yuxing/Docker-Proxy
1
0
Fork 0
mirror of https://github.com/dqzboy/Docker-Proxy.git synced 2026-01-12 16:25:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

revert

Browse Source
This commit is contained in:
dqzboy
2024-06-29 12:04:06 +08:00
commit 0b703a77ca
26 changed files with 3593 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
.DS_Store vendored Normal file
View File

Binary file not shown.

13
.github/FUNDING.yml vendored Normal file
View File

@@ -0,0 +1,13 @@
# These are supported funding model platforms
github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
patreon: # Replace with a single Patreon username
open_collective: # Replace with a single Open Collective username
ko_fi: # Replace with a single Ko-fi username
tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
liberapay: # Replace with a single Liberapay username
issuehunt: # Replace with a single IssueHunt username
otechie: # Replace with a single Otechie username
lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
custom: ['https://github.com/dqzboy/dqzboy/blob/main/.github/FUNDING.md']

62
.github/ISSUE_TEMPLATE/1.issue.yml vendored Normal file
View File

@@ -0,0 +1,62 @@
name: 反馈问题 🐛
description: 项目运行中遇到的Bug或问题。
title: "🐞 反馈问题:"
labels: ['status: needs check']
body:
- type: markdown
attributes:
value: |
### ⚠️ 前置确认 (温馨提示: 未star项目会被自动关闭issue哦!)
1. 是否国外服务器,并且未被墙(必须)
2. 是否最新脚本(必须)
3. 服务器规格是否 >= 1C1G(必须)
- type: checkboxes
attributes:
label: 前置确认
options:
- label: 我确认使用的是国外未被墙的服务器,使用的是最新脚本,并且服务器规格 >= 1C1G
required: true
- type: checkboxes
attributes:
label: ⚠️ 搜索issues中是否已存在类似问题
description: >
请在 [历史issue](https://github.com/dqzboy/Docker-Proxy/issues) 中清空输入框,搜索你的问题
或相关日志的关键词来查找是否存在类似问题。
options:
- label: 我已经搜索过issues和disscussions没有跟我遇到的问题相关的issue
required: true
- type: markdown
attributes:
value: |
请在上方的`title`中填写你对你所遇到问题的简略总结,这将帮助其他人更好的找到相似问题,谢谢❤️。
- type: dropdown
attributes:
label: 操作系统类型?
description: >
请选择你运行程序的操作系统类型。
options:
- CentOS 7
- CentOS 8
- Redhat
- Ubuntu
- Other (请在问题中说明)
validations:
required: true
- type: textarea
attributes:
label: 复现步骤 🕹
description: |
**⚠️ 不能复现将会关闭issue.**
- type: textarea
attributes:
label: 问题描述 😯
description: 详细描述出现的问题,或提供有关截图。
- type: textarea
attributes:
label: 终端日志 📒
description: |
在此处粘贴终端日志
value: |
```log
<此处粘贴终端日志>
```

30
.github/ISSUE_TEMPLATE/2.feature.yml vendored Normal file
View File

@@ -0,0 +1,30 @@
name: 功能建议 🚀
description: 提出你对项目的新想法或建议。
title: "🚀 功能建议:"
labels: ['status: needs check']
body:
- type: markdown
attributes:
value: |
请在上方的`title`中填写简略总结,谢谢❤️。
⚠️ 温馨提示: 未`star`项目会被自动关闭issue哦!
- type: checkboxes
attributes:
label: ⚠️ 搜索是否存在类似issue
description: >
请在 [历史issue](https://github.com/dqzboy/Docker-Proxy/issues) 中清空输入框搜索关键词查找是否存在相似issue。
options:
- label: 我已经搜索过issues和disscussions没有发现相似issue
required: true
- type: textarea
attributes:
label: 总结
description: 描述feature的功能。
- type: textarea
attributes:
label: 举例
description: 提供聊天示例,草图或相关网址。
- type: textarea
attributes:
label: 动机
description: 描述你提出该feature的动机比如没有这项feature对你的使用造成了怎样的影响。 请提供更详细的场景描述,这可能会帮助我们发现并提出更好的解决方案。

5
.github/ISSUE_TEMPLATE/config.yml vendored Normal file
View File

@@ -0,0 +1,5 @@
blank_issues_enabled: false
contact_links:
- name: 浅时光博客
url: https://www.dqzboy.com/
about: 更多学习教程,欢迎访问我们的官方网站

104
.github/close_issue.py vendored Normal file
View File

@@ -0,0 +1,104 @@
import os
import requests
issue_labels = ['no respect']
github_repo = 'dqzboy/Docker-Proxy'
github_token = os.getenv("GITHUB_TOKEN")
headers = {
'Authorization': 'Bearer ' + github_token,
'Accept': 'application/vnd.github+json',
'X-GitHub-Api-Version': '2022-11-28',
}
def get_stargazers(repo):
page = 1
_stargazers = {}
while True:
queries = {
'per_page': 100,
'page': page,
}
url = 'https://api.github.com/repos/{}/stargazers?'.format(repo)
resp = requests.get(url, headers=headers, params=queries)
if resp.status_code != 200:
raise Exception('Error get stargazers: ' + resp.text)
data = resp.json()
if not data:
break
for stargazer in data:
_stargazers[stargazer['login']] = True
page += 1
print('list stargazers done, total: ' + str(len(_stargazers)))
return _stargazers
def get_issues(repo):
page = 1
_issues = []
while True:
queries = {
'state': 'open',
'sort': 'created',
'direction': 'desc',
'per_page': 100,
'page': page,
}
url = 'https://api.github.com/repos/{}/issues?'.format(repo)
resp = requests.get(url, headers=headers, params=queries)
if resp.status_code != 200:
raise Exception('Error get issues: ' + resp.text)
data = resp.json()
if not data:
break
_issues += data
page += 1
print('list issues done, total: ' + str(len(_issues)))
return _issues
def close_issue(repo, issue_number):
url = 'https://api.github.com/repos/{}/issues/{}'.format(repo, issue_number)
data = {
'state': 'closed',
'state_reason': 'not_planned',
'labels': issue_labels,
}
resp = requests.patch(url, headers=headers, json=data)
if resp.status_code != 200:
raise Exception('Error close issue: ' + resp.text)
print('issue: {} closed'.format(issue_number))
def lock_issue(repo, issue_number):
url = 'https://api.github.com/repos/{}/issues/{}/lock'.format(repo, issue_number)
data = {
'lock_reason': 'spam',
}
resp = requests.put(url, headers=headers, json=data)
if resp.status_code != 204:
raise Exception('Error lock issue: ' + resp.text)
print('issue: {} locked'.format(issue_number))
if '__main__' == __name__:
stargazers = get_stargazers(github_repo)
issues = get_issues(github_repo)
for issue in issues:
login = issue['user']['login']
if login not in stargazers:
print('issue: {}, login: {} not in stargazers'.format(issue['number'], login))
close_issue(github_repo, issue['number'])
lock_issue(github_repo, issue['number'])
print('done')

