├── Dockerfile ├── README.md ├── entrypoint.sh ├── push.sh └── samples └── external-mirror ├── docker-compose.yaml └── nginx-mirror.conf /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM registry:latest 2 | LABEL maintainer="ZhangSean " 3 | ENV PROXY_REMOTE_URL="" \ 4 | DELETE_ENABLED="" 5 | COPY entrypoint.sh /entrypoint.sh 6 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # registry-mirror 2 | 基于官方[registry](https://hub.docker.com/_/registry/)的便捷docker仓库镜像,非常方便在内网搭建镜像缓存服务,在一定网络下还可以实现墙外docker仓库的镜像. 3 | 4 | [![DockerHub Badge](http://dockeri.co/image/zhangsean/registry-mirror)](https://hub.docker.com/r/zhangsean/registry-mirror/) 5 | 6 | ## 用法 7 | ### 内网镜像仓库缓存 8 | 在内网`node1`主机上启动一个仓库镜像服务指向阿里云镜像加速服务,首次拉取某个版本的镜像`node1`不存在则自动向阿里云拉取并缓存到本地,下次拉取这个镜像时将直接从`node1`的缓存中返回,大大提升内网拉取镜像的速度。也可用于跨区域的机房之间的镜像按需自动同步缓存。 9 | ``` 10 | docker run -itd -p 80:5000 -e PROXY_REMOTE_URL=https://xxxxxxxx.mirror.aliyuncs.com --name reg-aliyun zhangsean/registry-mirror 11 | ``` 12 | 在内网其他主机上设置`node1`为受信任的仓库镜像, 13 | ``` 14 | vi /etc/docker/daemon.json 15 | { 16 | "insecure-registries": ["node1"], 17 | "registry-mirrors": ["http://node1"] 18 | } 19 | systemctl restart docker 20 | ``` 21 | 之后内网主机拉取镜像只需要写镜像名,不需要指定镜像仓库 22 | ``` 23 | docker pull nginx 24 | ``` 25 | 内网其他主机拉取相同镜像速度将会被加速 26 | ``` 27 | docker pull nginx 28 | ``` 29 | 30 | ### 墙外镜像仓库代理 31 | 在一个 **不被墙** 的服务器`hk`上以`5001`端口启动一个指向`gcr.io`的镜像代理: 32 | ``` 33 | docker run -itd -p 5001:5000 -v /data/registry:/var/lib/registry -e PROXY_REMOTE_URL=https://gcr.io --name reg-gcr zhangsean/registry-mirror 34 | ``` 35 | 墙内主机可以通过`hk`拉取墙外镜像 36 | ``` 37 | docker pull hk:5001/istio-release/servicegraph:release-1.0-latest-daily 38 | # 实现了拉取 39 | docker pull gcr.io/istio-release/servicegraph:release-1.0-latest-daily 40 | ``` 41 | 42 | 同理以`5002`端口启动一个指向`quay.io`的镜像代理: 43 | ``` 44 | docker run -itd -p 5002:5000 -v /data/registry:/var/lib/registry -e PROXY_REMOTE_URL=https://quay.io --name reg-quay zhangsean/registry-mirror 45 | ``` 46 | 由于很多服务的yaml文件中都指定了镜像仓库比如`gcr.io/k8s/kube-system`,为了方便墙内主机在不修改yaml文件image地址的情况下也可以部署服务,我们可以在墙外主机上启动一个Web服务器把`gcr.io:80`转发到`5001`端口上,以nginx为例 47 | ``` 48 | tee > nginx-proxy.conf << EOF 49 | server { 50 | listen 80; 51 | server_name gcr.io; 52 | location / { 53 | proxy_pass http://172.17.0.1:5001; 54 | } 55 | } 56 | server { 57 | listen 80; 58 | server_name quay.io; 59 | location / { 60 | proxy_pass http://172.17.0.1:5002; 61 | } 62 | } 63 | server { 64 | listen 80; 65 | server_name _ hub.hk.com; 66 | location / { 67 | proxy_pass http://172.17.0.1:5080; 68 | } 69 | } 70 | EOF 71 | docker run -itd -p 80:80 -v $PWD/nginx-proxy.conf:/etc/nginx/conf.d/default.conf --name nginx nginx:alpine 72 | ``` 73 | 74 | ### 一键部署镜像仓库代理 75 | 您也可以通过`docker-compose`快速启动一组实现`gcr.io`、`k8s.gcr.io`、`quay.io`几个特殊镜像仓库的代理服务。 76 | ```shell 77 | git clone https://github.com/zhangsean/registry-mirror.git 78 | cd registry-mirror/samples/external-mirror 79 | docker-compose up -d 80 | ``` 81 | 82 | ### 使用镜像仓库代理 83 | 内网的服务器只需要在`hosts`文件或者内网DNS中将`gcr.io`、`k8s.gcr.io`、`quay.io`指向墙外的`hk`服务器IP,同时将这几个域名加入受信任仓库中即可直接拉取墙外镜像。 