基于沪港IPLC的高速Docker镜像加速服务

基于沪港IPLC的高速Docker镜像加速服务

在国内开发运维环境中,直接访问 Docker Hub、GCR 等海外镜像仓库常面临严峻挑战:跨国网络拥塞、路由绕行及防火墙策略导致拉取速度缓慢,甚至频繁中断。这不仅拖慢研发、CI/CD流程,更严重影响容器部署效率——大型镜像下载耗时数十分钟已成常态,严重制约研发效能。为彻底解决这一痛点,我们基于 IPLC(国际私有租赁电路)专线构建镜像加速服务。IPLC 的核心优势在于提供点对点物理直连通道,完全规避公网跨境拥堵节点,具有超低延迟、最短路由、企业级SLA可靠的优点。

通过将 docker.io 等源站替换为 hub.procoding.cn 专属加速节点,开发者可体验媲美香港的高速镜像服务,让容器化部署效率获得质的飞跃。立即配置,告别漫长等待!

1.Docker镜像站:

镜像检索:
https://docker.procoding.cn

2.Docker镜像加速地址

源站替换为平台
docker.iohub.procoding.cnDocker hub
gcr.iogcr.procoding.cnGoogle Container Registry
ghcr.ioghcr.procoding.cnGitHub Container Registry
k8s.gcr.iok8s-gcr.procoding.cnKubernetes Container Registry
registry.k8s.iok8s.procoding.cnKubernetes’s container image registry
quay.ioquay.procoding.cnQuay Container Registry
mcr.microsoft.commcr.procoding.cnMicrosoft Container Registry
docker.elastic.coelastic.procoding.cnElastic Stack
nvcr.ionvcr.procoding.cnNVIDIA Container Registry

建议 编辑或创建 /etc/docker/daemon.json 文件:

{
  "registry-mirrors": [
    "https://hub.procoding.cn"
  ]
}

然后重启docker服务

sudo systemctl restart docker

DockerHub如果出现拉取不下来的情况,使用以下指令查询异常:

Bash
curl -v https://hub.procoding.cn/v2/library/redis/manifests/7.2-alpine

错误一:下载超过免费限制(toomanyrequests)

Bash
{"errors":[{"code":"UNKNOWN","message":"unknown error","detail":"toomanyrequests: You have reached your unauthenticated pull rate limit. https://www.docker.com/increase-rate-limit"}]}

解决方案,使用DockerHub账户登录:

Bash
#可以使用你的账户,仅限于访问公共镜像
docker login hub.procoding.cn -u 你的docker账户
#密码
xxxx

配置加速服务后,即可享受由 IPLC 专线带来的高速、稳定、低延迟的 Docker 镜像访问体验。请务必遵守法律法规,共同维护良好的技术生态。如发现恶意请求、攻击行为或非法镜像内容,平台将立即封锁相关 IP 地址,并依据法律法规上报监管部门处理。

鸣谢开源项目:
Uptime-Kuma
Docker-Proxy

配置文件:

DockerProxy.yaml 
services:
  ## docker hub
  dockerhub:
    container_name: reg-docker-hub
    image: dqzboy/registry:latest
    restart: always
    environment:
      - OTEL_TRACES_EXPORTER=none
      #- http=http://host:port
      #- https=http://host:port
    volumes:
      - ./registry/data:/var/lib/registry
      - ./registry-hub.yml:/etc/distribution/config.yml
      #- ./htpasswd:/auth/htpasswd
    ports:
      - 51000:5000
    networks:
      - registry-net

  ## ghcr.io
  ghcr:
    container_name: reg-ghcr
    image: dqzboy/registry:latest
    restart: always
    environment:
      - OTEL_TRACES_EXPORTER=none
      #- http=http://host:port
      #- https=http://host:port
    volumes:
      - ./registry/data:/var/lib/registry
      - ./registry-ghcr.yml:/etc/distribution/config.yml
      #- ./htpasswd:/auth/htpasswd
    ports:
      - 52000:5000
    networks:
      - registry-net

