Docker 镜像的快速访问对于开发者来说至关重要,但国内用户常常因为网络限制而面临访问 Docker 官方镜像仓库速度慢的问题。CloudFlare Worker 作为一个免费的全球 CDN 服务,提供了一种有效的解决方案。本文将详细介绍如何利用 CloudFlare Worker 搭建 Docker 加速镜像服务。
什么是 CloudFlare Worker?※
CloudFlare Worker 是一种在 CloudFlare 边缘网络运行的轻量级 JavaScript 运行环境,它能够处理 HTTP 请求,实现自定义的网络逻辑,并且完全免费。
搭建 Docker 加速镜像服务的步骤※
步骤 1:创建 CloudFlare Worker※
- 登录 CloudFlare 账户。
- 在 CloudFlare 面板中创建一个新的 Worker。
步骤 2:编写 Worker 脚本※
编写 worker.js 文件,实现 Docker 镜像的请求代理。以下是 worker.js 的示例代码:
'use strict'
const hub_host = 'registry-1.docker.io'
const auth_url = 'https://auth.docker.io'
const originalHost = 'mr.cqx1.xyz';
const workers_url = 'https://' + originalHost
//const home_page_url = '远程html链接'
/** @type {RequestInit} */
const PREFLIGHT_INIT = {
// @ts-ignore
status: 204,
headers: new Headers({
'access-control-allow-origin': '*',
'access-control-allow-methods': 'GET,POST,PUT,PATCH,TRACE,DELETE,HEAD,OPTIONS',
'access-control-max-age': '1728000',
}),
}
/**
* @param {any} body
* @param {number} status
* @param {Object<string, string>} headers
*/
function makeRes(body, status = 200, headers = {}) {
headers['access-control-allow-origin'] = '*'
return new Response(body, {status, headers})
}
/**
* @param {string} urlStr
*/
function newUrl(urlStr) {
try {
return new URL(urlStr)
} catch (err) {
return null
}
}
addEventListener('fetch', e => {
const ret = fetchHandler(e)
.catch(err => makeRes('cfworker error:\n' + err.stack, 502))
e.respondWith(ret)
})
/**
* @param {FetchEvent} e
*/
async function fetchHandler(e) {
const getReqHeader = (key) => e.request.headers.get(key);
let url = new URL(e.request.url);
if (url.pathname === '/') {
// Fetch and return the home page HTML content
//return fetch(home_page_url);
return new Response(HTML.replace(/{{host}}/g, originalHost), {
status: 200,
headers: {
"content-type": "text/html"
}
});
}
if (url.pathname === '/token') {
let token_parameter = {
headers: {
'Host': 'auth.docker.io',
'User-Agent': getReqHeader("User-Agent"),
'Accept': getReqHeader("Accept"),
'Accept-Language': getReqHeader("Accept-Language"),
'Accept-Encoding': getReqHeader("Accept-Encoding"),
'Connection': 'keep-alive',
'Cache-Control': 'max-age=0'
}
};
let token_url = auth_url + url.pathname + url.search
return fetch(new Request(token_url, e.request), token_parameter)
}
url.hostname = hub_host;
let parameter = {
headers: {
'Host': hub_host,
'User-Agent': getReqHeader("User-Agent"),
'Accept': getReqHeader("Accept"),
'Accept-Language': getReqHeader("Accept-Language"),
'Accept-Encoding': getReqHeader("Accept-Encoding"),
'Connection': 'keep-alive',
'Cache-Control': 'max-age=0'
},
cacheTtl: 3600
};
if (e.request.headers.has("Authorization")) {
parameter.headers.Authorization = getReqHeader("Authorization");
}
let original_response = await fetch(new Request(url, e.request), parameter)
let original_response_clone = original_response.clone();
let original_text = original_response_clone.body;
let response_headers = original_response.headers;
let new_response_headers = new Headers(response_headers);