84 | 请替换如下示例中`11.11.1.1`为`hk`服务器IP。 85 | ``` 86 | echo "11.11.1.1 gcr.io k8s.gcr.io quay.io" >> /etc/hosts 87 | vi /etc/docker/daemon.json 88 | { 89 | "insecure-registries": ["gcr.io", "k8s.gcr.io", "quay.io"] 90 | } 91 | systemctl daemon-reload 92 | systemctl restart docker 93 | ``` 94 | 现在拉取官方镜像就不用担心被墙了 O(∩ _ ∩)O~ 95 | ``` 96 | docker pull k8s.gcr.io/pause:3.1 97 | docker pull gcr.io/istio-release/servicegraph:release-1.0-latest-daily 98 | ``` 99 | 100 | ### 查看缓存的镜像 101 | 要想查看缓存的镜像,启动仓库镜像的时候必须把`/var/lib/registry`目录挂载到主机上,然后挂载相同目录启动一个本地镜像服务即可查看缓存的镜像。建议开启删除镜像的功能,可以调用接口删除不需要的镜像: 102 | ``` 103 | docker run -itd -p 5000:5000 -v /data/registry:/var/lib/registry -e DELETE_ENABLED=true --name reg-local zhangsean/registry-mirror 104 | ``` 105 | 启动`registry-ui`并开启统计镜像大小的功能。 106 | ``` 107 | docker run -itd -p 5080:80 --link reg-local:registry -e REGISTRY_API=http://registry:5000/v2 -e REGISTRY_WEB=hub.local.com -e SHOW_IMAGE_SIZE=true zhangsean/registry-ui 108 | ``` 109 | 访问 http://server-ip:5080/ 即可查看已经缓存到本地的镜像,非常清楚地看到每个镜像的大小. 110 | 111 | ### 手工推送本地镜像到本地仓库 112 | 编辑 `push.sh` 113 | ``` 114 | #!/bin/sh 115 | HUB=hub.io 116 | IMG=$1 117 | echo $IMG 118 | IMG=`echo $IMG | sed 's|k8s.gcr.io/||g'` 119 | IMG=`echo $IMG | sed 's|gcr.io/||g'` 120 | IMG=`echo $IMG | sed 's|quay.io/||g'` 121 | echo $HUB/$IMG 122 | docker tag $1 $HUB/$IMG 123 | docker push $HUB/$IMG 124 | docker rmi $HUB/$IMG 125 | ``` 126 | 一行命令即可将本地所有镜像推送到本地仓库中,供其他主机下载。 127 | ``` 128 | $ chmod +x push.sh 129 | $ for tag in $(docker images | grep -v TAG | awk '{print $1":"$2}'); do ./push.sh $tag; done; 130 | ``` 131 | -------------------------------------------------------------------------------- /entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -e 4 | 5 | CONFIG_YML=/etc/docker/registry/config.yml 6 | 7 | if [ -n "$PROXY_REMOTE_URL" -a `grep -c "$PROXY_REMOTE_URL" $CONFIG_YML` -eq 0 ]; then 8 | echo "proxy:" >> $CONFIG_YML 9 | echo " remoteurl: $PROXY_REMOTE_URL" >> $CONFIG_YML 10 | echo "------ Enabled proxy to remote: $PROXY_REMOTE_URL ------" 11 | elif [ $DELETE_ENABLED = true -a `grep -c "delete:" $CONFIG_YML` -eq 0 ]; then 12 | sed -i '/rootdirectory/a\ delete:' $CONFIG_YML 13 | sed -i '/delete/a\ enabled: true' $CONFIG_YML 14 | echo "------ Enabled local storage delete -----" 15 | fi 16 | 17 | case "$1" in 18 | *.yaml|*.yml) set -- registry serve "$@" ;; 19 | serve|garbage-collect|help|-*) set -- registry "$@" ;; 20 | esac 21 | 22 | exec "$@" 23 | -------------------------------------------------------------------------------- /push.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | HUB=hub.io 3 | IMG=$1 4 | echo $IMG 5 | IMG=`echo $IMG | sed 's|k8s.gcr.io/||g'` 6 | IMG=`echo $IMG | sed 's|gcr.io/||g'` 7 | IMG=`echo $IMG | sed 's|quay.io/||g'` 8 | echo $HUB/$IMG 9 | docker tag $1 $HUB/$IMG 10 | docker push $HUB/$IMG 11 | docker rmi $HUB/$IMG 12 | -------------------------------------------------------------------------------- /samples/external-mirror/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: '2' 2 | services: 