Virtual Party Space Devlog #20: Docker registries
Today I dug deeper into how Docker works to resolve some error messages, and then started learning about Let’s Encrypt.
- struggled with running
docker compose updue to “authentication failed” message, so I took a multiple-hour detour into how docker registries work
- NOTE: when you get this error it probably means your image doesn’t exist in an “acceptable” registry (doesn’t matter if you can see it locally)
- existing images were possibly resolving to wrong hash from docker.io, maybe deploying wrong version?
- solution: create ECR registry, add all locally built images to it
- can also do local registry but for this ECR makes sense
- docker has ecr credentials helper built in
~/.docker/config.json“credsStore” to “ecr-login”
- new flow:
docker build -t <name>:<tag> -t <remote-name>:<remote-tag> .&&
docker compose up --file docker-compose-aws.yml --context <ecscontext>
docker rmito remove unnecessary images
- docker “Pool overlaps with other one on this address space” error or being unable to delete things in Docker Desktop indicates you have ghost docker networks, need to prune
- PARTY NOW RUNNING!
- load balancing ref
Let’s Encrypt time!
- enabled flag in environment variables, quickly got an API timeout
- ECS by default has a “Desired count” of 1, so containers keep spawning and re-running the erroneous encrypt script
- to prevent this, update the service to “number of tasks” 0. Will automatically reset on next Cloudformation update
- jitsi web host uses acme.sh to do lets encrypt keys in init script
- tried alternatives to standalone mode…nginx/webroot, still always get failure
- lets encrypt requires healthy server responding on port 80
- problem is this init script also creates the nginx config files, and if LETS_ENCRYPT flag is true, nginx can’t start without keys. Chicken & egg
About this series
Back in mid-December I started an ambitious project to create a custom platform for a virtual birthday party in February. I kept notes on my progress, both for personal reference and to turn into a series of blog posts. It quickly became apparent that I did not have time to both do the project and blog about the project. I have retroactively decided to post my raw notes as a dev log.