====== 建立與設定 DockerHub Proxy ======
* 因為 [[https://docs.docker.com/docker-hub/usage/|DockerHub 設定每個 IP 抓取 image 的限制]], 所以建立一個 DockerHub Proxy 可解決多台主機抓取相同 image 而不讓每台直接過去 DockerHub 抓取, 降低出現 Pull rate limit 的議題
===== registry:2 方案(適合小型服務情境) =====
- 檔案配置結構
.
├── cleanup.sh
├── config
│ └─── config.yml
├── data
├── .env
└─── docker-compose.yml
- 產生 REGISTRY_HTTP_SECRET
dockerhub-184:~# openssl rand -hex 16
005311c1d394ec958d6e1966bf43b4d3
- 建立 .env 環境變數設定
vi .env{{repo>https://raw.githubusercontent.com/tryweb/docker-compose/refs/heads/main/docker-registry/env.example}}
- 建立 cleanup.sh
vi cleanup.sh{{repo>https://raw.githubusercontent.com/tryweb/docker-compose/refs/heads/main/docker-registry/cleanup.sh}}
- 建立 config.yml
mkdir -p config
vi config/config.yml{{repo>https://raw.githubusercontent.com/tryweb/docker-compose/refs/heads/main/docker-registry/config/config.yml}}
- 建立 image 存放路徑
mkdir -p data
- 建立 docker-compose.yml
vi docker-compose.yml{{repo>https://raw.githubusercontent.com/tryweb/docker-compose/refs/heads/main/docker-registry/docker-compose.yml}}
- 啟動服務與查看 log
docker compose up -d
docker compose logs -f
- 測試服務
curl -I http://localhost:5000/v2/
* 應該可以看到類似以下的訊息
dockerhub-184:~# curl -I http://localhost:5000/v2/
HTTP/1.1 200 OK
Content-Length: 2
Content-Type: application/json; charset=utf-8
Docker-Distribution-Api-Version: registry/2.0
X-Content-Type-Options: nosniff
Date: Mon, 09 Jun 2025 09:43:05 GMT
- 其他測試服務命令
# 查看目前緩存的 repositories
curl -X GET http://localhost:5000/v2/_catalog
# 手動執行清理腳本
docker exec registry_cleaner /cleanup.sh
==== 其他主機設定 /etc/docker/daemon.json ====
* Exp. registry:2 服務安裝在 192.168.11.184
- 編輯 /etc/docker/daemon.json
{
"registry-mirrors": [
"http://192.168.11.184:5000"
],
"insecure-registries": [
"192.168.11.184:5000"
]
}
- 重啟 docker service docker restart
- 確認設定是否生效docker info
* ++看執行內容是否出現 http://192.168.11.184:5000|
tools-185:~# cat /etc/docker/daemon.json
{
"registry-mirrors": [
"http://192.168.11.184:5000"
]
}
tools-185:~# service docker restart
* Stopping Docker Daemon ... [ ok ]
* Starting Docker Daemon ... [ ok ]
tools-185:~# docker info
Client:
Version: 27.3.1
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.19.1
Path: /usr/libexec/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.31.0
Path: /usr/libexec/docker/cli-plugins/docker-compose
Server:
Containers: 1
Running: 0
Paused: 0
Stopped: 1
Images: 11
Server Version: 27.3.1
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
Swarm: inactive
Runtimes: runc io.containerd.runc.v2
Default Runtime: runc
Init Binary: docker-init
containerd version: 207ad711eabd375a01713109a8a197d197ff6542
runc version: 7cb363254b69e10320360b63fb73e0ffb5da7bf2
init version:
Security Options:
seccomp
Profile: builtin
cgroupns
Kernel Version: 6.12.30-1-lts
