misterli's Blog.

Cloudflare 代理dockerhub的两种方式

字数统计: 1.5k阅读时长: 7 min
2024/06/11

前提条件:

1、一个cloudflare账号

2、一个域名

使用 Cloudflare Workers 来部署我们的镜像加速服务,这里我的账号是使用的免费计划,每天100,000次请求,个人用足够了

首先安装 wrangler 命令行工具 https://developers.cloudflare.com/workers/cli-wrangler/install-update

安装后执行 wrangler login 会自动跳转到浏览器进行身份验证,我们在页面中选择allow

image-20240611171124989

image-20240611160122394

方式一

安装

这里使用hammal这个项目,首先将项目下载到本地

1
2
3
git clone https://github.com/ImSingee/hammal.git
cd hammal
mv wrangler.toml.sample wrangler.toml

获取 account_id id

1
wrangler whoami

或者页面上查看

image-20240611160642190

#创建 KV namespace

1
2
3
4
5
6
7
➜  hammal-demo: wrangler kv:namespace create docker_cache
⛅️ wrangler 3.59.0 (update available 3.60.1)
-------------------------------------------------------
🌀 Creating namespace with title "docker-proxy-docker_cache"
✨ Success!
Add the following to your configuration file in your kv_namespaces array:
{ binding = "docker_cache", id = "00fe55d37f61**********47bf" }

修改wrangler.toml文件

1
2
3
4
5
6
7
8
9
name = "docker-proxy" //要创建的cloudflare worlers 应用程序的名称
account_id = "1492*********" //上一步查看到的account id
workers_dev = true
main = "./src/index.ts"
compatibility_date = "2021-12-07"
//将创建KV namespace 中的id 写入下方,注意 binding = "HAMMAL_CACHE" 不需要修改
kv_namespaces = [
{ binding = "HAMMAL_CACHE", id = "00fe55d3*****95ac1063847bf" }
]

部署应用

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
➜  hammal-demo git:(main) ✗ wrangler deploy
⛅️ wrangler 3.59.0 (update available 3.60.1)
-------------------------------------------------------
Total Upload: 5.59 KiB / gzip: 1.78 KiB
Your worker has access to the following bindings:
- KV Namespaces:
- HAMMAL_CACHE: 00fe5*******1063847bf
Uploaded docker-proxy (1.05 sec)
Published docker-proxy (4.16 sec)
https://docker-proxy.121324124.workers.dev
Current Deployment ID: 0794aebc-*****087e01014b44
Current Version ID: 0794aeb*******087e01014b44


Note: Deployment ID has been renamed to Version ID. Deployment ID is present to maintain compatibility with the previous behavior of this command. This output will change in a future version of Wrangler. To learn more visit: https://developers.cloudflare.com/workers/configuration/versions-and-deployments

部署后我们就可以在页面上看到这个应用了

image-20240611161359858

添加自定义域名

虽然Cloudflare Workers为我们应用提供了workers.dev 域名,但是该域名被墙,这里我们还需要自定义一个域名,我的lishuai.fun的域名就是在Cloudflare ,这里添加自定义域后Cloudflare 会帮我做dns解析以及证书。

image-20240611162301081

添加后如下

image-20240611162803433

使用

直接使用

比如我们要下载busybox:1.30 这个镜像,直接使用就是下载 proxy.lishuai.fun/busybox:1.30

1
2
3
4
5
6
7
[root@dev-tools ~]# docker pull proxy.lishuai.fun/busybox:1.30
1.30: Pulling from busybox
53071b97a884: Pull complete
Digest: sha256:4b6ad3a68d34da29bf7c8ccb5d355ba8b4babcad1f99798204e7abb43e54ee3d
Status: Downloaded newer image for proxy.lishuai.fun/busybox:1.30
proxy.lishuai.fun/busybox:1.30

作为 docker registry mirro使用

没添加前我们pull nginx镜像会报错

1
2
3
4
5
6
7
8
9
10
[root@dev-tools ~]# docker pull nginx:1.20 
1.20: Pulling from library/nginx
214ca5fb9032: Pulling fs layer
50836501937f: Pulling fs layer
d838e0361e8e: Pulling fs layer
fcc7a415e354: Waiting
dc73b4533047: Waiting
e8750203e985: Waiting
error pulling image configuration: Get "https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/05/0584b370e957bf9d09e10f424859a02ab0fda255103f75b3f8c7d410a4e96ed5/data?verify=1718097591-sHWoUPhk%2BwR4vjhRQiG7UTsSwLM%3D": read tcp 192.168.3.24:54228->104.16.98.215:443: read: connection reset by peer

配置registry mirror,创建/etc/docker/daemon.json 文件,并将下面内容写入文件

1
2
3
4
5
cat  /etc/docker/daemon.json 
{
"registry-mirrors": ["https://proxy.lishuai.fun"]
}

重启docker

1
2
3
systemctl  daemon-reload
systemctl restart docker

再次下载镜像

1
2
3
4
5
6
7
8
9
10
11
[root@dev-tools ~]# docker pull nginx:1.20 
1.20: Pulling from library/nginx
214ca5fb9032: Pull complete
50836501937f: Pull complete
d838e0361e8e: Pull complete
fcc7a415e354: Pull complete
dc73b4533047: Pull complete
e8750203e985: Pull complete
Digest: sha256:38f8c1d9613f3f42e7969c3b1dd5c3277e635d4576713e6453c6193e66270a6d
Status: Downloaded newer image for nginx:1.20
docker.io/library/nginx:1.2

