由于国内现有的镜像加速大部分不可用,或者只对自己的服务有效,所以想自己搭建一个镜像加速服务
准备
- 对大陆优化的境外服务
- 安装了Docker服务
Docker Registry
使用Docker Registry来进行搭建
docker-compose
version: "3"
services:
registry:
image: registry:2
container_name: registry
restart: unless-stopped
ports:
- 5000:5000
volumes:
- ./conf/registry.yml:/etc/docker/registry/config.yml:ro
- ./data/registry:/var/lib/registry
/var/lib/registry
pull下拉的缓存存储位置/etc/docker/registry/config.yml
相关配置
config.yml主要设置一下
proxy:
remoteurl: https://registry-1.docker.io
username: [username]
password: [password]
个人配置
example
version: 0.1
log:
fields:
service: registry
storage:
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
proxy:
remoteurl: https://registry-1.docker.io
Nginx Proxy
然后使用nginx反代一下
upstream docker-registry {
server 103.20.199.243:5000;
}
map $upstream_http_docker_distribution_api_version $docker_distribution_api_version {
'' 'registry/2.0';
}
server {
listen 443 ssl;
server_name yourdoamin;
# SSL
ssl_certificate /etc/nginx/cert/yourdoamin.pem;
ssl_certificate_key /etc/nginx/cert/yourdoamin.key;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
client_max_body_size 0;
chunked_transfer_encoding on;
location /v2/ {
if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
return 404;
}
add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always;
proxy_pass http://docker-registry;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}
}
这里去除了验证 ,只是做镜像加速,不做上传
验证
在大陆服务器或者内网服务配置/etc/docker/daemon.json
{
"registry-mirrors": ["https://yourdoamin.com"]
}
然后重启一下
sudo systemctl daemon-reload
sudo systemctl restart docker
推荐
比较好的镜像加速
参考文档: