paspo's happy place
Posts Tags
paspo's happy place

Contents

Docker mirror (proxy)

paspo
   359 words   2 minutes 
/2019/docker-proxy/docker-mirror.png

What

In this article we setup a docker proxy (AKA mirror) in your lan, which will cache every image downloaded by their clients.

Details

We’ll cover how to install a docker registry somewhere in your LAN, and how to configure the clients to use this registry as a proxy.

Registry setup

First of all, we need a machine meeting these requirements:

  • docker installed and running (because we love docker)
  • have enough space to host all required images

Some suitable example are:

  • A dedicated linux machine
  • A NAS capable of running docker
  • A spare raspberry pi, maybe with an external storage

For the sake of this article, let’s presume we’re dealing with a dedicated linux machine. We’re not covering how to install docker, because you’re adult and you’re supposed to be capable of googling.

Let’s create the storage directories for the registry container:

mkdir -p /srv/registry-proxy/data

We also need the original config file for the registry:

docker run -it --rm --entrypoint cat registry:2 \
  /etc/docker/registry/config.yml > /srv/registry-proxy/config.yml

For reference, the original config.yml should be something like this:

version: 0.1
log:
  fields:
    service: registry
storage:
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/registry
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3

Now edit that file and add these lines at the end:

proxy:
    remoteurl: https://registry-1.docker.io

Time to start the registry:

docker run -d -p 5000:5000 --name registry-proxy --restart=always \
  -v  /srv/registry-proxy/data:/var/lib/registry \
  -v  /srv/registry-proxy/config.yml:/etc/docker/registry/config.yml \
  registry:2

Notice that:

  • we’re using HTTP (so, without encryption) on port 5000
  • we’re not using authentication

But it’s ok because it’s only a proxy.

Client setup

Now, for each client you want to modify /etc/docker/daemon.json:

{
  "insecure-registries" : ["192.168.1.100:5000"],
  "registry-mirrors": ["http://192.168.1.100:5000"]
}

REMEMBER: replace 192.168.1.100 with the IP address of your docker proxy.

Then restart docker:

service docker restart

Now, every time you use docker, you’re downloading from the local LAN proxy; if the image has been already downloaded, you should get it at LAN speed!

Test it

Download a big image:

docker pull linuxserver/unifi-controller

This image is about half a GB in size. Then delete it:

docker rmi linuxserver/unifi-controller

Then download it again:

docker pull linuxserver/unifi-controller

and enjoy the speed increment!

Updated on 2019-07-22
 proxydocker
Back | Home