问题
I have a server (let's name it A) which may have access to internet and from which I'm able to pull images from the officiel docker.io registry.
I also have other servers (B, C) which cannot have this same access for security reasons, but are allowed to have access to A.
I also have decided to install a private registry on A, which can be used from B and C.
Is it possible to have this registry acting as a proxy, in the way that when I want to pull an official image from B, it could be done through A ?
回答1:
Meanwhile thats possible:
https://blog.docker.com/2015/10/registry-proxy-cache-docker-open-source/
https://docs.docker.com/registry/recipes/mirror/
But Pushing to such a registry is not supported:
https://docs.docker.com/registry/configuration/#proxy
回答2:
Step 1: Run registry version 2+ with proxy configuration
You need to run docker registry with a proxy configuraiton.
To get an initial config.yml
:
docker run -it --rm --entrypoint cat registry:2 /etc/docker/registry/config.yml > `pwd`/config.yml
Add following to config.yml
:
proxy:
remoteurl: https://registry-1.docker.io
Then start docker registry with config.yml
:
docker run -d --restart=always -p 5000:5000 --name docker-registry-proxy -v `pwd`/config.yml:/etc/docker/registry/config.yml registry:2
Step2: Configure Docker Daemon on client
If you use Docker for Mac (not Docker toolbox or boot2docker), just add http://<proxy-ip>:5000
to mirrors section under Advanced tab:
Restart Docker for Mac.
Otherwise, you need to run docker daemon with --registry-mirror=http://<proxy_ip>:5000
, by doing something like following on the client or Docker Toolbox VM:
docker --registry-mirror=https://<my-docker-mirror-host> daemon
Step 3: Verify proxy is working:
Try to pull an image you don't have yet:
docker pull nginx
Then verify proxy catalog has the new image:
curl https://<proxy_ip>:5000/v2/_catalog
It should return something including the image you have just pulled.
"repositories":["library/nginx"]}
回答3:
This is known as pull-through cached mirroring, and unfortunately it's not supported yet. It's a work in progress though! See docker/distribution#19.
回答4:
With v2 registry proxying was not happening i have setup version 2.1 that enabled me to do caching with. Here are the steps i followed.
root@mahasan-Inspiron-5537:~# docker run -it --rm --entrypoint cat registry:2.1 /etc/docker/registry/config.yml > config.yml
Open config.yml and add below lines.
root@mahasan-Inspiron-5537:~# vim config.yml
proxy:
remoteurl: https://registry-1.docker.io
root@mahasan-Inspiron-5537:~# docker run -d --restart=always -p 5000:5000 --name docker-registry-proxy-2 -v `pwd`/config.yml:/etc/docker/registry/config.yml registry:2.1
Next Stop the Docker daemon and start with below parameters.
root@mahasan-Inspiron-5537:~# dockerd --registry-mirror=http://localhost:5000
Now pull any image using docker daemon.
root@mahasan-Inspiron-5537:~# docker pull nginx
Now Check repository catalog to ensure caching & proxying is happening.
root@mahasan-Inspiron-5537:~# curl http://localhost:5000/v2/_catalog
{"repositories":["library/nginx"]}
来源:https://stackoverflow.com/questions/30930847/how-to-set-up-a-docker-registry-acting-as-a-proxy