A while ago I blogged about how to set up a Docker host without Visual Studio. Now, half a year later things have changed and so have some steps.
Yesterday I spun up a new Windows 2016 machine (CTP5) from the Azure gallery and (of course) it did not work as expected. Containers were already installed and were up and running, but I could not access it from my local machine.
The steps described in this article on MSDN were already done.
To validate if your Windows Server is correctly configured for containers, run the following command (on the server)
docker search microsoft docker run microsoft/iis
When it pulls the image from DockerHub, it means you docker daemon is working correctly.
Now ….set up you machine for “remote” access. The steps we need to do are:
- Open port 2375 (for HTTP) and/or 2376 (for HTTPS) on the Windows Firewall on the machine itself
- Open port 2375 (for HTTP) and/or 2376 (for HTTPS) on the Network Security Group in the Azure Portal. Just add an inbound Connection to these ports
- Generate Certificates for the docker host. I describe this in the next paragraph
- Configure the docker daemon to listen on the port and use the certficates
- Copy the client certificates to your own PC and run docker
Generate Certficates for the docker host
This is something that I created for the earlier blogpost. With help of OpenSSL you can generate certficates for an azure region. Just clone my Github Repo and run the script GenerateCerts.ps1 . Fill in a password, the path to openssl.exe and openssl.conf (in the tools dir) and set the region (westeurope,northeurope etc.) of where your docker host is running.
The result is a directory with certficate files.
Copy the ca.pem, server-key.pem and server-cert.pem to the directory c:\ProgramData\Docker\certs.d (create if it does not exist yet)
Configure the docker daemon to listen on the port and use the certficates
Now it is time to set up the docker daemon to listen on the right port and to use the certficates. On the docker host, open the file c:\ProgramData\config\daemon.json (or create this if it does not exist which is the case the first time).
If you want to run on HTTP (no certficates) copy the contents of the daemon-http.json to daemon.json or use daemon-https.json for HTTPS (doh!). You can find the template files in the github repo in the configdaemon directory.
Then, Restart the Windows Service [Docker Engine]
The dameon files are described here on MSDN
Copy the client certificates to your own PC and run docker
On your local PC, first test if you can access the remote machine. You can use telnet or powershell for that
telnet <IP/FQDN of AzureMachine> <port 2375 for HTTP/ 2376 for HTTPS>
or in Powershell
Test-NetConnection <IP/FQDN of AzureMachine> -Port <port 2375 for HTTP/ 2376 for HTTPS>
When this is succesfull, copy all the generated certficates (in the certs dir of the Generatecerts.ps1 script) to the directory c:\users\[username]\.docker .
If you have multiple hosts, just create a new directory and put the certifcates there.
Then open a command line and run the docker command with the following options for HTTPS. you can leave out the options when using HTTP.
SET DOCKER_HOST=tcp://<machinename>.westeurope.cloudapp.azure.com:2376 SET DOCKER_TLS_VERIFY=1 set DOCKER_CERT_PATH=C:\Users\rvano\.docker\<directory you created for the certficates> docker search microsoft
When everything went well… it works !
Good luck !