Docker Essentials & Mirror Setup (2026)
Image pulls time out, Docker Hub rate-limits, public accelerators keep going dark — here is the config we are actually shipping to customers in 2026.
Why this still needs writing
Since late 2024 most public Docker mirrors in China (USTC, NetEase, SJTU, NJU) have shut down or throttled aggressively. Docker Hub itself caps anonymous pulls at 100 / 6h. Net result: a fresh GPU node hangs on its first docker pull pytorch/pytorch. Here is a setup that still works in 2026.
1. Docker commands you actually use
Roughly 90% of an AI engineer's docker usage is these:
docker pull <image>:<tag> # pull an image
docker run --gpus all -it --rm <img> # one-shot run
docker run -d --name web -p 80:80 <img> # detached + port map
docker exec -it <name> bash # shell into a container
docker logs -f <name> # tail logs
docker cp file <name>:/path # copy a file in
docker save -o m.tar <img> # offline export
docker load -i m.tar # offline import
docker image prune -a # reclaim diskGPU containers additionally need nvidia-container-toolkit plus --gpus all or --gpus '"device=0,1"'.
2. Mirrors that still work in 2026
| Mirror | Endpoint | Notes |
|---|---|---|
| Aliyun personal accelerator | https://<your-id>.mirror.aliyuncs.com | Sign in to Aliyun, console gives you a personal URL — most stable option |
| DaoCloud | https://docker.m.daocloud.io | Public, decent speed, occasional throttling |
| Tencent Cloud (intranet only) | https://mirror.ccs.tencentyun.com | Not reachable from public internet |
| 1Panel community | https://docker.1panel.live | Public, usable |
| Alaya internal | registry.alayanew.com (intranet DNS) | Pre-wired on CCI/CCS nodes |
USTC, NetEase, Azure CN and SJTU mirrors have been decommissioned in 2024–2025. Most blog posts you find online still list them — do not copy blindly.
3. daemon.json
Linux host:
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<'EOF'
{
"registry-mirrors": [
"https://<your-id>.mirror.aliyuncs.com",
"https://docker.m.daocloud.io",
"https://docker.1panel.live"
],
"max-concurrent-downloads": 10,
"log-driver": "json-file",
"log-opts": { "max-size": "100m", "max-file": "3" }
}
EOF
sudo systemctl restart docker
docker info | grep -A3 "Registry Mirrors"Docker Desktop (Mac / Windows): Settings → Docker Engine, paste the same JSON.
4. Working around gcr.io / ghcr.io / quay.io
Many AI images live on gcr.io/... or nvcr.io/.... Accelerators only proxy Docker Hub. Two options:
# 1) DaoCloud reverse proxy (any registry)
docker pull docker.m.daocloud.io/gcr.io/google-containers/pause:3.9
# 2) Pull, then re-tag locally
docker pull docker.m.daocloud.io/nvcr.io/nvidia/pytorch:24.10-py3
docker tag docker.m.daocloud.io/nvcr.io/nvidia/pytorch:24.10-py3 \
nvcr.io/nvidia/pytorch:24.10-py35. Buildx multi-arch & offline distribution
ARM is everywhere now (Grace, Ampere Altra). One flag covers both:
docker buildx create --name multi --use
docker buildx build --platform linux/amd64,linux/arm64 \
-t myrepo/app:1.0 --push .For air-gapped racks, docker save locally, scp to the node, docker load — often faster than pulling through any registry.
6. On Alaya NeW Cloud
CCI/CCS nodes have intranet routing to registry.alayanew.com, with cached base images for pytorch / cuda / vllm / llama-factory / megatron. Pulls peak around 1.2 GB/s on-node. For custom images, push to a customer Harbor first and pull from there — avoid bouncing across the public internet repeatedly.
Last updated on
Kubernetes for AI Engineers — concepts and a working minimum
Pod, Deployment, Job, PVC, StatefulSet — only the parts you actually use in GPU workflows. Skip the rest until you hit it.
Pushing vLLM to 4500 tokens/s on H100
A single 8×H100 node serving Qwen3-72B-Instruct (quantized). End-to-end notes on paged attention, continuous batching, and KV-cache hit-rate tuning — a full-stack throughput hunt.