Hello,

ever since docker implemented the image limit on anonymous pulls, we have had the problem of sporadically hitting the pull rate limit.

Now my question is, what is the easiest way to incorporate a docker account with a higher rate limit into our company intranet?

We currently have next to no control over who is pulling images through our proxy server and we dont want to implement complex user- or team-specific access-structures.

The ideal solution would be a kind of “docker-proxy” that we can setup to use a docker account and to function as a kind of relay-server for image requests. We would specify that server as a proxy-server in docker and any docker-client wanting to pull an image would use THAT servers docker account and thus not hit the anonymous rate limit.

Is such an idae feasable? What are the potential risks involved?

Thank you for you help!

FSeifer

Turns out what I need is a docker mirror aka a pul-through registry:

UPDATE:

I messed around with the idea a bit more and have stumbled upon another issue:

Ideally I’d like to run the registry in a seperate container via a compose file.
However, I also want to encrypt the credentials I use for logging into docker.com to pull the requested images.

I succcessfully implemented the “credStore: pass” method on the host machine so I can run “docker login” without exposing my password.

Now my question is, how can I achieve the same level of security for a docker registry pull-through cache inside a docker container?

Thank you for any advice!

FSeifer