2024年6月,国内几家Docker Hub镜像服务平台均发公告宣布下架,停止服务,需要更换 Docker 加速镜像源。
2024-09-08 更新,目前docker hub已恢复访问,国内相关镜像站暂时仍未恢复。
0.可用性检测
1.当前可用的镜像加速地址
1.1 大毛镜像加速地址
{
"registry-mirrors": [
"https://docker.m.daocloud.io",
"https://huecker.io",
"https://dockerhub.timeweb.cloud",
"https://noohub.ru"
]
}
也可以直接使用加速地址下载:
docker pull m.daocloud.io/docker.io/library/alpine:latest
1.2 其他国内镜像加速地址
Azure 中国镜像
https://dockerhub.azk8s.cn
七牛云加速器https://reg-mirror.qiniu.com
网易http://hub-mirror.c.163.com
华为云https://05cec16ef1800f790fabc01198b68720.mirror.swr.myhuaweicloud.com
或者使用阿里云提供的镜像加速服务,自己的加速地址可以在
https://cr.console.aliyun.com/cn-hangzhou/instances/mirrors
获取到。
貌似已无法使用
1.3 Yandex 容器加速 【更新太慢 太旧】
优点:适合单独pull镜像使用,俄罗斯大厂提供服务
缺点:不支持配置到 daemon.json
官方镜像:https://mirror.yandex.ru/
使用方式:
docker pull cr.yandex/mirror/nginx
# 更新太慢
docker pull cr.yandex/mirror/alpine:latest
可以拉取后retag到本地的镜像仓库
1.4 v2网友提供 【当前推荐
v2网友提供的加速地址:https://dockerhub.icu docker.1panelproxy.com
使用命令参考:
docker pull docker.1panelproxy.com/library/alpine:latest
docker image tag docker.1panelproxy.com/library/alpine:latest library/alpine:latest
还有一个
docker.m.daocloud.io
https://github.com/DaoCloud/public-image-mirror
1.5 福吧吧友推荐【当前推荐】
地址①:dockerpull.com
地址②:dockerproxy.net
docker pull dockerproxy.net/whyour/qinglong:latest
支持配置到/etc/docker/daemon.json文件
{"registry-mirrors": ["https://dockerproxy.net"]}
systemctl daemon-reload
systemctl restart docker
1.6 AtomHub 可信镜像中心
只依赖基础镜像的话,可以选择AtomHub(开放原子开源基金会牵头)
地址:https://atomhub.openatom.cn/repos
使用命令参考:
docker pull atomhub.openatom.cn/library/hello-world:latest
docker image tag atomhub.openatom.cn/library/hello-world:latest library/hello-world:latest
1.7 使用Github Action将国外的Docker镜像转存到阿里云私有仓库
1.8 系统代理
还可以配置代理,参考:Docker系统代理官方文档
2.自建镜像站
安装命令:
bash -c "$(curl -fsSL https://raw.githubusercontent.com/dqzboy/Docker-Proxy/main/install/DockerProxy_Install.sh)"
# 可以只安装 docker、gcr、ghcr、k8s相关,即 1 2 3 5 6
# 不需要开启本地代理
Nginx反向代理:
## registry-ui
server {
listen 80;
listen 443 ssl;
## 填写绑定证书的域名
server_name ui.your_domain_name;
## 证书文件名称(填写你证书存放的路径和名称)
ssl_certificate your_domain_name.crt;
## 私钥文件名称(填写你证书存放的路径和名称)
ssl_certificate_key your_domain_name.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_buffer_size 8k;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
location / {
proxy_pass http://localhost:50000;
proxy_set_header Host $host;
proxy_set_header Origin $scheme://$host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on; # Optional
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
}
}
## docker hub
server {
listen 80;
listen 443 ssl;
## 填写绑定证书的域名
server_name hub.your_domain_name;
## 证书文件名称(填写你证书存放的路径和名称)
ssl_certificate your_domain_name.crt;
## 私钥文件名称(填写你证书存放的路径和名称)
ssl_certificate_key your_domain_name.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_buffer_size 8k;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
location / {
proxy_pass http://localhost:51000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Nginx-Proxy true;
proxy_buffering off;
proxy_redirect off;
}
}
## GitHub Container Registry (ghcr.io)
server {
listen 80;
listen 443 ssl;
## 填写绑定证书的域名
server_name ghcr.your_domain_name;
## 证书文件名称(填写你证书存放的路径和名称)
ssl_certificate your_domain_name.crt;
## 私钥文件名称(填写你证书存放的路径和名称)
ssl_certificate_key your_domain_name.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_buffer_size 8k;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
location / {
proxy_pass http://localhost:52000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Nginx-Proxy true;
proxy_buffering off;
proxy_redirect off;
}
}
## Google Container Registry (gcr.io)
server {
listen 80;
listen 443 ssl;
## 填写绑定证书的域名
server_name gcr.your_domain_name;
## 证书文件名称(填写你证书存放的路径和名称)
ssl_certificate your_domain_name.crt;
## 私钥文件名称(填写你证书存放的路径和名称)
ssl_certificate_key your_domain_name.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_buffer_size 8k;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
location / {
proxy_pass http://localhost:53000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Nginx-Proxy true;
proxy_buffering off;
proxy_redirect off;
}
}
## Kubernetes Container Registry (k8s.gcr.io)
server {
listen 80;
listen 443 ssl;
## 填写绑定证书的域名
server_name k8s-gcr.your_domain_name;
## 证书文件名称(填写你证书存放的路径和名称)
ssl_certificate your_domain_name.crt;
## 私钥文件名称(填写你证书存放的路径和名称)
ssl_certificate_key your_domain_name.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_buffer_size 8k;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
location / {
proxy_pass http://localhost:54000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Nginx-Proxy true;
proxy_buffering off;
proxy_redirect off;
}
}
## Kubernetes's container image registry (registry.k8s.io)
server {
listen 80;
listen 443 ssl;
## 填写绑定证书的域名
server_name k8s.your_domain_name;
## 证书文件名称(填写你证书存放的路径和名称)
ssl_certificate your_domain_name.crt;
## 私钥文件名称(填写你证书存放的路径和名称)
ssl_certificate_key your_domain_name.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_buffer_size 8k;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
location / {
proxy_pass http://localhost:55000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Nginx-Proxy true;
proxy_buffering off;
proxy_redirect off;
}
}
测试
docker pull hub.your_domain_name/library/nginx:latest
使用
~]# vim /etc/docker/daemon.json
{
"registry-mirrors": [ "https://hub.your_domain_name" ]
}
3.修改配置文件
修改或创建daemon.json文件:vi /etc/docker/daemon.json,将以下配置写入到文件中,保存并退出:
{
"registry-mirrors": [
"https://docker.m.daocloud.io",
"https://huecker.io",
"https://dockerhub.timeweb.cloud",
"https://noohub.ru"
]
}
初次配置镜像源,可直接使用命令(以毛子镜像源为例,可替换成自己需要的镜像源地址):
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": [
"https://docker.m.daocloud.io",
"https://huecker.io",
"https://dockerhub.timeweb.cloud",
"https://noohub.ru"
]
}
EOF
4.开启代理
本地开启 docker daemon 代理(需科学)
5.重启
重启docker(添加配置文件后需要加载然后重启docker):
systemctl daemon-reload
systemctl restart docker
评论区