All Products
Document Center

Pull NGINX images from Docker Hub

Last Updated: Sep 20, 2019

This topic describes how to pull an image from Docker Hub and create a container group quickly by using the default or minimal settings for some parameters.


You must have activated the Elastic Container Instance (ECI) and Resource Access Management (RAM) services. In addition, you must have assigned an RAM role to the ECI service.

Specifically, you must enable public network access for the specified VPC.

ECI does not provide additional network links for image pulling. It uses the VPC network that you specify. When you need to pull an image from Docker Hub or an external image repository, your VPC must be able to access the public network. For information about how to configure public network access, click here.


Go to the ECI sales page

Go to the ECI sales page.

Step 1: Select a region and a zone

Select the region and zone where you want to deploy the container group. For more information about the supported regions and zones, see Regions and zones.

We recommend that you choose the most recent zones that meet your business requirements, as these have more resources.


Step 2: Select a VPC and a VSwitch

After you select a VPC and a VSwitch in the region and zone, the CIDR block and other information about the VPC are displayed on the page. If no VPC or VSwitch is available in the region and zone, create a VPC and a VSwitch in the console.

Click here to see how to create a VPC.

Click here to see how to create a VSwitch.


(Optional) Step 3: Bind an EIP

If you need to pull public images from Docker Hub, your VPC must have access to the public network. To get access to the public network, configure an NAT gateway and bind an EIP to it or directly mount an EIP to the container group.

Click here to see how to create an NAT gateway. You do not need to mount an EIP to each container group if you have created an NAT gateway for your VPC, bound an EIP to the gateway, and set SNAT rules.


Step 4: Select a security group

Select a security group for the VPC. A security group is a virtual firewall that provides state detection and data packet filtering and isolates security zones in the cloud. You can set rules for a security group to allow or disallow access to the public or private network from container groups in the security group as well as access between different container groups.

To allow access to container groups in a VPC from the public network, you need to expose the corresponding service ports in the security group rules. For example, if an NGINX container is deployed in a container group, you need to allow access to port 80 from the public network in the security group rule.

Click here for more information about security groups.


Step 5: Select an image

Set names for the container group and the containers in the group. Then, select the image type and version from Docker Hub.


Step 6: Select the number of vCPUs and memory size for the container group

Select the number of vCPUs and memory size for the container group. The minimum specifications are 2 vCPUs and 4 GB memory.


Step 7: Confirm the configuration

Click Confirm Configuration. On the page that appears, verify that the configuration is correct, and then click Create ECI to submit the order.