分享:自建Docker镜像

Guikong
Guikong
发布于 2024-07-04 / 67 阅读
0

分享:自建Docker镜像

2024年6月,中国大陆多个Docker镜像因监管要求关闭服务,包括中科大、上海交大等教育机构和云服务商的镜像站。此举旨在维护网络生态安全,影响范围广泛。

在各个Docker镜像重新开放之前,无法拉去镜像给日常开发者带来了诸多不便,为了能够方便自己能够便捷拉取镜像。站住通过Github项目Docker-proxy搭建了Docker镜像代理拉取站点。

这里分享一下Docker-proxy大致的搭建方式,需要注意的是,Docker-proxy需要在国外服务器(能访问docker源的服务器)上搭建。同时该服务器没有被墙,或者你的域名国内可以访问。需要提前安装好docker应用,不同linux发行版的安装方式不同,这一步可自行按需进行。

首先创建路径

mkdir docker-proxy

cd docker-proxy

随后创建docker-compose.yaml

vim docker-compose.yaml

填入下面的代码

services:

  ## docker hub

  dockerhub:
    container_name: reg-docker-hub
    image: dqzboy/registry:latest
    restart: always
    environment:
      - OTEL_TRACES_EXPORTER=none
      #- http=http://host:port
      #- https=http://host:port
    volumes:
      - ./registry/data:/var/lib/registry
      - ./registry-hub.yml:/etc/docker/registry/config.yml
      #- ./htpasswd:/auth/htpasswd
    ports:
      - 51000:5000
    networks:
      - registry-net

  ## ghcr.io

  ghcr:
    container_name: reg-ghcr
    image: dqzboy/registry:latest
    restart: always
    environment:
      - OTEL_TRACES_EXPORTER=none
      #- http=http://host:port
      #- https=http://host:port
    volumes:
      - ./registry/data:/var/lib/registry
      - ./registry-ghcr.yml:/etc/docker/registry/config.yml
      #- ./htpasswd:/auth/htpasswd
    ports:
      - 52000:5000
    networks:
      - registry-net

  ## gcr.io

  gcr:
    container_name: reg-gcr
    image: dqzboy/registry:latest
    restart: always
    environment:
      - OTEL_TRACES_EXPORTER=none
      #- http=http://host:port
      #- https=http://host:port
    volumes:
      - ./registry/data:/var/lib/registry
      - ./registry-gcr.yml:/etc/docker/registry/config.yml
      #- ./htpasswd:/auth/htpasswd
    ports:
      - 53000:5000
    networks:
      - registry-net

  ## k8s.gcr.io

  k8sgcr:
    container_name: reg-k8s-gcr
    image: dqzboy/registry:latest
    restart: always
    environment:
      - OTEL_TRACES_EXPORTER=none
      #- http=http://host:port
      #- https=http://host:port
    volumes:
      - ./registry/data:/var/lib/registry
      - ./registry-k8sgcr.yml:/etc/docker/registry/config.yml
      #- ./htpasswd:/auth/htpasswd
    ports:
      - 54000:5000
    networks:
      - registry-net

  ## registry.k8s.io

  k8s:
    container_name: reg-k8s
    image: dqzboy/registry:latest
    restart: always
    environment:
      - OTEL_TRACES_EXPORTER=none
      #- http=http://host:port
      #- https=http://host:port
    volumes:
      - ./registry/data:/var/lib/registry
      - ./registry-k8s.yml:/etc/docker/registry/config.yml
      #- ./htpasswd:/auth/htpasswd
    ports:
      - 55000:5000
    networks:
      - registry-net

  ## quay.io

  quay:
    container_name: reg-quay
    image: dqzboy/registry:latest
    restart: always
    environment:
      - OTEL_TRACES_EXPORTER=none
      #- http=http://host:port
      #- https=http://host:port
    volumes:
      - ./registry/data:/var/lib/registry
      - ./registry-quay.yml:/etc/docker/registry/config.yml
      #- ./htpasswd:/auth/htpasswd
    ports:
      - 56000:5000
    networks:
      - registry-net

  ## mcr.microsoft.com

  mcr:
    container_name: reg-mcr
    image: dqzboy/registry:latest
    restart: always
    environment:
      - OTEL_TRACES_EXPORTER=none
      #- http=http://host:port
      #- https=http://host:port
    volumes:
      - ./registry/data:/var/lib/registry
      - ./registry-mcr.yml:/etc/docker/registry/config.yml
      #- ./htpasswd:/auth/htpasswd
    ports:
      - 57000:5000
    networks:
      - registry-net

  ## docker.elastic.co

  elastic:
    container_name: reg-elastic
    image: dqzboy/registry:latest
    restart: always
    environment:
      - OTEL_TRACES_EXPORTER=none
      #- http=http://host:port
      #- https=http://host:port
    volumes:
      - ./registry/data:/var/lib/registry
      - ./registry-elastic.yml:/etc/docker/registry/config.yml
      #- ./htpasswd:/auth/htpasswd
    ports:
      - 58000:5000
    networks:
      - registry-net

  ## UI

  registry-ui:
    container_name: registry-ui
    image: dqzboy/docker-registry-ui:latest
    environment:
      - DOCKER_REGISTRY_URL=http://reg-docker-hub:5000
      # [必须]使用 openssl rand -hex 16 生成唯一值
      - SECRET_KEY_BASE=9f18244a1e1179fa5aa4a06a335d01b2
      # 启用Image TAG 的删除按钮
      - ENABLE_DELETE_IMAGES=true
      - NO_SSL_VERIFICATION=true
    restart: always
    ports:
      - 50000:8080
    networks:
      - registry-net

networks:
  registry-net:

保存docker-compose.yaml后,在相同目录下,下载这个压缩包(config.zip)并把里面的接个文件放置在和docker-compose.yaml相同的目录路径下。

随后部署Docker-proxy容器,等待完成

docker compose up -d

完成后,不同的镜像在不同的端口

ui 端口50000

docker-hub 端口51000

ghcr 端口52000

grc 端口 53000

k8s-grc 端口54000

k8s 端口55000

quay 端口56000

mrc 端口57000

elastic 端口58000

可以通过放通端口,使用ip+端口的方式访问对应镜像代理,也可以使用反代+https访问来体高安全性。

目前站主搭建的代理镜像使用量并不大,如果有学习、学术科研需求的朋友需要使用,可以留言评论获取。