What's a good practice to forward all docker.io pull requests to my private registry?

Before asking this question, I tried to search as much as I can in order to find a way but I only found that what I want is not possible through the docker, but I’m not sure of it about the Linux.

This is my /etc/docker/daemon.json:

  "insecure-registries" :["private_reg.com"],
  "registry-mirrors": ["http://private_reg.com"]

By default when I run docker run nginx, it pulls image in fact like docker run docker.io/nginx if I’m correct (or docker.io/library/nginx I think).

In my private_reg.com I created an image called reg. So by the above settings when I run docker run reg it should pull from private_reg.com/reg I think, but I get an error that this image does not exist.

  1. Is that possible through the docker via any options?
  2. If not, how may I forward these requests in Linux?

Have you tried:

docker run private_reg.com/reg

Yes, running docker run private_reg.com/reg works fine but what I want is only to run docker run reg so that reg image is pulled from private_reg.com

Yeah, what you are asking for would be nice.

It seems that changing the default registry would break things see here and here. However, I see that you can add a mirror registry that your

docker run reg

could fall back to if you changed ‘reg’ to something more unique. But then you would have to deal with latency while the request failed at docker.io first, and it would only work until someone created an image on docker.io with the unique name you chose.

My instincts say that any other workaround achieved by manipulating the resolution of docker.io requests is too much trouble and not maintainable, which I think rules out configuring proxy settings in the daemon.json file, but maybe someone else can explain why I am incorrect about that.

Thanks, but I want to do some changes on some images like mysql:5.7 and whenever I pull, in fact it pulls the modified image instead of the actual image.

Can you please explain what you mean by “modified image” versus “actual image”?

Suppose image mysql:5.7 or mariadb:latest. The actual image is what we pull from docker hub.

But I want to do some changes like adding some conf like sql_mode = '' to /etc/my.cnf file and build that image since some software require this option and if this option is not set to empty, websites when doing INSERT query will throw an error.

That sounds like customizing the build process for the image. You can do this by either:
1.) copying the mysql source Dockerfile (usually available on github.com, depending on whether the image maintainer makes it available or not) and then making changes to it and rebuilding the image as my_apps_mysql,
2. Making your own Dockerfile that specifies

FROM mysql:tag

You can then push the image you built to your private_repo.com. Subsequent pulls from private_repo.com/my_apps_mysql will use the custom built image that includes the my.cnf file.

Clearly, this still does not avoid your original observation that you must specify your private registry explicitly since you are not able to change the default registry, but in docker-compose.yml files you can use

  image: private_repo.com/my_apps_mysql

and in fact this is what you should be doing for many (I’m sure there are exceptions) production scenerios.

Do not overlook the fact that Docker Hub provides one private repo, and public repos for your custom-built images. If you are only trying to solve this issue because of maintaining the one database image, then customizing the image build as described above and pushing to Docker hub at

docker push yourusername/image:tag

“sort of” provides you a solution without the need for changing the default registry (although I get how its is a different, less general solution).