Docker Server Configuration: Difference between revisions
(→Ubuntu) |
No edit summary |
||
Line 19: | Line 19: | ||
--insecure-registry 172.30.0.0/16 | --insecure-registry 172.30.0.0/16 | ||
The same option can be configured in [[ | The same option can be configured in [[daemon.json#Overview|daemon.json]] with [[daemon.json#insecure-registries|insecure-registries]]. | ||
==--net== | ==--net== | ||
Line 55: | Line 55: | ||
The "Basic" section has UI elements to configure [[Docker_Server_Configuration#--insecure-registry|insecure registries]] and registry mirrors. A configuration change applied here propagates to the "[[#Mac_Preferences_Advanced|Advanced]]" section after daemon restart. | The "Basic" section has UI elements to configure [[Docker_Server_Configuration#--insecure-registry|insecure registries]] and registry mirrors. A configuration change applied here propagates to the "[[#Mac_Preferences_Advanced|Advanced]]" section after daemon restart. | ||
<span id='Mac_Preferences_Advanced'></span>The "Advanced" section gives access to the content of [[ | <span id='Mac_Preferences_Advanced'></span>The "Advanced" section gives access to the content of [[daemon.json]] file, which can be edited freely. However, the danger is that a configuration error saved here will prevent the daemon to start. If that happens, the file-system version of the same file can be accessed as follows: | ||
cd ~/Library/Containers/com.docker.docker/Data/database | cd ~/Library/Containers/com.docker.docker/Data/database | ||
Line 68: | Line 68: | ||
=daemon.json= | =daemon.json= | ||
{{Internal| | {{Internal|daemon.json|daemon.json}} | ||
=Docker Container Configuration= | =Docker Container Configuration= | ||
{{Internal|Docker Container Configuration|Docker Container Configuration}} | {{Internal|Docker Container Configuration|Docker Container Configuration}} |
Revision as of 17:27, 30 April 2018
External
Internal
Overview
Server Configuration Options
--insecure-registry
This option instructs the Docker daemon to trust any Docker registry on the indicated subnet, rather than requiring a certificate. The default value is []. For OpenShift-integrated Docker, the subnet where Docker expects this registry is the OpenShift SDN services subnet.
... --insecure-registry <list> ...
--insecure-registry 172.30.0.0/16
The same option can be configured in daemon.json with insecure-registries.
--net
Also see:
--selinux-enabled
--add-registry
When asked to search for or pull images, the docker runtime uses the Docker registry (docker.io) to complete those activities. Additional registries can be added to the list with --add-registry.
Also see
--block-registry
To prevent users from pulling images from the Docker registry, after presumably other registry has been configured with --add-registry, use
--block-registry docker.io
--log-driver
--signature-verification
OS-Dependent Details
RedHat/Centos
Daemon configuration parameters are usually provided in /etc/sysconfig/docker:
Mac
The simples possible way to configure the Docker daemon on Mac is to use the UI: the whale icon-> Preferences -> Daemon.
The "Basic" section has UI elements to configure insecure registries and registry mirrors. A configuration change applied here propagates to the "Advanced" section after daemon restart.
The "Advanced" section gives access to the content of daemon.json file, which can be edited freely. However, the danger is that a configuration error saved here will prevent the daemon to start. If that happens, the file-system version of the same file can be accessed as follows:
cd ~/Library/Containers/com.docker.docker/Data/database git reset --hard HEAD
The daemon.json becomes available as:
~/Library/Containers/com.docker.docker/Data/database/com.docker.driver.amd64-linux/etc/docker/daemon.json
The file can be edited and committed, and the daemon restart.