#Docker Configuration

docker:
  enabled: true
  repository:
    - name: docker
      registry: https://registry-1.docker.io
      auth-token-url: https://auth.docker.io
      work-mode: strict_wait

Docker uses standard Registry API v2 endpoints. The repository name from the configuration is not added to the client path.

docker pull osa-proxy.example.com/library/alpine:latest

For Docker Hub, OSA Proxy can be configured as a registry mirror in /etc/docker/daemon.json:

{
  "registry-mirrors": ["https://osa-proxy.example.com"]
}

Restart the Docker daemon after changing the file.

If several Docker repositories are enabled, use subdomains where the subdomain matches repository[*].name:

docker pull docker.osa-proxy.example.com/library/alpine:latest

This is required by Docker Registry API v2 semantics: the client always uses fixed paths such as /v2/... and /token, so the OSA Proxy repository name cannot be added as the first path segment as it is for npm, Maven, or PyPI. With a single Docker repository, OSA Proxy can serve it through the main host. With several Docker repositories, the service selects the repository configuration by the request host.

For example, for this configuration:

docker:
  enabled: true
  repository:
    - name: dockerhub
      registry: https://registry-1.docker.io
      auth-token-url: https://auth.docker.io
    - name: company
      registry: https://registry.company.example
      auth-token-url: https://registry.company.example

clients must use different hostnames:

docker pull dockerhub.osa-proxy.example.com/library/alpine:latest
docker pull company.osa-proxy.example.com/team/image:latest

For this setup, configure wildcard DNS or separate DNS records for the subdomains, a TLS certificate that covers these names, and a reverse proxy/load balancer that forwards requests to OSA Proxy while preserving the original Host.