- create volumes
$ docker volume create registry-ca
registry-ca
$ docker volume create registry-mirror-cache
registry-mirror-cache
- run daemon, image from https://github.com/rpardini/docker-registry-proxy
$ docker run --restart=always --name docker_registry_proxy -it -p 0.0.0.0:3128:3128 -e ENABLE_MANIFEST_CACHE=true -e ALLOW_PUSH=true -e PROXY_CONNECT_TIMEOUT=600s -e PROXY_CONNECT_READ_TIMEOUT=600s -e PROXY_CONNECT_CONNECT_TIMEOUT=600s -e PROXY_CONNECT_SEND_TIMEOUT=600s -e SEND_TIMEOUT=600s -e CLIENT_BODY_TIMEOUT=600s -e CLIENT_HEADER_TIMEOUT=600s -e PROXY_READ_TIMEOUT=600s -e PROXY_CONNECT_TIMEOUT=600s -e PROXY_SEND_TIMEOUT=600s --mount source=registry-mirror-cache,target=/docker_mirror_cache --mount source=registry-ca,target=/ca rpardini/docker-registry-proxy:0.6.2
- configure the docker daemon to use the proxy, with
sudo systemctl edit docker.service
an editor session opens, paste this content:
[Service]
Environment="HTTP_PROXY=http://localhost:3128/"
Environment="HTTPS_PROXY=http://localhost:3128/"
then save and exit the editor.
- get the CA certificate from the proxy and make it a trusted root.
### FEDORA
# Get the CA certificate from the proxy and make it a trusted root.
$ curl http://192.168.66.72:3128/ca.crt > /etc/pki/ca-trust/source/anchors/docker_registry_proxy.crt
$ update-ca-trust
###
### UBUNTU
# Get the CA certificate from the proxy and make it a trusted root.
$ curl http://192.168.66.72:3128/ca.crt > /usr/share/ca-certificates/docker_registry_proxy.crt
$ echo "docker_registry_proxy.crt" >> /etc/ca-certificates.conf
$ update-ca-certificates --fresh
###
- reload systemd config and restart dockerd
$ sudo systemctl daemon-reload
$ sudo systemctl restart docker.service