人生若只如初见

WXY

自建Docker镜像加速服务

2024-11-20

准备工作

自建Docker镜像加速服务,基于官方Docker Registry 一键部署Docker、K8s、Quay、Ghcr、Mcr、Nvcr等镜像加速\管理服务

⚠️ 重要:选择一台国外服务器,并且未被墙。对于域名,无需进行国内备案。你也可以通过一些平台申请免费域名。在一键部署过程中,如果选择安装Caddy,它将自动配置HTTPS。若选择部署Nginx服务,则需要自行申请一个免费的SSL证书,或者通过其他方式来实现SSL加密。

部署教程

本教程使用 https://github.com/dqzboy/Docker-Proxy 开源项目来搭建

Docker Compose 部署

⚠️ 注意: 你需要对哪个镜像仓库进行加速,就下载哪个配置。docker-compose.yaml文件默认是部署所有的国外镜像仓库的加速服务,同样也是你部署哪个就配置哪个,其余的删除掉即可!

1. 下载config (opens new window)目录下对应的yml文件到你本地机器上

2020 年11 月20 日官方发布,如果没有登陆,每6小时100次,登陆200次

如需登录dockerhub账号 修改下载后的对应配置文件内容即可

registry-hub.yml

2024-12-11-wgefbbiv.webp

2. 下载docker-compose.yaml (opens new window)文件(或复制下面内容新建文件) 到你本地机器上,并且与配置文件同级目录下

docker-compose.yaml

services:
  ## docker hub
  dockerhub:
    container_name: reg-docker-hub
    image: dqzboy/registry:latest
    restart: always
    environment:
      - OTEL_TRACES_EXPORTER=none
      #- http=http://host:port
      #- https=http://host:port
    volumes:
      - ./registry/data:/var/lib/registry
      - ./registry-hub.yml:/etc/distribution/config.yml
      #- ./htpasswd:/auth/htpasswd
    ports:
      - 51000:5000
    networks:
      - registry-net

  ## ghcr.io
  ghcr:
    container_name: reg-ghcr
    image: dqzboy/registry:latest
    restart: always
    environment:
      - OTEL_TRACES_EXPORTER=none
      #- http=http://host:port
      #- https=http://host:port
    volumes:
      - ./registry/data:/var/lib/registry
      - ./registry-ghcr.yml:/etc/distribution/config.yml
      #- ./htpasswd:/auth/htpasswd
    ports:
      - 52000:5000
    networks:
      - registry-net

  ## gcr.io
  gcr:
    container_name: reg-gcr
    image: dqzboy/registry:latest
    restart: always
    environment:
      - OTEL_TRACES_EXPORTER=none
      #- http=http://host:port
      #- https=http://host:port
    volumes:
      - ./registry/data:/var/lib/registry
      - ./registry-gcr.yml:/etc/distribution/config.yml
      #- ./htpasswd:/auth/htpasswd
    ports:
      - 53000:5000
    networks:
      - registry-net

  ## k8s.gcr.io
  k8sgcr:
    container_name: reg-k8s-gcr
    image: dqzboy/registry:latest
    restart: always
    environment:
      - OTEL_TRACES_EXPORTER=none
      #- http=http://host:port
      #- https=http://host:port
    volumes:
      - ./registry/data:/var/lib/registry
      - ./registry-k8sgcr.yml:/etc/distribution/config.yml
      #- ./htpasswd:/auth/htpasswd
    ports:
      - 54000:5000
    networks:
      - registry-net

  ## registry.k8s.io
  k8s:
    container_name: reg-k8s
    image: dqzboy/registry:latest
    restart: always
    environment:
      - OTEL_TRACES_EXPORTER=none
      #- http=http://host:port
      #- https=http://host:port
    volumes:
      - ./registry/data:/var/lib/registry
      - ./registry-k8s.yml:/etc/distribution/config.yml
      #- ./htpasswd:/auth/htpasswd
    ports:
      - 55000:5000
    networks:
      - registry-net
  
  ## quay.io
  quay:
    container_name: reg-quay
    image: dqzboy/registry:latest
    restart: always
    environment:
      - OTEL_TRACES_EXPORTER=none
      #- http=http://host:port
      #- https=http://host:port
    volumes:
      - ./registry/data:/var/lib/registry
      - ./registry-quay.yml:/etc/distribution/config.yml
      #- ./htpasswd:/auth/htpasswd
    ports:
      - 56000:5000
    networks:
      - registry-net

  ## mcr.microsoft.com
  mcr:
    container_name: reg-mcr
    image: dqzboy/registry:latest
    restart: always
    environment:
      - OTEL_TRACES_EXPORTER=none
      #- http=http://host:port
      #- https=http://host:port
    volumes:
      - ./registry/data:/var/lib/registry
      - ./registry-mcr.yml:/etc/distribution/config.yml
      #- ./htpasswd:/auth/htpasswd
    ports:
      - 57000:5000
    networks:
      - registry-net

  ## docker.elastic.co
  elastic:
    container_name: reg-elastic
    image: dqzboy/registry:latest
    restart: always
    environment:
      - OTEL_TRACES_EXPORTER=none
      #- http=http://host:port
      #- https=http://host:port
    volumes:
      - ./registry/data:/var/lib/registry
      - ./registry-elastic.yml:/etc/distribution/config.yml
      #- ./htpasswd:/auth/htpasswd
    ports:
      - 58000:5000
    networks:
      - registry-net

