自建Docker镜像加速服务
编辑准备工作
自建Docker镜像加速服务,基于官方Docker Registry 一键部署Docker、K8s、Quay、Ghcr、Mcr、Nvcr等镜像加速\管理服务
⚠️ 重要:选择一台国外服务器,并且未被墙。对于域名,无需进行国内备案。你也可以通过一些平台申请免费域名。在一键部署过程中,如果选择安装Caddy,它将自动配置HTTPS。若选择部署Nginx服务,则需要自行申请一个免费的SSL证书,或者通过其他方式来实现SSL加密。
部署教程
本教程使用 https://github.com/dqzboy/Docker-Proxy 开源项目来搭建
Docker Compose 部署
⚠️ 注意: 你需要对哪个镜像仓库进行加速,就下载哪个配置。docker-compose.yaml
文件默认是部署所有的国外镜像仓库的加速服务,同样也是你部署哪个就配置哪个,其余的删除掉即可!
1. 下载config (opens new window)目录下对应的yml
文件到你本地机器上
2020 年11 月20 日官方发布,如果没有登陆,每6小时100次,登陆200次
如需登录dockerhub账号 修改下载后的对应配置文件内容即可
registry-hub.yml
2. 下载docker-compose.yaml (opens new window)文件(或复制下面内容新建文件) 到你本地机器上,并且与配置文件同级目录下
docker-compose.yaml
services:
## docker hub
dockerhub:
container_name: reg-docker-hub
image: dqzboy/registry:latest
restart: always
environment:
- OTEL_TRACES_EXPORTER=none
#- http=http://host:port
#- https=http://host:port
volumes:
- ./registry/data:/var/lib/registry
- ./registry-hub.yml:/etc/distribution/config.yml
#- ./htpasswd:/auth/htpasswd
ports:
- 51000:5000
networks:
- registry-net
## ghcr.io
ghcr:
container_name: reg-ghcr
image: dqzboy/registry:latest
restart: always
environment:
- OTEL_TRACES_EXPORTER=none
#- http=http://host:port
#- https=http://host:port
volumes:
- ./registry/data:/var/lib/registry
- ./registry-ghcr.yml:/etc/distribution/config.yml
#- ./htpasswd:/auth/htpasswd
ports:
- 52000:5000
networks:
- registry-net
## gcr.io
gcr:
container_name: reg-gcr
image: dqzboy/registry:latest
restart: always
environment:
- OTEL_TRACES_EXPORTER=none
#- http=http://host:port
#- https=http://host:port
volumes:
- ./registry/data:/var/lib/registry
- ./registry-gcr.yml:/etc/distribution/config.yml
#- ./htpasswd:/auth/htpasswd
ports:
- 53000:5000
networks:
- registry-net
## k8s.gcr.io
k8sgcr:
container_name: reg-k8s-gcr
image: dqzboy/registry:latest
restart: always
environment:
- OTEL_TRACES_EXPORTER=none
#- http=http://host:port
#- https=http://host:port
volumes:
- ./registry/data:/var/lib/registry
- ./registry-k8sgcr.yml:/etc/distribution/config.yml
#- ./htpasswd:/auth/htpasswd
ports:
- 54000:5000
networks:
- registry-net
## registry.k8s.io
k8s:
container_name: reg-k8s
image: dqzboy/registry:latest
restart: always
environment:
- OTEL_TRACES_EXPORTER=none
#- http=http://host:port
#- https=http://host:port
volumes:
- ./registry/data:/var/lib/registry
- ./registry-k8s.yml:/etc/distribution/config.yml
#- ./htpasswd:/auth/htpasswd
ports:
- 55000:5000
networks:
- registry-net
## quay.io
quay:
container_name: reg-quay
image: dqzboy/registry:latest
restart: always
environment:
- OTEL_TRACES_EXPORTER=none
#- http=http://host:port
#- https=http://host:port
volumes:
- ./registry/data:/var/lib/registry
- ./registry-quay.yml:/etc/distribution/config.yml
#- ./htpasswd:/auth/htpasswd
ports:
- 56000:5000
networks:
- registry-net
## mcr.microsoft.com
mcr:
container_name: reg-mcr
image: dqzboy/registry:latest
restart: always
environment:
- OTEL_TRACES_EXPORTER=none
#- http=http://host:port
#- https=http://host:port
volumes:
- ./registry/data:/var/lib/registry
- ./registry-mcr.yml:/etc/distribution/config.yml
#- ./htpasswd:/auth/htpasswd
ports:
- 57000:5000
networks:
- registry-net
## docker.elastic.co
elastic:
container_name: reg-elastic
image: dqzboy/registry:latest
restart: always
environment:
- OTEL_TRACES_EXPORTER=none
#- http=http://host:port
#- https=http://host:port
volumes:
- ./registry/data:/var/lib/registry
- ./registry-elastic.yml:/etc/distribution/config.yml
#- ./htpasswd:/auth/htpasswd
ports:
- 58000:5000
networks:
- registry-net
## nvcr.io
nvcr:
container_name: reg-nvcr
image: dqzboy/registry:latest
restart: always
environment:
- OTEL_TRACES_EXPORTER=none
#- http=http://host:port
#- https=http://host:port
volumes:
- ./registry/data:/var/lib/registry
- ./registry-nvcr.yml:/etc/distribution/config.yml
#- ./htpasswd:/auth/htpasswd
ports:
- 59000:5000
networks:
- registry-net
## UI
registry-ui:
container_name: registry-ui
image: dqzboy/docker-registry-ui:latest
environment:
- DOCKER_REGISTRY_URL=http://reg-docker-hub:5000
# [必须]使用 openssl rand -hex 16 生成唯一值
- SECRET_KEY_BASE=9f18244a1e1179fa5aa4a06a335d01b2
# 启用Image TAG 的删除按钮
- ENABLE_DELETE_IMAGES=true
- NO_SSL_VERIFICATION=true
restart: always
ports:
- 50000:8080
networks:
- registry-net
networks:
registry-net:
3. 执行 docker compose
或 docker-compose
命令启动容器服务
# 启动全部容器
docker compose up -d
# 启动指定的容器,例如: Docker Hub Registry Proxy
docker compose up -d dockerhub
# 查看容器日志
docker logs -f [容器ID或名称]
我这里部署全部服务,把下载好的文件放到服务器上
然后 docker compose up -d 启动
配置域名
如不需要域名 也可以直接使用ip+端口使用
使用openresty 配置域名 参考
# Server 区域
server {
listen 443 ssl;
server_name
hub.your_domain_name
gcr.your_domain_name
ghcr.your_domain_name
quay.your_domain_name
k8s-gcr.your_domain_name
k8s.your_domain_name
mcr.your_domain_name
elastic.your_domain_name
nvcr.your_domain_name;
## 证书文件名称(填写你证书存放的路径和名称)
ssl_certificate your_domain_name.crt;
## 私钥文件名称(填写你证书存放的路径和名称)
ssl_certificate_key your_domain_name.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_buffer_size 8k;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
# 动态设置 proxy_pass
location / {
set_by_lua_block $backend {
local backend_mapping = {
["gcr.your_domain_name"] = "http://127.0.0.1:53000",
["ghcr.your_domain_name"] = "http://127.0.0.1:52000",
["quay.your_domain_name"] = "http://127.0.0.1:56000",
["k8s-gcr.your_domain_name"] = "http://127.0.0.1:54000",
["k8s.your_domain_name"] = "http://127.0.0.1:55000",
["mcr.your_domain_name"] = "http://127.0.0.1:57000",
["elastic.your_domain_name"] = "http://127.0.0.1:58000",
["nvcr.your_domain_name"] = "http://127.0.0.1:59000",
["hub.your_domain_name"] = "http://127.0.0.1:51000",
["ui.your_domain_name"] = "http://127.0.0.1:50000"
}
return backend_mapping[ngx.var.host] or "http://localhost:51000"
}
# 动态代理请求
proxy_pass $backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Nginx-Proxy true;
}
}
使用方式
方式一、配置加速地址
创建或修改 /etc/docker/daemon.json
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": [
"此处修改为从上面表格选用地址"
]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
方式二、替换原始命令
# docker hub Registry
## 源:nginx:latest
## 替换
docker pull hub.your_domain_name/library/nginx:latest
# Google Registry
## 源:gcr.io/google-containers/pause:3.1
## 替换:
docker pull gcr.your_domain_name/google-containers/pause:3.1
参考
https://www.dqzboy.com/8709.html
如有需要可联系我免费帮忙搭建! 需自备服务器、域名(如不需要可不用)。
更多
还可以使用DaoCloud提供的crproxy 来自建
- 6
- 1
-
分享