docker镜像缓存与代理

date

docker run -d \
  -p 5000:5000 \
  --restart=always \
  --name registry \
  -v /opt/registry/data:/var/lib/registry \
  -e REGISTRY_PROXY_REMOTEURL=https://registry-1.docker.io \
  registry:2

操作记录

## 服务端
root@Linux:/opt# mkdir -p /opt/registry/data
root@Linux:/opt# docker run -d \
>   -p 5000:5000 \
>   --restart=always \
>   --name registry \
>   -v /opt/registry/data:/var/lib/registry \
>   -e REGISTRY_PROXY_REMOTEURL=https://registry-1.docker.io \
>   registry:2
Unable to find image 'registry:2' locally
2: Pulling from library/registry
44cf07d57ee4: Pull complete 
bbbdd6c6894b: Pull complete 
8e82f80af0de: Pull complete 
3493bf46cdec: Pull complete 
6d464ea18732: Pull complete 
Digest: sha256:a3d8aaa63ed8681a604f1dea0aa03f100d5895b6a58ace528858a7b332415373
Status: Downloaded newer image for registry:2
e7bbb7ad443984625a7ca4770607ed883e84762ed6200c6c66d101649018b474
root@Linux:/opt# cd -
/etc/nginx/conf.d
root@Linux:/etc/nginx/conf.d# vim hub
root@Linux:/etc/nginx/conf.d# ls
do.850899.xyz.conf  hub  hub.850899.xyz.conf  st.luoxingding.com.conf
root@Linux:/etc/nginx/conf.d# vim hub
root@Linux:/etc/nginx/conf.d# mv hub hub.850899.xyz.conf 
root@Linux:/etc/nginx/conf.d# ls
do.850899.xyz.conf  hub.850899.xyz.conf  st.luoxingding.com.conf
root@Linux:/etc/nginx/conf.d# vim do.850899.xyz.conf 
root@Linux:/etc/nginx/conf.d# ls
do.850899.xyz.conf  hub.850899.xyz.conf  st.luoxingding.com.conf
root@Linux:/etc/nginx/conf.d# nginx -s reload
nginx: [emerg] host not found in upstream "docker-do.v2" in /etc/nginx/conf.d/do.850899.xyz.conf:27
root@Linux:/etc/nginx/conf.d# mv do.850899.xyz.conf ../conf-bak/
root@Linux:/etc/nginx/conf.d# nginx -s reload
root@Linux:/etc/nginx/conf.d# cat hub.850899.xyz.conf 
server {
    listen 443 ssl;
    server_name hub.850899.xyz;

    ssl_certificate /etc/ssl/850899.xyz/fullchain.pem;
    ssl_certificate_key /etc/ssl/850899.xyz/privkey.pem;

    location / {
        proxy_pass http://127.0.0.1:5000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

root@Linux:/etc/nginx/conf.d# 

## 客户端
[ding@ArchLinux hdy]$ sudo vim /etc/docker/daemon.json
[ding@ArchLinux hdy]$ sudo systemctl daemon-reexec
[ding@ArchLinux hdy]$ sudo systemctl daemon-reload
[ding@ArchLinux hdy]$ sudo systemctl restart docker
[ding@ArchLinux hdy]$ cat /etc/docker/daemon.json
{
  "insecure-registries" : ["hub.850899.xyz:443"]
}

[ding@ArchLinux hdy]$ docker pull hub.850899.xyz/library/nginx:latest
latest: Pulling from library/nginx
8c7716127147: Pull complete 
250b90fb2b9a: Pull complete 
5d8ea9f4c626: Pull complete 
58d144c4badd: Pull complete 
b459da543435: Pull complete 
8da8ed3552af: Pull complete 
54e822d8ee0c: Pull complete 
Digest: sha256:3b7732505933ca591ce4a6d860cb713ad96a3176b82f7979a8dfa9973486a0d6
Status: Downloaded newer image for hub.850899.xyz/library/nginx:latest
hub.850899.xyz/library/nginx:latest
[ding@ArchLinux hdy]$ docker images | grep nginx
hub.850899.xyz/library/nginx                 latest       07ccdb783875   7 days ago      160MB
nginx                                        latest       a830707172e8   6 months ago    192MB
nginx                                        <none>       4cad75abc83d   8 months ago    192MB
[ding@ArchLinux hdy]$ 

国内服务器，未配置 /etc/docker/daemon.json

root@ubuntu:~# docker pull hub.850899.xyz/library/nginx:latest
      
Error response from daemon: Get "https://hub.850899.xyz/v2/": dial tcp: lookup hub.850899.xyz on 100.96.0.3:53: server misbehaving
root@ubuntu:~# 
root@ubuntu:~# 

配置对比

## 现在
[ding@ArchLinux hdy]$ cat /etc/docker/daemon.json
{
  "insecure-registries" : ["hub.850899.xyz:443"]
}

[ding@ArchLinux hdy]$ 
## 之前

[ding@ArchLinux hdy]$ cat /etc/docker/daemon.json 
{
  "registry-mirrors": ["https://hub.850899.xyz"]
}

[ding@ArchLinux hdy]$
## 更早前
cat daemon.json 
{
  "registry-mirrors": [
    "https://docker.850899.xyz",
    "https://dockerpull.org",
    "https://docker.1panel.dev",
    "https://docker.fxxk.dedyn.io",
    "https://docker.xn--6oq72ry9d5zx.cn",
    "https://docker.zhai.cm",
    "https://docker.5z5f.com",
    "https://a.ussh.net",
    "https://docker.cloudlayer.icu",
    "https://hub.littlediary.cn",
    "https://hub.crdz.gq",
    "https://docker.unsee.tech",
    "https://docker.kejilion.pro",
    "https://registry.dockermirror.com",
    "https://hub.rat.dev",
    "https://dhub.kubesre.xyz",
    "https://docker.nastool.de",
    "https://docker.udayun.com",
    "https://docker.rainbond.cc",
    "https://hub.geekery.cn",
    "https://docker.1panelproxy.com",
    "https://atomhub.openatom.cn",
    "https://docker.m.daocloud.io"
  ]
}

我发现配置不一样，registry-mirrors和insecure-registries，尽管目前诸多镜像源已经被墙，但今后或者有可用的镜像源，我可能还需要添加，怎么写？

定时清理

root@Linux:/opt# vim /etc/cron.daily/registry-gc
root@Linux:/opt# chmod +x /etc/cron.daily/registry-gc
root@Linux:/opt# ls -lh /etc/cron.daily/
total 16K
-rwxr-xr-x 1 root root 1.5K Oct 22  2024 apt-compat
-rwxr-xr-x 1 root root  123 Dec  5  2021 dpkg
-rwxr-xr-x 1 root root  377 Jan 21  2019 logrotate
-rwxr-xr-x 1 root root  401 Oct 15 13:52 registry-gc
root@Linux:/opt# cat /etc/cron.daily/registry-gc 
#!/bin/bash
# 每日自动清理 Docker Registry pull-through cache

# 停止 registry 容器，避免 GC 时写入数据
docker stop registry

# 执行垃圾回收
docker run --rm \
  -v /opt/registry/data:/var/lib/registry \
  -v /opt/registry/config.yml:/etc/docker/registry/config.yml \
  registry:2 garbage-collect /etc/docker/registry/config.yml

# 重启 registry 容器
docker start registry

root@Linux:/opt#