Docker registry getsockopt: connection refused

I am attempting to set up my own docker registry on an EC2 instance, Ubuntu Server 16.04. Having followed https://docs.docker.com/registry/deploying/, I currently have nginx running with LetsEncrypt and have successfully started the docker registry service with the docker run command. However, the system responds that the connection is refused when doing docker push.

Below I have substituted my FQDN with docker.example.com but the DNS is resolving correctly.

  • Does docker --rm=true affect caching adversly?
  • Node.js docker container runs when folder is located on desktop but wont in C drive
  • Docker pull is not giving real time downloaded-size/total-size when executed through Node.js child process sync
  • Scheduling Docker containers to Cluster: Swarm or CoreOS?
  • Why are docker layer IDs now hidden with the new storage model?
  • Using fs.stat to get stats from a file inside a docker container directory
  • $ docker run -d -p 5000:5000 --restart=always --name docker-registry -v /etc/letsencrypt/live/docker.example.com:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/fullchain.pem -e REGISTRY_HTTP_TLS_KEY=/certs/privkey.pem registry:2
    $ docker pull ubuntu
    $ docker tag ubuntu docker.example.com:5000/ubuntu
    $ docker push docker.example.com:5000/ubuntu
    The push refers to a repository [docker.example.com:5000/ubuntu]
    Get https://docker.example.com:5000/v1/_ping: dial tcp 54.x.x.x:5000: getsockopt: connection refused
    

    The service appears to be listening.

    $ sudo netstat -tlnp | grep :5000
    tcp6    0     0 :::5000           :::*            LISTEN      9655/docker-proxy
    

    And I can even connect on localhost.

    $ nc -nv 127.0.0.1 5000
    Connection to 127.0.0.1 5000 port [tcp/*] succeeded!
    

    But attempting to connect remotely fails.

    $ nc -nv 54.x.x.x 5000
    nc: connect to 54.x.x.x port 5000 (tcp) failed: Connection refused
    

    The firewall also allows 5000/tcp.

    $ sudo ufw status | grep 5000
    5000/tcp                   ALLOW       Anywhere
    5000/tcp (v6)              ALLOW       Anywhere (v6)
    

    The AWS ACL allows 5000/tcp to everyone (0.0.0.0/0). What am I missing?

  • Device or resource busy - Docker
  • Node webservice in Docker with entrypoint fails but works otherwise
  • Running docker pull on windows 7 behind proxy
  • Docker build produces many unnamed images
  • docker unable to compile program (possibly undefied macro AC_MSG_ERROR)
  • How to map docker images to a dockerfile?
  • Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.