docker国内已经无法访问

⚠️ 重要：一台国外的服务器，并且未被墙。一个域名，无需国内备案，便宜的就行！

1. 项目地址：https://github.com/dqzboy/Docker-Proxy

2. 参考教程：https://www.nodeseek.com/post-120794-1

虚拟内存，实测1G内容服务器会卡

虚拟内存到1G，然后重启服务器

sudo dd if=/dev/zero of=/swapfile bs=1M count=1024
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
sudo swapon --show
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab

运行docker-compose程序

1. 运行之前必须要有以下2个文件，如下

.
├── docker-compose.yaml
└── registry-hub.yml

2. cd到该目录下，执行

docker-compose up -d

---

# docker-compose.yaml
services:
  ## docker hub
  dockerhub:
    container_name: reg-docker-hub
    image: dqzboy/registry:latest
    restart: always
    environment:
      - OTEL_TRACES_EXPORTER=none
      #- http=http://host:port
      #- https=http://host:port
    volumes:
      - ./registry/data:/var/lib/registry
      - ./registry-hub.yml:/etc/distribution/config.yml
      #- ./htpasswd:/auth/htpasswd
    ports:
      - 52000:5000
    networks:
      - registry-net

  ## UI
  registry-ui:
    container_name: registry-ui
    image: dqzboy/docker-registry-ui:latest
    environment:
      - DOCKER_REGISTRY_URL=http://reg-docker-hub:5000
      # [必须]使用 openssl rand -hex 16 生成唯一值
      - SECRET_KEY_BASE=9f18244a1e1179fa5aa4a06a335d01b2
      # 启用Image TAG 的删除按钮
      - ENABLE_DELETE_IMAGES=true
      - NO_SSL_VERIFICATION=true
    restart: always
    ports:
      - 50000:8080
    networks:
      - registry-net

networks:
  registry-net:

# registry-hub.yml
version: 0.1
log:
  fields:
    service: registry
storage:
  filesystem:
    rootdirectory: /var/lib/registry
  delete:
    enabled: true
  cache:
    blobdescriptor: inmemory   
    blobdescriptorsize: 10000
  maintenance:
    uploadpurging:
      enabled: true
      age: 168h
      interval: 24h
      dryrun: false
    readonly:
      enabled: false
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
    Access-Control-Allow-Origin: ['*']
    Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
    Access-Control-Allow-Headers: ['Authorization', 'Accept', 'Cache-Control']
    Access-Control-Max-Age: [1728000]
    Access-Control-Allow-Credentials: [true]
    Access-Control-Expose-Headers: ['Docker-Content-Digest']

health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3

proxy:
  remoteurl: https://registry-1.docker.io
  username: 
  password:
  ttl: 168h

反向代理

UI访问：http://localhost:50000 服务器：http://localhost:52000

反向代理http://localhost:52000到你的域名：比如https://registry.example.com，因为docker镜像拉取默认访问https

拉取镜像只需要在镜像前面增加域名/即可,如下：

docker pull registry.example.com/nginx/nginx:latest

解决无前缀镜像无法拉取的问题

在nginx.conf中加入如下配置

location / {
  if ($request_uri ~ ^/v2/([^/]+)/(manifests|blobs)/(.*)$) {
    rewrite ^/v2/(.*)$ /v2/library/$1 break;
  }
}

添加镜像库名白名单

# 处理没有镜像库名的情况，重写到默认库名 library  
location ~* ^/v2/[^/]*/(manifests|blobs)/.*$ {  
    rewrite ^/v2/(.*)$ /v2/library/$1 break;  
}  
  
# 匹配指定镜像库名并添加 Content-Type 头部  
location ~* ^/v2/(nobody114|jxxghp|linuxserver|jellyfin|emby)/(manifests|blobs)/.*$ {  
    add_header Content-Type application/json;  
}  
  
# 默认处理所有其他请求（包括不在白名单内的库名和重写后仍然不匹配的情况）  
location / {  
    return 404 "私人镜像源，请勿使用！！！";  
}