calavera
diff --git a/‎docs/articles/certificates.md‎
Lines changed: 4 additions & 108 deletions b/‎docs/articles/certificates.md‎
Lines changed: 4 additions & 108 deletions
diff --git a/‎docs/articles/registry_mirror.md‎
Lines changed: 5 additions & 78 deletions b/‎docs/articles/registry_mirror.md‎
Lines changed: 5 additions & 78 deletions
diff --git a/‎docs/introduction/understanding-docker.md‎
Lines changed: 8 additions & 7 deletions b/‎docs/introduction/understanding-docker.md‎
Lines changed: 8 additions & 7 deletions
diff --git a/‎docs/misc/faq.md‎
Lines changed: 1 addition & 1 deletion b/‎docs/misc/faq.md‎
Lines changed: 1 addition & 1 deletion
@@ -11,111 +11,7 @@ weight = 7
 
 # Using certificates for repository client verification
 
-In [Running Docker with HTTPS](/articles/https), you learned that, by default,
-Docker runs via a non-networked Unix socket and TLS must be enabled in order
-to have the Docker client and the daemon communicate securely over HTTPS.
-
-Now, you will see how to allow the Docker registry (i.e., *a server*) to
-verify that the Docker daemon (i.e., *a client*) has the right to access the
-images being hosted with *certificate-based client-server authentication*.
-
-We will show you how to install a Certificate Authority (CA) root certificate
-for the registry and how to set the client TLS certificate for verification.
-
-## Understanding the configuration
-
-A custom certificate is configured by creating a directory under
-`/etc/docker/certs.d` using the same name as the registry's hostname (e.g.,
-`localhost`). All `*.crt` files are added to this directory as CA roots.
-
-> **Note:**
-> In the absence of any root certificate authorities, Docker
-> will use the system default (i.e., host's root CA set).
-
-The presence of one or more `<filename>.key/cert` pairs indicates to Docker
-that there are custom certificates required for access to the desired
-repository.
-
-> **Note:**
-> If there are multiple certificates, each will be tried in alphabetical
-> order. If there is an authentication error (e.g., 403, 404, 5xx, etc.), Docker
-> will continue to try with the next certificate.
-
-Our example is set up like this:
-
-    /etc/docker/certs.d/        <-- Certificate directory
-    └── localhost               <-- Hostname
-       ├── client.cert          <-- Client certificate
-       ├── client.key           <-- Client key
-       └── localhost.crt        <-- Registry certificate
-
-## Creating the client certificates
-
-You will use OpenSSL's `genrsa` and `req` commands to first generate an RSA
-key and then use the key to create the certificate.   
-
-    $ openssl genrsa -out client.key 4096
-    $ openssl req -new -x509 -text -key client.key -out client.cert
-
-> **Warning:**: 
-> Using TLS and managing a CA is an advanced topic.
-> You should be familiar with OpenSSL, x509, and TLS before
-> attempting to use them in production. 
-
-> **Warning:**
-> These TLS commands will only generate a working set of certificates on Linux.
-> The version of OpenSSL in Mac OS X is incompatible with the type of
-> certificate Docker requires.
-
-## Testing the verification setup
-
-You can test this setup by using Apache to host a Docker registry.
-For this purpose, you can copy a registry tree (containing images) inside
-the Apache root.
-
-> **Note:**
-> You can find such an example [here](
-> http://people.gnome.org/~alexl/v1.tar.gz) - which contains the busybox image.
-
-Once you set up the registry, you can use the following Apache configuration
-to implement certificate-based protection.
-
-    # This must be in the root context, otherwise it causes a re-negotiation
-    # which is not supported by the TLS implementation in go
-    SSLVerifyClient optional_no_ca
-
-    <Location /v1>
-    Action cert-protected /cgi-bin/cert.cgi
-    SetHandler cert-protected
-
-    Header set x-docker-registry-version "0.6.2"
-    SetEnvIf Host (.*) custom_host=$1
-    Header set X-Docker-Endpoints "%{custom_host}e"
-    </Location>
-
-Save the above content as `/etc/httpd/conf.d/registry.conf`, and
-continue with creating a `cert.cgi` file under `/var/www/cgi-bin/`.
-
-    #!/bin/bash
-    if [ "$HTTPS" != "on" ]; then
-        echo "Status: 403 Not using SSL"
-        echo "x-docker-registry-version: 0.6.2"
-        echo
-        exit 0
-    fi
-    if [ "$SSL_CLIENT_VERIFY" == "NONE" ]; then
-        echo "Status: 403 Client certificate invalid"
-        echo "x-docker-registry-version: 0.6.2"
-        echo
-        exit 0
-    fi
-    echo "Content-length: $(stat --printf='%s' $PATH_TRANSLATED)"
-    echo "x-docker-registry-version: 0.6.2"
-    echo "X-Docker-Endpoints: $SERVER_NAME"
-    echo "X-Docker-Size: 0"
-    echo
-
-    cat $PATH_TRANSLATED
-
-This CGI script will ensure that all requests to `/v1` *without* a valid
-certificate will be returned with a `403` (i.e., HTTP forbidden) error.
+The orginal content was deprecated. For information about configuring
+cerficates, see  [deploying a registry
+server](http://docs.docker.com/registry/deploying/). To reach an older version
+of this content, refer to an older version of the documentation. 
@@ -11,81 +11,8 @@ weight = 8
 