24
.github/workflows/CloseIssue.yml vendored Normal file
View File

@@ -0,0 +1,24 @@
name: CloseIssue
on:
workflow_dispatch:
issues:
types: [opened]
jobs:
run-python-script:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: "3.10"
- name: Install Dependencies
run: pip install requests
- name: Run close_issue.py Script
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: python .github/close_issue.py

15
.github/workflows/issue-translator.yml vendored Normal file
View File

@@ -0,0 +1,15 @@
name: Issue Translator
on:
issue_comment:
types: [created]
issues:
types: [opened]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: usthe/issues-translate-action@v2.7
with:
IS_MODIFY_TITLE: false
CUSTOM_BOT_NOTE: Bot detected the issue body's language is not English, translate it automatically.

162
.gitignore vendored Normal file
View File

@@ -0,0 +1,162 @@
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class
# C extensions
*.so
# Distribution / packaging
.Python
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
share/python-wheels/
*.egg-info/
.installed.cfg
*.egg
MANIFEST
# PyInstaller
# Usually these files are written by a python script from a template
# before PyInstaller builds the exe, so as to inject date/other infos into it.
*.manifest
*.spec
# Installer logs
pip-log.txt
pip-delete-this-directory.txt
# Unit test / coverage reports
htmlcov/
.tox/
.nox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*.cover
*.py,cover
.hypothesis/
.pytest_cache/
cover/
# Translations
*.mo
*.pot
# Django stuff:
*.log
local_settings.py
db.sqlite3
db.sqlite3-journal
# Flask stuff:
instance/
.webassets-cache
# Scrapy stuff:
.scrapy
# Sphinx documentation
docs/_build/
# PyBuilder
.pybuilder/
target/
# Jupyter Notebook
.ipynb_checkpoints
# IPython
profile_default/
ipython_config.py
# pyenv
# For a library or package, you might want to ignore these files since the code is
# intended to run in multiple environments; otherwise, check them in:
# .python-version
# pipenv
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
# However, in case of collaboration, if having platform-specific dependencies or dependencies
# having no cross-platform support, pipenv may install dependencies that don't work, or not
# install all needed dependencies.
#Pipfile.lock
# poetry
# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
# This is especially recommended for binary packages to ensure reproducibility, and is more
# commonly ignored for libraries.
# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
#poetry.lock
# pdm
# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
#pdm.lock
# pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
# in version control.
# https://pdm.fming.dev/latest/usage/project/#working-with-version-control
.pdm.toml
.pdm-python
.pdm-build/
# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
__pypackages__/
# Celery stuff
celerybeat-schedule
celerybeat.pid
# SageMath parsed files
*.sage.py
# Environments
.env
.venv
env/
venv/
ENV/
env.bak/
venv.bak/
# Spyder project settings
.spyderproject
.spyproject
# Rope project settings
.ropeproject
# mkdocs documentation
/site
# mypy
.mypy_cache/
.dmypy.json
dmypy.json
# Pyre type checker
.pyre/
# pytype static type analyzer
.pytype/
# Cython debug symbols
cython_debug/
# PyCharm
# JetBrains specific template is maintained in a separate JetBrains.gitignore that can
# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
# and can be added to the global gitignore or merged into this file. For a more nuclear
# option (not recommended) you can uncomment the following to ignore the entire idea folder.
#.idea/

