Configure docker local Registry Proxy Cache

If you are running multiple servers with Docker daemon and each daemon goes out to the internet and fetches an image it doesn’t have locally, from the Docker repository or your private Docker registry. This will take extra internet traffic from your servers and resources. To avoid this extra bandwidth and servers loads, you can configure docker local registry Proxy Cache mirror and point all the server docker daemons to pull images.

It is possible to set-up a local docker registry which acts as a cache for already pulled images. If the image is not cached, the proxy will pull the image from the public Docker registry and stores it locally before handing it back to you, On subsequent requests, registry mirror is able to serve the image from its own storage to the required clients.

Docker Registry Proxy Cache Mirror

Docker Registry Proxy Cache Mirror

How to configure a Registry as a pull-through cache

The easiest way to run a registry as a pull through cache is to run the official Registry image and specify the proxy. remoteurl within /etc/docker/registry/config.yml as per the instruction.

Download the config.yml file.

docker run -it --rm --entrypoint cat registry:2 /etc/docker/registry/config.yml > /var/lib/registry/config.yml

To configure a Registry to run as a pull through cache, the addition of a proxy section is required to the config file config.yml.

proxy:
remoteurl: https://registry-1.docker.io
username: [username]
password: [password]

The ‘username’ and ‘password’ settings are optional.

The proxy structure allows a registry to be configured as a pull-through cache to Docker Hub.

# vi  /var/lib/registry/config.yml

##Example configuration file.

version: 0.1
log:
  fields:
    service: registry
storage:
  cache:
    blobdescriptor: inmemory
  filesystem:
    rootdirectory: /var/lib/registry
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
health:
   storagedriver:
    enabled: true
    interval: 10s
    threshold: 3
proxy:
  remoteurl: https://registry-1.docker.io

Start your registry proxy cache container

# docker run -d --restart=always -p 5000:5000 --name registry-mirror -v /var/lib/registry:/var/lib/registry registry:2 /var/lib/registry/config.yml

Verify your registry proxy cache is up and running on your server.

[root@localregistry ~]# curl localhost:5000/v2/_catalog
{"repositories":[]}

Configure the Docker daemon with registry mirror

Login your remote docker server.

Either pass the –registry-mirror option when starting dockerd manually, or edit /etc/docker/daemon.json and add the registry-mirrors key and value, to make the change persistent.

{
"registry-mirrors": ["http://<registry-mirror-host>:5000"]
}

Save the file and reload Docker for the change to take effect.

Or, you can configure the Docker daemon with the –registry-mirror startup parameter:

# dockerd --registry-mirror=http://registry-mirror-host:5000

For our Docker version 1.12.5, we added registry mirror on /etc/sysconfig/docker

# vi /etc/sysconfig/docker

add “–registry-mirror=http://registry-mirror-host:5000” on OPTIONS.

OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --registry-mirror=http://registry-mirror-host:5000'
# systemctl daemon-reload
# systemctl restart docker.service
Test your docker registry proxy cache

Pull an image from Docker Hub you currently do not have stored locally. For example, ubuntu:latest image

# docker pull ubuntu
registry-proxy-mirror

registry-proxy-mirror

Check the catalog to verify that the image.

# curl registry-mirror-host:5000/v2/_catalog
{"repositories":["library/ubuntu","library/wordpress"]}