自建Docker Hub镜像"加速"服务

最后更新时间:2024年06月21日

项目地址:https://github.com/dqzboy/Docker-Proxy.git
本次实验采用的docker-compose的方式启动服务

1.安装docker及docker-compose软件

目前docker全线的服务国内都无法访问,docker-ce的repo(https://download.docker.com/linux/centos/docker-ce.repo)也无法下载了。

cat docker-ce.repo

[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://download.docker.com/linux/centos/$releasever/$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg

[docker-ce-stable-debuginfo]
name=Docker CE Stable - Debuginfo $basearch
baseurl=https://download.docker.com/linux/centos/$releasever/debug-$basearch/stable
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg

[docker-ce-stable-source]
name=Docker CE Stable - Sources
baseurl=https://download.docker.com/linux/centos/$releasever/source/stable
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg

[docker-ce-test]
name=Docker CE Test - $basearch
baseurl=https://download.docker.com/linux/centos/$releasever/$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg

[docker-ce-test-debuginfo]
name=Docker CE Test - Debuginfo $basearch
baseurl=https://download.docker.com/linux/centos/$releasever/debug-$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg

[docker-ce-test-source]
name=Docker CE Test - Sources
baseurl=https://download.docker.com/linux/centos/$releasever/source/test
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg

[docker-ce-nightly]
name=Docker CE Nightly - $basearch
baseurl=https://download.docker.com/linux/centos/$releasever/$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg

[docker-ce-nightly-debuginfo]
name=Docker CE Nightly - Debuginfo $basearch
baseurl=https://download.docker.com/linux/centos/$releasever/debug-$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg

[docker-ce-nightly-source]
name=Docker CE Nightly - Sources
baseurl=https://download.docker.com/linux/centos/$releasever/source/nightly
enabled=0
gpgcheck=1
gpgkey=https://download.docker.com/linux/centos/gpg

添加docker-ce repo仓库,修改源地址为清华源

yum install -y yum-utils
yum-config-manager --add-repo docker-ce.repo
sed -i 's+https://download.docker.com+https://mirrors.tuna.tsinghua.edu.cn/docker-ce+' /etc/yum.repos.d/docker-ce.repo

安装docker-compose 略

2.克隆Docker-Proxy项目到本机

git clone https://github.com/dqzboy/Docker-Proxy.git
cd Docker-Proxy
cp docker-compose.yaml config/docker-compose.yaml
cd config

3.配置修改docker-compose.yaml

如果主机不能正常访问docker hub则需要修改docker-compose配置代理,如下:

services:
  ## docker hub
  dockerhub:
    container_name: reg-docker-hub
    image: registry:latest
    restart: always
......
#添加你自己的代理
    environment:
      - HTTP_PROXY=http://192.168.0.2:7890
      - HTTPS_PROXY=http://192.168.0.2:7890
      - NO_PROXY=localhost,127.0.0.1,docker.internal
......

4.启动服务及配置nginx

docker-compose up -d

配置nginx参考./Docker-Proxy/nginx中的registry-proxy.conf文件

5.docker客户端配置加速地址

修改或添加/etc/docker/daemon.json文件

cat /etc/docker/daemon.json
{
    "registry-mirrors": [
        "https://docker.your_demon.com"
    ]
}

#重载配置以及重启docker
systemctl daemon-reload
systemctl restart docker

6.验证"加速"服务

docker客户端直接pull镜像

[root@localhost ~]# docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
2cc3ae149d28: Already exists
a97f9034bc9b: Pull complete
9571e65a55a3: Pull complete
0b432cb2d95e: Pull complete
24436676f2de: Pull complete
928cc9acedf0: Pull complete
ca6fb48c6db4: Pull complete
Digest: sha256:56b388b0d79c738f4cf51bbaf184a14fab19337f4819ceb2cae7d94100262de8
Status: Downloaded newer image for nginx:latest
docker.io/library/nginx:latest


7.nginx代理docker hub仓库的配置(nginx主机需要能正常访问docker hub)

cat dockerhubproxy.conf
server {
  listen 443 ssl;
  server_name docker.xxx.net;
  ssl_certificate /etc/nginx/conf.d/ssl/fullchain.cer;
  ssl_certificate_key /etc/nginx/conf.d/ssl/docker.xxx.net.key;
  ssl_session_timeout 24h;
  ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256';
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
  access_log  /var/log/nginx/dockerhub.access.log  main;
  location / {
    proxy_pass https://registry-1.docker.io;  # Docker Hub 的官方镜像仓库
    proxy_set_header Host registry-1.docker.io;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_buffering off;
    proxy_set_header Authorization $http_authorization;
    proxy_pass_header  Authorization;
    proxy_intercept_errors on;
    recursive_error_pages on;
    error_page 301 302 307 = @handle_redirect;
  }
  location @handle_redirect {
    resolver 1.1.1.1;
    set $saved_redirect_location '$upstream_http_location';
    proxy_pass $saved_redirect_location;
  }
}

声明:鹅石壳儿|版权所有,违者必究|如未注明,均为原创|本网站采用BY-NC-SA协议进行授权

转载:转载请注明原文链接 - 自建Docker Hub镜像"加速"服务

Carpe Diem and Do what I like