Using an EC2 Load Balancer in front of Artifactory Docker repository

Joey Naor
2020-06-11 08:13

Using an EC2 Load Balancer in front of our Artifactory virtual Docker repositories.

In certain architectures, it’s recommended to use a Load Balancer in front of our Docker repositories in order to properly handle heavy traffic.
In this tutorial, we will cover the setup & configuration of an Amazon EC2 Load Balancer in front of an Artifactory virtual Docker repository, using the Port Method.

Configuring “Port Method” in order to access our virtual Docker repository via a designated port:

In order to use a Load Balancer in front of our Docker repository, we will first need to configure a reverse proxy between the two.

1. In the JFrog Platform UI, navigate to Admin > Artifactory > General > HTTP Settings > Docker Access Method, and choose the “Port Method”, followed by saving the settings.

2. Next, we go to Admin > Repositories > Virtual > {Docker repo} > Advanced Tab > Registry Port, enter a port of our choosing, and save the settings. For this example, we will use port 7777.

3. Then, we go back to the HTTP settings, select our desired reverse proxy (NGINX for this example), hit “save” and choose either “view” or “download”: 

4. Make sure that the snippet contains our designated Docker port before applying it to the reverse proxy settings:

5. After applying the changes to the reverse proxy (and restarting it), let’s test if we have a direct connection between our Docker client and the Docker repository via NGINX.
Don’t forget to add an inbound rule for port 7777 in the EC2’s instance Security Group, to allow incoming connections to that port.

For the test, we will use a simple login followed by pulling the image "hello-world":$ docker login <Artifactory's IP>:7777$ docker pull <Artifactory's IP>:7777/hello-world
We now have a designated port for our virtual Docker repo, and we can move forward to configuring a Load Balancer in front of it.

Creating & Configuring the Load Balancer:
In the EC2 Dashboard, go to:
Resources >  Load Balancers > Create Load Balancer > Application Load Balancer > Create

Configure each of the steps as described below:

Step 1: Configure Load Balancer
Make sure you choose “Internet-facing” under ‘Scheme’ (unless the LB is for internal users), and that the chosen VPC includes your EC2 Artifactory instance. In addition, under “Listeners”, choose the same port as configured in the virtual Docker repository (7777).

Step 2: Configure Security Settings
If you chose SSL for the port in the previous step, configure your certificate here.

Step 3: Configure Security Groups
Make sure that you choose a Security Group that allows inbound traffic to our Docker port (7777).

Step 4: Configure Routing
In “Target Groups”, create a new group which will later include our EC2 instance where NGINX (and Artifactory) are hosted, and enter our Docker port:

Step 5: Register Targets
Here we add our EC2 Instance itself, along with the designated port (for the 100th time):

And that’s it! We should now be able to use the Docker login, pull and push commands directly via the Load Balancer over port 7777.