{"id":48964626,"url":"https://github.com/motao123/built-docker","last_synced_at":"2026-04-18T03:34:01.509Z","repository":{"id":246467038,"uuid":"821213219","full_name":"motao123/built-docker","owner":"motao123","description":" 自建Docker镜像加速服务，基于 Cloudflare Workers \u0026 Nginx反代两种方法","archived":false,"fork":false,"pushed_at":"2025-01-18T13:20:13.000Z","size":32,"stargazers_count":17,"open_issues_count":2,"forks_count":4,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-18T14:45:08.468Z","etag":null,"topics":["cloudflare-workers","docker","docker-hub","docker-proxy","html","nginx"],"latest_commit_sha":null,"homepage":"https://0-docker.nat.tf/","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/motao123.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-06-28T04:04:08.000Z","updated_at":"2025-01-18T13:20:15.000Z","dependencies_parsed_at":"2024-06-28T05:31:55.779Z","dependency_job_id":"734ab0d2-5635-4417-bd6a-3530a66d5c7b","html_url":"https://github.com/motao123/built-docker","commit_stats":null,"previous_names":["motao123/built-docker"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/motao123/built-docker","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/motao123%2Fbuilt-docker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/motao123%2Fbuilt-docker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/motao123%2Fbuilt-docker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/motao123%2Fbuilt-docker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/motao123","download_url":"https://codeload.github.com/motao123/built-docker/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/motao123%2Fbuilt-docker/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31955836,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-18T00:39:45.007Z","status":"online","status_checked_at":"2026-04-18T02:00:07.018Z","response_time":103,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloudflare-workers","docker","docker-hub","docker-proxy","html","nginx"],"created_at":"2026-04-18T03:34:00.907Z","updated_at":"2026-04-18T03:34:01.501Z","avatar_url":"https://github.com/motao123.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# built-docker\n中国大陆自建Docker教程\n\n## 自建Docker Hub加速镜像\n在使用Docker的过程中会大量的涉及Pull镜像的操作，但是由于官方的镜像服务器在国外再加上某个防火墙的阻拦，导致直接拉取镜像非常困难（看脸）。所以通常的操作是设置一个由国内厂商、机构提供的加速镜像，来提高拉取镜像的速度。但是随着Docker hub限制了未注册用户的拉取频率、各大厂商、机构开始将加速镜像转为内部使用，个人用户拉取镜像变得越来越困难。在长期拉取镜像速度看脸的头疼之下，尝试通过 Nginx 和 Cloudflare Worker 两种方案以及两种方案的组合方案自建Docker hub加速镜像来解决这个问题。\n\n## 自建加速镜像\n\n在尝试搭建之前找了挺多资料，主流的方式有：使用官方提供的 registry，第三方的 Nexus、Harbor。但是使用 registry 搭建一直没有成功，客户端一直报找不到指定镜像；使用 Nexus 搭建又有些太复杂。最后自己总结出来了这两个比较方便的方案。\n\n一点小发现：\n在使用 Nginx 搭建时，发现服务器的流量很小，经过检查 Nginx 的日志后发现，Docker hub 镜像仓库返回的下载地址是需要 307 跳转的，而跳转后的地址依然下载很慢，所以需要在服务端处理这个跳转，将跳转后的数据返回客户端。\n\n# 方案一：使用 Nginx 搭建\n系统：Debian 12 服务器：[棉花云](https://www.88sup.com) 洛杉矶 \n提到要加速一个网站，自然就能想到使用 Nginx 反代一下了。接下来是具体的配置方案\n\n## 安装 Nginx\n```\nsudo apt update \nsudo apt install nginx\n```\n## 防火墙放行指定端口\n我这里使用的防火墙是系统自带的 UFW，并且没有开厂商提供的防火墙（忘记是关掉了还是本来就没有，反正没开），所以只需要 sudo ufw allow ‘Nginx Full’ 一条命令即可，这样就会放行 IPv4 和 IPv6 的 80 和 443 端口（当然也可以手动 sudo ufw allow 443 这样只开放 443 端口）\n如果没有使用防火墙，就不用设置这一步，如果还使用了厂商提供的防火墙，就需要在厂商的面板处同样开放这些端口\n\n## 配置 Nginx \n\n使用命令 sudo vim /etc/nginx/nginx.conf 编辑 Nginx 配置，在 http 块下增加一个 server 块\n\n/etc/nginx/nginx.conf\n\n```\n#反代docker hub镜像源\n     server {\n             listen 443 ssl;\n             server_name 域名;\n\n             ssl_certificate 证书地址;\n             ssl_certificate_key 密钥地址;\n\n             ssl_session_timeout 24h;\n             ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256';\n             ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;\n\n             location / {\n                     proxy_pass https://registry-1.docker.io;  # Docker Hub 的官方镜像仓库\n                     proxy_set_header Host registry-1.docker.io;\n                     proxy_set_header X-Real-IP $remote_addr;\n                     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n                     proxy_set_header X-Forwarded-Proto $scheme;\n\n                     # 关闭缓存\n                     proxy_buffering off;\n\n                     # 转发认证相关的头部\n                     proxy_set_header Authorization $http_authorization;\n                     proxy_pass_header  Authorization;\n\n                     # 对 upstream 状态码检查，实现 error_page 错误重定向\n                     proxy_intercept_errors on;\n                     # error_page 指令默认只检查了第一次后端返回的状态码，开启后可以跟随多次重定向。\n                     recursive_error_pages on;\n                     # 根据状态码执行对应操作，以下为301、302、307状态码都会触发\n                     error_page 301 302 307 = @handle_redirect;\n\n             }\n             location @handle_redirect {\n                     resolver 1.1.1.1;\n                     set $saved_redirect_location '$upstream_http_location';\n                     proxy_pass $saved_redirect_location;\n             }\n     }\n```\n\n然后按 Esc ，输入 : wq 保存退出即可\n\n重新加载 Nginx 配置 输入命令 sudo nginx -s reload，没有报错就说明配置已经生效\n\n# 方案二：使用 CloudFlare Worker 搭建\n作为一个贫穷（doge）的用户，可以免费使用的 CloudFlare Worker 自然要想方设法的用用了，虽然 CloudFlare Worker 的访问速度在国内也不算稳定，但在 CloudFlare 的边缘网络的加持下，白天的速度还是非常可观的，晚上会比较慢但还是比直接使用官方的镜像源要快上很多（又不要钱，要啥自行车.jpg） 这里是在 [基于 Cloudflare Worker 的容器镜像加速器](https://github.com/Doublemine/container-registry-worker) 的基础上稍作修改\n\n在面板左侧找到 Workers 和 Pages，然后点击右侧的 创建应用程序、创建 Worker，修改一个好记的名字，部署\n\n接下来编辑代码，将 worker.js 的内容替换为下面内容\n\nworker.js\n```\nimport HTML from './docker.html';\n\nexport default {\n    async fetch(request) {\n        const url = new URL(request.url);\n        const path = url.pathname;\n        const originalHost = request.headers.get(\"host\");\n        const registryHost = \"registry-1.docker.io\";\n\n        if (path.startsWith(\"/v2/\")) {\n        const headers = new Headers(request.headers);\n        headers.set(\"host\", registryHost);\n\n        const registryUrl = `https://${registryHost}${path}`;\n        const registryRequest = new Request(registryUrl, {\n            method: request.method,\n            headers: headers,\n            body: request.body,\n            // redirect: \"manual\",\n            redirect: \"follow\",\n        });\n\n        const registryResponse = await fetch(registryRequest);\n\n        console.log(registryResponse.status);\n\n        const responseHeaders = new Headers(registryResponse.headers);\n        responseHeaders.set(\"access-control-allow-origin\", originalHost);\n        responseHeaders.set(\"access-control-allow-headers\", \"Authorization\");\n        return new Response(registryResponse.body, {\n            status: registryResponse.status,\n            statusText: registryResponse.statusText,\n            headers: responseHeaders,\n        });\n        } else {\n        return new Response(HTML.replace(/{{host}}/g, originalHost), {\n            status: 200,\n            headers: {\n            \"content-type\": \"text/html\"\n            }\n        });\n        }\n    }\n}\n```\n这里相比原项目，将 redirect: “manual” 修改为了 redirect: “follow”，目的是为了让脚本自行处理 307 跳转，直接返回给我们跳转后的数据。