 # Run a local registry mirror
 
-## Why?
-
-If you have multiple instances of Docker running in your environment
-(e.g., multiple physical or virtual machines, all running the Docker
-daemon), each time one of them requires an image that it doesn't have
-it will go out to the internet and fetch it from the public Docker
-registry. By running a local registry mirror, you can keep most of the
-image fetch traffic on your local network.
-
-## How does it work?
-
-The first time you request an image from your local registry mirror,
-it pulls the image from the public Docker registry and stores it locally
-before handing it back to you. On subsequent requests, the local registry
-mirror is able to serve the image from its own storage.
-
-## How do I set up a local registry mirror?
-
-There are two steps to set up and use a local registry mirror.
-
-### Step 1: Configure your Docker daemons to use the local registry mirror
-
-You will need to pass the `--registry-mirror` option to your Docker daemon on
-startup:
-
-    docker daemon --registry-mirror=http://<my-docker-mirror-host>
-
-For example, if your mirror is serving on `http://10.0.0.2:5000`, you would run:
-
-    docker daemon --registry-mirror=http://10.0.0.2:5000
-
-**NOTE:**
-Depending on your local host setup, you may be able to add the
-`--registry-mirror` options to the `DOCKER_OPTS` variable in
-`/etc/default/docker`.
-
-### Step 2: Run the local registry mirror
-
-You will need to start a local registry mirror service. The
-[`registry` image](https://registry.hub.docker.com/_/registry/) provides this
-functionality. For example, to run a local registry mirror that serves on
-port `5000` and mirrors the content at `registry-1.docker.io`:
-
-    docker run -p 5000:5000 \
-        -e STANDALONE=false \
-        -e MIRROR_SOURCE=https://registry-1.docker.io \
-        -e MIRROR_SOURCE_INDEX=https://index.docker.io \
-        registry
-
-## Test it out
-
-With your mirror running, pull an image that you haven't pulled before (using
-`time` to time it):
-
-    $ time docker pull node:latest
-    Pulling repository node
-    [...]
-    
-    real   1m14.078s
-    user   0m0.176s
-    sys    0m0.120s
-
-Now, remove the image from your local machine:
-
-    $ docker rmi node:latest
-
-Finally, re-pull the image:
-
-    $ time docker pull node:latest
-    Pulling repository node
-    [...]
-    
-    real   0m51.376s
-    user   0m0.120s
-    sys    0m0.116s
-
-The second time around, the local registry mirror served the image from storage,
-avoiding a trip out to the internet to refetch it.
+The orginal content was deprecated. [An archived
+version](https://docs.docker.com/v1.6/articles/registry_mirror) is available in
+the 1.7 documentation. For information about configuring mirrors with the latest
+Docker Registry version, please file a support request with [the Distribution
+project](https://github.com/docker/distribution/issues). 
@@ -116,11 +116,11 @@ images, or you can download Docker images that other people have already created
 Docker images are the **build** component of Docker.
 
 #### Docker registries
-Docker registries hold images. These are public or private stores from which you upload
-or download images. The public Docker registry is called
-[Docker Hub](http://hub.docker.com). It provides a huge collection of existing
-images for your use. These can be images you create yourself or you
-can use images that others have previously created. Docker registries are the 
+Docker registries hold images. These are public or private stores from which you
+upload or download images. The public Docker registry is provided with the
+[Docker Hub](http://hub.docker.com). It serves a huge collection of existing
+images for your use. These can be images you create yourself or you can use
+images that others have previously created. Docker registries are the
 **distribution** component of Docker.
 
 #### Docker containers
@@ -179,8 +179,9 @@ returns a final image.
 
 ### How does a Docker registry work?
 The Docker registry is the store for your Docker images. Once you build a Docker
-image you can *push* it to a public registry [Docker Hub](https://hub.docker.com) or to 
-your own registry running behind your firewall.
+image you can *push* it to a public registry such as the one provided by [Docker
+Hub](https://hub.docker.com) or to your own registry running behind your
+firewall.
 
 Using the Docker client, you can search for already published images and then
 pull them down to your Docker host to build containers from them.
 
@@ -97,7 +97,7 @@ with several powerful functionalities:
  applications. Your ideal PostgreSQL setup can be re-used for all your future
  projects. And so on.
 
- - *Sharing.* Docker has access to a [public registry](https://registry.hub.docker.com/)
+ - *Sharing.* Docker has access to a public registry [on Docker Hub](https://registry.hub.docker.com/)
  where thousands of people have uploaded useful containers: anything from Redis,
  CouchDB, PostgreSQL to IRC bouncers to Rails app servers to Hadoop to base 
  images for various Linux distros. The