  ## nvcr.io
  nvcr:
    container_name: reg-nvcr
    image: dqzboy/registry:latest
    restart: always
    environment:
      - OTEL_TRACES_EXPORTER=none
      #- http=http://host:port
      #- https=http://host:port
    volumes:
      - ./registry/data:/var/lib/registry
      - ./registry-nvcr.yml:/etc/distribution/config.yml
      #- ./htpasswd:/auth/htpasswd
    ports:
      - 59000:5000
    networks:
      - registry-net

  ## UI
  registry-ui:
    container_name: registry-ui
    image: dqzboy/docker-registry-ui:latest
    environment:
      - DOCKER_REGISTRY_URL=http://reg-docker-hub:5000
      # [必须]使用 openssl rand -hex 16 生成唯一值
      - SECRET_KEY_BASE=9f18244a1e1179fa5aa4a06a335d01b2
      # 启用Image TAG 的删除按钮
      - ENABLE_DELETE_IMAGES=true
      - NO_SSL_VERIFICATION=true
    restart: always
    ports:
      - 50000:8080
    networks:
      - registry-net

networks:
  registry-net:

3. 执行 docker composedocker-compose 命令启动容器服务

# 启动全部容器
docker compose up -d

# 启动指定的容器,例如: Docker Hub Registry Proxy
docker compose up -d dockerhub

# 查看容器日志
docker logs -f [容器ID或名称]

我这里部署全部服务,把下载好的文件放到服务器上

2024-11-20-kdxijvmr.webp

然后 docker compose up -d 启动

配置域名

如不需要域名 也可以直接使用ip+端口使用

使用openresty 配置域名 参考

    # Server 区域
    server {
        listen 443 ssl;
        server_name
            hub.your_domain_name
            gcr.your_domain_name
            ghcr.your_domain_name
            quay.your_domain_name
            k8s-gcr.your_domain_name
            k8s.your_domain_name
            mcr.your_domain_name
            elastic.your_domain_name
            nvcr.your_domain_name;

        ## 证书文件名称(填写你证书存放的路径和名称)
        ssl_certificate your_domain_name.crt;
        ## 私钥文件名称(填写你证书存放的路径和名称)
        ssl_certificate_key your_domain_name.key;
        ssl_session_timeout 1d;
        ssl_session_cache   shared:SSL:50m;
        ssl_session_tickets off;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
        ssl_prefer_server_ciphers on;
        ssl_buffer_size 8k;
        proxy_connect_timeout 600;
        proxy_send_timeout    600;
        proxy_read_timeout    600;
        send_timeout          600;


        # 动态设置 proxy_pass
        location / {
            set_by_lua_block $backend {
                local backend_mapping = {
                    ["gcr.your_domain_name"]     = "http://127.0.0.1:53000",
                    ["ghcr.your_domain_name"]    = "http://127.0.0.1:52000",
                    ["quay.your_domain_name"]    = "http://127.0.0.1:56000",
                    ["k8s-gcr.your_domain_name"] = "http://127.0.0.1:54000",
                    ["k8s.your_domain_name"]     = "http://127.0.0.1:55000",
                    ["mcr.your_domain_name"]     = "http://127.0.0.1:57000",
                    ["elastic.your_domain_name"] = "http://127.0.0.1:58000",
                    ["nvcr.your_domain_name"]    = "http://127.0.0.1:59000",
                    ["hub.your_domain_name"]     = "http://127.0.0.1:51000",
                    ["ui.your_domain_name"]     = "http://127.0.0.1:50000"
                }
                return backend_mapping[ngx.var.host] or "http://localhost:51000"
            }

            # 动态代理请求
            proxy_pass $backend;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Nginx-Proxy true;
        }
    }

使用方式

方式一、配置加速地址

创建或修改 /etc/docker/daemon.json

sudo mkdir -p /etc/docker

sudo tee /etc/docker/daemon.json <<-'EOF'

{

    "registry-mirrors": [

        "此处修改为从上面表格选用地址"

    ]

}

EOF

sudo systemctl daemon-reload

sudo systemctl restart docker

方式二、替换原始命令

# docker hub Registry
## 源:nginx:latest
## 替换
docker pull hub.your_domain_name/library/nginx:latest

# Google Registry
## 源:gcr.io/google-containers/pause:3.1
## 替换:
docker pull gcr.your_domain_name/google-containers/pause:3.1

源站

替换为

平台

docker.io

hub.your_domain_name

docker hub

gcr.io

gcr.your_domain_name

Google Container Registry

ghcr.io

ghcr.your_domain_name

GitHub Container Registry

k8s.gcr.io

k8s-gcr.your_domain_name

Kubernetes Container Registry

registry.k8s.io

k8s.your_domain_name

Kubernetes's container image registry

quay.io

quay.your_domain_name

Quay Container Registry

mcr.microsoft.com

mcr.your_domain_name

Microsoft Container Registry

docker.elastic.co

elastic.your_domain_name

Elastic Stack

nvcr.io

nvcr.your_domain_name

NVIDIA Container Registry

参考

https://www.dqzboy.com/8709.html

如有需要可联系我免费帮忙搭建! 需自备服务器、域名(如不需要可不用)。

更多

还可以使用DaoCloud提供的crproxy 来自建