CRProxy 由国内容器公司
DaoCloud工程师开发;目前主要适用于容器镜像代理;加速容器镜像访问的软件!如果您在大陆不能下载镜像,CRProxy适合您或您的公司。
基础环境#
容器安装、域名购买、海外服务器等不在此赘述;根据您的习惯,自由选择!
- Docker
- Docker Compose
- Traefik
- 域名
- 海外服务器:1台
容器服务#
使用 docker-compose 部署运维;代理可以使用 nginx-ui、caddy、traefik 等工具。
容器网络:
docker craete network service
CRProxy#
- 创建容器
# 创建目录
mkdir /usr/local/src/crproxy && cd /usr/local/src/crproxy && touch compose.yml
compose.yml容器文件内容如下
services:
crproxy:
image: ghcr.io/daocloud/crproxy/crproxy:v0.12.6
container_name: crproxy
restart: unless-stopped
networks:
- service
environment:
TZ: Asia/Shanghai
deploy:
resources:
limits:
memory: 256m
cpus: "0.50"
networks:
service:
external: true
- 启动容器
docker compose up -d
Traefik#
- 创建容器
# 创建目录
mkdir /usr/local/src/traefik && cd /usr/local/src/traefik && touch compose.yml
- 文件结构
traefik/
├── compose.yml
└── traefik
├── letsencrypt
│ └── acme.json
└── traefik
├── dynamic.yml
└── traefik.yml
compose.yml容器文件内容如下
- CF_DNS_API_TOKEN: 本人域名托管在
Cloudflare,请自行替换;如果您使用的是Traefik,可以从此处查找 providers 变量信息。
services:
traefik:
privileged: true
image: traefik:v3.5.0
container_name: traefik
restart: always
environment:
TZ: Asia/Shanghai
CF_DNS_API_TOKEN: {}
stdin_open: true
volumes:
- /usr/local/src/traefik/traefik/letsencrypt:/letsencrypt
- /usr/local/src/traefik/traefik/traefik:/etc/traefik
- /etc/localtime:/etc/localtime
- /var/run/docker.sock:/var/run/docker.sock
tty: true
mem_limit: '256m'
cpus: '0.5'
networks:
- service
ports:
- '80:80'
- '443:443'
networks:
service:
external: true
traefik.yml
global:
checknewversion: true
sendanonymoususage: false
log:
level: INFO
api:
insecure: false
dashboard: true
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: ":443"
certificatesResolvers:
letsencrypt:
acme:
dnsChallenge:
provider: cloudflare
delayBeforeCheck: 30
storage: /letsencrypt/acme.json
email: {CloudFlare Email}
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
filename: /etc/traefik/dynamic.yml
watch: true
dynamic.yml
- 请把文件中本人域名
artoio.cc替换成你的二级域名。 - 请把文件中
artoio替换成你的域名前缀。
tls:
options:
default:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 # TLS 1.2
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 # TLS 1.2
- TLS_AES_256_GCM_SHA384 # TLS 1.3
- TLS_CHACHA20_POLY1305_SHA256 # TLS 1.3
curvePreferences:
- CurveP521
- CurveP384
sniStrict: true
http:
routers:
artoio:
rule: "Host(`artoio.cc`)"
entryPoints:
- websecure
tls:
certResolver: letsencrypt
domains:
- main: "artoio.cc"
sans:
- "*.artoio.cc"
service: artoio
quay:
rule: "Host(`quay.artoio.cc`)"
entryPoints:
- websecure
tls:
certResolver: letsencrypt
domains:
- main: "artoio.cc"
sans:
- "*.artoio.cc"
middlewares:
- "quay"
service: quay
ghcr:
rule: "Host(`ghcr.artoio.cc`)"
entryPoints:
- websecure
tls:
certResolver: letsencrypt
domains:
- main: "artoio.cc"
sans:
- "*.artoio.cc"
middlewares:
- "ghcr"
service: ghcr
docker:
rule: "Host(`docker.artoio.cc`)"
entryPoints:
- websecure
tls:
certResolver: letsencrypt
domains:
- main: "artoio.cc"
sans:
- "*.artoio.cc"
middlewares:
- "docker"
service: docker
elastic:
rule: "Host(`elastic.artoio.cc`)"
entryPoints:
- websecure
tls:
certResolver: letsencrypt
domains:
- main: "artoio.cc"
sans:
- "*.artoio.cc"
middlewares:
- "elastic"
service: elastic
kubernetes:
rule: "Host(`kubernetes.artoio.cc`)"
entryPoints:
- websecure
tls:
certResolver: letsencrypt
domains:
- main: "artoio.cc"
sans:
- "*.artoio.cc"
middlewares:
- "kubernetes"
service: kubernetes
services:
artoio:
loadBalancer:
servers:
- url: "http://crproxy:8080"
quay:
loadBalancer:
servers:
- url: "http://crproxy:8080"
ghcr:
loadBalancer:
servers:
- url: "http://crproxy:8080"
docker:
loadBalancer:
servers:
- url: "http://crproxy:8080"
elastic:
loadBalancer:
servers:
- url: "http://crproxy:8080"
kubernetes:
loadBalancer:
servers:
- url: "http://crproxy:8080"
middlewares:
SecHeaders:
headers:
frameDeny: true
contentTypeNosniff: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsSeconds: 15768000
sslRedirect: true
sslForceHost: true
quay:
redirectRegex:
regex: "^https://quay.artoio.cc/v2/(.+)$"
replacement: "https://artoio.cc/v2/quay.io/${1}"
permanent: true
ghcr:
redirectRegex:
regex: "^https://ghcr.artoio.cc/v2/(.+)$"
replacement: "https://artoio.cc/v2/ghcr.io/${1}"
permanent: true
docker:
redirectRegex:
regex: "^https://docker.artoio.cc/v2/(.+)$"
replacement: "https://artoio.cc/v2/docker.io/${1}"
permanent: true
elastic:
redirectRegex:
regex: "^https://elastic.artoio.cc/v2/(.+)$"
replacement: "https://artoio.cc/v2/docker.elastic.co/${1}"
permanent: true
kubernetes:
redirectRegex:
regex: "^https://kubernetes.artoio.cc/v2/(.+)$"
replacement: "https://artoio.cc/v2/registry.k8s.io/${1}"
permanent: true
快乐使用#
容器配置#
编辑 /etc/docker/daemon.json 文件;添加 registry-mirrors 值;然后重启服务 systemctl daemon-reload && systemctl restart docker;
- 镜像加速配置后,下载镜像时无需添加加速地址
{
"exec-opts": [
"native.cgroupdriver=systemd"
],
"registry-mirrors": [
"https://docker.artoio.cc"
],
"log-driver": "json-file",
"log-opts": {
"max-size": "10m",
"max-file": "3"
}
}
加速地址【必填】#
手动下载镜像时,请填写加速地址!以下是2种方式!
方式一:
docker pull docker.artoio.cc/python:3.14.0
方式二:
docker pull artoio.cc/docker.io/python:3.14.0
参考:
- https://github.com/DaoCloud/crproxy/blob/master/README_cn.md
- https://doc.traefik.io/traefik/v3.3/https/acme/#providers