\n新建一个名为 docker.html 的 文件，内容如下\n\ndocker.html\n```\n\u003c!DOCTYPE html\u003e\n\u003chtml\u003e\n    \u003chead\u003e\n        \u003cmeta charset=\"utf-8\" /\u003e\n        \u003cmeta name=\"viewport\" content=\"width=device-width, initial-scale=1\" /\u003e\n        \u003ctitle\u003eMirror Usage\u003c/title\u003e\n        \u003cstyle\u003e\n        html {\n        height: 100%;\n        }\n        body {\n        font-family: \"Roboto\", \"Helvetica\", \"Arial\", sans-serif;\n        font-size: 16px;\n        color: #333;\n        margin: 0;\n        padding: 0;\n        height: 100%;\n        display: flex;\n        flex-direction: column;\n        justify-content: space-between;\n\n        }\n        .container {\n            margin: 0 auto;\n            max-width: 600px;\n        }\n\n        .header {\n            background-color: #438cf8;\n            color: white;\n            padding: 10px;\n            display: flex;\n            align-items: center;\n        }\n\n        h1 {\n            font-size: 24px;\n            margin: 0;\n            padding: 0;\n        }\n\n        .content {\n            padding: 32px;\n        }\n\n        .footer {\n            background-color: #f2f2f2;\n            padding: 10px;\n            text-align: center;\n            font-size: 14px;\n        }\n        \u003c/style\u003e\n    \u003c/head\u003e\n    \u003cbody\u003e\n        \u003cdiv class=\"header\"\u003e\n        \u003ch1\u003eMirror Usage\u003c/h1\u003e\n        \u003c/div\u003e\n        \u003cdiv class=\"container\"\u003e\n        \u003cdiv class=\"content\"\u003e\n            \u003cp\u003e镜像加速说明\u003c/p\u003e\n            \u003cp\u003e\n            为了加速镜像拉取,你可以使用以下命令设置registery mirror:\n            \u003c/p\u003e\n            \u003cpre\u003e\n            sudo tee /etc/docker/daemon.json \u0026lt;\u0026lt;EOF\n            {\n                \"registry-mirrors\": [\"https://{{host}}\"]\n            }\n            EOF\n            \u003c/pre\u003e\n            \u003c/br\u003e\n            \u003cp\u003e\n            为了避免 Worker 用量耗尽,你可以手动 pull 镜像然后 re-tag 之后 push 至本地镜像仓库:\n            \u003c/p\u003e\n            \u003cpre\u003e\n            docker pull {{host}}/library/alpine:latest # 拉取 library 镜像\n            docker pull {{host}}/coredns/coredns:latest # 拉取 library 镜像\n            \u003c/pre\u003e\n        \u003c/div\u003e\n        \u003c/div\u003e\n        \u003cdiv class=\"footer\"\u003e\n        \u003cp\u003ePowered by Cloudflare Workers\u003c/p\u003e\n        \u003c/div\u003e\n    \u003c/body\u003e\n\u003c/html\u003e\n```\n接下来，点击右上角的 部署，稍等片刻\n\n最后，返回面板，在 设置，触发器 处设置一个自己的域名，一切就大功告成了\n不建议使用自带的 workers.dev 的域名，被墙了\n\n# 方案一、二整合\n本来上面的两个方案是独立的，一个使用 Nginx 部署，一个使用 CloudFlare Worker 部署，但是就在我写这篇博客的时候，突然想到，为什么不能把上面的两个方案整合起来呢？\n利用服务器搭建的 Nginx 作为中转，优先由服务器直连 Docker hub 的官方源，当服务器的 IP 请求次数超限后（会报 429 错误），就把请求转发到 CloudFlare Worker 部署的镜像源上，利用 CloudFlare Worker 再做一次中转。这样就即保证了使用服务器中转提高速度，又保证了不会因为服务器的 IP 请求速度过多而受限制，唯一的限制就是服务器的带宽和流量了，几乎完美！！！\n\n## 部署方法：\n将上面部署的 Nginx 配置替换为下面的配置并使用 sudo nginx -s reload 重新加载即可\n\n/etc/nginx/nginx.conf\n```\n#反代docker hub镜像源\n    server {\n            listen 443 ssl;\n            server_name 域名;\n\n            ssl_certificate 证书地址;\n            ssl_certificate_key 密钥地址;\n\n            proxy_ssl_server_name on; # 启用SNI\n\n            ssl_session_timeout 24h;\n            ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256';\n            ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;\n\n            location / {\n                    proxy_pass https://registry-1.docker.io;  # Docker Hub 的官方镜像仓库\n\n                    proxy_set_header Host registry-1.docker.io;\n                    proxy_set_header X-Real-IP $remote_addr;\n                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n                    proxy_set_header X-Forwarded-Proto $scheme;\n\n                    # 关闭缓存\n                    proxy_buffering off;\n\n                    # 转发认证相关的头部\n                    proxy_set_header Authorization $http_authorization;\n                    proxy_pass_header  Authorization;\n\n                    # 对 upstream 状态码检查，实现 error_page 错误重定向\n                    proxy_intercept_errors on;\n                    # error_page 指令默认只检查了第一次后端返回的状态码，开启后可以跟随多次重定向。