Is it possible to force the use of a local mirror?

When I’m using the --registry-mirror configuration setting, is it possible to have commands fail if they can’t use my local mirror rather than going out to Docker Hub to fetch resources?

For certain CI builds I’d like to ensure my local (Nexus) pull through cache is getting used to guarantee I have a local copy of the image before I rely on it. I could use an environment variable as a prefix to guarantee I’m pull from the local mirror:

docker pull ${LOCAL_REGISTRY_MIRROR}/library/alpine

Or, for a Dockerfile:

FROM ${registry_mirror}/library/alpine
docker build --build-arg .

However, I’d much rather force the usage of the --registry-mirror I’ve set so I can use more readable image names:

docker pull


docker build .

Is there a way of blocking with configuration instead of resorting to blocking with a firewall?