Self-built docker-registry solves the problem of being unable to pull images in China (for learning reference only)

博海

June 11, 2024

555 views

No comments

2510 words

运维笔记

This article is for reference only. Please do not use it for commercial or illegal purposes.

Brief description

Necessary conditions:

Domain name & certificate * 1
Overseas server * 1

It is no longer possible to access the official source of docker hub in China. We can find an overseas server to build a registry and cache the image registry to the overseas server for normal download

The following operations are all run in the overseas server

Start the registry

docker rm -f docker-registry
docker run -itd --name=docker-registry\
--restart=always \
-e TZ=Asia/Shanghai \
-p 5000:5000 \
-e REGISTRY_PROXY_REMOTEURL=https://registry-1.docker.io \
-v /data/docker-registry/data:/var/lib/registry registry:latest

# Configuration details
REGISTRY_PROXY_REMOTEURL: specifies the upstream remote image repository as the official image repository

Configure reverse proxy

Here you need an openresty or nginx for reverse proxy, the required configuration file is as follows

upstream docker-registry {
server <your intranet IP>:5000;
}

server {
listen 443 ssl;
server_name <your domain name>;
ssl_certificate /etc/nginx/ssl/ssl.cerm;
ssl_certificate_key /etc/nginx/ssl/ssl.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;

proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr; client_max_body_size 0; chunked_transfer_encoding on; add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always; location / { auth_basic off; proxy_set_header Host $http_host; proxy_set_header _x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 900; proxy_pass http://docker-registry; } location /_ping { auth_basic off; http://docker-registry;
}

location /v2/_catalog {
auth_basic off;
proxy_pass http://docker-registry;
}

access_log /etc/nginx/logs/docker-registry.access.log;
error_log /etc/nginx/logs/docker-registry.error.log;
}

At this point, the domain name is resolved to the nginx machine. And configure on the docker client (domestic machine) that needs to download the image:

# Edit or add
$ vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://registry's address"]
}

# Effective configuration
$ systemctl reload docker

# Test download image
$ docker pull nginx:alpine3.19-perl

Statement: This article is for learning reference only and should not be used for commercial or illegal purposes

Self-built docker-registry solves the problem of being unable to pull images in China (for learning reference only)

博海 • 2024 年 06 月 11 日

Self-built docker-registry solves the problem of being unable to pull images in China (for learning reference only)

Brief description

Start the registry

Configure reverse proxy

Leave a Comment Cancel reply
使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款

Purchase Alibaba Cloud ECS with 2 cores, 2G memory, 200M bandwidth (by volume)/49/year

Terraform的状态文件认识以及使用远端存储

Linux命令分享：使用envsubst来渲染配置文件

Monitor k8s Ingress changes and generate corresponding nginx configuration

The significant difference between local vs remote writing files in one go and writing files in batches

此内容被密码保护

Purchase Alibaba Cloud ECS with 2 cores, 2G memory, 200M bandwidth (by volume)/49/year

NGINX配置网络代理

远程下载工具的部署与使用

在PVE8环境中制作Ubuntu的Cloud Init虚拟机模板

Self-built docker-registry solves the problem of being unable to pull images in China (for learning reference only)

Brief description

Start the registry

Configure reverse proxy

Leave a Comment Cancel reply 使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款

Self-built docker-registry solves the problem of being unable to pull images in China (for learning reference only)

Leave a Comment Cancel reply
使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款