This article will cover creating a Docker Registry leveraging Amazon Web Services (AWS) and a Docker registry container itself. This registry will be built on AWS EC2 instance running Ubuntu 14.04 and leveraging an EBS Volume so that you can take backup snapshots of your registry. This setup will be secured by leveraging VPC and AWS Security Groups. (You should probably put authentication in even if its in your private network but I wont cover that.)
Create your AWS Environment
Create a AWS Security Group for your Docker Registry Instance allowing port 80. Launch an AWS EC2 Instance running Ubuntu 14.04 in the designated region and VPC of your choice through the AWS Console applying the Security Group you created. Create and size an AWS EBS Volume to your needs and attach it to the instance you started via the AWS Console.
ubuntu$ sudo apt-get update ubuntu$ sudo ntpdate pool.ntp.org ubuntu$ sudo apt-get install ntp
Install Build Tools *just because
ubuntu$ sudo apt-get install build-essential
Create a file system for the EBS Volume you created and mount it.
ubuntu$ sudo cat /proc/partitions major minor #blocks name 7 0 104857600 loop0 7 1 2097152 loop1 202 0 104857600 xvda 202 1 104848222 xvda1 252 0 104857600 dm-0 202 80 104857600 xvdf 252 1 10485760 dm-1 ubuntu$ sudo mkfs -t ext4 /dev/xvdf ubuntu$ sudo mkdir /data ubuntu$ sudo mount /dev/xvdf /data ubuntu$ sudo vim /etc/fstab *ADD BELOW /dev/xvdf /data ext4 defaults 1 1
ubuntu$ sudo apt-get update ubuntu$ sudo apt-get -y install docker.io ubuntu$ sudo ln -sf /usr/bin/docker.io /usr/local/bin/docker
Install Docker Registry Container
ubuntu$ sudo docker run -d -p 80:5000 --restart=always -v /data:/var/lib/registry registry:2
Create a Security Group for your AWS ELB opening port 443 via the AWS Console
Create an Internal AWS ELB that has a Load Balancer Port 443 and Server Port 80 and apply the Security Group you created in the previous step, then put your AWS EC2 instance in it. Create friendly DNS CNAME to that load balancer. This is needed since Docker Registry needs to leverage SSL.
From a SEPARATE Development Docker Server Test Your New Registry
ubuntu$ sudo docker pull ubuntu ubuntu$ sudo docker tag ubuntu the-dns-name-to-elb/mytestimage:1 ubuntu$ sudo docker push the-dns-name-to-your-elb/mytestimage ubuntu$ sudo docker pull the-dns-name-to-your-elb/mytestimage
- When creating the ELB you will want to apply your SSL Certificate for port 443
- This setup is only securing things via the network layer in theory you should apply authentication
- Snapshot your EBS Volume you created at whatever interval you like