From ae785fef8679f75c380a93dbc37c5c4d0cbca1ae Mon Sep 17 00:00:00 2001 From: docker-tools-robot <40391885+docker-tools-robot@users.noreply.github.com> Date: Mon, 17 Mar 2025 18:32:42 +0100 Subject: [PATCH 1/3] Update buildx reference to v0.21.3 (#22267) Update the buildx reference documentation to keep in sync with the latest release `v0.21.3` Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: crazy-max <1951866+crazy-max@users.noreply.github.com> --- _vendor/modules.txt | 2 +- go.mod | 4 ++-- go.sum | 2 ++ 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/_vendor/modules.txt b/_vendor/modules.txt index a18e9fe2b0be..1dd17acc4c24 100644 --- a/_vendor/modules.txt +++ b/_vendor/modules.txt @@ -1,6 +1,6 @@ # github.com/moby/moby v28.0.1+incompatible # github.com/moby/buildkit v0.20.1 -# github.com/docker/buildx v0.21.2 +# github.com/docker/buildx v0.21.3 # github.com/docker/cli v28.0.1+incompatible # github.com/docker/compose/v2 v2.34.0 # github.com/docker/scout-cli v1.15.0 diff --git a/go.mod b/go.mod index 79d90ce1d818..fe250809f80b 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/docker/docs go 1.23.6 require ( - github.com/docker/buildx v0.21.2 // indirect + github.com/docker/buildx v0.21.3 // indirect github.com/docker/cli v28.0.1+incompatible // indirect github.com/docker/compose/v2 v2.34.0 // indirect github.com/docker/scout-cli v1.15.0 // indirect @@ -12,7 +12,7 @@ require ( ) replace ( - github.com/docker/buildx => github.com/docker/buildx v0.21.2 + github.com/docker/buildx => github.com/docker/buildx v0.21.3 github.com/docker/cli => github.com/docker/cli v28.0.1+incompatible github.com/docker/compose/v2 => github.com/docker/compose/v2 v2.34.0 github.com/docker/scout-cli => github.com/docker/scout-cli v1.15.0 diff --git a/go.sum b/go.sum index e20ed5ab56e4..d311417d379a 100644 --- a/go.sum +++ b/go.sum @@ -98,6 +98,8 @@ github.com/docker/buildx v0.21.1 h1:YjV2k6CsSDbkDTOMsjARUIrj2xv+zZR+M2dtrRyzXhg= github.com/docker/buildx v0.21.1/go.mod h1:8V4UMnlKsaGYwz83BygmIbJIFEAYGHT6KAv8akDZmqo= github.com/docker/buildx v0.21.2 h1:r09paH8q9nvAX2PR1ntRrc+C6FBH93bvKUsn1WOb/jU= github.com/docker/buildx v0.21.2/go.mod h1:8V4UMnlKsaGYwz83BygmIbJIFEAYGHT6KAv8akDZmqo= +github.com/docker/buildx v0.21.3 h1:LEmhk3D9WOboMeC+hlfOUnB1jylXcDfGHjqAL7Tvwks= +github.com/docker/buildx v0.21.3/go.mod h1:8V4UMnlKsaGYwz83BygmIbJIFEAYGHT6KAv8akDZmqo= github.com/docker/cli v24.0.2+incompatible h1:QdqR7znue1mtkXIJ+ruQMGQhpw2JzMJLRXp6zpzF6tM= github.com/docker/cli v24.0.2+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/cli v24.0.4+incompatible h1:Y3bYF9ekNTm2VFz5U/0BlMdJy73D+Y1iAAZ8l63Ydzw= From 592b28729bbe29b0b84941f128cdad76d075c94f Mon Sep 17 00:00:00 2001 From: Craig Osterhout <103533812+craig-osterhout@users.noreply.github.com> Date: Mon, 17 Mar 2025 15:33:50 -0700 Subject: [PATCH 2/3] guides: fix port in .net guide (#22269) ## Description The default port changed from 80 to 8080 when we switched to a newer version of .net in #21877. https://learn.microsoft.com/en-us/dotnet/core/compatibility/containers/8.0/aspnet-port https://deploy-preview-22269--docsdocker.netlify.app/guides/dotnet/develop/ https://deploy-preview-22269--docsdocker.netlify.app/guides/dotnet/deploy/ ## Related issues or tickets Closes #22265 Related to #22080 ENGDOCS-2492 ## Reviews - [ ] Technical review --------- Signed-off-by: Craig --- content/guides/dotnet/deploy.md | 4 ++-- content/guides/dotnet/develop.md | 13 ++++++------- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/content/guides/dotnet/deploy.md b/content/guides/dotnet/deploy.md index ed1b464e9548..837917a0baba 100644 --- a/content/guides/dotnet/deploy.md +++ b/content/guides/dotnet/deploy.md @@ -64,7 +64,7 @@ spec: name: server imagePullPolicy: Always ports: - - containerPort: 80 + - containerPort: 8080 hostPort: 8080 protocol: TCP resources: {} @@ -117,7 +117,7 @@ spec: ports: - name: "8080" port: 8080 - targetPort: 80 + targetPort: 8080 nodePort: 30001 selector: service: server diff --git a/content/guides/dotnet/develop.md b/content/guides/dotnet/develop.md index 3c8ecf1ad581..d5bea5491fd1 100644 --- a/content/guides/dotnet/develop.md +++ b/content/guides/dotnet/develop.md @@ -182,9 +182,9 @@ $ docker container ls You should see output like the following. ```console -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -cb36e310aa7e docker-dotnet-server "dotnet myWebApp.dll" About a minute ago Up About a minute 0.0.0.0:8080->80/tcp docker-dotnet-server-1 -39fdcf0aff7b postgres "docker-entrypoint.s…" About a minute ago Up About a minute (healthy) 5432/tcp docker-dotnet-db-1 +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +cb36e310aa7e docker-dotnet-server "dotnet