2024年6月,中国大陆多个Docker镜像因监管要求关闭服务,包括中科大、上海交大等教育机构和云服务商的镜像站。此举旨在维护网络生态安全,影响范围广泛。
在各个Docker镜像重新开放之前,无法拉去镜像给日常开发者带来了诸多不便,为了能够方便自己能够便捷拉取镜像。站住通过Github项目Docker-proxy搭建了Docker镜像代理拉取站点。
这里分享一下Docker-proxy大致的搭建方式,需要注意的是,Docker-proxy需要在国外服务器(能访问docker源的服务器)上搭建。同时该服务器没有被墙,或者你的域名国内可以访问。需要提前安装好docker应用,不同linux发行版的安装方式不同,这一步可自行按需进行。
首先创建路径
mkdir docker-proxy
cd docker-proxy
随后创建docker-compose.yaml
vim docker-compose.yaml
填入下面的代码
services:
## docker hub
dockerhub:
container_name: reg-docker-hub
image: dqzboy/registry:latest
restart: always
environment:
- OTEL_TRACES_EXPORTER=none
#- http=http://host:port
#- https=http://host:port
volumes:
- ./registry/data:/var/lib/registry
- ./registry-hub.yml:/etc/docker/registry/config.yml
#- ./htpasswd:/auth/htpasswd
ports:
- 51000:5000
networks:
- registry-net
## ghcr.io
ghcr:
container_name: reg-ghcr
image: dqzboy/registry:latest
restart: always
environment:
- OTEL_TRACES_EXPORTER=none
#- http=http://host:port
#- https=http://host:port
volumes:
- ./registry/data:/var/lib/registry
- ./registry-ghcr.yml:/etc/docker/registry/config.yml
#- ./htpasswd:/auth/htpasswd
ports:
- 52000:5000
networks:
- registry-net
## gcr.io
gcr:
container_name: reg-gcr
image: dqzboy/registry:latest
restart: always
environment:
- OTEL_TRACES_EXPORTER=none
#- http=http://host:port
#- https=http://host:port
volumes:
- ./registry/data:/var/lib/registry
- ./registry-gcr.yml:/etc/docker/registry/config.yml
#- ./htpasswd:/auth/htpasswd
ports:
- 53000:5000
networks:
- registry-net
## k8s.gcr.io
k8sgcr:
container_name: reg-k8s-gcr
image: dqzboy/registry:latest
restart: always
environment:
- OTEL_TRACES_EXPORTER=none
#- http=http://host:port
#- https=http://host:port
volumes:
- ./registry/data:/var/lib/registry
- ./registry-k8sgcr.yml:/etc/docker/registry/config.yml
#- ./htpasswd:/auth/htpasswd
ports:
- 54000:5000
networks:
- registry-net
## registry.k8s.io
k8s:
container_name: reg-k8s
image: dqzboy/registry:latest
restart: always
environment:
- OTEL_TRACES_EXPORTER=none
#- http=http://host:port
#- https=http://host:port
volumes:
- ./registry/data:/var/lib/registry
- ./registry-k8s.yml:/etc/docker/registry/config.yml
#- ./htpasswd:/auth/htpasswd
ports:
- 55000:5000
networks:
- registry-net
## quay.io
quay:
container_name: reg-quay
image: dqzboy/registry:latest
restart: always
environment:
- OTEL_TRACES_EXPORTER=none
#- http=http://host:port
#- https=http://host:port
volumes:
- ./registry/data:/var/lib/registry
- ./registry-quay.yml:/etc/docker/registry/config.yml
#- ./htpasswd:/auth/htpasswd
ports:
- 56000:5000
networks:
- registry-net
## mcr.microsoft.com
mcr:
container_name: reg-mcr
image: dqzboy/registry:latest
restart: always
environment:
- OTEL_TRACES_EXPORTER=none
#- http=http://host:port
#- https=http://host:port
volumes:
- ./registry/data:/var/lib/registry
- ./registry-mcr.yml:/etc/docker/registry/config.yml
#- ./htpasswd:/auth/htpasswd
ports:
- 57000:5000
networks:
- registry-net
## docker.elastic.co
elastic:
container_name: reg-elastic
image: dqzboy/registry:latest
restart: always
environment:
- OTEL_TRACES_EXPORTER=none
#- http=http://host:port
#- https=http://host:port
volumes:
- ./registry/data:/var/lib/registry
- ./registry-elastic.yml:/etc/docker/registry/config.yml
#- ./htpasswd:/auth/htpasswd
ports:
- 58000:5000
networks:
- registry-net
## UI
registry-ui:
container_name: registry-ui
image: dqzboy/docker-registry-ui:latest
environment:
- DOCKER_REGISTRY_URL=http://reg-docker-hub:5000
# [必须]使用 openssl rand -hex 16 生成唯一值
- SECRET_KEY_BASE=9f18244a1e1179fa5aa4a06a335d01b2
# 启用Image TAG 的删除按钮
- ENABLE_DELETE_IMAGES=true
- NO_SSL_VERIFICATION=true
restart: always
ports:
- 50000:8080
networks:
- registry-net
networks:
registry-net:
保存docker-compose.yaml后,在相同目录下,下载这个压缩包(config.zip)并把里面的接个文件放置在和docker-compose.yaml相同的目录路径下。
随后部署Docker-proxy容器,等待完成
docker compose up -d
完成后,不同的镜像在不同的端口
ui 端口50000
docker-hub 端口51000
ghcr 端口52000
grc 端口 53000
k8s-grc 端口54000
k8s 端口55000
quay 端口56000
mrc 端口57000
elastic 端口58000
可以通过放通端口,使用ip+端口的方式访问对应镜像代理,也可以使用反代+https访问来体高安全性。
目前站主搭建的代理镜像使用量并不大,如果有学习、学术科研需求的朋友需要使用,可以留言评论获取。