Development teams building applications use Nexus Repository (Nexus) to store and manage all of their components, build artifacts, and containers. It provides an efficient way to locally cache myriad types of software packages, and enables users to proxy public registries such as Maven Central, npm, and Docker Hub to reduce duplicate downloads and improve speeds to developers and CI servers.
Recently, Docker announced that it will rate limit pulls of the images it hosts on Docker Hub. As of November 1, 2020, free plan anonymous users will be limited to 100 pulls per six hours (based on individual IP address) and free plan authenticated users will be limited to 200 pulls per six hours (based on account, no IP address).
How Docker Hub Rate Limits Impact Developers
The Docker community has 6.7 million registered developers and over 15 petabytes of container images stored on Docker Hub. Knowing ~30% of this massive Docker Hub footprint is free user inactive images, which incur storage charges on a monthly basis, Docker finally decided it needed to focus on its business to stay afloat, and changed the pricing model to consumption-based subscriptions. While the right decision for Docker, these new rate limits will result in problems for millions of developers and software supply chains that run builds using public images on Docker Hub.
Problem One: Throttling Errors
Non-paying (anonymous or authenticated) Docker Hub users will hit the 100 / 200 per six hour rate limits rather quickly when building from a parent image or pulling a public image to run. This will introduce throttling errors to your applications and CI/CD tools.
Problem Two: Unavailable Images
Docker has stated a policy for free account plans which will delete any image that has been inactive for over six months. This means 4.5PB of inactive images on Docker Hub will be deleted. The policy has been placed on hold until mid 2021, but will eventually be enforced. More details can also be found in the Docker Consumption FAQ.
These new rate limits are driving free users to Docker Hub paid subscriptions at $5/month for Pro and $7/month for Team licenses. Developers need to know there is a better and cheaper solution to insulate developers from Docker Hub upstream rate charges.
Developers Can Overcome Rate Limits with Nexus Container Registry
We recently announced Nexus as a Container Registry to deliver a robust and completely free container registry solution for all of your Docker images, Helm Chart repositories, and many more package formats. Nexus Repository is backed by an extensive user community with over 5M instances deployed, serving developers a central access and cache for public registries. Nexus provides immutable infrastructure for your builds and developers can insulate themselves against any upstream rate charges from new Docker Hub rate limit changes.
In addition to immutable builds, developers gain the following benefits with Nexus as a Container Registry:
- Proxy repos with universal support (Docker Hub, Helm, Maven Central, npm, etc)
- Reduced duplicate downloads and improve download speeds
- Powerful storage and build promotion capabilities
- Retention and access right tools to manage containers
- Extensive integrations for your CI/CD pipelines
- Security and firewall protection for your artifacts
Setup of proxy repos for Docker Hub is easy with Nexus Repository OSS. Once you have downloaded and installed Nexus Repository, users can follow the below resources to get started with creating proxy repositories for Docker Hub.
Get started today
Getting started proxying Docker Hub is easy with Nexus Repository OSS, and takes just a few steps. To begin, Download Nexus Repository OSS for free, and unpack the files into your desired location. See here for more information
- Part 1 - Installing and Starting Nexus Repository Manager (Proxy Quick Start Guide)
Once Nexus Repository is running:
- Choose "Repositories" in the upper left UI, hit "Create Repository". Choose "docker (proxy)" as the recipe. Provide any name (i.e. “docker-hub”).
- Under “Remote Storage” enter https://registry-1.docker.io
- Under “Docker Index” select Use Docker Hub
- Under “Storage”, choose a blob store location (use ‘default’ or your own created blob store)
- Select “Create repository’ near the bottom. Your proxy repository has been created!
See our documentation for more options on creating the proxy repository or even hosting your own registry.
- Part 2 - Create and Configure Proxy Repository for Docker
For teams interested in enterprise capabilities and features, users can run a free trial of Nexus Repository Pro. New in Nexus Repository Pro and highly requested by our customers, Group Deployment for Docker allows developers and CI servers to use a single URL for both pulling and pushing images. Without Group Deployment, developers have to use two URLs (one for pushing content, one for pulling content). For certain formats, these URLs cannot be saved to the configuration and have to be manually entered. To begin using Group Deployment for Docker, check out the setup and configuration details to gain the benefits of reduced Docker ports, reduced storage, and easier client and reverse proxy configurations.
Extending Support to all Docker Users
Managing Docker Hub is no simple task which takes significant financial investment from Docker to maintain. Unpaid access and zero restrictions on storage space has contributed to petabytes of images and open source projects relying on Docker Hub for its public registry.
Sonatype understands the immense dedication and effort it takes to manage a public utility like Docker Hub, as we have maintained and supported The Central Repository for many years. We have advocated the usage of proxy registries for the users of Central for years for their numerous benefits, and are glad to extend this support to all Docker users.