157
Koyeb/README.md Normal file
View File

@@ -0,0 +1,157 @@
<div style="text-align: center"></div>
<p align="center">
<img src="https://github.com/dqzboy/Docker-Proxy/assets/42825450/c187d66f-152e-4172-8268-e54bd77d48bb" width="230px" height="200px">
<br>
<i>使用 Koyeb 快速部署我们的Docker镜像加速服务.</i>
</p>
</div>
---
[Telegram Group](https://t.me/+ghs_XDp1vwxkMGU9)
---
## 📦 部署
> 以下步骤需要有Koyeb账号没有账号的可以先注册
**1. 登入 [Koyeb](https://app.koyeb.com/auth/signup/)**
<table>
<tr>
<td width="50%" align="center"><img src="https://github.com/dqzboy/Docker-Proxy/assets/42825450/671ac907-35e9-4e33-8ecb-8f1787ea818d?raw=true"></td>
</tr>
</table>
**2. 创建我们的服务**
<table>
<tr>
<td width="50%" align="center"><img src="https://github.com/dqzboy/Docker-Proxy/assets/42825450/c14f1109-3c48-4c00-876b-1bbf8f7e1939?raw=true"></td>
</tr>
</table>
**3. 选择以docker容器的方式部署输入下面任一镜像地址**
| 镜像 | 平台 |
|-------|---------------|
| dqzboy/mirror-hub:latest | docker hub
| dqzboy/mirror-gcr:latest | Google Container Registry
| dqzboy/mirror-ghcr:latest | GitHub Container Registry
| dqzboy/mirror-k8sgcr:latest | Kubernetes Container Registry
| dqzboy/mirror-k8sreg:latest | Kubernetes's container image registry
| dqzboy/mirror-quay:latest | Quay Container Registry
| dqzboy/mirror-mcr:latest | Microsoft Container
| dqzboy/mirror-elastic:latest | Elastic Stack
<table>
<tr>
<td width="50%" align="center"><img src="https://github.com/dqzboy/Docker-Proxy/assets/42825450/7f0df696-f4b6-41db-8ba5-5e28cb58fc17?raw=true"></td>
</tr>
</table>
<table>
<tr>
<td width="50%" align="center"><img src="https://github.com/dqzboy/Docker-Proxy/assets/42825450/6c407af3-5a17-49bb-9c31-45a6fcf8cedd?raw=true"></td>
</tr>
</table>
**4. 实例类型选择免费即可**
<table>
<tr>
<td width="50%" align="center"><img src="https://github.com/dqzboy/Docker-Proxy/assets/42825450/037cd5b2-801f-4ccf-b4c6-ec3f288b08c6?raw=true"></td>
</tr>
</table>
**5. 暴露端口改为5000自定义服务名称然后直接创建即可**
<table>
<tr>
<td width="50%" align="center"><img src="https://github.com/dqzboy/Docker-Proxy/assets/42825450/323bf282-804e-49ab-8251-7ebd6c8f8969?raw=true"></td>
</tr>
</table>
**6. 等待服务运行完成之后,使用分配的外网域名即可愉快的使用了**
<table>
<tr>
<td width="50%" align="center"><img src="https://github.com/dqzboy/Docker-Proxy/assets/42825450/cea37723-45f2-48df-bc59-9df97823adaa?raw=true"></td>
</tr>
</table>
<table>
<tr>
<td width="50%" align="center"><img src="https://github.com/dqzboy/Docker-Proxy/assets/42825450/54437313-f104-48ee-8e81-49dfe95a2118?raw=true"></td>
</tr>
</table>
## ✨ 使用
**1. 改Docker的daemon.json配置配置你Koyeb服务地址。修改后重启docker**
```shell
~]# vim /etc/docker/daemon.json
{
"registry-mirrors": [ "https://your_koyeb_url" ],
"log-opts": {
"max-size": "100m",
"max-file": "5"
}
}
```
**2. 使用Koyeb服务地址替换官方的 Registry 地址拉取镜像**
```shell
# docker hub Registry
## 源redis:latest
## 替换
docker pull your_koyeb_url/library/redis:latest
```
> **说明**如果上面配置了docker的daemon.json那么拉取镜像的时候就不需要在镜像前面加Render_URL了。【只针对Docker生效】
**3. 前缀替换的 Registry 的参考**
| 源站 | 替换为 | 平台 |
|-------|---------------|----------|
| docker.io | your_koyeb_url | docker hub
| gcr.io | your_koyeb_url | Google Container Registry
| ghcr.io | your_koyeb_url | GitHub Container Registry
| k8s.gcr.io | your_koyeb_url | Kubernetes Container Registry
| quay.io | your_koyeb_url | Quay Container Registry
---
## ✨ 将镜像上传到自己的Docker Hub仓库
#### 步骤 1: 登录到 Docker Hub
- 打开终端输入以下命令并按提示输入你的 Docker Hub 用户名和密码:
```shell
docker login
```
#### 步骤 2: 拉取镜像
- 使用 docker pull 命令拉取上面的镜像,这里以 dqzboy/mirror-hub:latest 举例:
```shell
docker pull dqzboy/mirror-hub:latest
```
#### 步骤 3: 标记镜像
- 给拉下来的镜像打一个新标签,使其指向你的 Docker Hub 用户名。
- 假设你的 Docker Hub 用户名是 yourusername你可以使用以下命令
```shell
docker tag dqzboy/mirror-hub:latest yourusername/mirror-hub:latest
```
#### 步骤 4: 上传镜像
- 使用 docker push 命令上传标记的镜像到你的 Docker Hub 仓库:
```shell
docker push yourusername/mirror-hub:latest
```
#### 步骤 5: 验证上传
- 上传完成后,你可以登录到 Docker Hub 网站,查看你的仓库中是否已经存在刚刚上传的镜像。

21
LICENSE Normal file
View File

@@ -0,0 +1,21 @@
MIT License
Copyright (c) 2024 dqzboy
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

218
README.md Normal file
View File

@@ -0,0 +1,218 @@
<div style="text-align: center">
<p align="center">
<img src="https://github.com/dqzboy/Docker-Proxy/assets/42825450/c187d66f-152e-4172-8268-e54bd77d48bb" width="230px" height="200px">
<br>
<i>自建Docker镜像加速服务基于官方 registry 一键部署Docker、K8s、Quay、Ghcr、Mcr、elastic等镜像加速\管理服务.</i>
</p>
</div>
<div align="center">
[![Auth](https://img.shields.io/badge/Auth-dqzboy-ff69b4)](https://github.com/dqzboy)
[![GitHub contributors](https://img.shields.io/github/contributors/dqzboy/Docker-Proxy)](https://github.com/dqzboy/Docker-Proxy/graphs/contributors)
[![GitHub Issues](https://img.shields.io/github/issues/dqzboy/Docker-Proxy.svg)](https://github.com/dqzboy/Docker-Proxy/issues)
[![GitHub Pull Requests](https://img.shields.io/github/stars/dqzboy/Docker-Proxy)](https://github.com/dqzboy/Docker-Proxy)
[![HitCount](https://views.whatilearened.today/views/github/dqzboy/Docker-Proxy.svg)](https://github.com/dqzboy/Docker-Proxy)
[![GitHub license](https://img.shields.io/github/license/dqzboy/Docker-Proxy)](https://github.com/dqzboy/Docker-Proxy/blob/main/LICENSE)
</div>
---
[Docker Proxy—技术交流群](https://t.me/+ghs_XDp1vwxkMGU9)
---
## 📝 准备工作
⚠️ **重要**一台国外的服务器并且未被墙。一个域名无需国内备案便宜的就行一键部署时选择安装Caddy可自动实现HTTPS。如果部署的是Nginx服务那么你需要申请一个免费的SSL证书或通过[Acme.sh自动生成和续订Lets Encrypt免费SSL证书](https://www.dqzboy.com/16437.html)还可以把域名托管到[Cloudflare 开启免费SSL证书](https://www.cloudflare.com/zh-cn/application-services/products/ssl/)
> 如果没有域名只有公网IP那么你可以尝试通过 **[zerossl](https://zerossl.com)** 给IP申请SSL证书
>
> 如果你只有一台服务器不想搞域名也不想配置TLS那么你可以配置Docker的配置文件daemon.json指定insecure-registries配置你的镜像加速地址
>
> **如果你是在国内的服务器部署那么你可以在执行一键部署时配置代理同时会帮你解决国内无法安装Docker的问题**
🚀 如果你身边没有上面提到的这些东西那么你也可以部署到Render详细操作查看下面教程
## 📦 部署
#### 通过项目脚本部署
```shell
# CentOS
yum -y install wget curl
# ubuntu
apt -y install wget curl
bash -c "$(curl -fsSL https://raw.githubusercontent.com/dqzboy/Docker-Proxy/main/install/DockerProxy_Install.sh)"
```
#### 使用 Render 部署
<details>
<summary><strong>部署到 Render</strong></summary>
<div>
[使用Render快速部署](Render/README.md)
</details>
#### 使用 Koyeb 部署
<details>
<summary><strong>部署到 Koyeb</strong></summary>
<div>
[使用Koyeb快速部署](Koyeb/README.md)
</details>
#### Docker Compose 部署
<details>
<summary><strong>手动部署容器</strong></summary>
<div>
**1.** 下载[config](https://github.com/dqzboy/Docker-Proxy/tree/main/config)目录下对应的`yml`文件到你本地机器上
**2.** 下载[docker-compose.yaml](https://github.com/dqzboy/Docker-Proxy/blob/main/docker-compose.yaml)文件到你本地机器上,并且与配置文件同级目录下
**3.** 执行 `docker compose` 命令启动容器服务
```shell
docker compose up -d
# 查看容器日志
docker logs -f [容器ID或名称]
```
**4.** 如果你对Nginx或Caddy不熟悉,那么你可以使用你熟悉的服务进行代理。也可以直接通过IP+端口的方式访问
</details>
## 🔨 功能
- 一键部署Docker镜像代理服务的功能支持基于官方Docker Registry的镜像代理.
- 支持多个镜像仓库的代理包括Docker Hub、GitHub Container Registry(ghcr.io)、Quay Container Registry(quay.io)、Kubernetes Container Registry(k8s.gcr.io)、Microsoft Container(mcr.microsoft.com)、Elastic Stack(docker.elastic.co)
- 自动检查并安装所需的依赖软件如Docker、Nginx\Caddy等并确保系统环境满足运行要求
- 根据你所选择部署的服务自动渲染对应的Nginx或Caddy服务配置
- 自动清理注册表上传目录中的那些不再被任何镜像或清单引用的文件
- 提供了重启服务、更新服务、更新配置和卸载服务的功能,方便用户进行日常管理和维护
- 支持用户在部署时选择是否提供身份验证
- 支持配置代理(HTTP_PROXY)仅支持http
- 解决国内环境无法安装Docker服务的难题
- 支持主流Linux发行版操作系统,例如Centos、Ubuntu、Rocky、Debian、Rhel等
- 支持主流ARCH架构下部署包括linux/amd64、linux/arm64
## ✨ 教程
### 配置Nginx反向代理
**注意** 如果你选择部署的是Nginx那么代理程序部署完成之后需自行配置 Nginx <br>
**1.下载仓库下的nginx配置文件 [registry-proxy.conf](https://raw.githubusercontent.com/dqzboy/Docker-Proxy/main/nginx/registry-proxy.conf) 到你的nginx服务下并修改配置里的域名和证书部分** <br>
**2.在你的DNS服务提供商将相应的访问域名解析到部署docker proxy服务的机器IP上** <br>
**3.修改Docker的daemon.json配置配置你自建的Registry地址。修改后重启docker**
```shell
~]# vim /etc/docker/daemon.json
{
"registry-mirrors": [ "https://hub.your_domain_name" ],
"log-opts": {
"max-size": "100m",
"max-file": "5"
}
}
```
> **说明:** 配置了daemon.json之后现在拉取镜像无需指定你的加速地址直接执行docker pull 拉取你需要的镜像即可。下面的步骤是你在没有配置daemon.json的时候拉取镜像需要加上你的加速地址才可以正常拉取。
---
**1. 使用自建的 Registry 地址替换官方的 Registry 地址拉取镜像**
```shell
# docker hub Registry
## 源nginx:latest
## 替换
docker pull hub.your_domain_name/library/nginx:latest
# Google Registry
## 源gcr.io/google-containers/pause:3.1
## 替换:
docker pull gcr.your_domain_name/google-containers/pause:3.1
```
**2. 前缀替换的 Registry 的参考**
| 源站 | 替换为 | 平台 |
|-------|---------------|----------|
| docker.io | hub.your_domain_name | docker hub
| gcr.io | gcr.your_domain_name | Google Container Registry
| ghcr.io | ghcr.your_domain_name | GitHub Container Registry
| k8s.gcr.io | k8s-gcr.your_domain_name | Kubernetes Container Registry
| registry.k8s.io | k8s.your_domain_name | Kubernetes's container image registry
| quay.io | quay.your_domain_name | Quay Container Registry
| mcr.microsoft.com | mcr.your_domain_name | Microsoft Container Registry
| docker.elastic.co | elastic.your_domain_name | Elastic Stack
---
**关于使用镜像加速拉取docker hub公共空间下的镜像时如何不添加library的方案**
- 此方案来自交流群里大佬提供通过nginx实现并实测
```shell
location ^~ / {
if ($request_uri ~ ^/v2/([^/]+)/(manifests|blobs)/(.*)$) {
# 重写路径并添加 library/
rewrite ^/v2/(.*)$ /v2/library/$1 break;
}
proxy_pass http://127.0.0.1:51000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_http_version 1.1;
add_header X-Cache $upstream_cache_status;
}
```
> 详细教程:[自建Docker镜像加速服务加速与优化镜像管理](https://www.dqzboy.com/8709.html)
## 📚 展示
<br/>
<table>
<tr>
<td width="50%" align="center"><b>系统环境检查</b></td>
<td width="50%" align="center"><b>服务部署安装</b></td>
</tr>
<tr>
<td width="50%" align="center"><img src="https://github.com/dqzboy/Docker-Proxy/assets/42825450/55df7f6f-c788-4200-9bcd-631998dc53ef?raw=true"></td>
<td width="50%" align="center"><img src=https://github.com/dqzboy/Docker-Proxy/assets/42825450/c544fb1e-ecd5-447c-9661-0c5913586118?raw=true"></td>
</tr>
</table>
## 💻 UI
![docker-proxy](https://github.com/dqzboy/Docker-Proxy/assets/42825450/5194cfc0-1108-4c99-bf87-31e90b9154a1)
## 🫶 赞助
如果你觉得这个项目对你有帮助请给我点个Star。并且情况允许的话可以给我一点点支持总之非常感谢支持😊
<table>
<tr>
<td width="50%" align="center"><b> Alipay </b></td>
<td width="50%" align="center"><b> WeChat Pay </b></td>
</tr>
<tr>
<td width="50%" align="center"><img src="https://github.com/dqzboy/Deploy_K8sCluster/assets/42825450/223fd099-9433-468b-b490-f9807bdd2035?raw=true"></td>
<td width="50%" align="center"><img src="https://github.com/dqzboy/Deploy_K8sCluster/assets/42825450/9404460f-ea1b-446c-a0ae-6da96eb459e3?raw=true"></td>
</tr>
</table>
## 😺 其他
开源不易,若你参考此项目或基于此项目修改可否麻烦在你的项目文档中标识此项目?谢谢你!
## ❤ 鸣谢
感谢以下项目的开源的付出:
[CNCF Distribution](https://distribution.github.io/distribution/)
[docker-registry-browser](https://github.com/klausmeyer/docker-registry-browser)

179
Render/README.md Normal file
View File

@@ -0,0 +1,179 @@
<div style="text-align: center"></div>
<p align="center">
<img src="https://github.com/dqzboy/Docker-Proxy/assets/42825450/c187d66f-152e-4172-8268-e54bd77d48bb" width="230px" height="200px">
<br>
<i>使用 Render 快速部署我们的Docker镜像加速服务.</i>
</p>
</div>
---
[Telegram Group](https://t.me/+ghs_XDp1vwxkMGU9)
---
## 📦 部署
**1. 登入 [Render](https://dashboard.render.com)**
**2. 创建我们的服务**
<table>
<tr>
<td width="50%" align="center"><img src="https://github.com/dqzboy/Blog-Image/assets/42825450/7a16000a-6514-4cc9-892c-9f0a9746d1b2?raw=true"></td>
</tr>
</table>
<table>
<tr>
<td width="50%" align="center"><img src="https://github.com/dqzboy/Docker-Proxy/assets/42825450/e5bb8e70-2bba-4b3f-a29f-fcf56ac2b82a?raw=true"></td>
</tr>
</table>
**3. 选择以docker容器的方式部署输入下面任一镜像地址**
> **⚠️ 特别说明目前作者账号已被Render特殊对待了,建议大家把下面的镜像下载到自己本地然后上传到自己的Docker hub仓库。下面的镜像地址也会随时被Render限制使用(具体操作可以看下面教程)**
| 镜像 | 平台 |
|-------|---------------|
| dqzboy01/mirror-hub:latest | docker hub
| dqzboy01/mirror-gcr:latest | Google Container Registry
| dqzboy01/mirror-ghcr:latest | GitHub Container Registry
| dqzboy01/mirror-k8sgcr:latest | Kubernetes Container Registry
| dqzboy01/mirror-k8sreg:latest | Kubernetes's container image registry
| dqzboy01/mirror-quay:latest | Quay Container Registry
| dqzboy01/mirror-elastic:latest | Microsoft Container Registry
| dqzboy01/mirror-mcr:latest | Elastic Stack
<table>
<tr>
<td width="50%" align="center"><img src="https://github.com/dqzboy/Docker-Proxy/assets/42825450/3f84c551-bef4-4e00-a3b4-b85e34a7eb7e?raw=true"></td>
</tr>
</table>
<table>
<tr>
<td width="50%" align="center"><img src="https://github.com/dqzboy/Docker-Proxy/assets/42825450/907ba8da-9c1d-4cfb-9951-b843fabe47a9?raw=true"></td>
</tr>
</table>
**4. 实例类型选择免费即可(免费实例需要保活,可使用 [uptime-kuma](https://uptime.kuma.pet/) 或 [D监控](https://www.dnspod.cn/Products/Monitor) 实现)**
<table>
<tr>
<td width="50%" align="center"><img src="https://github.com/dqzboy/Blog-Image/assets/42825450/c0a166c9-9d06-472e-a4cd-0d16fa3eeb83?raw=true"></td>
</tr>
</table>
**5. 环境变量不用添加,直接选择创建即可**
<table>
<tr>
<td width="50%" align="center"><img src="https://github.com/dqzboy/Blog-Image/assets/42825450/e760d9c3-b6f4-4a5e-81ce-64c8017c70fc?raw=true"></td>
</tr>
</table>
**6. 等待服务运行完成之后,使用分配的外网域名即可愉快的使用了**
<table>
<tr>
<td width="50%" align="center"><img src="https://github.com/dqzboy/Docker-Proxy/assets/42825450/95793a23-5831-4565-9c23-03130b81e8be?raw=true"></td>
</tr>
</table>
## ✨ 使用
**1. 改Docker的daemon.json配置配置你Render服务地址。修改后重启docker**
```shell
~]# vim /etc/docker/daemon.json
{
"registry-mirrors": [ "https://your_render_url" ],
"log-opts": {
"max-size": "100m",
"max-file": "5"
}
}
```
**2. 使用Render服务地址替换官方的 Registry 地址拉取镜像**
```shell
# docker hub Registry
## 源redis:latest
## 替换
docker pull your_render_url/library/redis:latest
```
> **说明**如果上面配置了docker的daemon.json那么拉取镜像的时候就不需要在镜像前面加Render_URL了。【只针对Docker生效】
**3. 拉取速度测试,效果还是可以的,主要是免费**
![image](https://github.com/dqzboy/Blog-Image/assets/42825450/06ad14d4-cb0f-4924-ab41-5c3f001261a2)
**4. 前缀替换的 Registry 的参考**
| 源站 | 替换为 | 平台 |
|-------|---------------|----------|
| docker.io | your_render_url | docker hub
| gcr.io | your_render_url | Google Container Registry
| ghcr.io | your_render_url | GitHub Container Registry
| k8s.gcr.io | your_render_url | Kubernetes Container Registry
| quay.io | your_render_url | Quay Container Registry
| mcr.microsoft.com | mcr.your_domain_name | Microsoft Container Registry
| docker.elastic.co | elastic.your_domain_name | Elastic Stack
---
## ✨ 将镜像上传到自己的Docker Hub仓库
#### 镜像下载地址
| 镜像 | 平台 |
|-------|---------------|
| dqzboy/mirror-hub:latest | docker hub
| dqzboy/mirror-gcr:latest | Google Container Registry
| dqzboy/mirror-ghcr:latest | GitHub Container Registry
| dqzboy/mirror-k8sgcr:latest | Kubernetes Container Registry
| dqzboy/mirror-k8sreg:latest | Kubernetes's container image registry
| dqzboy/mirror-quay:latest | Quay Container Registry
| dqzboy/mirror-mcr:latest | Microsoft Container
| dqzboy/mirror-elastic:latest | Elastic Stack
#### 步骤 1: 登录到 Docker Hub
- 打开终端输入以下命令并按提示输入你的 Docker Hub 用户名和密码:
```shell
docker login
```
#### 步骤 2: 拉取镜像
- 使用 docker pull 命令拉取上面的镜像,这里以 dqzboy/mirror-hub:latest 举例:
```shell
docker pull dqzboy/mirror-hub:latest
```
#### 步骤 3: 标记镜像
- 给拉下来的镜像打一个新标签,使其指向你的 Docker Hub 用户名。
- 假设你的 Docker Hub 用户名是 yourusername你可以使用以下命令
```shell
docker tag dqzboy/mirror-hub:latest yourusername/mirror-hub:latest
```
#### 步骤 4: 上传镜像
- 使用 docker push 命令上传标记的镜像到你的 Docker Hub 仓库:
```shell
docker push yourusername/mirror-hub:latest
```
#### 步骤 5: 验证上传
- 上传完成后,你可以登录到 Docker Hub 网站,查看你的仓库中是否已经存在刚刚上传的镜像。
---
## ⚠️ 注意
**1.** 免费实例如果15分钟内未收到入站流量Render会关闭实例的网络服务。Render 会在下次收到处理请求时重新启动该服务。
**2.** Render每月为每个用户和团队提供 750 小时的免费实例时间:
- 免费网络服务在运行期间会消耗这些时间(停止服务不要消耗免费实例
- 小时数)。
- 如果您在某个月内用完了所有免费实例小时数Render将暂停您的所有免费网络服务直到下个月开始。
- 每个月开始时,您的免费实例小时数将重置为 750 小时(剩余小时数不会结转)。
**3.** 最好自己个人使用或者小团队使用如果你的服务使用人多了Render照样会把你的服务给删除掉并且没有任何提醒