  ## gcr.io
  gcr:
    container_name: reg-gcr
    image: dqzboy/registry:latest
    restart: always
    environment:
      - OTEL_TRACES_EXPORTER=none
      #- http=http://host:port
      #- https=http://host:port
    volumes:
      - ./registry/data:/var/lib/registry
      - ./registry-gcr.yml:/etc/distribution/config.yml
      #- ./htpasswd:/auth/htpasswd
    ports:
      - 53000:5000
    networks:
      - registry-net

  ## k8s.gcr.io
  k8sgcr:
    container_name: reg-k8s-gcr
    image: dqzboy/registry:latest
    restart: always
    environment:
      - OTEL_TRACES_EXPORTER=none
      #- http=http://host:port
      #- https=http://host:port
    volumes:
      - ./registry/data:/var/lib/registry
      - ./registry-k8sgcr.yml:/etc/distribution/config.yml
      #- ./htpasswd:/auth/htpasswd
    ports:
      - 54000:5000
    networks:
      - registry-net

  ## registry.k8s.io
  k8s:
    container_name: reg-k8s
    image: dqzboy/registry:latest
    restart: always
    environment:
      - OTEL_TRACES_EXPORTER=none
      #- http=http://host:port
      #- https=http://host:port
    volumes:
      - ./registry/data:/var/lib/registry
      - ./registry-k8s.yml:/etc/distribution/config.yml
      #- ./htpasswd:/auth/htpasswd
    ports:
      - 55000:5000
    networks:
      - registry-net
  
  ## quay.io
  quay:
    container_name: reg-quay
    image: dqzboy/registry:latest
    restart: always
    environment:
      - OTEL_TRACES_EXPORTER=none
      #- http=http://host:port
      #- https=http://host:port
    volumes:
      - ./registry/data:/var/lib/registry
      - ./registry-quay.yml:/etc/distribution/config.yml
      #- ./htpasswd:/auth/htpasswd
    ports:
      - 56000:5000
    networks:
      - registry-net

  ## mcr.microsoft.com
  mcr:
    container_name: reg-mcr
    image: dqzboy/registry:latest
    restart: always
    environment:
      - OTEL_TRACES_EXPORTER=none
      #- http=http://host:port
      #- https=http://host:port
    volumes:
      - ./registry/data:/var/lib/registry
      - ./registry-mcr.yml:/etc/distribution/config.yml
      #- ./htpasswd:/auth/htpasswd
    ports:
      - 57000:5000
    networks:
      - registry-net

  ## docker.elastic.co
  elastic:
    container_name: reg-elastic
    image: dqzboy/registry:latest
    restart: always
    environment:
      - OTEL_TRACES_EXPORTER=none
      #- http=http://host:port
      #- https=http://host:port
    volumes:
      - ./registry/data:/var/lib/registry
      - ./registry-elastic.yml:/etc/distribution/config.yml
      #- ./htpasswd:/auth/htpasswd
    ports:
      - 58000:5000
    networks:
      - registry-net

  ## nvcr.io
  nvcr:
    container_name: reg-nvcr
    image: dqzboy/registry:latest
    restart: always
    environment:
      - OTEL_TRACES_EXPORTER=none
      #- http=http://host:port
      #- https=http://host:port
    volumes:
      - ./registry/data:/var/lib/registry
      - ./registry-nvcr.yml:/etc/distribution/config.yml
      #- ./htpasswd:/auth/htpasswd
    ports:
      - 59000:5000
    networks:
      - registry-net

  ### UI
  #registry-ui:
  #  container_name: registry-ui
  #  image: dqzboy/docker-registry-ui:latest
  #  environment:
  #    - DOCKER_REGISTRY_URL=http://reg-docker-hub:5000
  #    # [必须]使用 openssl rand -hex 16 生成唯一值
  #    - SECRET_KEY_BASE=9f18244a1e1179fa5aa4a06a335d01b2
  #    # 启用Image TAG 的删除按钮
  #    - ENABLE_DELETE_IMAGES=true
  #    - NO_SSL_VERIFICATION=true
  #  restart: always
  #  ports:
  #    - 50000:8080
  #  networks:
  #    - registry-net



