It's easy to install Docker on Windows 10 and Windows Server 2016. On these operating systems, you can use the Docker for Windows installer, which sets up all the prerequisites, deploys the latest version of Docker CE, and gives you some useful options to manage image repositories and remote swarms with Docker Cloud.
In production, you should ideally use Windows Server 2016 Core, the installation with no UI. This reduces the attack surface and the amount of Windows updates your server will need. If you move all your apps to Docker, you won't need any other Windows features installed; you'll just have Docker EE running as a Windows service.
I'll walk through both these installation options and show you a third option using a VM in Azure, which is useful if you want to try Docker but don't have access to Windows 10 or Windows Server 2016.
Note
There is a fantastic online Docker playground at https://dockr.ly/play-with-docker. Windows support is currently in beta, and it's a great way to try Docker without having to make any investment - you just browse the site and get started.
Docker for Windows is available from Docker Store—navigate to https://dockr.ly/docker-for-windows. You can choose between the Stable channel and the Edge channel. Both channels give you Docker CE, but the Edge channel follows the monthly release cycle, and you will get experimental features. The Stable channel follows the EE release cycle, with quarterly updates.
Note
You should use the Edge channel in development if you want to work with the latest features. In test and production, you will use Docker EE, so you need to be careful that you don't use features in development that are not yet available in EE.
Download and run the installer. The installer will verify that you can run Docker in your setup and will configure the Windows features needed to support Docker. When Docker is running, you will see a whale icon in the notification bar, which you can click on for options:
You need to select Switch to Windows containers before you do anything else. Docker for Windows can run Linux containers by running Docker inside a Linux VM on your machine. That's great to test out Linux apps to see how they run in containers, but this book is all about Windows containers - switch over, and Docker will remember that setting in future.
While Docker for Windows is running, you can open Command Prompt or a PowerShell session and start working with containers. First, verify that everything is working as expected by running docker version. You should see output similar to this:
> docker version Client: Version: 17.06.0-ce API version: 1.30 Go version: go1.8.3 Git commit: 02c1d87 Built: Fri Jun 23 21:30:30 2017 OS/Arch: windows/amd64 Server: Version: 17.06.0-ce API version: 1.30 (minimum version 1.24) Go version: go1.8.3 Git commit: 02c1d87 Built: Fri Jun 23 22:19:00 2017 OS/Arch: windows/amd64 Experimental: true
Note
The output tells you the version of the command-line client and the Docker service. The operating system field should read Windows for both; if not, then you may be in Linux mode, and you'll need to switch to Windows containers.
Now run a simple container:
docker container run dockeronwindows/ch01-whaleThis uses a public image on Docker Cloud—one of the sample images for this book, which Docker will pull the first time you use it. If you don't have any other images, this will take few minutes, as it will also download the Microsoft Nano Server image that my image uses as a base. When the container runs, it shows some ASCII art and then exits. Run the same command again, and you will see that it executes much more quickly as the images are now cached locally.
That's all the setup you need. Docker for Windows also contains the Docker Compose tool I'll be using later in the book, so you're all set to follow along with the code samples.
You can use Docker for Windows on Windows 10 and Windows Server 2016, and it's great for development and test environments. For production environments where you have a headless server with no UI, you can install Docker using a PowerShell module.
On a new installation of Windows Server 2016 core, use the sconfig tool to install all the latest Windows updates, and then run these PowerShell commands:
Install-Module -Name DockerMsftProvider -Repository PSGallery -Force Install-Package -Name docker -ProviderName DockerMsftProvider
This will configure the server with the necessary Windows features, install Docker, and set it up to run as a Windows service. Depending on how many Windows updates were installed, you may need to reboot the server:
Restart-Computer -ForceWhen the server is online, check whether Docker is running with docker version, and then try to run a container from the sample image for this chapter:
docker container run dockeronwindows/ch01-whaleI use this configuration for some of my environments—running Windows Server 2016 Core in a lightweight VM, which has only Docker installed. You can use Docker on the server by connecting with Remote Desktop, or you can configure the Docker service to allow remote connections. This is a more advanced setup, but it does give you secure remote access.
It's best to set up the Docker service so that communication with the client is secured using TLS. Clients can connect only if they have the right TLS certificates to authenticate with the service. You can set this up by running these PowerShell commands inside the VM, supplying the VM's external IP address:
$ipAddress = '<vm-ip-address>' mkdir -p C:\certs\client docker container run --rm ` --env SERVER_NAME=$(hostname) ` --env IP_ADDRESSES=127.0.0.1,$vm-ip-address ` --volume 'C:\ProgramData\docker:C:\ProgramData\docker' ` --volume 'C:\certs\client:C:\Users\ContainerAdministrator\.docker' ` stefanscherer/dockertls-windows Restart-Service docker
Note
Don't worry too much about what this command is doing. Over the next few chapters, you'll get a good understanding of all these Docker options. I'm using a Docker image from Stefan Scherer, who is a Microsoft MVP and Docker Captain. The image has a script that secures the Docker service with TLS certificates. You can read more details on Stefan's blog at https://stefanscherer.github.io.
When this command completes, it will have configured the Docker service to allow only secure remote connections and will also have created the certificates that the client needs to use to connect. Copy these certificates from C:\certs\client on the VM onto the machine where you want to use the Docker client.
On the client machine, you can set environment variables to point the Docker client to use a remote Docker service. These commands will set up a remote connection to the VM (assuming you have used the same path for the certificate files on the client):
$ipAddress = '<vm-ip-address>' $env:DOCKER_HOST='tcp://$($ipAddress):2376' $env:DOCKER_TLS_VERIFY='1' $env:DOCKER_CERT_PATH='C:\certs\client'
You can use this approach to securely connect to any remote Docker service. If you don't have access to Windows 10 or Windows Server 2016, you can create a VM on the cloud and connect to it using the same commands.
Microsoft makes it easy to run Docker in Azure. They provide a VM image with Docker installed and configured and with the base Windows images already pulled so you can get started quickly.
For testing and exploring, I always use DevTest labs in Azure. It's a great feature for non-production environments. By default, any VMs you create in a DevTest lab will be turned off every evening, so you don't end up with a big Azure bill from a VM you used for a few hours and forgot to turn off.
You can create a DevTest Lab through the Azure Portal and then create a VM from Microsoft's VM image Windows Server 2016 Datacenter - with Containers. As an alternative to the Azure Portal, you can use the az command-line to manage the DevTest lab. I've packaged az in a Docker image, which you can run in a Windows container:
docker run -it dockeronwindows/ch01-azThis runs an interactive Docker container that has the az command packaged and ready to use. Run az login, and you'll need to open a browser and authenticate the Azure CLI. Then, you can run this in the container to create a VM:
az lab vm create ` --lab-name docker-on-win --resource-group docker-on-winRG236992 ` --name dow-vm-01 ` --image 'Windows Server 2016 Datacenter - with Containers' ` --image-type gallery --size Standard_DS2 ` --admin-username 'elton' --admin-password 'S3crett20!7'
The VM uses the full Windows Server 2016 installation with the UI, so you can connect to the machine with RDP, open a PowerShell cmdlet, and start using Docker right away. Just like the other options, you can check whether Docker is running with docker version and then run a container from the sample image for this chapter:
docker container run dockeronwindows/ch01-whaleIf an Azure VM is your preferred option, you can follow the steps from the previous section to secure the Docker API for remote access. This way, you can run the Docker command-line on your laptop to manage containers on the cloud.