Operating System: Alpine Linux v3.21
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 966.3MiB
Name: tools-185
ID: 9b3d9430-53d6-4024-a50f-865f0886a474
Docker Root Dir: /var/lib/docker
Debug Mode: false
Experimental: false
Insecure Registries:
127.0.0.0/8
Registry Mirrors:
http://192.168.11.184:5000/
Live Restore Enabled: false
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
tools-185:~#
++
- 執行 docker pull 驗證
docker pull alpine
- 如果成功 pull image, 可以回到 registry:2 服務主機 Exp. 192.168.11.184 查看 data/docker/registry/v2/repositories/ 內是否出現 alpine
* ++看 tree data/docker/registry/v2/repositories/ 的目錄結構|
dockerhub-184:~# tree data/docker/registry/v2/repositories/
data/docker/registry/v2/repositories/
├── library
│ └── alpine
│ └── _manifests
│ ├── revisions
│ │ └── sha256
│ │ └── 8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
│ │ └── link
│ └── tags
│ └── latest
│ ├── current
│ │ └── link
│ └── index
│ └── sha256
│ └── 8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
│ └── link
└── owntracks
└── recorder
├── _layers
│ └── sha256
│ ├── 091ab6e9ec6cffa78ff6a6ef7aef42ca8cc3bae3980c16d4f37ddd16facdc452
│ │ └── link
│ ├── 25adb053eaee145d95c9fa1ecb2202edf9ade317a4b6dfba108b78ac712e454d
│ │ └── link
│ ├── 36abe0f1e80cea079818b1e31ce4b9aa99bd4dfab1008406fa95d5b072fb25ff
│ │ └── link
│ ├── 38a8310d387e375e0ec6fabe047a9149e8eb214073db9f461fee6251fd936a75
│ │ └── link
│ ├── 3e406ddff38fe515eea3a0c6616367501d141709b5b7af747f181147518f9aa5
│ │ └── link
│ ├── 4b05d222605fb92a4ad96d482f8a459431869cac819ad83dc174647dd790c0ec
│ │ └── link
│ ├── 4c38bfe3274422330475403877d0c3f26a1f60207b8ad642f36f7c3dae199101
│ │ └── link
│ ├── 6eb274cac676b4989ebf6f3324cbe6306d903cc002c6d444808d3bafc16effc8
│ │ └── link
│ ├── 932e68ccc83c2b03c7286687fc757a93d64c37f4616d0f25de51946a96352639
│ │ └── link
│ ├── baf34677be34a1b2ffb237aac545e1f4ecaedebb42746f0a99f511a104010387
│ │ └── link
│ └── e148b1a96e7afdbb9680fc1823ecbbaf1fa9f35ef1e72b85d68a2a0887d152cd
│ └── link
├── _manifests
│ ├── revisions
│ │ └── sha256
│ │ ├── 30b8b992c3817bce750554a0df664e6c7f00458705c3dffaa849a8a06f8cea98
│ │ │ └── link
│ │ └── 8de5f7674fa7a4575635702fb41a6307e7294a31f393ac165c25328e45e36372
│ │ └── link
│ └── tags
│ └── latest
│ ├── current
│ │ └── link
│ └── index
│ └── sha256
│ └── 8de5f7674fa7a4575635702fb41a6307e7294a31f393ac165c25328e45e36372
│ └── link
└── _uploads
39 directories, 18 files
dockerhub-184:~#
++
===== Harbor 方案(適合大型服務情境) =====
* 先參考 [[harbor_docker]] 建立 Harbor 服務
* 在 系統管理 -> Registry管理 -> 新增端點 Exp. dockerhub
* 提供者 : Docker Hub
* 端點名稱 : dockerhub
* 端點 URL : https://hub.docker.com (選 Docker Hub 會自動顯示這 URL)
* 點 **測試連線** 如果正常就可以 **儲存** \\ {{:tech:螢幕擷取畫面_2025-06-09_181403.png|}}
===== 參考網址 =====
* https://g.co/gemini/share/72bde9f6137f
{{tag>docker}}