搭建自己的Docker(容器)镜像加速器

容器镜像加速服务器

本Github项目可快速部署容器镜像加速服务器。 由于配置格式及docker客户端配置限制, 本项目仅适用于使用containerd runtime的容器镜像加速。

本项目两个分支:

  • main: 使用nginx作为反向代理
  • traefik: 使用traefik进行流量路由

前置要求

  • Python版本 3.8+
  • 安装certbot(仅nginx版本需要, traefik版本不需要)
  • 安装docker
  • 安装docker compose
  • 一个公网可解析的域名

填写配置文件

config.json中填写必要的配置:

  • registries: 需要加速的镜像站列表, 填写域名即可, 默认为https协议;
  • domain: 加速器域名,需提前申请并注册到互联网名称服务器,公网可解析;
  • email: 填写一个合法的邮箱地址即可

运行

执行以下命令

  • 如使用main分支代码将自动申请SSL证书(如在nginx/ssl目录下没有证书存在),生成配置文件
  • 如使用traefik分支代码, 无需进行证书申请, traefik会自动连接Let's Encrypt进行证书申请

然后启动加速器:

bash 复制代码
python3 main.py

输出内容例如:

bash 复制代码
Applying SSL certificate...
SSL certificate for docker.uglyduck.site is already present.
Generating registry server configurations...
registry-1.docker.io
docker.elastic.co
gcr.io
k8s.gcr.io
quay.io
nvcr.io
rocks.canonical.com
mcr.microsoft.com
Generating Nginx configuration...
Generating Docker Compose configuration...
Starting Docker Compose...
[+] Running 10/10
 ✔ Network mirror-server_default   Created                                                                                                                                   0.1s 
 ✔ Container registry-1_docker_io  Started                                                                                                                                   0.2s 
 ✔ Container mcr_microsoft_com     Started                                                                                                                                   0.2s 
 ✔ Container docker_elastic_co     Started                                                                                                                                   0.2s 
 ✔ Container nginx                 Started                                                                                                                                   0.2s 
 ✔ Container gcr_io                Started                                                                                                                                   0.2s 
 ✔ Container rocks_canonical_com   Started                                                                                                                                   0.2s 
 ✔ Container quay_io               Started                                                                                                                                   0.2s 
 ✔ Container k8s_gcr_io            Started                                                                                                                                   0.2s 
 ✔ Container nvcr_io               Started                                                                                                                                   0.2s 
Docker Compose has started successfully.

关闭加速器

bash 复制代码
docker compose down

containerd客户端配置

  1. 为每个目标站点创建配置目录(目录名称可以随便写,能看懂即可)
bash 复制代码
mkdir -p /etc/containerd/certs.d/dockerhub # 源站点registry-1.docker.io
mkdir -p /etc/containerd/certs.d/quary     # 源站点quary.io
...
  1. 为各个站点配置加速(配置文件名为hosts.toml)
    其中:
  • server为源镜像站点
  • host.后面是加速器站点及uri, 格式为<加速器域名>/<源站点域名>

示例1: dockerhub加速配置

bash 复制代码
cat <<EOF > /etc/containerd/certs.d/dockerhub/hosts.tomal
server = "https://registry-1.docker.io"
[host."https://docker.uglyduck.site/registry-1.docker.io"]
  capabilities = ["pull", "resolve"]
EOF

示例2: quary.io加速配置

bash 复制代码
cat <<EOF > /etc/containerd/certs.d/quary/hosts.tomal
server = "https://quary.io"
[host."https://docker.uglyduck.site/quary.io"]
  capabilities = ["pull", "resolve"]
EOF

