Docker Hub
Default registry for docker/podman. Pulls touch three hosts minimum.
| Host | Ports | Purpose | |
|---|---|---|---|
| registry-1.docker.io | 443 | Registry API (manifests, blob requests) | required |
| auth.docker.io | 443 | Token authentication | required |
| production.cloudflare.docker.com | 443 | Blob CDN (redirect target for layer downloads) | required |
| index.docker.io | 443 | Legacy index, used by some older clients | optional |
| hub.docker.com | 443 | Web UI and Hub API (search, browsing) - not needed for pulls | optional |
Notes
The classic failure mode: registry-1.docker.io and auth.docker.io are open, so authentication and manifest fetch succeed, but layer downloads hang or fail because production.cloudflare.docker.com is blocked. Layer downloads are HTTP 307 redirects to the Cloudflare CDN.
Copy-paste
Plain domain list: docker-hub.txt · JSON: docker-hub.json · connectivity test: check-docker-hub.sh
registry-1.docker.io auth.docker.io production.cloudflare.docker.com index.docker.io hub.docker.com
Verify from inside the network
curl -fsSL https://pullist.d0t.se/check-docker-hub.sh | sh