目錄表

建立與設定 DockerHub Proxy

建立與設定 DockerHub Proxy

因為 DockerHub 設定每個 IP 抓取 image 的限制, 所以建立一個 DockerHub Proxy 可解決多台主機抓取相同 image 而不讓每台直接過去 DockerHub 抓取, 降低出現 Pull rate limit 的議題

registry:2 方案(適合小型服務情境)

檔案配置結構

.
├── cleanup.sh
├── config
│   └─── config.yml
├── data
├── .env
└─── docker-compose.yml

產生 REGISTRY_HTTP_SECRET

dockerhub-184:~# openssl rand -hex 16
005311c1d394ec958d6e1966bf43b4d3

建立 .env 環境變數設定
```
vi .env
```
https://raw.githubusercontent.com/tryweb/docker-compose/refs/heads/main/docker-registry/env.example
```
# openssl rand -hex 16
REGISTRY_HTTP_SECRET=005311c1d394ec958d6e1966bf43b4d3
# 清理超過 7 天未訪問的資料
CLEANUP_DAYS_OLD=7
```
https://raw.githubusercontent.com/tryweb/docker-compose/refs/heads/main/docker-registry/env.example

建立 cleanup.sh

vi cleanup.sh

https://raw.githubusercontent.com/tryweb/docker-compose/refs/heads/main/docker-registry/cleanup.sh

#!/bin/sh
 
# Registry 清理腳本
# 此腳本會清理超過 7 天未訪問的資料
 
REGISTRY_DATA_DIR="/var/lib/registry"
LOG_FILE="/tmp/registry-cleanup.log"
 
# 從環境變數讀取清理天數，如果未設定，則預設為 7 天
DAYS_OLD=${CLEANUP_DAYS_OLD:-7}
 
# 創建日志函數
log() {
    echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" | tee -a "$LOG_FILE"
}
 
log "開始執行 Registry 清理作業..."
log "清理天數設定為: $DAYS_OLD 天"
 
# 檢查 registry 資料目錄是否存在
if [ ! -d "$REGISTRY_DATA_DIR" ]; then
    log "錯誤: Registry 資料目錄不存在: $REGISTRY_DATA_DIR"
    exit 1
fi
 
# 計算清理前的磁碟使用量
BEFORE_SIZE=$(du -sh "$REGISTRY_DATA_DIR" | cut -f1)
log "清理前磁碟使用量: $BEFORE_SIZE"
 
# 清理超過指定天數未訪問的 blob 檔案
log "正在清理超過 $DAYS_OLD 天未訪問的檔案..."
DELETED_COUNT=$(find "$REGISTRY_DATA_DIR" -name "data" -type f -atime +$DAYS_OLD -print | wc -l)
 
if [ "$DELETED_COUNT" -gt 0 ]; then
    find "$REGISTRY_DATA_DIR" -name "data" -type f -atime +$DAYS_OLD -delete
    log "已刪除 $DELETED_COUNT 個過期的 blob 檔案"
else
    log "沒有找到需要清理的過期檔案"
fi
 
# 執行 registry 垃圾回收
log "執行 Registry 垃圾回收..."
if registry garbage-collect /etc/docker/registry/config.yml; then
    log "垃圾回收執行成功"
else
    log "警告: 垃圾回收執行失敗"
fi
 
# 計算清理後的磁碟使用量
AFTER_SIZE=$(du -sh "$REGISTRY_DATA_DIR" | cut -f1)
log "清理後磁碟使用量: $AFTER_SIZE"
 
# 清理空的目錄
log "清理空目錄..."
find "$REGISTRY_DATA_DIR" -type d -empty -delete 2>/dev/null || true
 
log "Registry 清理作業完成"
log "----------------------------------------"

https://raw.githubusercontent.com/tryweb/docker-compose/refs/heads/main/docker-registry/cleanup.sh

建立 config.yml

mkdir -p config
vi config/config.yml

https://raw.githubusercontent.com/tryweb/docker-compose/refs/heads/main/docker-registry/config/config.yml

version: 0.1
log:
  accesslog:
    disabled: false
  level: info
  formatter: text
  fields:
    service: registry_proxy
 
storage:
  delete:
    enabled: true
  maintenance:
    uploadpurging:
      enabled: true
      age: 168h        # 7天後清理未完成的上傳
      interval: 24h    # 每24小時檢查一次
      dryrun: false
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/registry
    maxthreads: 100
 