  ## HubCMD UI
  hubcmd-ui:
    container_name: hubcmd-ui
    image: dqzboy/hubcmd-ui:latest
    restart: always
    # environment:
      # HTTP代理配置(可选)
      #- HTTP_PROXY=http://proxy.example.com:8080
      #- HTTPS_PROXY=https://proxy.example.com:8080
      #- NO_PROXY=localhost,127.0.0.1,.local
      
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      # SQLite数据库文件
      - ./data:/app/data
    ports:
      - 50080:3000
      
networks:
  registry-net:
Nginx.conf 
##registry UI
server {
    listen       80;
    listen       443 ssl;
    server_name  docker.procoding.cn;
    ssl_certificate /etc/nginx/ssl/_.procoding.cn.crt;
    ssl_certificate_key /etc/nginx/ssl/_.procoding.cn.key;
    ssl_session_timeout 1d;
    ssl_session_cache   shared:SSL:50m;
    ssl_session_tickets off;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_buffer_size 8k;
 
    proxy_connect_timeout 600;
    proxy_send_timeout    600;
    proxy_read_timeout    600;
    send_timeout          600;
 
    location / {
        proxy_pass   http://localhost:50080;
        proxy_set_header  Host $host;
        proxy_set_header  Origin $scheme://$host;
        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header  X-Forwarded-Proto $scheme;
        proxy_set_header  X-Forwarded-Ssl on; # Optional
        proxy_set_header  X-Forwarded-Port $server_port;
        proxy_set_header  X-Forwarded-Host $host;
    }
}


##registry UI
server {
    listen       80;
    listen       443 ssl;
    server_name  registry.procoding.cn;
    ssl_certificate /etc/nginx/ssl/_.procoding.cn.crt;
    ssl_certificate_key /etc/nginx/ssl/_.procoding.cn.key;
    ssl_session_timeout 1d;
    ssl_session_cache   shared:SSL:50m;
    ssl_session_tickets off;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_buffer_size 8k;
 
    proxy_connect_timeout 600;
    proxy_send_timeout    600;
    proxy_read_timeout    600;
    send_timeout          600;
 
    location / {
        proxy_pass   http://localhost:50000;
        proxy_set_header  Host $host;
        proxy_set_header  Origin $scheme://$host;
        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header  X-Forwarded-Proto $scheme;
        proxy_set_header  X-Forwarded-Ssl on; # Optional
        proxy_set_header  X-Forwarded-Port $server_port;
        proxy_set_header  X-Forwarded-Host $host;
    }
}

## docker hub
server {
    listen       80;
    listen       443 ssl;
    server_name  hub.procoding.cn;
    ssl_certificate /etc/nginx/ssl/_.procoding.cn.crt;
    ssl_certificate_key /etc/nginx/ssl/_.procoding.cn.key;
    ssl_session_timeout 1d;
    ssl_session_cache   shared:SSL:50m;
    ssl_session_tickets off;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_buffer_size 8k;
 
    proxy_connect_timeout 600;
    proxy_send_timeout    600;
    proxy_read_timeout    600;
    send_timeout          600;
 
    location / {
        proxy_pass   http://localhost:51000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;        
        proxy_set_header X-Nginx-Proxy true;
        proxy_buffering off;
        proxy_redirect off;
    }
}
## ghcr.io
server {
    listen       80;
    listen       443 ssl;
    server_name  hub.procoding.cn;
    ssl_certificate /etc/nginx/ssl/_.procoding.cn.crt;
    ssl_certificate_key /etc/nginx/ssl/_.procoding.cn.key;
    ssl_session_timeout 1d;
    ssl_session_cache   shared:SSL:50m;
    ssl_session_tickets off;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_buffer_size 8k;
 
    proxy_connect_timeout 600;
    proxy_send_timeout    600;
    proxy_read_timeout    600;
    send_timeout          600;
 
