You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: image/docs/containers-registries.conf.5.md
+13-2Lines changed: 13 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -63,6 +63,14 @@ By default, container runtimes require TLS when retrieving images from a registr
63
63
If `insecure` is set to `true`, unencrypted HTTP as well as TLS connections with untrusted
64
64
certificates are allowed.
65
65
66
+
`proxy`
67
+
: Sets the forwarding proxy to be used specifically for connections to this registry.
68
+
This setting takes precedence over globally-scoped proxies set using environment variables.
69
+
Accepts a URL to the proxy in the format of _scheme_`://`_host_[`:`_port_][`/`_path_]
70
+
where _scheme_ is one of `http`, `https`, `socks5`, or `socks5h`. See CURLOPT_PROXY(3).
71
+
Note that both `socks5` and `socks5h` behave like `socks5h` in curl,
72
+
i.e. name resolution always happens remotely.
73
+
66
74
`blocked`
67
75
: `true` or `false`.
68
76
If `true`, pulling images with matching names is forbidden.
@@ -94,14 +102,14 @@ With a `prefix` containing a wildcard in the format: "*.example.com" for subdoma
94
102
the location can be empty. In such a case,
95
103
prefix matching will occur, but no reference rewrite will occur. The
96
104
original requested image string will be used as-is. But other settings like
97
-
`insecure` / `blocked` / `mirrors` will be applied to matching images.
105
+
`insecure` / `proxy` / `blocked` / `mirrors` will be applied to matching images.
98
106
99
107
Example: Given
100
108
```
101
109
prefix = "*.example.com"
102
110
```
103
111
requests for the image `blah.example.com/foo/myimage:latest` will be used
104
-
as-is. But other settings like insecure/blocked/mirrors will be applied to matching images
112
+
as-is. But other settings like insecure/proxy/blocked/mirrors will be applied to matching images
105
113
106
114
`mirror`
107
115
: An array of TOML tables specifying (possibly-partial) mirrors for the
@@ -117,6 +125,8 @@ Each TOML table in the `mirror` array can contain the following fields:
117
125
as specified in the `[[registry]]` TOML table
118
126
-`insecure`: same semantics
119
127
as specified in the `[[registry]]` TOML table
128
+
-`proxy`: same semantics
129
+
as specified in the `[[registry]]` TOML table
120
130
-`pull-from-mirror`: `all`, `digest-only` or `tag-only`. If "digest-only", mirrors will only be used for digest pulls. Pulling images by tag can potentially yield different images, depending on which endpoint we pull from. Restricting mirrors to pulls by digest avoids that issue. If "tag-only", mirrors will only be used for tag pulls. For a more up-to-date and expensive mirror that it is less likely to be out of sync if tags move, it should not be unnecessarily used for digest references. Default is "all" (or left empty), mirrors will be used for both digest pulls and tag pulls unless the mirror-by-digest-only is set for the primary registry.
121
131
Note that this per-mirror setting is allowed only when `mirror-by-digest-only` is not configured for the primary registry.
0 commit comments