If you are running multiple servers with Docker daemon and each daemon goes out to the internet and fetches an image it doesn’t have locally, from the Docker repository or your private Docker registry. This will take extra internet traffic from your servers and resources. To avoid this extra bandwidth and servers loads, you can configure docker local registry Proxy Cache mirror and point all the server docker daemons to pull images.
It is possible to set-up a local docker registry which acts as a cache for already pulled images. If the image is not cached, the proxy will pull the image from the public Docker registry and stores it locally before handing it back to you, On subsequent requests, registry mirror is able to serve the image from its own storage to the required clients.
How to configure a Registry as a pull-through cache
The easiest way to run a registry as a pull through cache is to run the official Registry image and specify the proxy. remoteurl within /etc/docker/registry/config.yml as per the instruction.
Download the config.yml file.
docker run -it --rm --entrypoint cat registry:2 /etc/docker/registry/config.yml > /var/lib/registry/config.yml
To configure a Registry to run as a pull through cache, the addition of a proxy section is required to the config file config.yml.
proxy: remoteurl: https://registry-1.docker.io username: [username] password: [password]
The ‘username’ and ‘password’ settings are optional.
The proxy structure allows a registry to be configured as a pull-through cache to Docker Hub.
# vi /var/lib/registry/config.yml
##Example configuration file.
version: 0.1 log: fields: service: registry storage: cache: blobdescriptor: inmemory filesystem: rootdirectory: /var/lib/registry http: addr: :5000 headers: X-Content-Type-Options: [nosniff] health: storagedriver: enabled: true interval: 10s threshold: 3 proxy: remoteurl: https://registry-1.docker.io
Start your registry proxy cache container
# docker run -d --restart=always -p 5000:5000 --name registry-mirror -v /var/lib/registry:/var/lib/registry registry:2 /var/lib/registry/config.yml
Verify your registry proxy cache is up and running on your server.
[root@localregistry ~]# curl localhost:5000/v2/_catalog {"repositories":[]}
Configure the Docker daemon with registry mirror
Login your remote docker server.
Either pass the –registry-mirror option when starting dockerd manually, or edit /etc/docker/daemon.json and add the registry-mirrors key and value, to make the change persistent.
{ "registry-mirrors": ["http://<registry-mirror-host>:5000"] }
Save the file and reload Docker for the change to take effect.
Or, you can configure the Docker daemon with the –registry-mirror startup parameter:
# dockerd --registry-mirror=http://registry-mirror-host:5000
For our Docker version 1.12.5, we added registry mirror on /etc/sysconfig/docker
# vi /etc/sysconfig/docker
add “–registry-mirror=http://registry-mirror-host:5000” on OPTIONS.
OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --registry-mirror=http://registry-mirror-host:5000'
# systemctl daemon-reload # systemctl restart docker.service
Test your docker registry proxy cache
Pull an image from Docker Hub you currently do not have stored locally. For example, ubuntu:latest image
# docker pull ubuntu
Check the catalog to verify that the image.
# curl registry-mirror-host:5000/v2/_catalog {"repositories":["library/ubuntu","library/wordpress"]}