add --insecure-registry warning to online docs

Signed-off-by: Sally O'Malley <somalley@redhat.com>
2015-09-04 10:28:35 -04:00 · 2015-09-04 10:28:35 -04:00 · 5d85be4a3c
parent 621debd575
commit 5d85be4a3c
1 changed files with 6 additions and 0 deletions
--- a/docs/reference/commandline/daemon.md
+++ b/docs/reference/commandline/daemon.md
@ -448,6 +448,12 @@ Local registries, whose IP address falls in the 127.0.0.0/8 range, are
 automatically marked as insecure as of Docker 1.3.2. It is not recommended to
 rely on this, as it may change in the future.

+Enabling `--insecure-registry`, i.e., allowing un-encrypted and/or untrusted
+communication, can be useful when running a local registry.  However, 
+because its use creates security vulnerabilities it should ONLY be enabled for
+testing purposes.  For increased security, users should add their CA to their 
+system's list of trusted CAs instead of enabling `--insecure-registry`.
+
 ## Running a Docker daemon behind a HTTPS_PROXY

 When running inside a LAN that uses a `HTTPS` proxy, the Docker Hub