@dvdksn dvdksn requested review from thaJeztah and vvoland April 3, 2024 07:50
@dvdksn dvdksn marked this pull request as ready for review April 3, 2024 07:50
@dvdksn dvdksn added area/engine Issue affects Docker engine/daemon area/security labels Apr 3, 2024
@dvdksn dvdksn self-assigned this Apr 3, 2024
@dvdksn
engine: bigger warning about unauthorized access
e5552f3 
Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
@dvdksn dvdksn requested a review from thaJeztah April 3, 2024 11:51
@dvdksn dvdksn requested a review from a team April 10, 2024 13:07
craig-osterhout
craig-osterhout approved these changes Apr 29, 2024
View reviewed changes
Copy link
Contributor

@craig-osterhout craig-osterhout left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Editorial-wise, LGTM. Flagged one inconsequential nit.

content/engine/security/_index.md
Note that even if you have a firewall to limit accesses to the REST API
endpoint from other hosts in the network, the endpoint can be still accessible
from containers, and it can easily result in the privilege escalation.
Therefore it is *mandatory* to secure API endpoints with
[HTTPS and certificates](protect-access.md).
Exposing the daemon API over HTTP without TLS is not permitted,
and such a configuration causes the daemon to fail early on startup, see
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: The , see here doesn't read smooth for me. Maybe use a period, like ...early on startup. For more information, see ...

@dvdksn dvdksn merged commit 5015087 into docker:main May 13, 2024
9 checks passed
@dvdksn dvdksn deleted the warn-exposed-daemon branch May 13, 2024 13:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@craig-osterhout craig-osterhout craig-osterhout approved these changes

@vvoland vvoland Awaiting requested review from vvoland

@thaJeztah thaJeztah Awaiting requested review from thaJeztah

Assignees

@dvdksn dvdksn

Labels
area/engine Issue affects Docker engine/daemon area/security status/review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dvdksn @thaJeztah @craig-osterhout