A very simple nginx proxy that forwards requests to AWS ECR and caches the responses locally.

Run it like this, replace UPSTREAM with your target address with following required params:

• AWS_REGION
• AWS_ACCESS_KEY_ID
• AWS_SECRET_ACCESS_KEY

It is also possible to define CACHE_MAX_SIZE env to limit maximum cache size on provided volume

For example:

docker run --rm --name docker-registry-proxy --net=host \
  -v /local-storage/cache:/cache \
  -e PORT=5000 \
  -e RESOLVER=8.8.8.8 \
  -e UPSTREAM=https://XXXXXXXXXX.dkr.ecr.eu-central-1.amazonaws.com \
  -e AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} \
  -e AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} \
  -e AWS_REGION=${AWS_DEFAULT_REGION} \
  -e CACHE_MAX_SIZE=100g \
  esailors/aws-ecr-http-proxy:latest

If you ran this command on "registry-proxy.example.com" you can now get your images using docker pull registry-proxy.example.com:5000/repo/image.

Modify the ansible role variables according to your need and run the playbook as follow:

ansible-playbook -i hosts playbook-docker-registry-proxy.yaml

The docker registry for project is available here

The proxy has HTTP endpoint so in order to avoid docker client complaining about it either mark the registry host as insecure in your deamon config or add SSL/TLS termination