51工具盒子准备工作 {#%E5%87%86%E5%A4%87%E5%B7%A5%E4%BD%9C}
自建Docker镜像加速服务,基于官方Docker Registry 一键部署Docker、K8s、Quay、Ghcr、Mcr、Nvcr等镜像加速\管理服务
⚠️ 重要:选择一台国外服务器,并且未被墙。对于域名,无需进行国内备案。你也可以通过一些平台申请免费域名。在一键部署过程中,如果选择安装Caddy,它将自动配置HTTPS。若选择部署Nginx服务,则需要自行申请一个免费的SSL证书,或者通过其他方式来实现SSL加密。
部署教程 {#%E9%83%A8%E7%BD%B2%E6%95%99%E7%A8%8B}
本教程使用 https://github.com/dqzboy/Docker-Proxy 开源项目来搭建
Docker Compose 部署 {#docker-compose-%E9%83%A8%E7%BD%B2}
⚠️ 注意: 你需要对哪个镜像仓库进行加速,就下载哪个配置。docker-compose.yaml文件默认是部署所有的国外镜像仓库的加速服务,同样也是你部署哪个就配置哪个,其余的删除掉即可!
1. 下载config (opens new window)目录下对应的yml文件到你本地机器上
2. 下载docker-compose.yaml (opens new window)文件(或复制下面内容新建文件) 到你本地机器上,并且与配置文件同级目录下
docker-compose.yaml
services:
## docker hub
dockerhub:
container_name: reg-docker-hub
image: dqzboy/registry:latest
restart: always
environment:
- OTEL_TRACES_EXPORTER=none
#- http=http://host:port
#- https=http://host:port
volumes:
- ./registry/data:/var/lib/registry
- ./registry-hub.yml:/etc/distribution/config.yml
#- ./htpasswd:/auth/htpasswd
ports:
- 51000:5000
networks:
- registry-net
ghcr.io
-------
ghcr:
container_name: reg-ghcr
image: dqzboy/registry:latest
restart: always
environment:
- OTEL_TRACES_EXPORTER=none
#- http=http://host:port
#- https=http://host:port
volumes:
- ./registry/data:/var/lib/registry
- ./registry-ghcr.yml:/etc/distribution/config.yml
#- ./htpasswd:/auth/htpasswd
ports:
- 52000:5000
networks:
- registry-net
gcr.io
------
gcr:
container_name: reg-gcr
image: dqzboy/registry:latest
restart: always
environment:
- OTEL_TRACES_EXPORTER=none
#- http=http://host:port
#- https=http://host:port
volumes:
- ./registry/data:/var/lib/registry
- ./registry-gcr.yml:/etc/distribution/config.yml
#- ./htpasswd:/auth/htpasswd
ports:
- 53000:5000
networks:
- registry-net
k8s.gcr.io
----------
k8sgcr:
container_name: reg-k8s-gcr
image: dqzboy/registry:latest
restart: always
environment:
- OTEL_TRACES_EXPORTER=none
#- http=http://host:port
#- https=http://host:port
volumes:
- ./registry/data:/var/lib/registry
- ./registry-k8sgcr.yml:/etc/distribution/config.yml
#- ./htpasswd:/auth/htpasswd
ports:
- 54000:5000
networks:
- registry-net
registry.k8s.io
---------------
k8s:
container_name: reg-k8s
image: dqzboy/registry:latest
restart: always
environment:
- OTEL_TRACES_EXPORTER=none
#- http=http://host:port
#- https=http://host:port
volumes:
- ./registry/data:/var/lib/registry
- ./registry-k8s.yml:/etc/distribution/config.yml
#- ./htpasswd:/auth/htpasswd
ports:
- 55000:5000
networks:
- registry-net
quay.io
-------
quay:
container_name: reg-quay
image: dqzboy/registry:latest
restart: always
environment:
- OTEL_TRACES_EXPORTER=none
#- http=http://host:port
#- https=http://host:port
volumes:
- ./registry/data:/var/lib/registry
- ./registry-quay.yml:/etc/distribution/config.yml
#- ./htpasswd:/auth/htpasswd
ports:
- 56000:5000
networks:
- registry-net
mcr.microsoft.com
-----------------
mcr:
container_name: reg-mcr
image: dqzboy/registry:latest
restart: always
environment:
- OTEL_TRACES_EXPORTER=none
#- http=http://host:port
#- https=http://host:port
volumes:
- ./registry/data:/var/lib/registry
- ./registry-mcr.yml:/etc/distribution/config.yml
#- ./htpasswd:/auth/htpasswd
ports:
- 57000:5000
networks:
- registry-net
docker.elastic.co
-----------------
elastic:
container_name: reg-elastic
image: dqzboy/registry:latest
restart: always
environment:
- OTEL_TRACES_EXPORTER=none
#- http=http://host:port
#- https=http://host:port
volumes:
- ./registry/data:/var/lib/registry
- ./registry-elastic.yml:/etc/distribution/config.yml
#- ./htpasswd:/auth/htpasswd
ports:
- 58000:5000
networks:
- registry-net
nvcr.io
-------
nvcr:
container_name: reg-nvcr
image: dqzboy/registry:latest
restart: always
environment:
- OTEL_TRACES_EXPORTER=none
#- http=http://host:port
#- https=http://host:port
volumes:
- ./registry/data:/var/lib/registry
- ./registry-nvcr.yml:/etc/distribution/config.yml
#- ./htpasswd:/auth/htpasswd
ports:
- 59000:5000
networks:
- registry-net
UI
---
registry-ui:
container_name: registry-ui
image: dqzboy/docker-registry-ui:latest
environment:
- DOCKER_REGISTRY_URL=http://reg-docker-hub:5000
# \[必须\]使用 openssl rand -hex 16 生成唯一值
- SECRET_KEY_BASE=9f18244a1e1179fa5aa4a06a335d01b2
# 启用Image TAG 的删除按钮
- ENABLE_DELETE_IMAGES=true
- NO_SSL_VERIFICATION=true
restart: always
ports:
- 50000:8080
networks:
- registry-net
`networks:
registry-net:`
3. 执行 docker compose 或 docker-compose 命令启动容器服务
# 启动全部容器
docker compose up -d
启动指定的容器,例如: Docker Hub Registry Proxy
=====================================
docker compose up -d dockerhub
查看容器日志
======
`docker logs -f [容器ID或名称]`
我这里部署全部服务,把下载好的文件放到服务器上
然后 docker compose up -d 启动
配置域名 {#%E9%85%8D%E7%BD%AE%E5%9F%9F%E5%90%8D}
如不需要域名 也可以直接使用ip+端口使用
使用openresty 配置域名 参考
# Server 区域
server {
listen 443 ssl;
server_name
hub.your_domain_name
gcr.your_domain_name
ghcr.your_domain_name
quay.your_domain_name
k8s-gcr.your_domain_name
k8s.your_domain_name
mcr.your_domain_name
elastic.your_domain_name
nvcr.your_domain_name;
## 证书文件名称(填写你证书存放的路径和名称)
ssl_certificate your_domain_name.crt;
## 私钥文件名称(填写你证书存放的路径和名称)
ssl_certificate_key your_domain_name.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_buffer_size 8k;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
# 动态设置 proxy_pass
location / {
set_by_lua_block $backend {
local backend_mapping = {
["gcr.your_domain_name"] = "http://127.0.0.1:53000",
["ghcr.your_domain_name"] = "http://127.0.0.1:52000",
["quay.your_domain_name"] = "http://127.0.0.1:56000",
["k8s-gcr.your_domain_name"] = "http://127.0.0.1:54000",
["k8s.your_domain_name"] = "http://127.0.0.1:55000",
["mcr.your_domain_name"] = "http://127.0.0.1:57000",
["elastic.your_domain_name"] = "http://127.0.0.1:58000",
["nvcr.your_domain_name"] = "http://127.0.0.1:59000",
["hub.your_domain_name"] = "http://127.0.0.1:51000",
["ui.your_domain_name"] = "http://127.0.0.1:50000"
}
return backend_mapping[ngx.var.host] or "http://localhost:51000"
}
# 动态代理请求
proxy_pass $backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Nginx-Proxy true;
}
}</code></pre>
<br />
使用方式 {#%E4%BD%BF%E7%94%A8%E6%96%B9%E5%BC%8F}
--------------------------------------------
### 方式一、配置加速地址 {#%E6%96%B9%E5%BC%8F%E4%B8%80%E3%80%81%E9%85%8D%E7%BD%AE%E5%8A%A0%E9%80%9F%E5%9C%B0%E5%9D%80}
创建或修改 `/etc/docker/daemon.json`
```shell
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json \<\<-'EOF'
{
"registry-mirrors": [
"此处修改为从上面表格选用地址"
]
}
EOF
sudo systemctl daemon-reload
`sudo systemctl restart docker`
```
<br />
<br />
### 方式二、替换原始命令 {#%E6%96%B9%E5%BC%8F%E4%BA%8C%E3%80%81%E6%9B%BF%E6%8D%A2%E5%8E%9F%E5%A7%8B%E5%91%BD%E4%BB%A4}
```shell
# docker hub Registry
## 源:nginx:latest
## 替换
docker pull hub.your_domain_name/library/nginx:latest
Google Registry
===============
源:gcr.io/google-containers/pause:3.1
------------------------------------
替换:
---
`docker pull gcr.your_domain_name/google-containers/pause:3.1`
```
<br />
<br />
| 源站 | 替换为 | 平台 |
|-------------------|--------------------------|---------------------------------------|
| docker.io | hub.your_domain_name | docker hub |
| gcr.io | gcr.your_domain_name | Google Container Registry |
| ghcr.io | ghcr.your_domain_name | GitHub Container Registry |
| k8s.gcr.io | k8s-gcr.your_domain_name | Kubernetes Container Registry |
| registry.k8s.io | k8s.your_domain_name | Kubernetes's container image registry |
| quay.io | quay.your_domain_name | Quay Container Registry |
| mcr.microsoft.com | mcr.your_domain_name | Microsoft Container Registry |
| docker.elastic.co | elastic.your_domain_name | Elastic Stack |
| nvcr.io | nvcr.your_domain_name | NVIDIA Container Registry |
<br />
参考 {#%E5%8F%82%E8%80%83}
------------------------
https://www.dqzboy.com/8709.html
如有需要可联系我免费帮忙搭建! 需自备服务器、域名(如不需要可不用)。
<br />
<br />
更多 {#%E6%9B%B4%E5%A4%9A}
------------------------
还可以使用DaoCloud提供的https://github.com/DaoCloud/crproxy/tree/master/examples/simple 来自建
<br />
