How to set-up a docker registry acting as a Proxy?

Question

I have a server (let's name it A) which may have access to internet and from which I'm able to pull images from the officiel docker.io registry.

I also have other servers (B, C) which cannot have this same access for security reasons, but are allowed to have access to A.

I also have decided to install a private registry on A, which can be used from B and C.

Is it possible to have this registry acting as a proxy, in the way that when I want to pull an official image from B, it could be done through A ?

Answer 1

Step 1: Run registry version 2+ with proxy configuration

You need to run docker registry with a proxy configuraiton.

To get an initial config.yml:

docker run -it --rm --entrypoint cat registry:2 /etc/docker/registry/config.yml > `pwd`/config.yml

Add following to config.yml:

proxy:
      remoteurl: https://registry-1.docker.io

Then start docker registry with config.yml:

docker run -d --restart=always -p 5000:5000 --name docker-registry-proxy -v `pwd`/config.yml:/etc/docker/registry/config.yml registry:2

Step2: Configure Docker Daemon on client

If you use Docker for Mac (not Docker toolbox or boot2docker), just add http://<proxy-ip>:5000 to mirrors section under Advanced tab:

Restart Docker for Mac.

Otherwise, you need to run docker daemon with --registry-mirror=http://<proxy_ip>:5000, by doing something like following on the client or Docker Toolbox VM:

docker --registry-mirror=https://<my-docker-mirror-host> daemon

Step 3: Verify proxy is working:

Try to pull an image you don't have yet:

docker pull nginx

Then verify proxy catalog has the new image:

curl https://<proxy_ip>:5000/v2/_catalog

It should return something including the image you have just pulled.

"repositories":["library/nginx"]}

Answer 2

This is known as pull-through cached mirroring, and unfortunately it's not supported yet. It's a work in progress though! See docker/distribution#19.

Answer 3

Meanwhile thats possible:

https://blog.docker.com/2015/10/registry-proxy-cache-docker-open-source/

https://docs.docker.com/registry/recipes/mirror/

But Pushing to such a registry is not supported:

https://docs.docker.com/registry/configuration/#proxy

Answer 4

With v2 registry proxying was not happening i have setup version 2.1 that enabled me to do caching with. Here are the steps i followed.

root@mahasan-Inspiron-5537:~# docker run -it --rm --entrypoint cat registry:2.1 /etc/docker/registry/config.yml > config.yml

Open config.yml and add below lines.

root@mahasan-Inspiron-5537:~# vim config.yml
proxy:
      remoteurl: https://registry-1.docker.io

root@mahasan-Inspiron-5537:~# docker run -d --restart=always -p 5000:5000 --name docker-registry-proxy-2 -v `pwd`/config.yml:/etc/docker/registry/config.yml registry:2.1

Next Stop the Docker daemon and start with below parameters.

root@mahasan-Inspiron-5537:~# dockerd --registry-mirror=http://localhost:5000

Now pull any image using docker daemon.

root@mahasan-Inspiron-5537:~# docker pull nginx

Now Check repository catalog to ensure caching & proxying is happening.

root@mahasan-Inspiron-5537:~# curl http://localhost:5000/v2/_catalog
{"repositories":["library/nginx"]}