Self Hosting A Docker Registry To Pull Images From Docker Hub
Using pull through cache of Registry

This is a follow-up post to the Using Docker in China 2024. To provide a private cache for Docker Hub with Registry.

The Problem

I’ve updated the registry-mirrors to aliyun/tencent mirrors. But rencently I can’t pull new images. The commands are successfully run but they returned ‘old’ latest images like built 2 years ago.

root@vm:~# docker pull busybox
Using default tag: latest
latest: Pulling from library/busybox
5cc84ad355aa: Pull complete 
Digest: sha256:5acba83a746c7608ed544dc1533b87c737a0b0fb730301639a0179f9344b1678
Status: Downloaded newer image for busybox:latest
docker.io/library/busybox:latest

root@vm:~# docker images
REPOSITORY   TAG       IMAGE ID       CREATED       SIZE
busybox      latest    beae173ccac6   2 years ago   1.24MB

root@vm:~# docker inspect busybox
[
    {
        "Id": "sha256:beae173ccac6ad749f76713cf4440fe3d21d1043fe616dfbe30775815d1d0f6a",
        "RepoTags": [
            "busybox:latest"
        ],
        "RepoDigests": [
            "busybox@sha256:5acba83a746c7608ed544dc1533b87c737a0b0fb730301639a0179f9344b1678"
        ],
        "Parent": "",
        "Comment": "",
        "Created": "2021-12-30T19:19:41.006954958Z",
        "DockerVersion": "20.10.7",
#...
]

The real latest is built just 2 months ago.

The problem is that the mirror cached old images but didn’t pull new ones. Or some mirrors are not providing cache services any more.

The Solution

Registry or Distribution Registry is a service used for storing and distributing container images. I just need to run Registry as a pull through cache.

Run Registry

I use docker compose to run Registry. Here is the file docker-compose.yaml:

services:
  registry:
    image: registry
    restart: always
    ports:
      - 15000:5000
    environment:
      REGISTRY_PROXY_REMOTEURL: https://registry-1.docker.io
    volumes:
      - ./data:/var/lib/registry

Then use docker compose -f docker-compose.yaml up -d to run.

And docker logs --follow container_name to tail the logs.

Nginx Site

And I need to access it remotely so I set up an Nginx with SSL to handle the inbound requests.

File: /etc/nginx/sites-avaiable/registry.conf

Content:

server {
    listen 80;

    server_name registry.example.dev;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name registry.example.dev;

    ssl_certificate     /etc/letsencrypt/live/registry.example.dev/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/registry.example.dev/privkey.pem;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers         HIGH:!aNULL:!MD5;

    location / {
        proxy_pass http://localhost:15000;
        include proxy_params;
    }
}

Then create a link to sites-enabled:

sudo ln -s /etc/nginx/sites-available/registry.conf /etc/nginx/sites-enabled/

Then reload and restart nginx:

sudo nginx -s reload
sudo systemctl restart nginx

Docker Daemon Config

To use the registry. I updated the file /etc/docker/daemon.json :

{
    "registry-mirrors": [
      "https://registry.example.dev"
    ]
}

Then you can pull images from Docker hub via the custom registry.

To Do

Authentication

How to implement authentication to auth users?

Tried htpasswd of registry but cannot directly run docker pull busybox.

Resources


Last modified on July 31, 2024