let status = original_response.status;
if (new_response_headers.get("Www-Authenticate")) {
let auth = new_response_headers.get("Www-Authenticate");
let re = new RegExp(auth_url, 'g');
new_response_headers.set("Www-Authenticate", response_headers.get("Www-Authenticate").replace(re, workers_url));
}
if (new_response_headers.get("Location")) {
return httpHandler(e.request, new_response_headers.get("Location"))
}
let response = new Response(original_text, {
status,
headers: new_response_headers
})
return response;
}
/**
* @param {Request} req
* @param {string} pathname
*/
function httpHandler(req, pathname) {
const reqHdrRaw = req.headers
// preflight
if (req.method === 'OPTIONS' &&
reqHdrRaw.has('access-control-request-headers')
) {
return new Response(null, PREFLIGHT_INIT)
}
let rawLen = ''
const reqHdrNew = new Headers(reqHdrRaw)
const refer = reqHdrNew.get('referer')
let urlStr = pathname
const urlObj = newUrl(urlStr)
/** @type {RequestInit} */
const reqInit = {
method: req.method,
headers: reqHdrNew,
redirect: 'follow',
body: req.body
}
return proxy(urlObj, reqInit, rawLen)
}
/**
*
* @param {URL} urlObj
* @param {RequestInit} reqInit
*/
async function proxy(urlObj, reqInit, rawLen) {
const res = await fetch(urlObj.href, reqInit)
const resHdrOld = res.headers
const resHdrNew = new Headers(resHdrOld)
// verify
if (rawLen) {
const newLen = resHdrOld.get('content-length') || ''
const badLen = (rawLen !== newLen)
if (badLen) {
return makeRes(res.body, 400, {
'--error': `bad len: ${newLen}, except: ${rawLen}`,
'access-control-expose-headers': '--error',
})
}
}
const status = res.status
resHdrNew.set('access-control-expose-headers', '*')
resHdrNew.set('access-control-allow-origin', '*')
resHdrNew.set('Cache-Control', 'max-age=1500')
resHdrNew.delete('content-security-policy')
resHdrNew.delete('content-security-policy-report-only')
resHdrNew.delete('clear-site-data')
return new Response(res.body, {
status,
headers: resHdrNew
})
}
const HTML = `
<!DOCTYPE html>
<html lang="zh-CN">
<head>
<meta charset="UTF-8">
<!-- 省略 head 中的 meta 和 style 标签 -->
<title>Docker Mirror Usage</title>
</head>
<body>
<div class="header">
<h1>Docker Mirror Usage</h1>
</div>
<div class="container">
<div class="content">
<p>镜像加速说明</p>
<p>全局方式:为了加速全部镜像拉取,你可以使用以下命令设置 registry mirror:</p>
<pre>
sudo tee /etc/docker/daemon.json <<EOF
{
"registry-mirrors": ["https://{{host}}"]
}
EOF
sudo systemctl daemon-reload && sudo systemctl restart docker
</pre>
<p>临时方式:为了加速拉取某个镜像,可以使用以下命令:</p>
<pre>
docker pull {{host}}/命名空间/镜像名称:标签名称
例如:
docker pull {{host}}/library/alpine:latest # 拉取 library 镜像
docker pull {{host}}/coredns/coredns:latest # 拉取 coredns 镜像
</pre>
</div>
</div>
<div class="footer">
<p>Powered by <a href="https://blog.cqx1.xyz">Xiao1</a></p>
</div>
</body>
</html>
`步骤 3::部署 Worker※
在 CloudFlare 面板中部署编写好的 Worker 脚本。
步骤 4:配置自定义域名※
为了更好的访问体验,配置自定义域名以替代默认的 workers.dev 域名。
结语※
通过以上步骤,你可以成功搭建一个 Docker 加速镜像服务,有效提升国内用户访问 Docker 官方镜像仓库的速度。CloudFlare Worker 的使用不仅免费,而且简单易操作,是技术爱好者和开发者的理想选择。
