How to use Docker open source repository to create proxy cache repository

One of the latest features of the open source Docker repository v2 : can be used as a proxy cache repository to cache mirroring on the Docker Hub. Running a cache repository allows you to store images locally and reduce excessive mirroring from the Docker Hub over the Internet, a feature that is useful for users who have a large number of Docker engines in their environment. With this tutorial, you can let the Docker engine pull the mirror from the local proxy cache repository, rather than letting each engine always pull from the Docker Hub, saving time and bandwidth.

You can start like this:


  • Docker Engine 1.8.3
  • Docker Warehouse v2
  • Enough to store the disk space of the Docker image
  • TLS certificate and key

Persistent data

In this example, we assume that you will store all persistent data under the <code> / data </ ​​code> path of the local file system, which contains the TLS certificate and key file, configuration file, and mirror cache file. We will then use the volume to mount this directory into the container that runs the warehouse.

Protect your proxy cache repository

The proxy cache repository requires a TLS certificate to ensure the security of the connection between the Docker engine and the cache repository. In this example, we place our certificate file (<code> domain.crt </ code>) and the key file (<code > Domain.key </ code>) in the host's <code> / data </ ​​code> directory.

For more information on using TLS to enhance warehouse security, refer to the Docker Warehouse 2.0 documentation .

Create a proxy cache repository configuration file

The next step you need to create a configuration file to use this repository as a proxy cache. You can use the cat command to redirect the default configuration file in the <code> registry: 2 </ code> image to a file:

$ Docker run -it --rm --entrypoint cat registry: 2 \
/etc/docker/registry/config.yml> /data/config.yml

<Code> I strongly recommend getting this default configuration from the Docker image instead of using the configuration in the example, as this default configuration may be updated in the future. </ Code>

Default config.yml example:

Version: 0.1
Service: registry
Layerinfo: inmemory
Rootdirectory: / var / lib / registry
Addr: 5000

Modify 'http' this section configuration on TLS:

Addr: 5000
Certificate: /var/lib/registry/domain.crt
Key: /var/lib/registry/domain.key

Add a new 'proxy' in the configuration file to open the cache:

Click to open the document ( … )

Username: [username]
Password: [password]

'Username' and 'password' these two options are optional, this is the Docker Hub account user name and password, set these two options, will make the proxy cache warehouse access to the account of the same authority, that is, This user has access to the mirror, the cache also has access to the cache.

<Code> Make sure you fully understand what is meant by setting up this Docker Hub account and make sure that you have the strict security of the mirror! If you are not sure, please do not configure the username and password, then your proxy cache repository It will only cache the public mirror. </ Code>

Start the container for the proxy cache repository:

$ Docker run -d --restart = always -p 5000: 5000 --name v2-mirror \
-v / data: / var / lib / registry registry: 2 /var/lib/registry/config.yml

The above command uses a volume to load the / data on the host into the container so that the container can use persistent storage mirroring, TLS certificates and keys, and custom repository configuration files.

Verify that your proxy cache repository is up and running:

$ Curl -I
HTTP / 1.1 200 OK
Content-Length: 2
Content-Type: application / json; charset = utf-8
Docker-Distribution-Api-Version: registry / 2.0
Date: Thu, 17 Sep 2015 21:42:02 GMT

Configure your Docker engine to use the proxy cache repository

Modify the startup parameters of the Docker daemon, plus the <code> – registry-mirror </ code> option:

--registry-mirror = https: // <my-docker-mirror-host>: <port-number>

For example, if your cache repository has a host name of and the warehouse service port is 5000, you need to add the following options to the daemon's parameters:

--registry-mirror = https: // 5000

See Running Docker in various Linux distributions for more information on how to add Docker daemon parameters.

Test your proxy cache repository

Draw a mirror that you do not have on the Docker Hub. For example, busybox: latest Mirror:

$ Docker pull busybox: latest

Check the directory in the cache repository to verify that the busybox image is cached:

$ Curl
{"Repositories": ["library / busybox"]}

You can also verify that the latest label is cached:

$ Curl
{"Name": "library / busybox", "tags": ["latest"]}

Now when you pull the mirror, the mirror will be cached to your proxy cache, and then the same image will be pulled out faster, and these mirror cache will maintain their own, when they are no longer used will automatically clear The

Download the Docker engine from here and try to create a proxy repository with an open source Docker repository!

to sum up

Docker technology is increasingly penetrating into every corner of life, it makes our lives more convenient and quick. In the scientific research on the road, Xi Yun ( ) hope and we can work together to explore and progress!

Docker technology how to bring value to business

Xiyun is an expert in the field of Docker and is committed to providing better cloud computing products and services through Docker technology. Xiyun brand products included

  • COS container operating system
  • CSphere container management platform
  • CDT container-based development test platform
  • CShow container – based project demonstration platform
  • CHub Enterprise Registry

And provide relevant training and advisory services

  • Micro mirror service
  • Docker Corporate Training
  • Application of Docker Consulting
  • Software SaaS Consulting
  • PaaS consultation

Welcome business inquiries:

  • Tel: 400-686-1560
  • E-mail:

Focus on cSphere-CN

Reply to the number "1" to see [Docker continued deployment graphic Detailed]
Reply to the number "2" to see [first knowledge of Docker and Windows Server containers]
Reply to the number "3" to see [Create a Node.js container image for Windows]
Reply to the number "4" to see [use Docker-in-Docker to run CI or integrated test environment? Think twice

Reproduced statement

Respect for knowledge, please reprint, must not be deleted, including the Bank.

    Heads up! This alert needs your attention, but it's not super important.