83
caddy/Caddyfile Normal file
View File

@@ -0,0 +1,83 @@
ui.your_domain_name {
reverse_proxy localhost:50000 {
header_up Host {host}
header_up Origin {scheme}://{host}
header_up X-Forwarded-For {remote_addr}
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Ssl on
header_up X-Forwarded-Port {server_port}
header_up X-Forwarded-Host {host}
}
}
hub.your_domain_name {
reverse_proxy localhost:51000 {
header_up Host {host}
header_up X-Real-IP {remote_addr}
header_up X-Forwarded-For {remote_addr}
header_up X-Nginx-Proxy true
}
}
ghcr.your_domain_name {
reverse_proxy localhost:52000 {
header_up Host {host}
header_up X-Real-IP {remote_addr}
header_up X-Forwarded-For {remote_addr}
header_up X-Nginx-Proxy true
}
}
gcr.your_domain_name {
reverse_proxy localhost:53000 {
header_up Host {host}
header_up X-Real-IP {remote_addr}
header_up X-Forwarded-For {remote_addr}
header_up X-Nginx-Proxy true
}
}
k8s-gcr.your_domain_name {
reverse_proxy localhost:54000 {
header_up Host {host}
header_up X-Real-IP {remote_addr}
header_up X-Forwarded-For {remote_addr}
header_up X-Nginx-Proxy true
}
}
k8s.your_domain_name {
reverse_proxy localhost:55000 {
header_up Host {host}
header_up X-Real-IP {remote_addr}
header_up X-Forwarded-For {remote_addr}
header_up X-Nginx-Proxy true
}
}
quay.your_domain_name {
reverse_proxy localhost:56000 {
header_up Host {host}
header_up X-Real-IP {remote_addr}
header_up X-Forwarded-For {remote_addr}
header_up X-Nginx-Proxy true
}
}
mcr.your_domain_name {
reverse_proxy localhost:57000 {
header_up Host {host}
header_up X-Real-IP {remote_addr}
header_up X-Forwarded-For {remote_addr}
header_up X-Nginx-Proxy true
}
}
elastic.your_domain_name {
reverse_proxy localhost:58000 {
header_up Host {host}
header_up X-Real-IP {remote_addr}
header_up X-Forwarded-For {remote_addr}
header_up X-Nginx-Proxy true
}
}

7
config/README.md Normal file
View File

@@ -0,0 +1,7 @@
<div style="text-align: center"></div>
<p align="center">
<img src="https://github.com/dqzboy/Docker-Proxy/assets/42825450/c187d66f-152e-4172-8268-e54bd77d48bb" width="230px" height="200px">
<br>
<i>Docker、K8s、Quay、Ghcr镜像加速服务配置文件.</i>
</p>
</div>

41
config/registry-elastic.yml Normal file
View File

@@ -0,0 +1,41 @@
version: 0.1
log:
fields:
service: registry
storage:
filesystem:
rootdirectory: /var/lib/registry
delete:
enabled: true
cache:
blobdescriptor: inmemory
blobdescriptorsize: 10000
maintenance:
uploadpurging:
enabled: true
age: 168h
interval: 24h
dryrun: false
readonly:
enabled: false
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
Access-Control-Allow-Origin: ['*']
Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
Access-Control-Allow-Headers: ['Authorization', 'Accept', 'Cache-Control']
Access-Control-Max-Age: [1728000]
Access-Control-Allow-Credentials: [true]
Access-Control-Expose-Headers: ['Docker-Content-Digest']
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
proxy:
remoteurl: https://docker.elastic.co
username:
password:

42
config/registry-gcr.yml Normal file
View File

@@ -0,0 +1,42 @@
version: 0.1
log:
fields:
service: registry
storage:
filesystem:
rootdirectory: /var/lib/registry
delete:
enabled: true
cache:
blobdescriptor: inmemory
blobdescriptorsize: 10000
maintenance:
uploadpurging:
enabled: true
age: 168h
interval: 24h
dryrun: false
readonly:
enabled: false
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
Access-Control-Allow-Origin: ['*']
Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
Access-Control-Allow-Headers: ['Authorization', 'Accept', 'Cache-Control']
Access-Control-Max-Age: [1728000]
Access-Control-Allow-Credentials: [true]
Access-Control-Expose-Headers: ['Docker-Content-Digest']
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
proxy:
remoteurl: https://gcr.io
username:
password:
ttl:

42
config/registry-ghcr.yml Normal file
View File

@@ -0,0 +1,42 @@
version: 0.1
log:
fields:
service: registry
storage:
filesystem:
rootdirectory: /var/lib/registry
delete:
enabled: true
cache:
blobdescriptor: inmemory
blobdescriptorsize: 10000
maintenance:
uploadpurging:
enabled: true
age: 168h
interval: 24h
dryrun: false
readonly:
enabled: false
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
Access-Control-Allow-Origin: ['*']
Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
Access-Control-Allow-Headers: ['Authorization', 'Accept', 'Cache-Control']
Access-Control-Max-Age: [1728000]
Access-Control-Allow-Credentials: [true]
Access-Control-Expose-Headers: ['Docker-Content-Digest']
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
proxy:
remoteurl: https://ghcr.io
username:
password:
ttl:

42
config/registry-hub.yml Normal file
View File

@@ -0,0 +1,42 @@
version: 0.1
log:
fields:
service: registry
storage:
filesystem:
rootdirectory: /var/lib/registry
delete:
enabled: true
cache:
blobdescriptor: inmemory
blobdescriptorsize: 10000
maintenance:
uploadpurging:
enabled: true
age: 168h
interval: 24h
dryrun: false
readonly:
enabled: false
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
Access-Control-Allow-Origin: ['*']
Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
Access-Control-Allow-Headers: ['Authorization', 'Accept', 'Cache-Control']
Access-Control-Max-Age: [1728000]
Access-Control-Allow-Credentials: [true]
Access-Control-Expose-Headers: ['Docker-Content-Digest']
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
proxy:
remoteurl: https://registry-1.docker.io
username:
password:
ttl:

42
config/registry-k8s.yml Normal file
View File

@@ -0,0 +1,42 @@
version: 0.1
log:
fields:
service: registry
storage:
filesystem:
rootdirectory: /var/lib/registry
delete:
enabled: true
cache:
blobdescriptor: inmemory
blobdescriptorsize: 10000
maintenance:
uploadpurging:
enabled: true
age: 168h
interval: 24h
dryrun: false
readonly:
enabled: false
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
Access-Control-Allow-Origin: ['*']
Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
Access-Control-Allow-Headers: ['Authorization', 'Accept', 'Cache-Control']
Access-Control-Max-Age: [1728000]
Access-Control-Allow-Credentials: [true]
Access-Control-Expose-Headers: ['Docker-Content-Digest']
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
proxy:
remoteurl: https://registry.k8s.io
username:
password:
ttl:

42
config/registry-k8sgcr.yml Normal file
View File

@@ -0,0 +1,42 @@
version: 0.1
log:
fields:
service: registry
storage:
filesystem:
rootdirectory: /var/lib/registry
delete:
enabled: true
cache:
blobdescriptor: inmemory
blobdescriptorsize: 10000
maintenance:
uploadpurging:
enabled: true
age: 168h
interval: 24h
dryrun: false
readonly:
enabled: false
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
Access-Control-Allow-Origin: ['*']
Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
Access-Control-Allow-Headers: ['Authorization', 'Accept', 'Cache-Control']
Access-Control-Max-Age: [1728000]
Access-Control-Allow-Credentials: [true]
Access-Control-Expose-Headers: ['Docker-Content-Digest']
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
proxy:
remoteurl: https://k8s.gcr.io
username:
password:
ttl:

41
config/registry-mcr.yml Normal file
View File

@@ -0,0 +1,41 @@
version: 0.1
log:
fields:
service: registry
storage:
filesystem:
rootdirectory: /var/lib/registry
delete:
enabled: true
cache:
blobdescriptor: inmemory
blobdescriptorsize: 10000
maintenance:
uploadpurging:
enabled: true
age: 168h
interval: 24h
dryrun: false
readonly:
enabled: false
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
Access-Control-Allow-Origin: ['*']
Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
Access-Control-Allow-Headers: ['Authorization', 'Accept', 'Cache-Control']
Access-Control-Max-Age: [1728000]
Access-Control-Allow-Credentials: [true]
Access-Control-Expose-Headers: ['Docker-Content-Digest']
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
proxy:
remoteurl: https://mcr.microsoft.com
username:
password:

42
config/registry-quay.yml Normal file
View File

@@ -0,0 +1,42 @@
version: 0.1
log:
fields:
service: registry
storage:
filesystem:
rootdirectory: /var/lib/registry
delete:
enabled: true
cache:
blobdescriptor: inmemory
blobdescriptorsize: 10000
maintenance:
uploadpurging:
enabled: true
age: 168h
interval: 24h
dryrun: false
readonly:
enabled: false
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
Access-Control-Allow-Origin: ['*']
Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
Access-Control-Allow-Headers: ['Authorization', 'Accept', 'Cache-Control']
Access-Control-Max-Age: [1728000]
Access-Control-Allow-Credentials: [true]
Access-Control-Expose-Headers: ['Docker-Content-Digest']
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
proxy:
remoteurl: https://quay.io
username:
password:
ttl:

158
docker-compose.yaml Normal file
View File

@@ -0,0 +1,158 @@
services:
## docker hub
dockerhub:
container_name: reg-docker-hub
image: registry:latest
restart: always
#environment:
#- http=http://host:port
#- https=http://host:port
volumes:
- ./registry/data:/var/lib/registry
- ./registry-hub.yml:/etc/docker/registry/config.yml
#- ./htpasswd:/auth/htpasswd
ports:
- 51000:5000
networks:
- registry-net
## ghcr.io
ghcr:
container_name: reg-ghcr
image: registry:latest
restart: always
#environment:
#- http=http://host:port
#- https=http://host:port
volumes:
- ./registry/data:/var/lib/registry
- ./registry-ghcr.yml:/etc/docker/registry/config.yml
#- ./htpasswd:/auth/htpasswd
ports:
- 52000:5000
networks:
- registry-net
## gcr.io
gcr:
container_name: reg-gcr
image: registry:latest
restart: always
#environment:
#- http=http://host:port
#- https=http://host:port
volumes:
- ./registry/data:/var/lib/registry
- ./registry-gcr.yml:/etc/docker/registry/config.yml
#- ./htpasswd:/auth/htpasswd
ports:
- 53000:5000
networks:
- registry-net
## k8s.gcr.io
k8sgcr:
container_name: reg-k8s-gcr
image: registry:latest
restart: always
#environment:
#- http=http://host:port
#- https=http://host:port
volumes:
- ./registry/data:/var/lib/registry
- ./registry-k8sgcr.yml:/etc/docker/registry/config.yml
#- ./htpasswd:/auth/htpasswd
ports:
- 54000:5000
networks:
- registry-net
## registry.k8s.io
k8s:
container_name: reg-k8s
image: registry:latest
restart: always
#environment:
#- http=http://host:port
#- https=http://host:port
volumes:
- ./registry/data:/var/lib/registry
- ./registry-k8s.yml:/etc/docker/registry/config.yml
#- ./htpasswd:/auth/htpasswd
ports:
- 55000:5000
networks:
- registry-net
## quay.io
quay:
container_name: reg-quay
image: registry:latest
restart: always
#environment:
#- http=http://host:port
#- https=http://host:port
volumes:
- ./registry/data:/var/lib/registry
- ./registry-quay.yml:/etc/docker/registry/config.yml
#- ./htpasswd:/auth/htpasswd
ports:
- 56000:5000
networks:
- registry-net
## mcr.microsoft.com
mcr:
container_name: reg-mcr
image: registry:latest
restart: always
#environment:
#- http=http://host:port
#- https=http://host:port
volumes:
- ./registry/data:/var/lib/registry
- ./registry-mcr.yml:/etc/docker/registry/config.yml
#- ./htpasswd:/auth/htpasswd
ports:
- 57000:5000
networks:
- registry-net
## docker.elastic.co
elastic:
container_name: reg-elastic
image: registry:latest
restart: always
#environment:
#- http=http://host:port
#- https=http://host:port
volumes:
- ./registry/data:/var/lib/registry
- ./registry-elastic.yml:/etc/docker/registry/config.yml
#- ./htpasswd:/auth/htpasswd
ports:
- 58000:5000
networks:
- registry-net
## UI
registry-ui:
container_name: registry-ui
image: dqzboy/docker-registry-ui:latest
environment:
- DOCKER_REGISTRY_URL=http://reg-docker-hub:5000
# [必须]使用 openssl rand -hex 16 生成唯一值
- SECRET_KEY_BASE=9f18244a1e1179fa5aa4a06a335d01b2
# 启用Image TAG 的删除按钮
- ENABLE_DELETE_IMAGES=true
- NO_SSL_VERIFICATION=true
restart: always
ports:
- 50000:8080
networks:
- registry-net
networks:
registry-net:

1709
install/DockerProxy_Install.sh Normal file
View File

File diff suppressed because it is too large Load Diff

312
nginx/registry-proxy.conf Normal file
View File

@@ -0,0 +1,312 @@
## registry-ui
server {
listen 80;
listen 443 ssl;
## 填写绑定证书的域名
server_name ui.your_domain_name;
## 证书文件名称(填写你证书存放的路径和名称)
ssl_certificate your_domain_name.crt;
## 私钥文件名称(填写你证书存放的路径和名称)
ssl_certificate_key your_domain_name.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_buffer_size 8k;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
location / {
proxy_pass http://localhost:50000;
proxy_set_header Host $host;
proxy_set_header Origin $scheme://$host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on; # Optional
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
}
}
## docker hub
server {
listen 80;
listen 443 ssl;
## 填写绑定证书的域名
server_name hub.your_domain_name;
## 证书文件名称(填写你证书存放的路径和名称)
ssl_certificate your_domain_name.crt;
## 私钥文件名称(填写你证书存放的路径和名称)
ssl_certificate_key your_domain_name.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_buffer_size 8k;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
location / {
proxy_pass http://localhost:51000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Nginx-Proxy true;
proxy_buffering off;
proxy_redirect off;
}
}
## GitHub Container Registry (ghcr.io)
server {
listen 80;
listen 443 ssl;
## 填写绑定证书的域名
server_name ghcr.your_domain_name;
## 证书文件名称(填写你证书存放的路径和名称)
ssl_certificate your_domain_name.crt;
## 私钥文件名称(填写你证书存放的路径和名称)
ssl_certificate_key your_domain_name.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_buffer_size 8k;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
location / {
proxy_pass http://localhost:52000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Nginx-Proxy true;
proxy_buffering off;
proxy_redirect off;
}
}
## Google Container Registry (gcr.io)
server {
listen 80;
listen 443 ssl;
## 填写绑定证书的域名
server_name gcr.your_domain_name;
## 证书文件名称(填写你证书存放的路径和名称)
ssl_certificate your_domain_name.crt;
## 私钥文件名称(填写你证书存放的路径和名称)
ssl_certificate_key your_domain_name.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_buffer_size 8k;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
location / {
proxy_pass http://localhost:53000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Nginx-Proxy true;
proxy_buffering off;
proxy_redirect off;
}
}
## Kubernetes Container Registry (k8s.gcr.io)
server {
listen 80;
listen 443 ssl;
## 填写绑定证书的域名
server_name k8s-gcr.your_domain_name;
## 证书文件名称(填写你证书存放的路径和名称)
ssl_certificate your_domain_name.crt;
## 私钥文件名称(填写你证书存放的路径和名称)
ssl_certificate_key your_domain_name.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_buffer_size 8k;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
location / {
proxy_pass http://localhost:54000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Nginx-Proxy true;
proxy_buffering off;
proxy_redirect off;
}
}
## Kubernetes's container image registry (registry.k8s.io)
server {
listen 80;
listen 443 ssl;
## 填写绑定证书的域名
server_name k8s.your_domain_name;
## 证书文件名称(填写你证书存放的路径和名称)
ssl_certificate your_domain_name.crt;
## 私钥文件名称(填写你证书存放的路径和名称)
ssl_certificate_key your_domain_name.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_buffer_size 8k;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
location / {
proxy_pass http://localhost:55000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Nginx-Proxy true;
proxy_buffering off;
proxy_redirect off;
}
}
## Quay Container Registry (quay.io)
server {
listen 80;
listen 443 ssl;
## 填写绑定证书的域名
server_name quay.your_domain_name;
## 证书文件名称(填写你证书存放的路径和名称)
ssl_certificate your_domain_name.crt;
## 私钥文件名称(填写你证书存放的路径和名称)
ssl_certificate_key your_domain_name.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_buffer_size 8k;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
location / {
proxy_pass http://localhost:56000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Nginx-Proxy true;
proxy_buffering off;
proxy_redirect off;
}
}
## Microsoft Container (mcr.microsoft.com)
server {
listen 80;
listen 443 ssl;
## 填写绑定证书的域名
server_name mcr.your_domain_name;
## 证书文件名称(填写你证书存放的路径和名称)
ssl_certificate your_domain_name.crt;
## 私钥文件名称(填写你证书存放的路径和名称)
ssl_certificate_key your_domain_name.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_buffer_size 8k;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
location / {
proxy_pass http://localhost:57000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Nginx-Proxy true;
proxy_buffering off;
proxy_redirect off;
}
}
## docker.elastic.co
server {
listen 80;
listen 443 ssl;
## 填写绑定证书的域名
server_name elastic.your_domain_name;
## 证书文件名称(填写你证书存放的路径和名称)
ssl_certificate your_domain_name.crt;
## 私钥文件名称(填写你证书存放的路径和名称)
ssl_certificate_key your_domain_name.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_buffer_size 8k;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
location / {
proxy_pass http://localhost:58000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Nginx-Proxy true;
proxy_buffering off;
proxy_redirect off;
}
}