\n                    recursive_error_pages on;\n                    # 根据状态码执行对应操作，以下为301、302、307状态码都会触发\n                    #error_page 301 302 307 = @handle_redirect;\n\n                    error_page 429 = @handle_too_many_requests;\n            }\n            #处理重定向\n            location @handle_redirect {\n                    resolver 1.1.1.1;\n                    set $saved_redirect_location '$upstream_http_location';\n                    proxy_pass $saved_redirect_location;\n            }\n            # 处理429错误\n            location @handle_too_many_requests {\n                    proxy_set_header Host 替换为在CloudFlare Worker设置的域名;  # 替换为另一个服务器的地址\n                    proxy_pass http://替换为在CloudFlare Worker设置的域名;\n                    proxy_set_header Host $http_host;\n            }\n    }\n```\n如果想要反代 ghcr 镜像源呢？只要参考上面的配置，将域名、header 修改一下即可\n并且因为 ghcr 好像不像 docker hub 有下载频率的限制，所以也不用去 Cloudflare Worker 部署了，直接在服务器上部署一个就行。\n```\n#反代ghcr镜像源\nserver {\n        listen 443 ssl;\n        server_name 域名;\n\n        ssl_certificate 证书地址;\n        ssl_certificate_key 密钥地址;\n        proxy_ssl_server_name on;\n        ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;\n        #error_log /home/ubuntuago/proxy_docker.log debug;\n        if ($blocked_agent) {\n                return 403;\n        }\n\n        location / {\n                proxy_pass https://ghcr.io;  # Docker Hub 的官方镜像仓库\n\n                proxy_set_header Host ghcr.io;\n                proxy_set_header X-Real-IP $remote_addr;\n                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n                proxy_set_header X-Forwarded-Proto $scheme;\n\n                # 关闭缓存\n                proxy_buffering off;\n\n                # 转发认证相关的头部\n                proxy_set_header Authorization $http_authorization;\n                proxy_pass_header  Authorization;\n                # 对 upstream 状态码检查，实现 error_page 错误重定向\n                proxy_intercept_errors on;\n                # error_page 指令默认只检查了第一次后端返回的状态码，开启后可以跟随多次重定向。\n                recursive_error_pages on;\n                # 根据状态码执行对应操作，以下为301、302、307状态码都会触发\n                error_page 301 302 307 = @handle_redirect;\n\n                #error_page 429 = @handle_too_many_requests;\n\n        }\n        #处理重定向\n        location @handle_redirect {\n                resolver 1.1.1.1;\n                set $saved_redirect_location '$upstream_http_location';\n                proxy_pass $saved_redirect_location;\n        }\n\n}\n```\n## 新增的一些代码的作用：\n\nproxy_ssl_server_name on;\nHTTPS, 需要在握手时候验证证书, 所以在握手时候需要将域名告诉对方, 找到匹配的证书, 这就是 SNI 的工作. 否则会导致证书找不到而请求失败.\n默认情况下, nginx 并不会开启 proxy_ssl_server_name, 也就是说不启用 SNI. 如果使用 nginx 反代一个虚拟主机的服务, 比如 Cloudflare Workers, 此时如果不开启 SNI, 会导致与 CF 握手时候, CF 并不清楚请求哪一个域名下的服务, 所以找不到匹配的证书, 因此会报 502 错误. 当然也可以使用 proxy_ssl_name 字段复写于最终服务器收到的域名.\n引自：[SNI](https://faichou.com/sni/)\n\n在尝试整合这两个方案的时候不知道这个参数，一直报 502..人都麻了\n\nerror_page 429 = @handle_too_many_requests;\n当错误代码为 429 时（即请求次数超限）转发到在 Cloudflare Workers 部署的镜像源\n\n\nproxy_set_header Host 替换为在 CloudFlare Worker 设置的域名;\n将发给 CloudFlare Worker 的请求加上正确的域名方可让请求到达我们搭建的镜像源，如果不加会报 404\n\n# 总结\n根据测试，自建一个 Docker hub 加速镜像完全可行，使用 Nginx 搭建会比较看重服务器的线路，但只要不算太差，就完全可用了。不处理跳转会比较节省流量，但是为了速度，节省这一点流量也没什么必要。有一定的成本，但是如果本身就已经买了服务器的话，搭建个镜像源就几乎是顺带的事情了。\n而使用 CloudFlare Worker 搭建..只能说稍微好一点点，如果服务器需要大量拉取镜像的话或许会用到这个方案。\n而将方案一、二整合，几乎就是现阶段最完美的方案了，速度快且不受拉取次数的限制，只要 Docker hub 别乱变，就可以用超久。