Docker Registry Proxy

While exploring community Docker images, I found myself downloading the same content multiple times. I’d rather not waste my bandwidth. I’d rather not wait on downloading something I’ve downloaded before. But perhaps more importantly, Docker recently changed their terms of service throttling the number of pulls in a given timespan (details on Docker’s site, discussion on HackerNews).

Running my own proxy registry

My docker-compose.yml:

registry:
  restart: always
  image: registry:2
  ports:
    - 11150:5000
  volumes:
    - ./data:/var/lib/registry
    - ./config.yml:/etc/docker/registry/config.yml

My config.yml:

version: 0.1
log:
  fields:
    service: registry
storage:
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/registry
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
health:
  storagedriver:
    enabled: true
    interval: 10s
    threshold: 3
proxy:
  remoteurl: https://registry-1.docker.io

And note that ./data is symlinked to a FreeNAS mount.

Configuring Docker’s daemon

I then go about adding "registry-mirrors": ["https://registry-proxy.home.lan"] to my /etc/docker/daemon.json for my VMs (I’ll cover the DNS/TLS/routing aspect of this in the next post). Note that this type of post-provisioning customization should probably be done to the VM template or Ansible scripts. I’ll cover that when I get a chance to work Ansible into my setup.

Update from the future

I ended up having to configure two registries on account of self-hosted registries not being able to function as both proxies and local registries.