What is a Docker registry mirror?
Why Interviewers Ask This
This question targets practical, hands-on experience with Docker. Interviewers want to see if you've worked with these concepts in real projects, not just read about them. Strong answers include concrete examples.
Answer
A Docker registry mirror (also called a pull-through cache) is a local or geographically close replica of a public registry (like Docker Hub). When a Docker daemon is configured to use a mirror, it first checks the mirror for the requested image; if not cached, it fetches from the upstream registry and caches it locally for future pulls. Benefits: (1) Speed: local network pulls are much faster than pulling from Docker Hub over the internet; (2) Rate limit bypass: Docker Hub has pull rate limits (100/6h anonymous, 200/6h authenticated). A mirror serving your whole organization counts as one authenticated user; (3) Reliability: if Docker Hub is down, cached images are still available; (4) Reduced bandwidth costs. Configure in /etc/docker/daemon.json: {"registry-mirrors": ["https://your-mirror.example.com"]}. Restart Docker daemon after. Popular mirror implementations: AWS ECR Public Gallery as a mirror; self-hosted with Docker Registry (running as a pull-through cache); Nexus Repository; Harbor; JFrog Artifactory. In CI environments, mirrors dramatically reduce build times. Some cloud providers (like AWS EC2, GKE) host mirrors of Docker Hub for their users. ECR also serves as a regional cache for public images.
Pro Tip
Before answering, structure your response: one-line definition → real-world analogy → concrete example from a project. This makes even complex Docker answers easy to follow.
Previous
What is Kubernetes and how does it relate to Docker?
Next
What is container security scanning?