Blacksmith by default enables a local Docker registry mirrors across our fleet, which act as “pull through” caches for public Docker images. All Docker pulls on Blacksmith runners are routed through these mirrors, and they only need to hit Docker Hub once, to hydrate the cache. This pull hydrates that particular image into the registry mirror so that subsequent pulls, across organizations, are served through a node-local registry backed by our colocated cache store. This means common image pulls are substantially faster.

The Docker pull through mirror only caches public images. We do not cache private images.

Preventing rate limit errors

The other main benefit is that CI jobs across an organization will now not be pulling as frequently from the Docker Hub and will therefore not run into Docker Hub’s rate limits. Prior to the pull through caches, our customers would occasionally run into rate limit errors such as:

ERROR: toomanyrequests: Too Many Requests.
You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limits.

This became even more common occurence after Docker Hub’s new rate limits were introduced on April 1st, 2025

In case you continue to run into rate limit errors, please contact us at [email protected]. As a temporary workaround, authenticating with Docker Hub will allow your workflows to pull images with a much higher rate limit.