    location / {
        proxy_pass   http://localhost:51000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;        
        proxy_set_header X-Nginx-Proxy true;
        proxy_buffering off;
        proxy_redirect off;
    }
}
## ghcr.io
server {
    listen       80;
    listen       443 ssl;
    server_name  ghcr.procoding.cn;
    ssl_certificate /etc/nginx/ssl/_.procoding.cn.crt;
    ssl_certificate_key /etc/nginx/ssl/_.procoding.cn.key;
    ssl_session_timeout 1d;
    ssl_session_cache   shared:SSL:50m;
    ssl_session_tickets off;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_buffer_size 8k;
 
    proxy_connect_timeout 600;
    proxy_send_timeout    600;
    proxy_read_timeout    600;
    send_timeout          600;
 
    location / {
        proxy_pass   http://localhost:52000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;        
        proxy_set_header X-Nginx-Proxy true;
        proxy_buffering off;
        proxy_redirect off;
    }
}
## gcr.io
server {
    listen       80;
    listen       443 ssl;
    server_name  gcr.procoding.cn;
    ssl_certificate /etc/nginx/ssl/_.procoding.cn.crt;
    ssl_certificate_key /etc/nginx/ssl/_.procoding.cn.key;
    ssl_session_timeout 1d;
    ssl_session_cache   shared:SSL:50m;
    ssl_session_tickets off;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_buffer_size 8k;
 
    proxy_connect_timeout 600;
    proxy_send_timeout    600;
    proxy_read_timeout    600;
    send_timeout          600;
 
    location / {
        proxy_pass   http://localhost:53000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;        
        proxy_set_header X-Nginx-Proxy true;
        proxy_buffering off;
        proxy_redirect off;
    }
}
## k8s.gcr.io
server {
    listen       80;
    listen       443 ssl;
    server_name  k8s-gcr.procoding.cn;
    ssl_certificate /etc/nginx/ssl/_.procoding.cn.crt;
    ssl_certificate_key /etc/nginx/ssl/_.procoding.cn.key;
    ssl_session_timeout 1d;
    ssl_session_cache   shared:SSL:50m;
    ssl_session_tickets off;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_buffer_size 8k;
 
    proxy_connect_timeout 600;
    proxy_send_timeout    600;
    proxy_read_timeout    600;
    send_timeout          600;
 
    location / {
        proxy_pass   http://localhost:54000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;        
        proxy_set_header X-Nginx-Proxy true;
        proxy_buffering off;
        proxy_redirect off;
    }
}
## registry.k8s.io
server {
    listen       80;
    listen       443 ssl;
    server_name  k8s.procoding.cn;
    ssl_certificate /etc/nginx/ssl/_.procoding.cn.crt;
    ssl_certificate_key /etc/nginx/ssl/_.procoding.cn.key;
    ssl_session_timeout 1d;
    ssl_session_cache   shared:SSL:50m;
    ssl_session_tickets off;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_buffer_size 8k;
 
    proxy_connect_timeout 600;
    proxy_send_timeout    600;
    proxy_read_timeout    600;
    send_timeout          600;
 
    location / {
        proxy_pass   http://localhost:55000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;        
        proxy_set_header X-Nginx-Proxy true;
        proxy_buffering off;
        proxy_redirect off;
    }
}
## quay.io
server {
    listen       80;
    listen       443 ssl;
    server_name  hub.procoding.cn;
    ssl_certificate /etc/nginx/ssl/_.procoding.cn.crt;
    ssl_certificate_key /etc/nginx/ssl/_.procoding.cn.key;
    ssl_session_timeout 1d;
    ssl_session_cache   shared:SSL:50m;
    ssl_session_tickets off;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_buffer_size 8k;
 
    proxy_connect_timeout 600;
    proxy_send_timeout    600;
    proxy_read_timeout    600;
    send_timeout          600;
 
