I am trying to deploy Docker inside a network with severe restrictions on outbound IP connectivity. The default is to deny all outbound IP traffic; trusted networks may be whitelisted one by one.
I’ve whitelisted port 5000 + http + https on Docker’s IP range (184.108.40.206/26) and apt-get installed lxc-docker from the official Docker package repo.
My first task is to install Docker Registry so we can have a private image repository. Following the instructions I write a config file and tell Docker to get then run the image.
root@box:~# docker run -i -p 5000 -v /srv/docker-registry:/srv/docker-registry -v /etc/docker-registry:/registry-conf -e DOCKER_REGISTRY_CONFIG=/registry-conf/config.yml registry Unable to find image 'registry:latest' locally latest: Pulling from registry 511136ea3c5a: Pulling fs layer 511136ea3c5a: Error pulling dependent layers 5f92234dcf1e: Pulling fs layer ..... c55308716b36: Pulling fs layer c55308716b36: Error pulling image (latest) from registry, endpoint: https://registry-1.docker.io/v1/, Server error: Status 0 while fetching imac55308716b36: Error pulling image (latest) from registry, Server error: Status 0 while fetching image layer (511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158) FATA Error pulling image (latest) from registry, Server error: Status 0 while fetching image layer (511136ea3c5a64f264b78b5433614aec563103b4d4702f3ba7d4d2698e22c158)
Docker fetches several fs layers but eventually fails with a network error.
I’ve tested network access to https://registry-1.docker.io/ and it is working:
root@box:~# curl https://registry-1.docker.io/ "docker-registry server (prod) (v0.8.2)"
And so my question: how can I find out what IP’s and ports I need to whitelist for Docker to work in a heavily firewalled environment?