Skip to main content

Foreign Layers

Foreign layers in Docker are image layers stored outside the primary container registry. When pulling an image, the Docker client retrieves certain layers from these external locations.

Configure Nexus Repository to cache foreign layers of Docker images in Nexus Repository so clients do not communicate with other repositories.

  • Foreign layers create external dependencies and potential reliability issues.

  • Modern Docker practices are moving away from foreign layers, aiming for all image components to reside within the registry.

  • Use foreign layer caching in air-gapped environments or centralized development environments where the client host does not have external access.

  • Use an approved list of locations to limit the risk of exposer to external threats.

Use the following steps to enable this functionality:

  1. Check the Foreign Layer Caching option in your Docker proxy repository configuration.

    34538298.png
  2. Add regular expression URL patterns as an approved list of locations where cached foreign layers may be retrieved.

    34538300.png
  3. Save the configuration.

URL Pattern Matching

The list is inclusive such that a URL that matches any configured pattern will be allowed.

The regular expressions must match the URL entirely, not just a portion. These examples add the .* to the pattern to match any partial path.

https?://go\.microsft\.com/.*
https://.*\.azurecr\.io/.*

The default pattern, .* , matches any URL.