Resource Consumption Updates FAQ
What are the Docker Terms of Service?
The Docker Terms of Service is an agreement between you and Docker that governs your use of Docker products and services. Click on the link to view the full Docker Terms of Service.
When do the Docker Terms of Service take effect?
The updates to the Docker Terms of Service are effective immediately.
What changes is Docker making to the Terms of Service?
The most notable changes are in Section 2.5. To see all of the changes, we recommend you read the full Docker Terms of Service.
I read that images are going to expire on November 1? What is going on here?
A planned policy for image expiration enforcement for inactive images for free accounts was announced to take effect November 1, 2020. After hearing feedback from customers, this policy has been placed on hold until mid 2021. More information is available in this blog post.
What are the rate limits for pulling Docker images from the Docker Hub Registry?
Rate limits for Docker image pulls are based on the account type of the user requesting the image – not the account type of the image’s owner. These are defined on the pricing page.
The highest entitlement a user has, based on their personal account and any orgs they belong to, will be used. Unauthenticated pull requests are “anonymous” and will be rate limited based on IP address rather than user ID. For more information on authenticating image pulls, please see this docs page.
Are there rate limits on Docker Hub container image requests?
Rate limits for unauthenticated and free Docker Hub usage went into effect on November 1, 2020. More information about this is available in this blog post.
How is a pull request defined for purposes of rate limiting?
A pull request is up to two GET requests to the registry URL path ‘/v2/*/manifests/*’.
This accounts for the fact that container pull requests for multi-arch images require a manifest list to be downloaded followed by the actual image manifest for the required architecture. HEAD requests are not counted.
Note that all pull requests, including ones for images you already have, are counted by this method. This is the trade-off for not counting individual layers.
Can I use a Docker Pro or Team subscription to run a service account that makes unlimited container pull requests to Docker Hub on behalf of an organization?
Daily pulls for an individual Docker Pro and Team Subscriber are limited to 5,000 image pulls from Docker hub per 24 hours.
Can I run a local mirror of Docker Hub?
Please see https://docs.docker.com/registry/recipes/mirror/ to run docker/distribution as a mirror. Because distribution uses HEAD manifest requests to check if cached content has changed, it will not count towards the rate limit. Note that initial requests for Hub images that are not yet in cache will be counted.
Are image layers counted?
No. Because we are limiting on manifest requests, the number of layers (blob requests) related to a pull is unlimited at this time. This is a change from our previous policy based on community feedback in order to be more user-friendly, so users do not need to count layers on each image they may be using.
Are anonymous (unauthenticated) pulls rate-limited based on IP address?
Yes. Pull rates are limited based on individual IP address (e.g., for anonymous users: 100 pulls per 6 hours per IP address). See pricing for more details.
Are pulls from logged-in accounts rate-limited based on IP address?
No, limits on pull requests that are authenticated with an account are based on that account and not on the IP. Free accounts are limited to 200 pulls per 6 hour period. Paid accounts have no rate-limits. See pricing for more details.
Will I be rate-limited if I’m logged in but someone else on my IP hits the anonymous limit?
No, users who are logged in and authenticating their pull requests will be limited based on their user account only. If an anonymous user on your IP is limited, you will not be affected as long as your requests are authenticated and you have not hit your own limit.
Does it matter what image I am pulling?
No, all images are treated equally. The limits are entirely based on the account level of the user doing the pull, not the account level of the repository owner.
How will these limits be adjusted?
We will be monitoring these limits closely and making sure they are appropriate for common use cases within their tier. In particular, free and anonymous limits should always support normal single-developer workflows. Adjustments will be made as needed in that spirit. You may also submit input on the limits.
What about CI systems where pulls will be anonymous?
We recognize there are some circumstances where many pulls will be made that can not be authenticated. For example, cloud CI providers may host builds based on PRs to open source projects. The project owners may be unable to securely use their project’s Docker Hub credentials to authenticate pulls in this scenario, and the scale of these providers would likely trigger the anonymous rate limits. We will unblock these scenarios as necessary and continue iterating on our rate limiting mechanisms to improve the experience, in cooperation with these providers. Please reach out to [email protected] if you are encountering issues.
Will Docker offer dedicated plans for open source projects?
Yes, as part of Docker’s commitment to the open source community, we have created a new program to support free use of Docker in open source projects. See this blog post for more information.
To apply for an open source plan, complete our application at:
https://www.docker.com/community/open-source/application.
For more information view our blogs on inactive image retention and pull rate limits.
Or check out: https://www.docker.com/pricing