90 lines
2.1 KiB
TOML
90 lines
2.1 KiB
TOML
[server]
|
||
# 监听地址,默认监听所有接口
|
||
host = "0.0.0.0"
|
||
# 监听端口
|
||
port = 5000
|
||
# 文件大小限制(字节),默认2GB
|
||
fileSize = 2147483648
|
||
|
||
[rateLimit]
|
||
# 每个IP每小时允许的请求数(Docker镜像每个层为一个请求)
|
||
requestLimit = 200
|
||
# 限流周期(小时)
|
||
periodHours = 1.0
|
||
|
||
[security]
|
||
# IP白名单,支持单个IP或CIDR格式
|
||
# 白名单中的IP不受限流限制
|
||
whiteList = [
|
||
"127.0.0.1",
|
||
"192.168.1.0/24"
|
||
]
|
||
|
||
# IP黑名单,支持单个IP或CIDR格式
|
||
# 黑名单中的IP将被直接拒绝访问
|
||
blackList = [
|
||
"192.168.100.1"
|
||
]
|
||
|
||
[proxy]
|
||
# 代理服务白名单(支持GitHub仓库和Docker镜像,支持通配符)
|
||
# 只允许访问白名单中的仓库/镜像,为空时不限制
|
||
whiteList = []
|
||
|
||
# 代理服务黑名单(支持GitHub仓库和Docker镜像,支持通配符)
|
||
# 禁止访问黑名单中的仓库/镜像
|
||
blackList = [
|
||
"baduser/malicious-repo",
|
||
"*/malicious-repo",
|
||
"baduser/*"
|
||
]
|
||
|
||
[download]
|
||
# 单次并发下载离线镜像数量限制
|
||
maxImages = 10
|
||
|
||
# Registry映射配置,支持多种Container Registry
|
||
[registries]
|
||
|
||
# GitHub Container Registry
|
||
[registries."ghcr.io"]
|
||
upstream = "ghcr.io"
|
||
authHost = "ghcr.io/token"
|
||
authType = "github"
|
||
enabled = true
|
||
|
||
# Google Container Registry
|
||
[registries."gcr.io"]
|
||
upstream = "gcr.io"
|
||
authHost = "gcr.io/v2/token"
|
||
authType = "google"
|
||
enabled = true
|
||
|
||
# Quay.io Container Registry
|
||
[registries."quay.io"]
|
||
upstream = "quay.io"
|
||
authHost = "quay.io/v2/auth"
|
||
authType = "quay"
|
||
enabled = true
|
||
|
||
# Kubernetes Container Registry
|
||
[registries."registry.k8s.io"]
|
||
upstream = "registry.k8s.io"
|
||
authHost = "registry.k8s.io"
|
||
authType = "anonymous"
|
||
enabled = true
|
||
|
||
# 私有Registry示例(默认禁用)
|
||
# [registries."harbor.company.com"]
|
||
# upstream = "harbor.company.com"
|
||
# authHost = "harbor.company.com/service/token"
|
||
# authType = "basic"
|
||
# enabled = false
|
||
|
||
# 缓存配置:Docker临时Token和Manifest统一管理,显著提升性能
|
||
[tokenCache]
|
||
# 是否启用缓存(同时控制Token和Manifest缓存)
|
||
enabled = true
|
||
# 默认缓存时间
|
||
defaultTTL = "20m"
|