Check the rate limit application status of docker pull


It was announced that it will be implemented from November 2, 2020, Docker pull Rate Limits (download rate limit), how to check the application status on the command line [Posted on Docker Blog]( -docker-pull-rate-limits-and-status /) was done. This is a record of actually trying this.


--If you are not authenticated (docker login), everything is counted in the unit of anonymous (unauthenticated) regardless of the number of logins to the server. Therefore, if two people run 50 pulls at the same time, it is possible that the Rate Limit will be reached. ――Even on the same server, the restrictions on authenticated accounts and unauthenticated accounts are counted separately, so it seems that if you are authenticated, you will not be affected by others.

About Docker Pull Rate Limits

Download at pull as it was announced from Docker on August 24th. It seems that the ratio limit will change from November 2nd.

--100 downloads / 6 hours if not authenticated (anonymous user) --200 downloads / 6 hours if authenticated (Free account) --Unlimited login with Docker Pro / Team paid account

The latest restricted status is published on the following page.

Current Docker Hub Usage Limit Status (updated 11/2, 9:00am Pacific) Unauthenticated requests: 5,000 per six hours Free tier requests: 5,000 per six hours

--At this time (11/2 Japan time 8:00), 5,000 requests / 6 hours with or without authentication -* However, it will be revised at Pacific Time 11/2 9:00 (Japan time 11/3 9:00)

Temporary full enforcement window (100 per six hours for unauthenticated requests, 200 per six hours for free accounts): November 2, 9am-10am Pacific Time.

--Temporarily restricted to 100/6 hours of non-authentication and 200/6 hours of authentication from 11/2 9:00 to 10:00 (PT) (Japan time 11/3 2:00 to 3:00) (" Is "Temporary" a temporary coercion rather than a continuation?)

Check the Rate Limit

A way to validate the Rate Limit can be found on the Docker blog.

This confirms that the Rate Limit is applied in a pseudo manner by executing the command to pull the image ratelimitpreview / test.

However, as mentioned in the blog, when the command execution that executes the request is actually sending the request (pull) to Docker Hub, the command execution itself is naturally counted. Please be careful.

Advance preparation

-- jq is required ( yum install jq for CentOS) --If you want to see the data in detail, a command line tool such as base64 that can handle jwt as needed.

Specific confirmation

How to test your request in Anonymous

Execute this command on the environment where Docker is installed.

$ TOKEN=$(curl "" | jq -r .token)


curl -v -H "Authorization: Bearer $TOKEN" 2>&1 | grep RateLimit
< RateLimit-Limit: 100;w=21600
< RateLimit-Remaining: 99;w=21600

You can see that the current limit (Limit) is 100 and the rest (RateLimit-Remaining) is 99.

If you run the docker pull command several times and continue downloading,

$  curl -v -H "Authorization: Bearer $TOKEN" 2>&1 | grep RateLimit
< RateLimit-Limit: 100;w=21600
< RateLimit-Remaining: 95;w=21600

It can be seen that RateLimit-Ramaining is reduced to 95.

How to authenticate and test

Enter the "username" and "password" on the second line when you log in to Docker Hub.

$ HISTCONTROL=ignorespace
$  TOKEN=$(curl --user 'username:password' "" | jq -r .token)

After getting the token, you can check it in the same way as anonymous.

curl -v -H "Authorization: Bearer $TOKEN" 2>&1 | grep RateLimit
< RateLimit-Limit: 200;w=21600
< RateLimit-Remaining: 198;w=21600

To simply check the currently applied Rate, use a tool that can handle jwt (JSON Web Token) for the contents of $ TOKEN, or if it is a command line

$ for line in `echo -n $TOKEN | tr "." "\n"`; do echo -n $line | base64 -d 2>/dev/null | jq  2>/dev/null && echo;done

You can also check it from the following pull_limit and pull_limit_interval.

  "access": [
      "type": "repository",
      "name": "ratelimitpreview/test",
      "actions": [
      "parameters": {
        "pull_limit": "200",
        "pull_limit_interval": "21600"


It seems that there is no problem for personal use, but if access from one place is concentrated in a short time in an environment where CI is rotated anonymously or through PROXY or gateway ( May be affected (without authentication).

Recommended Posts

Check the rate limit application status of docker pull
Check the migration status of rails
Check the status of Java application without using monitoring tool
About Docker Hub pull limit
Docker Container pull has a rate limit enforced
Check the rate limit application status of docker pull
GitHub Actions users now prepare for Docker Hub pull limits
Docker Container pull has a rate limit enforced
Docker monitoring-explaining the basics of basics-
Understand the basics of docker
About Docker Hub pull limit
Command to check the number and status of Java threads
[Rails] Check the contents of the object
Check the version of Cent OS
Check the contents by docker pull from ECR and start the container
[Swift UI] How to get the startup status of the application [iOS]
Now that you have deployed AWS with Rails On Docker, let's organize the contents.
Check the rate limit application status of docker pull
Register your own Docker image with ECR using AWS CLI
Run the AWS CLI on Docker
Check the contents of the Java certificate store
Memo: [Java] Check the contents of the directory
The story of updating SonarQube's Docker Container
Status monitoring of java application using Elasticsearch
Check the version of the standard Web software.
[Java] Check the number of occurrences of characters
Check the operation of the interface through threads
UCP-45060 The life cycle state is invalid. Check the status of the universal connection pool
I tried using ECR Public instead of Docker Hub (Docker Hub Download Rate Limit measures)
Check the version of the JDK installed and the version of the JDK enabled
How to check the logs in the Docker container
Improve the performance of your Docker development environment
Let's check the feel of Spring Boot + Swagger 2.0
Change the URL of the application of Eclipse project (Maven).
Introduce docker to the application you are creating
Change the location folder of Docker image & container
How to install Docker in the local environment of an existing Rails application [Rails 6 / MySQL 8]