    location / {
        proxy_pass   http://localhost:56000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;        
        proxy_set_header X-Nginx-Proxy true;
        proxy_buffering off;
        proxy_redirect off;
    }
}
## mcr.microsoft.com
server {
    listen       80;
    listen       443 ssl;
    server_name  mcr.procoding.cn;
    ssl_certificate /etc/nginx/ssl/_.procoding.cn.crt;
    ssl_certificate_key /etc/nginx/ssl/_.procoding.cn.key;
    ssl_session_timeout 1d;
    ssl_session_cache   shared:SSL:50m;
    ssl_session_tickets off;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_buffer_size 8k;
 
    proxy_connect_timeout 600;
    proxy_send_timeout    600;
    proxy_read_timeout    600;
    send_timeout          600;
 
    location / {
        proxy_pass   http://localhost:58000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;        
        proxy_set_header X-Nginx-Proxy true;
        proxy_buffering off;
        proxy_redirect off;
    }
}
## docker.elastic.co
server {
    listen       80;
    listen       443 ssl;
    server_name  elastic.procoding.cn;
    ssl_certificate /etc/nginx/ssl/_.procoding.cn.crt;
    ssl_certificate_key /etc/nginx/ssl/_.procoding.cn.key;
    ssl_session_timeout 1d;
    ssl_session_cache   shared:SSL:50m;
    ssl_session_tickets off;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_buffer_size 8k;
 
    proxy_connect_timeout 600;
    proxy_send_timeout    600;
    proxy_read_timeout    600;
    send_timeout          600;
 
    location / {
        proxy_pass   http://localhost:58000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;        
        proxy_set_header X-Nginx-Proxy true;
        proxy_buffering off;
        proxy_redirect off;
    }
}
## nvcr.io
server {
    listen       80;
    listen       443 ssl;
    server_name  nvcr.procoding.cn;
    ssl_certificate /etc/nginx/ssl/_.procoding.cn.crt;
    ssl_certificate_key /etc/nginx/ssl/_.procoding.cn.key;
    ssl_session_timeout 1d;
    ssl_session_cache   shared:SSL:50m;
    ssl_session_tickets off;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_buffer_size 8k;
 
    proxy_connect_timeout 600;
    proxy_send_timeout    600;
    proxy_read_timeout    600;
    send_timeout          600;
 
    location / {
        proxy_pass   http://localhost:59000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;        
        proxy_set_header X-Nginx-Proxy true;
        proxy_buffering off;
        proxy_redirect off;
    }
}
## 监控
server {
    listen       80;
    listen       443 ssl;
    server_name  mirror-status.procoding.cn;
    ssl_certificate /etc/nginx/ssl/_.procoding.cn.crt;
    ssl_certificate_key /etc/nginx/ssl/_.procoding.cn.key;
    ssl_session_timeout 1d;
    ssl_session_cache   shared:SSL:50m;
    ssl_session_tickets off;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    ssl_buffer_size 8k;
 
    proxy_connect_timeout 600;
    proxy_send_timeout    600;
    proxy_read_timeout    600;
    send_timeout          600;
 
    location / {
		add_header X-Frame-Options ALLOWALL;
        proxy_pass   http://localhost:3001;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;        
        proxy_set_header X-Nginx-Proxy true;
        proxy_buffering off;
        proxy_redirect off;
    }
}
Uptime-Kuma.yaml 
services:
  uptime-kuma:
    image: louislam/uptime-kuma:1
    volumes:
      - /data/uptime-kuma/:/app/data
    ports:
      # <Host Port>:<Container Port>
      - 3001:3001
    environment:
      - UPTIME_KUMA_DISABLE_FRAME_SAMEORIGIN=true  # 添加环境变量
    restart: unless-stopped

Share:
QingHao
Author

QingHao

人工智能专业硕士,现于工业软件企业前沿技术部担任AI算法工程师,专注 3D+AI 算法研发与智能建模架构设计。定居上海,致力于用代码构建数字空间,以镜头定格城市光影与山河壮美,在工程实践中探索 AI 与设计的融合边界。

Continue Reading