1.查看已有镜像加速
|
1 |
docker info |
2.拉取一个gcr镜像
|
1 2 3 |
#docker pull k8s.gcr.io/heapster-amd64:v1.5.4 Error response from daemon: Get https://k8s.gcr.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers) ##Client.Timeout exceeded while awaiting headers |
3. docker代理步骤如下:
|
1 |
mkdir -p /etc/systemd/system/docker.service.d |
3.1、http代理
|
1 |
vim /etc/systemd/system/docker.service.d/http-proxy.conf |
|
1 2 |
[Service] Environment="HTTP_PROXY=http://proxy.example.com:80" |
3.2、https代理
|
1 2 |
[Service] Environment="HTTPS_PROXY=https://proxy.example.com:443" |
3.3、也可以设置多个环境变量; 设置非 HTTPS 和 HTTPS 代理
|
1 2 3 4 5 6 |
[Service] Environment="HTTP_PROXY=http://proxy.example.com:80" Environment="HTTPS_PROXY=https://proxy.example.com:443" Environment="NO_PROXY=localhost,127.0.0.1,192.168.0.11" #如果您有私有仓库地址需要在不使用代理的情况下获取镜像,您可以通过NO_PROXY环境变量指定排除它们。 |
4.刷新更改并重新启动 Docker
|
1 2 |
systemctl daemon-reload systemctl restart docker |
5. 验证配置是否已加载并与您所做的更改相匹配,例如:
|
1 |
sudo systemctl show --property=Environment docker |
6.重新拉取镜像
|
1 |
docker pull k8s.gcr.io/heapster-amd64:v1.5.4 |
注:镜像地址自己配置,或在外部用harbor,或者用registry
nginx配置仓库登录验证
|
1 2 3 4 5 6 7 |
1.安装加密工具 yum -y install httpd-tools 2.设置登录用户名和密码 htpasswd -Bc /opt/nginx_proxy_registry/auth/nginx.htpasswd admin |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 |
map $upstream_http_docker_distribution_api_version $docker_distribution_api_version { '' 'registry/2.0'; } upstream docker-registry { least_conn; server 127.0.0.1:43020 max_fails=3 fail_timeout=30s; keepalive 64; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name max.9l988.com; client_max_body_size 0; chunked_transfer_encoding on; add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" always; add_header X-XSS-Protection "1; mode=block" always; add_header X-Frame-Options SAMEORIGIN always; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "DENY"; ssl_certificate /usr/local/nginx/sslkey/9l988.com/fullchain.crt; ssl_certificate_key /usr/local/nginx/sslkey/9l988.com/private.key; # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html ssl_protocols TLSv1.1 TLSv1.2; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; location /v2/ { # Do not allow connections from docker 1.5 and earlier # docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) { return 404; } # To add basic authentication to v2 use auth_basic setting. auth_basic "Registry realm"; auth_basic_user_file /opt/nginx_proxy_registry/auth/nginx.htpasswd; ## If $docker_distribution_api_version is empty, the header will not be added. ## See the map directive above where this variable is defined. add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always; proxy_pass https://127.0.0.1:43020; proxy_set_header Host $http_host; # required for docker client's sake proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 900; } } |
参考文档:
|
1 2 3 |
https://docs.docker.com/registry/configuration/ https://github.com/docker/docker.github.io/blob/master/registry/recipes/mirror.md docker cp registry:/etc/docker/registry/config.yml config.yml |
- 本文固定链接: https://www.yoyoask.com/?p=7401
- 转载请注明: shooter 于 SHOOTER 发表
这个作者貌似有点懒,什么都没有留下。