自建dockerHub加速器
- 原文地址:点击访问
1、系统环境准备
一台海外的主机。本例子以香港主机的为例,需要准备一个域名,并配置好解析
系统环境如下:
root@dockerhub:~# hostnamectl
Static hostname: dockerhub
Icon name: computer-vm
Chassis: vm
Machine ID: 19511fda706b4aa027a87ceff75378f3
Boot ID: 38ec7ede7b4d42789062e43ed7291f9d
Virtualization: kvm
Operating System: Ubuntu 22.04 LTS
Kernel: Linux 5.15.0-30-generic
Architecture: x86-64
Hardware Vendor: Red Hat
Hardware Model: KVM
root@dockerhub:~#
需要配置的解析主机名如下,按需,需要用到哪个就配置哪个。本次我全部都配置
2、安装部署nginx和docker服务
root@dockerhub:~# apt update -y
root@dockerhub:~# apt install docker* nginx unzip -y
root@dockerhub:~# mkdir dockerhub/
3、下载所需文件并上传至服务器上,完成解压
下载地址:点击下载
root@dockerhub:~# ls
Docker-Proxy-main.zip
root@dockerhub:~# unzip Docker-Proxy-main.zip
root@dockerhub:~/Docker-Proxy-main# cp docker-compose.yaml ../dockerhub/.
root@dockerhub:~/Docker-Proxy-main# cp config/registry-* ../dockerhub/.
root@ser6534086410:~/Docker-Proxy-main# cd ../dockerhub/
root@dockerhub:~/dockerhub# ll
total 168
drwxr-xr-x 4 root root 4096 Dec 10 07:35 ./
drwx------ 8 root root 4096 Dec 10 07:53 ../
-rw-r--r-- 1 root root 4447 Dec 10 06:18 docker-compose.yaml
drwxr-xr-x 3 root root 4096 Dec 10 07:35 registry/
-rw-r--r-- 1 root root 1003 Dec 10 07:34 registry-elastic.yml
-rw-r--r-- 1 root root 996 Dec 10 07:34 registry-gcr.yml
-rw-r--r-- 1 root root 993 Dec 10 07:34 registry-ghcr.yml
-rw-r--r-- 1 root root 1008 Dec 10 07:34 registry-hub.yml
-rw-r--r-- 1 root root 1001 Dec 10 07:34 registry-k8s.yml
-rw-r--r-- 1 root root 996 Dec 10 07:34 registry-k8sgcr.yml
-rw-r--r-- 1 root root 1003 Dec 10 07:34 registry-mcr.yml
-rw-r--r-- 1 root root 993 Dec 10 07:34 registry-nvcr.yml
-rw-r--r-- 1 root root 993 Dec 10 07:34 registry-quay.yml
4、启动项目
root@dockerhub:~/dockerhub# docker-compose config -q
root@dockerhub:~/dockerhub# docker-compose up -d
Creating network "dockerhub_registry-net" with the default driver
Pulling dockerhub (dqzboy/registry:latest)...
latest: Pulling from dqzboy/registry
da9db072f522: Pull complete
c22c0d7190e7: Pull complete
b14c66978d04: Pull complete
be567d4e8079: Pull complete
916205650bfe: Pull complete
Digest: sha256:24368f8d56361e76ecdd86dec6990e069cf4cf0d90fc19487d89c06babcc8900
Status: Downloaded newer image for dqzboy/registry:latest
Pulling registry-ui (dqzboy/docker-registry-ui:latest)...