myWebApp.dll" About a minute ago Up About a minute 0.0.0.0:8080->8080/tcp docker-dotnet-server-1 +39fdcf0aff7b postgres "docker-entrypoint.s…" About a minute ago Up About a minute (healthy) 5432/tcp docker-dotnet-db-1 ``` In the previous example, the container ID is `39fdcf0aff7b`. Run the following command to connect to the postgres database in the container. Replace the container ID with your own container ID. @@ -241,7 +241,7 @@ services: context: . target: final ports: - - 8080:80 + - 8080:8080 depends_on: db: condition: service_healthy @@ -337,14 +337,14 @@ ENTRYPOINT ["dotnet", "myWebApp.dll"] The following is the updated `compose.yaml` file. -```yaml {hl_lines="5"} +```yaml {hl_lines=[5,15,16]} services: server: build: context: . target: development ports: - - 8080:80 + - 8080:8080 depends_on: db: condition: service_healthy @@ -354,7 +354,6 @@ services: path: . environment: - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://+:80' db: image: postgres restart: always From eec54cf4571e80a711a1d3111fc5b931266ab355 Mon Sep 17 00:00:00 2001 From: Sarah Sanders Date: Tue, 18 Mar 2025 17:33:45 -0400 Subject: [PATCH 3/3] security: update security faq, add sso faq (#22195) ## Description - Original security general FAQ was incorrect. IAM team confirmed that we do not currently support IdP default timeouts, and we should communicate this. - Updated existing FAQ - Added new FAQ to SSO FAQs ## Related issues or tickets - [ENGDOCS-2475](https://docker.atlassian.net/browse/ENGDOCS-2475) ## Reviews - [ ] Editorial review [ENGDOCS-2475]: https://docker.atlassian.net/browse/ENGDOCS-2475?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ --- content/manuals/security/faqs/general.md | 8 +++++--- content/manuals/security/faqs/single-sign-on/faqs.md | 12 +++++++++++- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/content/manuals/security/faqs/general.md b/content/manuals/security/faqs/general.md index ce6f6dcd1873..61cf9a7121db 100644 --- a/content/manuals/security/faqs/general.md +++ b/content/manuals/security/faqs/general.md @@ -31,11 +31,13 @@ You can configure this through SSO using your IdP. Check with your IdP if they s ### How are sessions managed and do they expire? -Docker Desktop uses tokens to manage sessions after a user signs in. Docker Desktop signs you out after 90 days, or 30 days of inactivity. +Docker uses tokens to manage sessions after a user signs in: -In Docker Hub, you need to re-authenticate after 24 hours. If users are authenticating using SSO, the default session timeout for the IdP is respected. +- Docker Desktop signs you out after 90 days, or 30 days of inactivity. +- Docker Hub and Docker Home sign you out after 24 hours. -Custom settings per organization for sessions aren't supported. +Custom settings per organization for sessions aren't supported. Currently, +Docker does not support your IdP's default session timeout for SSO users. ### How does Docker attribute downloads to us and what data is used to classify or verify the user is part of our organization? diff --git a/content/manuals/security/faqs/single-sign-on/faqs.md b/content/manuals/security/faqs/single-sign-on/faqs.md index 383ee8df8aa8..9ed17f5d39eb 100644 --- a/content/manuals/security/faqs/single-sign-on/faqs.md +++ b/content/manuals/security/faqs/single-sign-on/faqs.md @@ -61,4 +61,14 @@ securely](/security/for-admins/provisioning/group-mapping/#use-group-mapping-wit ### Are there any firewall rules required for SSO configuration? -No. There are no specific firewall rules required for configuring SSO, as long as the domain `login.docker.com` is accessible. This domain is commonly accessible by default. However, in rare cases, some organizations may have firewall restrictions in place that block this domain. If you encounter issues during SSO setup, ensure that `login.docker.com` is allowed in your network's firewall settings. \ No newline at end of file +No. There are no specific firewall rules required for configuring SSO, as long as the domain `login.docker.com` is accessible. This domain is commonly accessible by default. However, in rare cases, some organizations may have firewall restrictions in place that block this domain. If you encounter issues during SSO setup, ensure that `login.docker.com` is allowed in your network's firewall settings. + +### Does Docker use my IdP's default session timeout? + +No. Currently, Docker does not support your IdP's default session timeout for +SSO users. + +Docker's default user session timeouts are as follows: + +- Docker Desktop signs you out after 90 days, or 30 days of inactivity. +- Docker Hub and Docker Home sign you out after 24 hours. \ No newline at end of file