simple321vip/knowledge-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
knowledge-base/AI/tokyo-proxy/01-proxy.md

152 lines
3.7 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# 东京云服务器代理方案
## 场景
国内访问 GitHub / Docker Hub 速度慢,用东京低配云服务器做流量转发。
## 服务端(东京服务器)
### 1. 安装 squid
```bash
apt update && apt install -y squid apache2-utils
```
### 2. 配置 squid密码认证
```bash
cat > /etc/squid/squid.conf << 'EOF'
http_port 3128
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic realm "Tokyo Proxy"
acl auth proxy_auth REQUIRED
http_access allow auth
http_access deny all
EOF
```
### 3. 创建用户
```bash
htpasswd -cb /etc/squid/passwd 用户名 密码
```
### 4. 重启
```bash
systemctl restart squid
systemctl enable squid
```
### 验证
```bash
ss -tlnp | grep 3128
```
---
## 国内客户端
### Docker 配置
```bash
mkdir -p /etc/systemd/system/docker.service.d
cat > /etc/systemd/system/docker.service.d/http-proxy.conf <<EOF
[Service]
Environment="HTTP_PROXY=http://用户名:密码@东京服务器IP:3128"
Environment="HTTPS_PROXY=http://用户名:密码@东京服务器IP:3128"
EOF
systemctl daemon-reload && systemctl restart docker
```
### Git 配置
```bash
git config --global http.proxy http://用户名:密码@东京服务器IP:3128
git config --global https.proxy http://用户名:密码@东京服务器IP:3128
```
### K3s (containerd) 配置
K3s 默认使用 containerd不走 systemd代理需要在 k3s service 环境变量中配置。
```bash
# 添加代理环境变量到 k3s service
mkdir -p /etc/systemd/system/k3s.service.d
cat > /etc/systemd/system/k3s.service.d/http-proxy.conf <<EOF
[Service]
Environment="HTTP_PROXY=http://用户名:密码@东京服务器IP:3128"
Environment="HTTPS_PROXY=http://用户名:密码@东京服务器IP:3128"
Environment="NO_PROXY=localhost,127.0.0.1,10.0.0.0/8,.svc,.cluster.local"
EOF
systemctl daemon-reload && systemctl restart k3s
```
验证:
```bash
crictl pull nginx
kubectl run nginx --image=nginx
```
### 取消代理(如需直连)
```bash
git config --global --unset http.proxy
git config --global --unset https.proxy
# Docker 删除 /etc/systemd/system/docker.service.d/http-proxy.conf 后重启
```
---
## 验证
```bash
docker pull nginx
git clone https://github.com/torvalds/linux
```
---
## 外部镜像同步到本地 Registry
### 场景
东京服务器能访问 `ghcr.io`/`docker.io`,需要同步到本地 `localhost:5000` registry供国内 K8s 节点拉取。
### 拉取外部镜像
```bash
docker pull ghcr.io/volcengine/openviking:latest
```
### 同步到本地 Registry推荐保留原始路径
```bash
# 打 tag路径保留原始仓库路径
docker tag ghcr.io/volcengine/openviking:latest localhost:5000/ghcr.io/volcengine/openviking:latest
# 推送
docker push localhost:5000/ghcr.io/volcengine/openviking:latest
```
### 国内 K8s 节点拉取
```bash
docker pull 43.130.228.226:5000/ghcr.io/volcengine/openviking:latest
```
### 用 skopeo 跳过本地存储直接同步(多架构镜像推荐)
```bash
apt update && apt install -y skopeo
skopeo copy --dest-tls-verify=false \
docker://ghcr.io/volcengine/openviking:latest \
docker://localhost:5000/ghcr.io/volcengine/openviking:latest
```
### 查看本地 Registry 内容
```bash
curl -s http://localhost:5000/v2/_catalog
curl -s http://localhost:5000/v2/ghcr.io/volcengine/openviking/tags/list
```
### 路径说明
- `localhost:5000/library/alpine` = Docker 官方镜像路径
- `localhost:5000/ghcr.io/volcengine/openviking` = 保留原始来源路径(推荐)
保留原始路径好处:一目了然知道镜像来源。
---
## 注意事项
- 东京服务器带宽低1-2MbpsDocker 拉大镜像较慢
- Git 流量小,代理无压力
- HTTP 代理同时支持 Git 和 Docker无需 nginx 反代
Reference in New Issue View Git Blame Copy Permalink