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
 
proxy:
  remoteurl: https://registry-1.docker.io
  # 如果需要認證到 Docker Hub，取消註解下面兩行
  # username: your-dockerhub-username
  # password: your-dockerhub-password
 
# 健康檢查配置
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3

https://raw.githubusercontent.com/tryweb/docker-compose/refs/heads/main/docker-registry/config/config.yml

建立 image 存放路徑
```
mkdir -p data
```

建立 docker-compose.yml

vi docker-compose.yml

https://raw.githubusercontent.com/tryweb/docker-compose/refs/heads/main/docker-registry/docker-compose.yml

services:
  registry_proxy:
    image: registry:2
    container_name: registry_proxy
    ports:
      - "5000:5000"
    volumes:
      - ./config:/etc/docker/registry
      - ./data:/var/lib/registry
    environment:
      # 設定固定的 HTTP secret
      - REGISTRY_HTTP_SECRET=${REGISTRY_HTTP_SECRET}
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:5000/v2/"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s
 
  # 清理服務 - 定期執行垃圾回收
  registry_cleaner:
    image: registry:2
    container_name: registry_cleaner
    volumes:
      - ./config:/etc/docker/registry
      - ./data:/var/lib/registry
      - ./cleanup.sh:/cleanup.sh:ro
    environment:
      - CLEANUP_DAYS_OLD=${CLEANUP_DAYS_OLD}
    command: /bin/sh -c "while true; do sleep 86400; /cleanup.sh; done"
    depends_on:
      - registry_proxy
    restart: unless-stopped

https://raw.githubusercontent.com/tryweb/docker-compose/refs/heads/main/docker-registry/docker-compose.yml

啟動服務與查看 log

docker compose up -d
docker compose logs -f

測試服務

curl -I http://localhost:5000/v2/

應該可以看到類似以下的訊息

dockerhub-184:~# curl -I http://localhost:5000/v2/
HTTP/1.1 200 OK
Content-Length: 2
Content-Type: application/json; charset=utf-8
Docker-Distribution-Api-Version: registry/2.0
X-Content-Type-Options: nosniff
Date: Mon, 09 Jun 2025 09:43:05 GMT

其他測試服務命令

# 查看目前緩存的 repositories
curl -X GET http://localhost:5000/v2/_catalog

# 手動執行清理腳本
docker exec registry_cleaner /cleanup.sh

其他主機設定 /etc/docker/daemon.json

Exp. registry:2 服務安裝在 192.168.11.184

編輯 /etc/docker/daemon.json

{
  "registry-mirrors": [
    "http://192.168.11.184:5000"
  ],
  "insecure-registries": [
    "192.168.11.184:5000"
  ]
}

重啟 docker
```
service docker restart
```

確認設定是否生效

docker info

看執行內容是否出現 http://192.168.11.184:5000

tools-185:~# cat /etc/docker/daemon.json
{
  "registry-mirrors": [
    "http://192.168.11.184:5000"
  ]
}
tools-185:~# service docker restart
 * Stopping Docker Daemon ...                                                                                                                                                                                                          [ ok ]
 * Starting Docker Daemon ...                                                                                                                                                                                                          [ ok ]
tools-185:~# docker info
Client:
 Version:    27.3.1
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.19.1
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.31.0
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 1
  Running: 0
  Paused: 0
  Stopped: 1
 Images: 11
 Server Version: 27.3.1
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: runc io.containerd.runc.v2
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 207ad711eabd375a01713109a8a197d197ff6542
 runc version: 7cb363254b69e10320360b63fb73e0ffb5da7bf2
 init version:
 Security Options:
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.12.30-1-lts
 Operating System: Alpine Linux v3.21
 OSType: linux
 Architecture: x86_64
 CPUs: 1
 Total Memory: 966.3MiB
 Name: tools-185
 ID: 9b3d9430-53d6-4024-a50f-865f0886a474
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Registry Mirrors:
  http://192.168.11.184:5000/
 Live Restore Enabled: false

WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
tools-185:~#

執行 docker pull 驗證
```
docker pull alpine
```

如果成功 pull image, 可以回到 registry:2 服務主機 Exp. 192.168.11.184 查看 data/docker/registry/v2/repositories/ 內是否出現 alpine

看 tree data/docker/registry/v2/repositories/ 的目錄結構

dockerhub-184:~# tree data/docker/registry/v2/repositories/
data/docker/registry/v2/repositories/
├── library
│   └── alpine
│       └── _manifests
│           ├── revisions
│           │   └── sha256
│           │       └── 8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
│           │           └── link
│           └── tags
│               └── latest
│                   ├── current
│                   │   └── link
│                   └── index
│                       └── sha256
│                           └── 8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715
│                               └── link
└── owntracks
    └── recorder
        ├── _layers
        │   └── sha256
        │       ├── 091ab6e9ec6cffa78ff6a6ef7aef42ca8cc3bae3980c16d4f37ddd16facdc452
        │       │   └── link
        │       ├── 25adb053eaee145d95c9fa1ecb2202edf9ade317a4b6dfba108b78ac712e454d
        │       │   └── link
        │       ├── 36abe0f1e80cea079818b1e31ce4b9aa99bd4dfab1008406fa95d5b072fb25ff
        │       │   └── link
        │       ├── 38a8310d387e375e0ec6fabe047a9149e8eb214073db9f461fee6251fd936a75
        │       │   └── link
        │       ├── 3e406ddff38fe515eea3a0c6616367501d141709b5b7af747f181147518f9aa5
        │       │   └── link
        │       ├── 4b05d222605fb92a4ad96d482f8a459431869cac819ad83dc174647dd790c0ec
        │       │   └── link
        │       ├── 4c38bfe3274422330475403877d0c3f26a1f60207b8ad642f36f7c3dae199101
        │       │   └── link
        │       ├── 6eb274cac676b4989ebf6f3324cbe6306d903cc002c6d444808d3bafc16effc8
        │       │   └── link
        │       ├── 932e68ccc83c2b03c7286687fc757a93d64c37f4616d0f25de51946a96352639
        │       │   └── link
        │       ├── baf34677be34a1b2ffb237aac545e1f4ecaedebb42746f0a99f511a104010387
        │       │   └── link
        │       └── e148b1a96e7afdbb9680fc1823ecbbaf1fa9f35ef1e72b85d68a2a0887d152cd
        │           └── link
        ├── _manifests
        │   ├── revisions
        │   │   └── sha256
        │   │       ├── 30b8b992c3817bce750554a0df664e6c7f00458705c3dffaa849a8a06f8cea98
        │   │       │   └── link
        │   │       └── 8de5f7674fa7a4575635702fb41a6307e7294a31f393ac165c25328e45e36372
        │   │           └── link
        │   └── tags
        │       └── latest
        │           ├── current
        │           │   └── link
        │           └── index
        │               └── sha256
        │                   └── 8de5f7674fa7a4575635702fb41a6307e7294a31f393ac165c25328e45e36372
        │                       └── link
        └── _uploads

39 directories, 18 files
dockerhub-184:~#

Harbor 方案(適合大型服務情境)

先參考 harbor_docker 建立 Harbor 服務
在系統管理 → Registry管理 → 新增端點 Exp. dockerhub
- 提供者 : Docker Hub
- 端點名稱 : dockerhub
- 端點 URL : https://hub.docker.com (選 Docker Hub 會自動顯示這 URL)
點 測試連線 如果正常就可以儲存

參考網址

https://g.co/gemini/share/72bde9f6137f

docker

目錄表

建立與設定 DockerHub Proxy

registry:2 方案(適合小型服務情境)

https://raw.githubusercontent.com/tryweb/docker-compose/refs/heads/main/docker-registry/env.example

https://raw.githubusercontent.com/tryweb/docker-compose/refs/heads/main/docker-registry/cleanup.sh

https://raw.githubusercontent.com/tryweb/docker-compose/refs/heads/main/docker-registry/config/config.yml

https://raw.githubusercontent.com/tryweb/docker-compose/refs/heads/main/docker-registry/docker-compose.yml

其他主機設定 /etc/docker/daemon.json

Harbor 方案(適合大型服務情境)

參考網址