latest: Pulling from dqzboy/docker-registry-ui
da9db072f522: Already exists
b0c5a8736043: Pull complete
fa3088a8390a: Pull complete
1b3265fd5b7f: Pull complete
e095f7ca6ffc: Pull complete
599a3f787fed: Pull complete
f14dee997a67: Pull complete
2cc0417a8b93: Pull complete
fc9d64b9b736: Pull complete
Digest: sha256:7bc0a3f032eecc58f9ab6d816f3249415fb7bb4b87b3a819338af1379b0f892a
Status: Downloaded newer image for dqzboy/docker-registry-ui:latest
Creating reg-gcr ... done
Creating reg-elastic ... done
Creating reg-k8s ... done
Creating registry-ui ... done
Creating reg-k8s-gcr ... done
Creating reg-quay ... done
Creating reg-mcr ... done
Creating reg-docker-hub ... done
Creating reg-nvcr ... done
Creating reg-ghcr ... done
## 检查
root@ser6534086410:~/dockerhub# docker-compose ps
Name Command State Ports
-------------------------------------------------------------------------------------------
reg-docker-hub /entrypoint.sh /etc/distri ... Up 0.0.0.0:51000->5000/tcp
reg-elastic /entrypoint.sh /etc/distri ... Up 0.0.0.0:58000->5000/tcp
reg-gcr /entrypoint.sh /etc/distri ... Up 0.0.0.0:53000->5000/tcp
reg-ghcr /entrypoint.sh /etc/distri ... Up 0.0.0.0:52000->5000/tcp
reg-k8s /entrypoint.sh /etc/distri ... Up 0.0.0.0:55000->5000/tcp
reg-k8s-gcr /entrypoint.sh /etc/distri ... Up 0.0.0.0:54000->5000/tcp
reg-mcr /entrypoint.sh /etc/distri ... Up 0.0.0.0:57000->5000/tcp
reg-nvcr /entrypoint.sh /etc/distri ... Up 0.0.0.0:59000->5000/tcp
reg-quay /entrypoint.sh /etc/distri ... Up 0.0.0.0:56000->5000/tcp
registry-ui /docker-entrypoint.sh web Up 0.0.0.0:50000->8080/tcp, 8443/tcp
5、配置反向代理
cat <<'EOF'> /etc/nginx/nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
# HTTP到HTTPS重定向
server {
listen 80 default_server;
server_name _;
# Redirect all HTTP requests to HTTPS
return 301 https://$host$request_uri;
}
## registry-ui
server {
listen 443 ssl;
## 填写绑定证书的域名
server_name ui.主域名;
## 证书文件名称(填写你证书存放的路径和名称)
ssl_certificate 公钥证书路径;
## 私钥文件名称(填写你证书存放的路径和名称)
ssl_certificate_key 私钥证书路径key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_buffer_size 8k;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
location / {
proxy_pass http://localhost:50000;
proxy_set_header Host $host;
proxy_set_header Origin $scheme://$host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on; # Optional
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
}
}
## docker hub
server {
listen 443 ssl;
## 填写绑定证书的域名
server_name hub.主域名;
## 证书文件名称(填写你证书存放的路径和名称)
ssl_certificate 公钥证书路径;
## 私钥文件名称(填写你证书存放的路径和名称)
ssl_certificate_key 私钥证书路径key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_buffer_size 8k;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
location / {
proxy_pass http://localhost:51000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Nginx-Proxy true;
proxy_buffering off;
proxy_redirect off;
}
}
## GitHub Container Registry (ghcr.io)
server {
listen 443 ssl;
## 填写绑定证书的域名
server_name ghcr.主域名;
## 证书文件名称(填写你证书存放的路径和名称)
ssl_certificate 公钥证书路径;
## 私钥文件名称(填写你证书存放的路径和名称)
ssl_certificate_key 私钥证书路径key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_buffer_size 8k;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
location / {
proxy_pass http://localhost:52000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Nginx-Proxy true;
proxy_buffering off;
proxy_redirect off;
}
}
## Google Container Registry (gcr.io)
server {
listen 443 ssl;
## 填写绑定证书的域名
server_name gcr.主域名;
## 证书文件名称(填写你证书存放的路径和名称)
ssl_certificate 公钥证书路径;
## 私钥文件名称(填写你证书存放的路径和名称)
ssl_certificate_key 私钥证书路径key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_buffer_size 8k;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
location / {
proxy_pass http://localhost:53000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Nginx-Proxy true;
proxy_buffering off;
proxy_redirect off;
}
}