如上, 为每个需要加速的站点都进行上述配置。

重启containerd

bash 复制代码
systemctl restart containerd

测试配置

docker测试

docker需在/etc/docker/daemon.json中进行配置, 且只能加速dockerhub的镜像, 本项目不针对docker客户端加速。

使用ctr客户端测试

使用ctr命令拉取镜像时需要指定--hosts-dir参数:

bash 复制代码
ctr image pull docker.io/library/amazoncorretto:11 --hosts-dir /etc/containerd/certs.d

docker.io/library/amazoncorretto:11:                                              resolved       |++++++++++++++++++++++++++++++++++++++|
index-sha256:6c4b652bb05c91148d08c0c0856875725744d3368f195a7a1b4013910ba8efc0:    exists         |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:c9ebd5d4c48014cc08040eec2adb3c1da77b3e1d1e47b05450dd088873f77c26: exists         |++++++++++++++++++++++++++++++++++++++|
config-sha256:cb1efffd6bb7aeeaa2c36cb00d7201547c222f712ee80ed1aa856368f90272a4:   exists         |++++++++++++++++++++++++++++++++++++++|
layer-sha256:f956a2176a592b2f85941102c85f1a745c5e74f263c66fc5212bf9eb619f28e1:    downloading    |+++++++++++++++++++-------------------| 31.0 MiB/59.8 MiB
layer-sha256:88fcfc4c5843cedbd18a8793ed07b4046649d10f26bb1b69d14be76b565cb914:    downloading    |++++++++++++++++++++------------------| 75.0 MiB/141.3 MiB
elapsed: 5.7 s                                                                    total:  106.0  (18.6 MiB/s)

使用nerdctl客户端测试

配置并重启containerd后, nerdctl可以自动识别到加速器配置:

bash 复制代码
nerdctl pull docker.io/library/amazoncorretto:11

docker.io/library/amazoncorretto:11:                                              resolved       |++++++++++++++++++++++++++++++++++++++|
index-sha256:6c4b652bb05c91148d08c0c0856875725744d3368f195a7a1b4013910ba8efc0:    exists         |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:c9ebd5d4c48014cc08040eec2adb3c1da77b3e1d1e47b05450dd088873f77c26: exists         |++++++++++++++++++++++++++++++++++++++|
config-sha256:cb1efffd6bb7aeeaa2c36cb00d7201547c222f712ee80ed1aa856368f90272a4:   exists         |++++++++++++++++++++++++++++++++++++++|
layer-sha256:88fcfc4c5843cedbd18a8793ed07b4046649d10f26bb1b69d14be76b565cb914:    downloading    |++++++++++++++------------------------| 54.0 MiB/141.3 MiB
layer-sha256:f956a2176a592b2f85941102c85f1a745c5e74f263c66fc5212bf9eb619f28e1:    downloading    |++++++--------------------------------| 11.0 MiB/59.8 MiB
elapsed: 2.1 s                                                                    total:  65.0 M (30.9 MiB/s)
相关推荐
甲柒1 小时前
12-Docker发布微服务
java·docker·微服务
Arc星语3 小时前
Docker Redis集群3主3从模式
redis·docker
Drscq4 小时前
How to migrate a CentOS 8 to Rocky Linux 8.10
linux·运维·centos
修心光4 小时前
CentOS配置iptables规则并使其永久生效
linux·运维·centos
加载中loading...4 小时前
Linux线程安全(二)条件变量实现线程同步
linux·运维·服务器·c语言·1024程序员节
安科瑞刘鸿鹏4 小时前
校园建筑用电安全监测装置 电气火灾监测预防设备功能介绍
运维·服务器·网络·嵌入式硬件·安全·能源
课堂随想4 小时前
【libGL error】Autodl云服务器配置ACT的conda虚拟环境生成训练数据时,遇到了libGL相关错误,涉及swrast_dri.so
运维·服务器·conda
工作不忙6 小时前
不使用docker-compose不使用zookeeper启动ApacheKafka3.8.0单机运行KRAFT模式
ubuntu·docker·zookeeper·kafka·apache
盒马盒马6 小时前
Docker:存储卷
docker·容器
大熊程序猿7 小时前
ubuntu 安装k3s
linux·运维·ubuntu