docker for windows server

09 May 2017


1 install


Install-PackageProvider -Name NuGet -MinimumVersion -Force
Install-Module -Name DockerMsftProvider -Force
Install-Package -Name docker -ProviderName DockerMsftProvider -Force
Restart-Computer -Force
# Open firewall port 2375
netsh advfirewall firewall add rule name="docker engine" dir=in action=allow protocol=TCP localport=2375

# Configure Docker daemon to listen on both pipe and TCP (replaces docker --register-service invocation above)
Stop-Service docker
dockerd --unregister-service
dockerd -H npipe:// -H --register-service
Start-Service docker

2 管理

3 config

Windows configuration file or

The default location of the configuration file on Windows is %programdata%\docker\config\daemon.json. The –config-file flag can be used to specify a non-default location. This is a full example of the allowed configuration options on Windows:

    "hosts": ["tcp://", "npipe://"],
    "graph": "d:\\dockergraph",                               //镜像文件保存位置
    "registry-mirrors": ["https://***"],  //阿里云代理
    "tlscacert": "C:\\ProgramData\\docker\\certs.d\\ca.pem",       //证书
    "tlscert": "C:\\ProgramData\\docker\\certs.d\\server-cert.pem",
    "tlskey": "C:\\ProgramData\\docker\\certs.d\\server-key.pem",

4 远程管理docker

4.1 非安全


在容器主机上为 Docker 连接创建防火墙规则。 这将是用于不安全连接的端口 2375,或用于安全连接的端口 2376。

netsh advfirewall firewall add rule name="Docker daemon " dir=in action=allow protocol=TCP localport=2375

# 修改配置文件
new-item -Type File c:\ProgramData\docker\config\daemon.json
Add-Content 'c:\programdata\docker\config\daemon.json' '{ "hosts": ["tcp://", "npipe://"] }'

Restart-Service docker


docker -H tcp://<IPADDRESS>:2375 images

4.2 安全

mkdir server  
mkdir client\.docker  

docker run --rm `
  -e SERVER_NAME=$(hostname) `
  -v "$(pwd)\server:C:\ProgramData\docker" `
  -v "$(pwd)\client\.docker:C:\Users\ContainerAdministrator\.docker" `


cp client\.docker\*  $env:USERPROFILE\.docker
docker -H tcp://*.*.*.*:23  --tlsverify images

服务端 edit c:\ProgramData\docker\config\daemon.json

    "graph": "e:\\dockergraph",
    "hosts": ["tcp://", "npipe://"],
    "registry-mirrors": [""],
    "tlsverify": true,
    "tlscacert": "C:\\ProgramData\\docker\\certs.d\\ca.pem",
    "tlscert": "C:\\ProgramData\\docker\\certs.d\\server-cert.pem",
    "tlskey": "C:\\ProgramData\\docker\\certs.d\\server-key.pem"

##2.5 使用代理

[Environment]::SetEnvironmentVariable("HTTP_PROXY", "http://username:password@proxy:port/", [EnvironmentVariableTarget]::Machine)
Restart-Service docker