## Kubernetes Container Registry (k8s.gcr.io)
server {
listen 443 ssl;
## 填写绑定证书的域名
server_name k8s-gcr.主域名;
## 证书文件名称(填写你证书存放的路径和名称)
ssl_certificate 公钥证书路径;
## 私钥文件名称(填写你证书存放的路径和名称)
ssl_certificate_key 私钥证书路径key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_buffer_size 8k;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
location / {
proxy_pass http://localhost:54000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Nginx-Proxy true;
proxy_buffering off;
proxy_redirect off;
}
}
## Kubernetes's container image registry (registry.k8s.io)
server {
listen 443 ssl;
## 填写绑定证书的域名
server_name k8s.主域名;
## 证书文件名称(填写你证书存放的路径和名称)
ssl_certificate 公钥证书路径;
## 私钥文件名称(填写你证书存放的路径和名称)
ssl_certificate_key 私钥证书路径key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_buffer_size 8k;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
location / {
proxy_pass http://localhost:55000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Nginx-Proxy true;
proxy_buffering off;
proxy_redirect off;
}
}
## Quay Container Registry (quay.io)
server {
listen 443 ssl;
## 填写绑定证书的域名
server_name quay.主域名;
## 证书文件名称(填写你证书存放的路径和名称)
ssl_certificate 公钥证书路径;
## 私钥文件名称(填写你证书存放的路径和名称)
ssl_certificate_key 私钥证书路径key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_buffer_size 8k;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
location / {
proxy_pass http://localhost:56000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Nginx-Proxy true;
proxy_buffering off;
proxy_redirect off;
}
}
## Microsoft Container (mcr.microsoft.com)
server {
listen 443 ssl;
## 填写绑定证书的域名
server_name mcr.主域名;
## 证书文件名称(填写你证书存放的路径和名称)
ssl_certificate 公钥证书路径;
## 私钥文件名称(填写你证书存放的路径和名称)
ssl_certificate_key 私钥证书路径key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_buffer_size 8k;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
location / {
proxy_pass http://localhost:57000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Nginx-Proxy true;
proxy_buffering off;
proxy_redirect off;
}
}
## docker.elastic.co
server {
listen 443 ssl;
## 填写绑定证书的域名
server_name elastic.主域名;
## 证书文件名称(填写你证书存放的路径和名称)
ssl_certificate 公钥证书路径;
## 私钥文件名称(填写你证书存放的路径和名称)
ssl_certificate_key 私钥证书路径key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_buffer_size 8k;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
location / {
proxy_pass http://localhost:58000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Nginx-Proxy true;
proxy_buffering off;
proxy_redirect off;
}
}
}
EOF
nginx -t
## 没有问题后执行后面
systemctl restart nginx
systemctl enable nginx
6、客户机实验
## 客户机配置docker
root@vchat:~# cat /etc/docker/daemon.json
{
"registry-mirrors": [ "https://hub.主域名" ]
}
## 测试拉取镜像
root@vchat:~# docker pull hub.主域名/library/nginx:latest
latest: Pulling from library/nginx
bc0965b23a04: Pull complete
650ee30bbe5e: Pull complete
8cc1569e58f5: Pull complete
362f35df001b: Pull complete
13e320bf29cd: Pull complete
7b50399908e1: Pull complete
57b64962dd94: Pull complete
Digest: sha256:fb197595ebe76b9c0c14ab68159fd3c08bd067ec62300583543f0ebda353b5be
Status: Downloaded newer image for hub.主域名/library/nginx:latest
hub.主域名/library/nginx:latest
7、在ui上查看拉取过的镜像
浏览器访问: https://ui.主域名
8、相关替换查询
前缀替换的 Registry 的参考
| 源站 | 替换为 | 平台 |
|---|---|---|
| docker.io | hub.your_domain_name | docker hub |
| gcr.io | gcr.your_domain_name | Google Container Registry |
| ghcr.io | ghcr.your_domain_name | GitHub Container Registry |
| k8s.gcr.io | k8s-gcr.your_domain_name | Kubernetes Container Registry |
| registry.k8s.io | k8s.your_domain_name | Kubernetes's container image registry |
| quay.io | quay.your_domain_name | Quay Container Registry |
| mcr.microsoft.com | mcr.your_domain_name | Microsoft Container Registry |
| docker.elastic.co | elastic.your_domain_name | Elastic Stack |
| nvcr.io | nvcr.your_domain_name | NVIDIA Container Registry |
评论区