为什么建
鉴于docker,另外某些hub不停更新,把自己常用的镜像备份到自己的私有仓库里.
建仓
使用一台装有docker的机器作为服务器,然后使用docker自带的registry建立私有仓库,命令行模式.
##本服务器IP地址是:192.168.2.221
##数据存放位置
mkdir -p /opt/private_docker_hub
docker pull registry
docker run -itd -v /opt/private_docker_hub:/var/lib/registry -p 5000:5000 --restart=always --name private_docker_hub registry:latest
## -v /opt/private_docker_hub 该目录是用于存放镜像的
上传镜像设置
在其它机器设置好服务器IP
cat /etc/docker/daemon.json
{
"insecure-registries": ["192.168.2.221:5000"]
}openwrt特别设置
cat /etc/config/dockerd
config globals 'globals'
option alt_config_file '/etc/docker/daemon.json'
##加上改行cat /etc/docker/daemon.json
{
"data-root": "/opt/docker/",
"log-level": "error",
"iptables": true ,
"insecure-registries": ["192.168.2.221:5000"]
}上传镜像
docker tag xhofe/alist:main 192.168.2.221:5000/xhofe/alist
docker images
docker push 192.168.2.221:5000/xhofe/alist验证
curl http://192.168.2.221:5000/v2/_catalog
{"repositories":["xhofe/alist"]}
下载使用镜像
加入服务器
cat /etc/docker/daemon.json
{
"insecure-registries": ["192.168.2.221:5000"],
"registry-mirrors": [
"http://192.168.2.221",
"http://192.168.2.221:5000"
]
}
sudo systemctl restart docker
docker pull xhofe/alist
使用nginx转发
## file_name proxy
## file_path /etc/nginx/sites-enabled
server {
listen 80;
server_name <write your domain>;
# 重定向所有HTTP请求到HTTPS
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name <write your domain>;
ssl_certificate "<your 'domain.pem' path>";
ssl_certificate_key "<your 'domain.key' path>";
# ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305';
ssl_prefer_server_ciphers on;
location / {
# Docker hub 的官方镜像仓库
proxy_pass https://registry-1.docker.io;
proxy_set_header Host registry-1.docker.io;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 关闭缓存
proxy_buffering off;
# 转发认证相关
proxy_set_header Authorization $http_authorization;
proxy_pass_header Authorization;
# 对 upstream 状态码检查,实现 error_page 错误重定向
proxy_intercept_errors on;
recursive_error_pages on;
# 根据状态码执行对应操作,以下为381、302、387状态码都会触发
error_page 301 302 307 = @handle_redirect;
}
location @handle_redirect {
resolver 1.1.1.1;
set $saved_redirect_location '$upstream_http_location';
proxy_pass $saved_redirect_location;
}
}
需要注意的是如果仅仅作为镜像源,需要把push功能ban掉,推荐使用nginx反代的时候禁止其他http method
使用registry做缓存和加速
cat docker-compose.yml
#version: '3' #最新版本docker 不在需要此字段
services:
registry:
image: registry:2
ports:
- "15000:5000"
environment:
REGISTRY_PROXY_REMOTEURL: https://registry-1.docker.io # 上游源
REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR: inmemory # 内存缓存
volumes:
- ./data:/var/lib/registry## nginx 部分配置
# 端口, 域名 都改为自己的
server {
listen 80;
server_name <write your domain>;
location / {
# 仅允许 GET 请求
limit_except GET {
deny all;
}
proxy_pass http://localhost:5000; # 假设 Docker Registry 运行在本地的 5000 端口
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
其它方案
最后一次更新于2024-10-06
