paspo's happy place
Posts Tags
paspo's happy place

Contents

Docker mirror (proxy)

paspo
   379 words   2 minutes 
/2019/docker-proxy/docker-mirror_hu652447602347003311.webp

What

In this article we setup a docker proxy (AKA mirror) in your lan, which will cache every image downloaded by their clients.

Details

We’ll cover how to install a docker registry somewhere in your LAN, and how to configure the clients to use this registry as a proxy.

Registry setup

First of all, we need a machine meeting these requirements:

  • docker installed and running (because we love docker)
  • have enough space to host all required images

Some suitable example are:

  • A dedicated linux machine
  • A NAS capable of running docker
  • A spare raspberry pi, maybe with an external storage

For the sake of this article, let’s presume we’re dealing with a dedicated linux machine. We’re not covering how to install docker, because you’re adult and you’re supposed to be capable of googling.

Let’s create the storage directories for the registry container:

1mkdir -p /srv/registry-proxy/data

We also need the original config file for the registry:

1docker run -it --rm --entrypoint cat registry:2 \
2  /etc/docker/registry/config.yml > /srv/registry-proxy/config.yml

For reference, the original config.yml should be something like this:

 1version: 0.1
 2log:
 3  fields:
 4    service: registry
 5storage:
 6  cache:
 7    blobdescriptor: inmemory
 8  filesystem:
 9    rootdirectory: /var/lib/registry
10http:
11  addr: :5000
12  headers:
13    X-Content-Type-Options: [nosniff]
14health:
15  storagedriver:
16    enabled: true
17    interval: 10s
18    threshold: 3

Now edit that file and add these lines at the end:

1proxy:
2    remoteurl: https://registry-1.docker.io

Time to start the registry:

1docker run -d -p 5000:5000 --name registry-proxy --restart=always \
2  -v  /srv/registry-proxy/data:/var/lib/registry \
3  -v  /srv/registry-proxy/config.yml:/etc/docker/registry/config.yml \
4  registry:2

Notice that:

  • we’re using HTTP (so, without encryption) on port 5000
  • we’re not using authentication

But it’s ok because it’s only a proxy.

Client setup

Now, for each client you want to modify /etc/docker/daemon.json:

1{
2  "insecure-registries" : ["192.168.1.100:5000"],
3  "registry-mirrors": ["http://192.168.1.100:5000"]
4}

REMEMBER: replace 192.168.1.100 with the IP address of your docker proxy.

Then restart docker:

1service docker restart

Now, every time you use docker, you’re downloading from the local LAN proxy; if the image has been already downloaded, you should get it at LAN speed!

Test it

Download a big image:

1docker pull linuxserver/unifi-controller

This image is about half a GB in size. Then delete it:

1docker rmi linuxserver/unifi-controller

Then download it again:

1docker pull linuxserver/unifi-controller

and enjoy the speed increment!

Updated on 2019-07-22
 proxydocker
Back | Home