Docker 镜像站
Nginx 配置
[root@tky www]# cat hub-nginx.conf
server {
listen 80;
server_name docker.9421.ltd;
if ($host = 'docker.9421.ltd') {
rewrite ^/(.*)$ https://docker.9421.ltd/$1 permanent;
}
}
server {
listen 443 ssl;
server_name docker.9421.ltd;
ssl_certificate ssl/docker.9421.ltd.pem;
ssl_certificate_key ssl/docker.9421.ltd.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
set_real_ip_from 0.0.0.0/0;
real_ip_header CF-Connecting-IP;
client_max_body_size 10G;
underscores_in_headers on;
resolver 8.8.8.8 ipv6=off;
resolver_timeout 10s;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header Accept-Encoding "";
proxy_ssl_session_reuse off;
proxy_ssl_server_name on;
proxy_http_version 1.1;
proxy_buffering off;
proxy_request_buffering off;
proxy_max_temp_file_size 0;
proxy_connect_timeout 864000s;
proxy_read_timeout 864000s;
proxy_send_timeout 864000s;
send_timeout 864000s;
access_log logs/docker_access.log;
error_log logs/error_access.log;
location /v2/ {
proxy_pass https://registry-1.docker.io;
proxy_set_header Host registry-1.docker.io;
header_filter_by_lua_block {
local www_auth = ngx.var.upstream_http_www_authenticate
if www_auth then
local new_www_auth = string.gsub(www_auth, "auth.docker.io", "hub.rat.dev")
ngx.header['www-authenticate'] = new_www_auth
end
}
proxy_intercept_errors on;
recursive_error_pages on;
error_page 301 302 307 = @handle_redirect;
}
location /token {
proxy_pass https://auth.docker.io;
proxy_set_header Host auth.docker.io;
}
location @handle_redirect {
set $saved_redirect_location '$upstream_http_location';
proxy_pass $saved_redirect_location;
}
location / {
return 204;
}
}
Docker 配置
[root@online]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://docker.9421.ltd","https://1x0mt0l8.mirror.aliyuncs.com"]
}