\n\n# 如果失效，显示\n```\nroot@VM-4-14-debian:~# docker pull hub1.nat.tf/library/alpine:latest\nError response from daemon: Head \"https://hub1.nat.tf/v2/library/alpine/manifests/latest\": Get \"https://auth.docker.io/token?scope=repository%3Alibrary%2Falpine%3Apull\u0026service=registry.docker.io\": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)\n```\n# 那就把Nginx的改成如下，根据自己配置来调整，我是基于1panel的OpenResty搭建，记得重载配置\n```\nuser  root;\nworker_processes  auto;\nerror_log  /var/log/nginx/error.log notice;\nerror_log  /dev/stdout notice;\npid        /var/run/nginx.pid;\n\nevents {\n    worker_connections  1024;\n}\n\nhttp {\n    include       mime.types;\n    default_type  application/octet-stream;\n    log_format  main  '$remote_addr - $remote_user [$time_local] \"$request\" '\n                      '$status $body_bytes_sent \"$http_referer\" '\n                      '\"$http_user_agent\" \"$http_x_forwarded_for\"';\n    server_tokens off;\n    access_log  /var/log/nginx/access.log  main;\n    access_log /dev/stdout main;\n    sendfile        on;\n\n    server_names_hash_bucket_size 512;\n    client_header_buffer_size 32k;\n    client_max_body_size 50m;\n    keepalive_timeout 60;\n    keepalive_requests 100000;\n\n    gzip on;\n    gzip_min_length  1k;\n    gzip_buffers     4 16k;\n    gzip_http_version 1.1;\n    gzip_comp_level 2;\n    gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml;\n    gzip_vary on;\n    gzip_proxied   expired no-cache no-store private auth;\n    gzip_disable   \"MSIE [1-6]\\.\";\n\n    limit_conn_zone $binary_remote_addr zone=perip:10m;\n    limit_conn_zone $server_name zone=perserver:10m;\n\n    # 反代docker hub镜像源的服务器配置\n    server {\n        listen 443 ssl;\n        server_name 域名;\n\n        ssl_certificate 证书地址;\n        ssl_certificate_key 密钥地址;\n\n        ssl_session_timeout 24h;\n        ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256';\n        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;\n\n        location /v2/ {\n            proxy_pass https://registry-1.docker.io;  # Docker Hub 的官方镜像仓库\n            proxy_set_header Host registry-1.docker.io;\n            proxy_set_header X-Real-IP $remote_addr;\n            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n            proxy_set_header X-Forwarded-Proto $scheme;\n\n            # 关闭缓存\n            proxy_buffering off;\n\n            # 转发认证相关的头部\n            proxy_set_header Authorization $http_authorization;\n            proxy_pass_header Authorization;\n\n            # 重写 www-authenticate 头为你的反代地址\n            proxy_hide_header www-authenticate;\n            add_header www-authenticate 'Bearer realm=\"https://域名/token\",service=\"registry.docker.io\"' always;\n\n            # 对 upstream 状态码检查，实现 error_page 错误重定向\n            proxy_intercept_errors on;\n            recursive_error_pages on;\n            error_page 301 302 307 = @handle_redirect;\n        }\n\n        # 处理 Docker OAuth2 Token 认证请求\n        location /token {\n            resolver 1.1.1.1 valid=600s;\n            proxy_pass https://auth.docker.io;  # Docker 认证服务器\n\n            proxy_set_header Host auth.docker.io;\n            proxy_set_header X-Real-IP $remote_addr;\n            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n            proxy_set_header X-Forwarded-Proto $scheme;\n\n            proxy_set_header Authorization $http_authorization;\n            proxy_pass_header Authorization;\n\n            proxy_buffering off;\n        }\n\n        location @handle_redirect {\n            resolver 1.1.1.1;\n            set $saved_redirect_location '$upstream_http_location';\n            proxy_pass $saved_redirect_location;\n        }\n    }\n\n    include /usr/local/openresty/nginx/conf/conf.d/*.conf;\n    include /usr/local/openresty/1pwaf/data/conf/waf.conf;\n}\n```\n\n\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmotao123%2Fbuilt-docker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmotao123%2Fbuilt-docker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmotao123%2Fbuilt-docker/lists"}