registry镜像加速

镜像加速是容器技术中常用的一种手段，主要用于加快从 Docker Hub 或其他容器镜像仓库拉取镜像的速度。由于某些公共仓库（比如 Docker Hub）在国内禁止访问，使用加速器（也叫镜像源或 registry mirror）可以显著提升拉取镜像的效率。

一、registry 部署

安装 docker 和 docker-compose 参考文章

• 拉取镜像：

docker pull registry:2

• registry 的 compose 文件

services:
  dockerhub:
    container_name: reg-docker-hub
    image: registry:2
    restart: always
    environment:
      - REGISTRY_PROXY_REMOTEURL=https://registry-1.docker.io
      - REGISTRY_LOG_TRACING_ENABLED=false
      #- http_proxy=http://172.16.10.130:7890
      #- https_proxy=http://172.16.10.130:7890
    volumes:
      - ./data:/var/lib/registry
      #- ./htpasswd:/auth/htpasswd
    ports:
      - 51000:5000
    networks:
      - registry-net

networks:
  registry-net:

• 启动 registry

mkdir -p /data/registry && cd /data/registry && docker-compose up -d

二、代理

• nginx配置文件

server {
    listen       80;
    listen       443 ssl;
    server_name  registry.ioldhan.com;

    ssl_certificate     /usr/local/nginx/conf/cert/server.crt;
    ssl_certificate_key /usr/local/nginx/conf/cert/server.key;
    ssl_session_cache   shared:SSL:1m;
    ssl_session_timeout 5m;
    ssl_ciphers         HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    client_max_body_size 8192m;
    proxy_connect_timeout 600;
    proxy_send_timeout    600;
    proxy_read_timeout    600;
    send_timeout          600;

    #manifests、blobs 路径重写为 library
    location ~ ^/v2/([^/]+)/((manifests|blobs)/.*)$ {
        rewrite ^/v2/([^/]+)/((manifests|blobs)/.*)$ /v2/library/$1/$2 break;
        proxy_pass http://172.16.10.220:51000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_buffering off;
    }

    #带有 namespace 不做 rewrite
    location ~ ^/v2/.+/.+ {
        proxy_pass http://172.16.10.220:51000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_buffering off;
    }

    #兜底
    location / {
        proxy_pass http://172.16.10.220:51000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Nginx-Proxy true;
        proxy_buffering off;
        proxy_redirect off;
    }
}

三、验证

无须在 /ect/docker/daemon.json 中添加 registry-mirrors，可直接使用 docker pull registry.ioldhan.com/nginx 即可拉取镜像