How Do You Configure a Docker Host to Be a Client of a Docker Registry?

Problem scenario
Now that the Docker registry is set up and has been tested, you want the "docker login" command to be able to work from other Docker hosts.  How do you configure another server (a Docker host, as a client) to work with a Docker registry server?    

Solution
1.  Install Docker on the server that will be the client.  If you need directions, see this posting.  Once installed it will be referred to as the Docker host or the client.

2.  Copy the /etc/ssl/certs/ca-certificates.crt from the Docker registry server to the client server that is a Docker host.  For copying the .crt file with scp from the Docker registry server to new Docker hosts that will become the client servers of the registry, ensure that port 22 is initially open.  It can be closed later on.  

You may want to use this from the Docker registry server's back end: scp /etc/ssl/certs/ca-certificates.crt username@dockerclientFQDN:/tmp/ca-certificates.crt  
# where username is a username that can log into the Docker client server and dockerclientFQDN is the FQDN of the Docker client server.

You may not want to use sudo because that may cause scp to not work.  It is advisable to back up the /etc/ssl/certs/ca-certificates.crt on the Docker client first.  Then overwrite it with the file copied above.  It depends on how sensitive the client server is.  If it was just created or in a development environment, you likely would not need that .crt file backed up.

3.  Ensure that port 443 is open between the Docker registry server (inbound) and the client servers (outbound port 443).  You can use nmap to test.  If you are using AWS or Azure, you may need add a rule.  Your network engineer may need to open this port on a firewall that protects the servers.  This step is optional because a "docker login" command will fail if port 443 closed.  It is not that bad to find out late that port 443 is closed.

4.  If the FQDN of the Docker registry does not resolve from the Docker client (e.g., you cannot curl http://FQDNofDockerRegistry or ping FQDNofDockerRegistry because DNS is not configured) update the /etc/hosts file on the Docker client to map the IP address of the Docker registry server with the its FQDN.

5.  Make sure the Docker service is running on the client (e.g., sudo service docker start).  With Red Hat servers, it does not start automatically after it is installed.

6.  The basic way for a Docker client to connect to a registry is to use this command: "docker login http://FQDNofDockerRigstry" # with no quotes.  You will then need a username and password for the next prompts.

Leave a comment

Your email address will not be published. Required fields are marked *