方法总览:
- 国内源
- nc + hosts
- Nginx 代理(需要 VPS)
- 官方 registry(需要 VPS,可缓存镜像)
- JFrog Artifactory(需要 VPS,可缓存镜像,需要许可证)
Docker 拉取镜像的流程
见官方:
https://docs.docker.com/registry/spec/auth/token/
国内源
这个网上的介绍一大堆,不再重复。
其中注意的是 Docker 官方在国内的镜像(https://registry.docker-cn.com)已经失效。
nc + hosts
通过修改本地 hosts,将域名指向可以连接到的 IP。
依次执行下面两条命令:
1
2
| nc -v auth.docker.io 443
nc -v registry-1.docker.io 443
|
系统会尝试多个 IP ,直到超出重试次数或者找到能连接上的 IP。
成功的例子:
1
2
3
| nc -v auth.docker.io 443
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 34.228.211.243:443.
|
失败的例子:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
| nc -v auth.docker.io 443
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connection to 52.70.175.131 failed: Connection timed out.
Ncat: Trying next address...
Ncat: Connection to 52.55.198.220 failed: Connection timed out.
Ncat: Trying next address...
Ncat: Connection to 54.88.231.116 failed: Connection timed out.
Ncat: Trying next address...
Ncat: Connection to 52.87.94.70 failed: Connection timed out.
Ncat: Trying next address...
Ncat: Connection to 34.232.31.24 failed: Connection timed out.
Ncat: Trying next address...
Ncat: Connection to 52.2.186.244 failed: Connection timed out.
Ncat: Trying next address...
Ncat: Connection to 54.210.105.17 failed: Connection timed out.
Ncat: Trying next address...
Ncat: Connection timed out.
|
然后在 /etc/hosts 里面添加:
1
2
| ip1 auth.docker.io
ip2 registry-1.docker.io
|
ip1 和 ip2 替换为找到的 IP。
之后重启 Docker。
Nginx 代理
没有试过
在 VPS 上搭 Nginx,做代理。
用到的镜像有:
在 nginx:alpine 服务里,/etc/nginx/conf.d/docker-proxy.conf
写入:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
| server {
listen 80;
server_name registry-1.docker.io;
location / {
proxy_pass https://registry-1.docker.io;
}
}
server {
listen 80;
server_name auth.docker.io;
location / {
proxy_pass https://auth.docker.io;
}
}
|
// 待补充
官方 registry
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
| version: '3'
services:
registry:
image: registry:latest
ports:
- "5000:5000"
restart: always
volumes:
- ./config.yml:/etc/docker/registry/config.yml
|
config.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
| version: 0.1
log:
fields:
service: registry
storage:
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
proxy:
remoteurl: https://registry-1.docker.io
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
|
// 待补充
JFrog Artifactory
// 待补充