If your servers are behind a firewall and can’t access the Internet, you might to use a registry mirror. A mirror is a server that holds container-images from another public registry. The images can either be automatically synced to the mirror or uploaded manually as needed.
That way if you need to access an image from e.g., Docker Hub you can instruct your other servers to pull it from your local registry mirror.
Pushing to a mirror
First of all you need a container registry running. This can be a gitlab instance or the simple docker-registry.
Then, on a client with access to Docker-Hub (or whatever public registry you want to use), download the desired image.
docker pull nginx:1.27.1
Then you need to tag it to your mirror server and push it there.
docker tag nginx:1.27.1 registry-server:5000/nginx:1.27.1
docker push registry-server.5000/nginx:1.27.1
Now your registry is prepared. Next step is to instruct your servers to use it.
Use a Registry Mirror
The configuration is quite similar to the one for using a private registry in general.
Create a configuration file in /etc/conttainers/registries.conf.d/
ending on .conf
.
vim /etc/containers/registries.conf.d/registry-server.conf
[[registry]]
location = "registry-server:5000"
insecure = true
prefix = "docker.io"
The Prefix tells podman to ask our registry for all container-images associated to “docker.io”. So the next time you pull an image from Docker Hub, podman will try to use your registry-server instead.