官术网_书友最值得收藏!

Docker as a Windows Service

You can use Docker for Windows on Windows 10 and Windows Server 2016, and it's great for development and test environments. For production environments where you have a headless server with no UI, you can install Docker using a PowerShell module.

On a new installation of Windows Server 2016 core, use the sconfig tool to install all the latest Windows updates, and then run these PowerShell commands:

Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
Install-Package -Name docker -ProviderName DockerMsftProvider

This will configure the server with the necessary Windows features, install Docker, and set it up to run as a Windows service. Depending on how many Windows updates were installed, you may need to reboot the server:

Restart-Computer -Force

When the server is online, check whether Docker is running with docker version, and then try to run a container from the sample image for this chapter:

docker container run dockeronwindows/ch01-whale

I use this configuration for some of my environmentsrunning Windows Server 2016 Core in a lightweight VM, which has only Docker installed. You can use Docker on the server by connecting with Remote Desktop, or you can configure the Docker service to allow remote connections. This is a more advanced setup, but it does give you secure remote access.

It's best to set up the Docker service so that communication with the client is secured using TLS. Clients can connect only if they have the right TLS certificates to authenticate with the service. You can set this up by running these PowerShell commands inside the VM, supplying the VM's external IP address:

$ipAddress = '<vm-ip-address>'

mkdir -p C:\certs\client

docker container run --rm `
--env SERVER_NAME=$(hostname) `
--env IP_ADDRESSES=127.0.0.1,$vm-ip-address `
--volume 'C:\ProgramData\docker:C:\ProgramData\docker' `
--volume 'C:\certs\client:C:\Users\ContainerAdministrator\.docker' `
stefanscherer/dockertls-windows

Restart-Service docker
Don't worry too much about what this command is doing. Over the next few chapters, you'll get a good understanding of all these Docker options. I'm using a Docker image from Stefan Scherer, who is a Microsoft MVP and Docker Captain. The image has a script that secures the Docker service with TLS certificates. You can read more details on Stefan's blog at https://stefanscherer.github.io.

When this command completes, it will have configured the Docker service to allow only secure remote connections and will also have created the certificates that the client needs to use to connect. Copy these certificates from C:\certs\client on the VM onto the machine where you want to use the Docker client.

On the client machine, you can set environment variables to point the Docker client to use a remote Docker service. These commands will set up a remote connection to the VM (assuming you have used the same path for the certificate files on the client):

$ipAddress = '<vm-ip-address>'

$env:DOCKER_HOST='tcp://$($ipAddress):2376'
$env:DOCKER_TLS_VERIFY='1'
$env:DOCKER_CERT_PATH='C:\certs\client'

You can use this approach to securely connect to any remote Docker service. If you don't have access to Windows 10 or Windows Server 2016, you can create a VM on the cloud and connect to it using the same commands.

主站蜘蛛池模板: 桦川县| 余庆县| 石嘴山市| 敦化市| 沈阳市| 团风县| 临颍县| 漳州市| 抚松县| 厦门市| 梅河口市| 伊宁县| 石台县| 达日县| 台前县| 曲周县| 古蔺县| 阳高县| 孝昌县| 文化| 延寿县| 乐清市| 亚东县| 海林市| 阿鲁科尔沁旗| 吉木萨尔县| 温州市| 肇东市| 张家口市| 天台县| 大冶市| 鲁甸县| 万山特区| 花莲市| 青龙| 荥经县| 赫章县| 平原县| 梧州市| 集安市| 麻栗坡县|