外观
docker国内已经无法访问
⚠️ 重要:一台国外的服务器,并且未被墙。一个域名,无需国内备案,便宜的就行!
虚拟内存,实测1G内容服务器会卡
虚拟内存到1G,然后重启服务器
sudo dd if=/dev/zero of=/swapfile bs=1M count=1024
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
sudo swapon --show
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
运行docker-compose程序
- 运行之前必须要有以下2个文件,如下
.
├── docker-compose.yaml
└── registry-hub.yml
cd
到该目录下,执行
docker-compose up -d
yaml
# docker-compose.yaml
services:
## docker hub
dockerhub:
container_name: reg-docker-hub
image: dqzboy/registry:latest
restart: always
environment:
- OTEL_TRACES_EXPORTER=none
#- http=http://host:port
#- https=http://host:port
volumes:
- ./registry/data:/var/lib/registry
- ./registry-hub.yml:/etc/distribution/config.yml
#- ./htpasswd:/auth/htpasswd
ports:
- 52000:5000
networks:
- registry-net
## UI
registry-ui:
container_name: registry-ui
image: dqzboy/docker-registry-ui:latest
environment:
- DOCKER_REGISTRY_URL=http://reg-docker-hub:5000
# [必须]使用 openssl rand -hex 16 生成唯一值
- SECRET_KEY_BASE=9f18244a1e1179fa5aa4a06a335d01b2
# 启用Image TAG 的删除按钮
- ENABLE_DELETE_IMAGES=true
- NO_SSL_VERIFICATION=true
restart: always
ports:
- 50000:8080
networks:
- registry-net
networks:
registry-net:
yml
# registry-hub.yml
version: 0.1
log:
fields:
service: registry
storage:
filesystem:
rootdirectory: /var/lib/registry
delete:
enabled: true
cache:
blobdescriptor: inmemory
blobdescriptorsize: 10000
maintenance:
uploadpurging:
enabled: true
age: 168h
interval: 24h
dryrun: false
readonly:
enabled: false
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
Access-Control-Allow-Origin: ['*']
Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
Access-Control-Allow-Headers: ['Authorization', 'Accept', 'Cache-Control']
Access-Control-Max-Age: [1728000]
Access-Control-Allow-Credentials: [true]
Access-Control-Expose-Headers: ['Docker-Content-Digest']
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
proxy:
remoteurl: https://registry-1.docker.io
username:
password:
ttl: 168h
反向代理
UI访问:http://localhost:50000 服务器:http://localhost:52000
反向代理http://localhost:52000
到你的域名:比如https://registry.example.com
,因为docker镜像拉取默认访问https
拉取镜像只需要在镜像前面增加域名/
即可,如下:
docker pull registry.example.com/nginx/nginx:latest
解决无前缀镜像无法拉取的问题
在nginx.conf中加入如下配置
conf
location / {
if ($request_uri ~ ^/v2/([^/]+)/(manifests|blobs)/(.*)$) {
rewrite ^/v2/(.*)$ /v2/library/$1 break;
}
}
添加镜像库名白名单
conf
# 处理没有镜像库名的情况,重写到默认库名 library
location ~* ^/v2/[^/]*/(manifests|blobs)/.*$ {
rewrite ^/v2/(.*)$ /v2/library/$1 break;
}
# 匹配指定镜像库名并添加 Content-Type 头部
location ~* ^/v2/(nobody114|jxxghp|linuxserver|jellyfin|emby)/(manifests|blobs)/.*$ {
add_header Content-Type application/json;
}
# 默认处理所有其他请求(包括不在白名单内的库名和重写后仍然不匹配的情况)
location / {
return 404 "私人镜像源,请勿使用!!!";
}