Transparent cache peers #12
Description
Thanks for putting together this - I've been trying for days to build a (transparent) caching capability for the docker hosts I maintain - and I was hoping to achieve it with squid exclusively (to cache docker hub and my private registry) - but couldnt get it to work. (I must admit its been years since I managed/configured squid.)
Coming across this, together with docker's registry mirror capability, I have been able to have transparent caching albeit with 2 components:
- registry for docker hub, and docker's
--registry-mirror=settings, and - docker-registry-cache for my private registry
(When docker's registry-mirror supports private registries, I guess I could use it exclusively.)
(For the transparent caching, I still docker pull my.privateregistry.com/x/x - but my.privateregistry.com resolves to 127.0.0.1 (or a close host's IP address) - and my existing proxying nginx forwards the requests to docker-registry-cache container for that url).
So, as a slight change to your config, my docker-registry-cache uses http_port 8080 accel... instead of https_port 443 accel... and my registry's SSL is setup in nginx. (So nginx does a http not https to squid.)
IE:
- My private registry "R" is where my containers are built.
- I have hosts A1, A2, A3 which are close to each other. A1 runs docker-registry-cache, and all three pull form "R" - however "R" resolves (via the /etc/hosts file on the docker host) to A1's IP address. NGINX on A1 proxies "R" through to the docker-registry-cache container.
- I have hosts B1, B2, B3 which are also close to each other, and are a docker swarm. So docker-registry-cache is a swarm container, and "R" resolves to 127.0.0.1 for those hosts (via /etc/hosts on the docker hosts). NGINX on each B1, B2, B3 proxies "R" through to the docker-registry-cache container.
- (Inside the docker-squid-container "R" will resolve to it's real IP address.)
To complete my goal, I was hoping to leverage neighbouring caches on other hosts as cache peers - and while ICP does contact that caches - it doesnt seem to use them. (My registry is slow to upload, but my cache peers have faster links between them, so I would be saving heaps of time, if docker pulls pulled from a neighbour if it had my image).
So, in my case, a docker pull "R" on host A2, it would be great if docker-registry-cache would see if "B" has the images (via the cache_peer) before sending the request to "R" to get it (for a MISS).
Are you aware of how to make it work this way? I have icp enabled and cache_peer definitions, however, while I see the ICP MISS for http://my.privateregistry.come/v2/ - HIER_NONE/- - on each squid proxy and no other requests (and I know it has the image), the image is still pulled from "R".