自建Docker镜像加速服务

2024-08-07 13:46:33 浏览数 (3)

自建 Docker 镜像加速服务

准备工作

安装 Docker 和 docker-compose;

购买一台国外的云服务器,用来部署 Docker 仓库代理服务;

准备一个域名,申请一个免费的 SSL 证书;

安装 Nginx,反向代理到 Docker 仓库代理服务上

创建密码

代码语言:javascript复制
mkdir /data/registry-proxy/auth -p
cd /data/registry-proxy
docker run --entrypoint htpasswd httpd:2 -Bbn 用户名 密码 > auth/htpasswd

创建 docker-compose.yml 文件

代码语言:javascript复制
vim /data/registry-proxy/docker-compose.yml

version: "3"
services:
  # docker hub
  dockerhub:
    container_name: reg-docker-hub
    image: registry:latest
    restart: always
    volumes:
      - ./registry/data:/var/lib/registry
      - ./registry-hub.yml:/etc/docker/registry/config.yml
      - ./auth/htpasswd:/auth/htpasswd		# 可选配置
    ports:
      - 51000:5000
    networks:
      - registry-net

  # UI
  registry-ui:
    container_name: registry-ui
    image: dqzboy/docker-registry-ui:latest
    environment:
      - DOCKER_REGISTRY_URL=http://reg-docker-hub:5000
      # [必须]使用 openssl rand -hex 16 生成唯一值
      - SECRET_KEY_BASE=9f18244a1e1179fa5aa4a06a335d01b2
      # 启用Image TAG 的删除按钮
      - ENABLE_DELETE_IMAGES=true
      - NO_SSL_VERIFICATION=true
    restart: always
    ports:
      - 50000:8080
    networks:
      - registry-net

networks:
  registry-net:

创建 Dockerhub config.yml 文件

代码语言:javascript复制
vim vim /data/registry-proxy/registry-hub.yml

version: 0.1
log:
  fields:
    service: registry
storage:
  filesystem:
    rootdirectory: /var/lib/registry
  delete:
    enabled: true
  cache:
    blobdescriptor: inmemory
    blobdescriptorsize: 10000
  maintenance:
    uploadpurging:
      enabled: true
      age: 168h
      interval: 24h
      dryrun: false
    readonly:
      enabled: false
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
    Access-Control-Allow-Origin: ['*']
    Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
    Access-Control-Allow-Headers: ['Authorization', 'Accept', 'Cache-Control']
    Access-Control-Max-Age: [1728000]
    Access-Control-Allow-Credentials: [true]
    Access-Control-Expose-Headers: ['Docker-Content-Digest']

health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3

proxy:
  remoteurl: https://registry-1.docker.io
  username:
  password:
  ttl:

启动容器

代码语言:javascript复制
docker-compose up -d

配置 Nginx

代码语言:javascript复制
vim /etc/nginx/conf.d/registry-hub.conf

# registry-ui
server {
    listen       80;
    listen       443 ssl;
    server_name  ui.chenji.org.cn;
    
    ssl_certificate /etc/nginx/ssl/hub.chenji.org.cn.pem;
    ssl_certificate_key /etc/nginx/ssl/hub.chenji.org.cn.key;
    ssl_session_timeout 1d;
    ssl_session_cache   shared:SSL:50m;
    ssl_session_tickets off;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_buffer_size 8k;

    proxy_connect_timeout 600;
    proxy_send_timeout    600;
    proxy_read_timeout    600;
    send_timeout          600;

    location / {
        proxy_pass   http://localhost:50000;
        proxy_set_header  Host $host;
        proxy_set_header  Origin $scheme://$host;
        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header  X-Forwarded-Proto $scheme;
        proxy_set_header  X-Forwarded-Ssl on; # Optional
        proxy_set_header  X-Forwarded-Port $server_port;
        proxy_set_header  X-Forwarded-Host $host;
    }
}

## docker hub
server {
    listen       80;
    listen       443 ssl;
    server_name  hub.chenji.org.cn;

    ssl_certificate /etc/nginx/ssl/hub.chenji.org.cn.pem;
    ssl_certificate_key /etc/nginx/ssl/hub.chenji.org.cn.key;
    ssl_session_timeout 1d;
    ssl_session_cache   shared:SSL:50m;
    ssl_session_tickets off;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_buffer_size 8k;

    proxy_connect_timeout 600;
    proxy_send_timeout    600;
    proxy_read_timeout    600;
    send_timeout          600;

    location / {
        proxy_pass   http://localhost:51000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Nginx-Proxy true;
        proxy_buffering off;
        proxy_redirect off;
    }
}

修改客户端本地的镜像仓库代理

代码语言:javascript复制
vim /etc/docker/daemon.json

{
    "registry-mirrors": [ "https://hub.chenji.org.cn" ],
    "log-opts": {
      "max-size": "100m",
      "max-file": "5"
    }
}

0 人点赞