3 | local: 4 | container_name: reg-local 5 | image: zhangsean/registry-mirror 6 | restart: always 7 | environment: 8 | - DELETE_ENABLED=true 9 | volumes: 10 | - ~/data/registry:/var/lib/registry 11 | ports: 12 | - 5000:5000 13 | aliyun: 14 | container_name: reg-aliyun 15 | image: zhangsean/registry-mirror 16 | restart: always 17 | environment: 18 | - PROXY_REMOTE_URL=https://zzj1next.mirror.aliyuncs.com 19 | volumes: 20 | - ~/data/registry:/var/lib/registry 21 | gcr: 22 | container_name: reg-gcr 23 | image: zhangsean/registry-mirror 24 | restart: always 25 | environment: 26 | - PROXY_REMOTE_URL=https://gcr.io 27 | volumes: 28 | - ~/data/registry:/var/lib/registry 29 | k8s: 30 | container_name: reg-k8s 31 | image: zhangsean/registry-mirror 32 | restart: always 33 | environment: 34 | - PROXY_REMOTE_URL=https://k8s.gcr.io 35 | volumes: 36 | - ~/data/registry:/var/lib/registry 37 | quay: 38 | container_name: reg-quay 39 | image: zhangsean/registry-mirror 40 | restart: always 41 | environment: 42 | - PROXY_REMOTE_URL=https://quay.io 43 | volumes: 44 | - ~/data/registry:/var/lib/registry 45 | ui: 46 | container_name: reg-ui 47 | image: zhangsean/registry-ui 48 | restart: always 49 | links: 50 | - local:reg-local 51 | environment: 52 | - REGISTRY_API=http://reg-local:5000/v2 53 | - REGISTRY_WEB=hub.io 54 | - SHOW_IMAGE_SIZE=true 55 | nginx: 56 | container_name: reg-nginx 57 | image: nginx:alpine 58 | restart: always 59 | ports: 60 | - 80:80 61 | links: 62 | - ui:reg-ui 63 | - local:reg-local 64 | - aliyun:reg-aliyun 65 | - quay:req-quay 66 | - gcr:reg-gcr 67 | - k8s:reg-k8s 68 | volumes: 69 | - ./nginx-mirror.conf:/etc/nginx/conf.d/default.conf 70 | -------------------------------------------------------------------------------- /samples/external-mirror/nginx-mirror.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | server_name _; 4 | location / { 5 | proxy_pass http://reg-ui:80; 6 | 7 | proxy_buffering off; 8 | proxy_request_buffering off; 9 | } 10 | } 11 | server { 12 | listen 80; 13 | server_name hub.io; 14 | location / { 15 | proxy_pass http://reg-local:5000; 16 | 17 | client_max_body_size 0; 18 | proxy_buffering off; 19 | proxy_request_buffering off; 20 | } 21 | } 22 | server { 23 | listen 80; 24 | server_name gcr.io; 25 | location / { 26 | proxy_pass http://reg-gcr:5000; 27 | 28 | proxy_buffering off; 29 | proxy_request_buffering off; 30 | } 31 | } 32 | server { 33 | listen 80; 34 | server_name k8s.gcr.io; 35 | location / { 36 | proxy_pass http://reg-k8s:5000; 37 | 38 | proxy_buffering off; 39 | proxy_request_buffering off; 40 | } 41 | } 42 | server { 43 | listen 80; 44 | server_name quay.io; 45 | location / { 46 | proxy_pass http://reg-quay:5000; 47 | 48 | proxy_buffering off; 49 | proxy_request_buffering off; 50 | } 51 | } 52 | server { 53 | listen 80; 54 | server_name docker.io; 55 | location / { 56 | proxy_pass http://reg-aliyun:5000; 57 | 58 | proxy_buffering off; 59 | proxy_request_buffering off; 60 | } 61 | } 62 | --------------------------------------------------------------------------------