我们还可以查看访问日志

image-20240611163428141

获取其他镜像源镜像

目前 hammal 支持获取 k8s.gcr.io, gcr.io, quay.io 的镜像,可以通过修改 handler.ts 中的 DEFAULT_BACKEND_HOST 添加

方式二

安装

使用cloudflare-docker-proxy 这个项目,这个项目可以一个服务代理多个镜像仓库,比如docker,k8s.gcr.io, gcr.io, quay.io

1
2
git clone https://github.com/ciiiii/cloudflare-docker-proxy.git
cd cloudflare-docker-proxy

配置代理仓库

注意: 这里将docker.libcuda.so 改为你自己的域名

如果你只想代理dockerhub 修改为

1
2
3
const routes = {
"docker.libcuda.so": "https://registry-1.docker.io",
};

如果代理多个仓库则修改为

1
2
3
4
5
6
7
8
9
const routes = {
"docker.libcuda.so": "https://registry-1.docker.io",
"quay.libcuda.so": "https://quay.io",
"gcr.libcuda.so": "https://gcr.io",
"k8s-gcr.libcuda.so": "https://k8s.gcr.io",
"k8s.libcuda.so": "https://registry.k8s.io",
"ghcr.libcuda.so": "https://ghcr.io",
"cloudsmith.libcuda.so": "https://docker.cloudsmith.io",
};

如果想修改应用程序名称,则修改wrangler.toml 文件

部署

1
wrangler deploy

部署后还需要在应用程序要添加自定义域名,如果代理多个仓库这里就需要添加多个

这里我部署时候只代理了dockerhub ,这里也就添加一个域名,还是使用proxy-demo.lishuai.fun 这个域名,用来和方式一做区分

image-20240611165935495

使用

直接使用

可以看到 通过proxy-demo.lishuai.fun/grafana/grafana:8.3.1 下载镜像可以正常下载

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
[root@dev-tools ~]# ls /etc/docker/
key.json
[root@dev-tools ~]# docker pull grafana/grafana:8.3.1
8.3.1: Pulling from grafana/grafana
97518928ae5f: Already exists
a8f5f0c09c3c: Pulling fs layer
9643e582a667: Pulling fs layer
ad4af0290117: Pulling fs layer
d096601a4afa: Waiting
65e4610b9997: Waiting
e64bd165f497: Waiting
6f30ef190861: Waiting
48ef5f0dbcfe: Waiting
d095202b1b92: Waiting
error pulling image configuration: Get "https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/3b/3b1fc05e7c9aadd934d297ffe7804b61beb33a71b80c124c49f2a974a66e6ac5/data?verify=1718099366-5KAdXT8gn5AZ6gSj0I38FWgAOgc%3D": dial tcp 104.23.124.189:443: i/o timeout
[root@dev-tools ~]# docker pull proxy-demo.lishuai.fun/grafana/grafana:8.3.1
8.3.1: Pulling from grafana/grafana
97518928ae5f: Already exists
a8f5f0c09c3c: Pull complete
9643e582a667: Pull complete
ad4af0290117: Pull complete
d096601a4afa: Pull complete
65e4610b9997: Pull complete
e64bd165f497: Pull complete
6f30ef190861: Pull complete
48ef5f0dbcfe: Pull complete
d095202b1b92: Pull complete
Digest: sha256:259b847ed7e3f58e6056438fd3bc353f48fbe9b77ed3b204ae619ba80e10aed9
Status: Downloaded newer image for proxy-demo.lishuai.fun/grafana/grafana:8.3.1
proxy-demo.lishuai.fun/grafana/grafana:8.3.1

作为 docker registry mirro使用

创建/etc/docker/daemon.json ,并重启docker服务

1
2
3
4
5
6
[root@dev-tools ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://proxy-demo.lishuai.fun"]
}
[root@dev-tools ~]# systemctl daemon-reload
[root@dev-tools ~]# systemctl restart docker

直接下载 grafana/grafana:8.4.1的镜像是可以成功下载的

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
[root@dev-tools ~]# docker pull  grafana/grafana:8.4.1
8.4.1: Pulling from grafana/grafana
59bf1c3509f3: Already exists
4164a319d242: Pull complete
4a2f14a47a81: Pull complete
dc89330ee24a: Pull complete
380ee6bf29fe: Pull complete
85f29e9b1e76: Pull complete
b08bc2f18db4: Pull complete
6e094f1959b8: Pull complete
c2264af70d0b: Pull complete
c4d0c131d223: Pull complete
Digest: sha256:6dab2275e060b2fbb5dd9813e79b4aa3bde71aa6c8d340180a0bfa6c047605f2
Status: Downloaded newer image for grafana/grafana:8.4.1
docker.io/grafana/grafana:8.4.1

总结

两种方式都很好,爱用哪种用哪种!!!

CATALOG
  1. 1. 方式一
    1. 1.1. 安装
    2. 1.2. 部署应用
    3. 1.3. 使用
      1. 1.3.1. 直接使用
      2. 1.3.2. 作为 docker registry mirro使用
      3. 1.3.3. 获取其他镜像源镜像
  2. 2. 方式二
    1. 2.1. 安装
    2. 2.2. 配置代理仓库
    3. 2.3. 部署
    4. 2.4. 使用
      1. 2.4.1. 直接使用
      2. 2.4.2. 作为 docker registry mirro使用
  3. 3. 总结