I am looking for a mechanism to minimize docker pull traffic for a bunch of hosts which are provisioning the same docker image. I tried to use squid-cache but apparently it is no good as it has no mechanism to cache https. I can not setup a local-registry as well as the remote registry is not docker hub and as the remote is a private registry no mediator-private registry can work in that scenario as well. As the data being pulled is huge and repetitive, can someone suggest a method to help me out?
Asked
Active
Viewed 613 times
1 Answers
2
Man in the middle the TLS connections with a proxy that will cache non Docker Hub requests. Requires pushing a CA certificate to all the Docker clients.
https://github.com/rpardini/docker-registry-proxy claims to implement such a thing.
John Mahowald
- 30,009
- 1
- 17
- 32
-
Thanks seems to be exactly what I am looking for with downside of CA injection though – h.safe Sep 03 '19 at 05:34
-
MITM with a CA is how that hack works. The client should *not* use `--insecure-registry`, to force any malicious MITM to go through as much trouble to trust a bad cert. – John Mahowald Sep 03 '19 at 12:15