This article is for reference only. Please do not use it for commercial or illegal purposes.

Brief description

Necessary conditions:

  • Domain name & certificate * 1
  • Overseas server * 1

It is no longer possible to access the official source of docker hub in China. We can find an overseas server to build a registry and cache the image registry to the overseas server for normal download

The following operations are all run in the overseas server

Start the registry

docker rm -f docker-registry
docker run -itd --name=docker-registry\
--restart=always \
-e TZ=Asia/Shanghai \
-p 5000:5000 \
-e REGISTRY_PROXY_REMOTEURL=https://registry-1.docker.io \
-v /data/docker-registry/data:/var/lib/registry registry:latest

# Configuration details
REGISTRY_PROXY_REMOTEURL: specifies the upstream remote image repository as the official image repository

Configure reverse proxy

Here you need an openresty or nginx for reverse proxy, the required configuration file is as follows

upstream docker-registry {
server <your intranet IP>:5000;
}

server {
listen 443 ssl;
server_name <your domain name>;
ssl_certificate /etc/nginx/ssl/ssl.cerm;
ssl_certificate_key /etc/nginx/ssl/ssl.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;

proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr; client_max_body_size 0; chunked_transfer_encoding on; add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always; location / { auth_basic off; proxy_set_header Host $http_host; proxy_set_header _x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 900; proxy_pass http://docker-registry; } location /_ping { auth_basic off; http://docker-registry;
}

location /v2/_catalog {
auth_basic off;
proxy_pass http://docker-registry;
}

access_log /etc/nginx/logs/docker-registry.access.log;
error_log /etc/nginx/logs/docker-registry.error.log;
}

At this point, the domain name is resolved to the nginx machine. And configure on the docker client (domestic machine) that needs to download the image:

# Edit or add
$ vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://registry's address"]
}

# Effective configuration
$ systemctl reload docker

# Test download image
$ docker pull nginx:alpine3.19-perl

Statement: This article is for learning reference only and should not be used for commercial or illegal purposes

Last modification:August 14, 2024
如果觉得我的文章对你有用,请随意赞赏