Using docker in China 2024

Docker has been blocked in China since June 6, 2024. In this post, I will cover how to use docker in China.

Installing Docker

We need to install docker by install from a package, because the docker.com domain has been blocked in China.

You can search “install docker on {your-operating-system}” to get the information about installing docker from a package.

The steps of installing docker from a package:

  1. Download Docker package files.
  2. Upload package files to your server.
  3. Install the packages by command.
  4. Verify if the docker engine installation is successful.

Debian/Ubuntu

1. Download docker packages

  • Go to https://download.docker.com/linux/debian/dists/
    or https://download.docker.com/linux/ubuntu/dists/.
  • Select your Debian version in the list.
  • Go to pool/stable/ and select the applicable architecture (amd64, armhf, arm64, or s390x).
    • x86-64 (linux/amd64, linux/i386)
    • ARM architectures (linux/arm/v5, linux/arm/v6, linux/arm/v7, linux/arm64)
    • PowerPC and IBM Z (linux/ppc64le, linux/s390x)
  • Download the following deb files for the Docker Engine, CLI, containerd, and Docker Compose packages:
    • containerd.io_<version>_<arch>.deb
    • docker-ce_<version>_<arch>.deb
    • docker-ce-cli_<version>_<arch>.deb
    • docker-buildx-plugin_<version>_<arch>.deb
    • docker-compose-plugin_<version>_<arch>.deb

2. Install docker packages

sudo dpkg -i ./containerd.io_<version>_<arch>.deb \
./docker-ce_<version>_<arch>.deb \
./docker-ce-cli_<version>_<arch>.deb \
./docker-buildx-plugin_<version>_<arch>.deb \
./docker-compose-plugin_<version>_<arch>.deb

Common errors in installing docker packages

Error 1: dependency problems prevent configuration of docker-ce: docker-ce depends on iptables; however: Package iptables is not installed.

Solutions

sudo apt update
sudo apt install iptables

3. Verify

sudo service docker start
docker -v
# You can't pull the image yet.
# sudo docker run hello-world

CentOS/RHEL

1. Download docker packages

2. Install docker packages

sudo yum install docker-ce_<version>_<arch>.rpm

3. Verify

sudo systemctl start docker
docker -v
# You can't pull the image yet.
# sudo docker run hello-world

Method 1: Setting Docker Mirrors

You can configure a docker mirror in /etc/docker/daemon.json

{
...,
"registry-mirrors": ["https://your-registry-mirror.com"],
...
}

Aliyun Docker Mirror

If you have an Aliyun account. You can get a Docker mirror from 镜像加速器 of your Aliyun account.

1. Add docker mirror to /etc/docker/daemon.json

sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://{系统分配前缀}.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker

2. Verify

$ docker info
Server: 
Registry Mirrors:
https://{系统分配前缀}.mirror.aliyuncs.com/
# It's very slow. You may need to wait for 15 seconds.
$ docker run hello-world

Using reverse proxy + Docker mirror

You can use Cloudflare workers to reverse proxy docker hub or use Nginx.

Using Cloudflare workers + Docker mirror

1. Deploy docker reverse proxy with Cloudflare workers

Go to Cloudflare -> Open Workers & Pages -> Click the “Create” button -> Click the “Create Worker” -> Click “Deploy” -> Click “Edit code” -> Paste code from CF-Workers-docker.io _worker.js -> Click “deploy”, click “Save and deploy” -> Done.

You can also set a custom domain for your worker. Note you can only use a domain or subdomain name that is added on Cloudflare.

Click “Settings” -> “Triggers” -> “Add Custom Domain” -> Enter your custom domain, e.g. dockerhub.mydomain.com. -> Click “Add Custom Domain”

Ping the domain from your server in China to check if it’s accessible.

ping dockerhub.mydomain.com

2. Add docker mirror to /etc/docker/daemon.json

{
"registry-mirrors": ["https://dockerhub.mydomain.com"]
}
sudo systemctl daemon-reload
sudo systemctl restart docker

3. Verify

$ docker info
Server: 
Registry Mirrors:
https://dockerhub.mydomain.com/
$ docker image ls
$ docker image rm hello-world
$ docker run hello-world

Method 2: Using a network proxy client

Setting a proxy for docker

You can configure proxy behavior for the daemon in the daemon.json file

/etc/docker/daemon.json

{
"proxies": {
"http-proxy": "http://127.0.0.1:{your_proxy_port}",
"https-proxy": "https://127.0.0.1:{your_proxy_port}"
}
}
sudo systemctl restart docker

Reference Configure the daemon to use a proxy

Using the global proxy mode

Turn on global mode in the proxy client.

Method 3: Save and upload Docker images

1. Pull the docker image on a computer that has access to docker

docker pull [image_name]

2. Save one or more images to a tar archive

docker save [image_name] > [image_name].tar
# or
docker save -o [image_name].tar [image_name]

3. Load an image or repository from a tar archive

docker load < [image_name].tar
# or
docker load -i [image_name].tar