Set up a Windows Docker host in Azure and connect from your local computer

A while ago I blogged about how to set up a Docker host without Visual Studio. Now, half a year later things have changed and so have some steps.

Yesterday I spun up a new Windows 2016 machine (CTP5) from the Azure gallery and (of course) it did not work as expected. Containers were already installed and were up and running, but I could not access it from my local machine.

The steps described in this article on MSDN were already done.

To validate if your Windows Server is correctly configured for containers, run the following command (on the server)

docker search microsoft
docker run microsoft/iis

When it pulls the image from DockerHub, it means you docker daemon is working correctly.

Now ….set up you machine for “remote” access. The steps we need to do are:

  • Open port 2375 (for HTTP) and/or 2376 (for HTTPS) on the Windows Firewall on the machine itself
  • Open port 2375 (for HTTP) and/or 2376 (for HTTPS) on the Network Security Group in the Azure Portal. Just add an inbound Connection to these ports
    ports
  • Generate Certificates for the docker host. I describe this in the next paragraph
  • Configure the docker daemon to listen on the port and use the certficates
  • Copy the client certificates to your own PC and run docker

Generate Certficates for the docker host

This is something that I created for the earlier blogpost. With help of OpenSSL you can generate certficates for an azure region. Just clone my Github Repo and run the script GenerateCerts.ps1 . Fill in a password, the path to openssl.exe and openssl.conf (in the tools dir) and set the region (westeurope,northeurope etc.) of where your docker host is running.

The result is a directory with certficate files.

Copy the ca.pem, server-key.pem and server-cert.pem to the directory c:\ProgramData\Docker\certs.d (create if it does not exist yet)

cert

Configure the docker daemon to listen on the port and use the certficates

Now it is time to set up the docker daemon to listen on the right port and to use the certficates. On the docker host, open the file c:\ProgramData\config\daemon.json (or create this if it does not exist which is the case the first time).

If you want to run on HTTP (no certficates) copy the contents of the daemon-http.json to daemon.json or use daemon-https.json for HTTPS (doh!). You can find the template files in the github repo in the configdaemon directory.

Then, Restart the Windows Service [Docker Engine]

The dameon files are described here on MSDN

Copy the client certificates to your own PC and run docker

On your local PC, first test if you can access the remote machine. You can use telnet or powershell for that

telnet <IP/FQDN of AzureMachine> <port 2375 for HTTP/ 2376 for HTTPS>

or in Powershell

Test-NetConnection <IP/FQDN of AzureMachine> -Port <port 2375 for HTTP/ 2376 for HTTPS>

When this is succesfull, copy all the generated certficates (in the certs dir of the Generatecerts.ps1 script)  to the directory c:\users\[username]\.docker .

If you have multiple hosts, just create a new directory and put the certifcates there.

Then open a command line and run the docker command with the following options for HTTPS. you can leave out the options when using HTTP.

SET DOCKER_HOST=tcp://<machinename>.westeurope.cloudapp.azure.com:2376
SET DOCKER_TLS_VERIFY=1
set DOCKER_CERT_PATH=C:\Users\rvano\.docker\<directory you created for the certficates>

docker search microsoft

When everything went well… it works !

Good luck !

 

 

 

 

Advertisements

5 Responses to “Set up a Windows Docker host in Azure and connect from your local computer”

  1. Hi Rene. I could not find daemon-http.json and daemon-https.json in GitHub repository. would you please provide a link where these files are located.

    Thanks,
    Kalpesh

  2. Thank you for the link. I created a VM in AZURE with “Window Server 2016 Datacenter with Containers”. This VM comes with Docker service preinstalled, but it is not configured for remote access. I am trying to make it remotely accessible so that I can connect to it from my local. I created daemon.json file in c:\ProgramData\config (it did not exist there) and copied all content of daemon-http.json in it as is. When I try to start Docker service after that the service does not start, giving error message “Error 1067: The process terminated unexpectedly.” There is not much information in the event log as why the service not starting up. any suggestions what I might be doing wrong here?

    Thanks,
    Kalpesh

  3. There were some hidden characters in daemon.json file I created. I removed those using notepad++ and was able to start Docker service after that.

Trackbacks/Pingbacks

  1. Set up a Windows Docker host in Azure and connect from your local computer - How to Code .NET - September 20, 2016

    […] on September 19, 2016 submitted by /u/rschiefer [link] [comments] Leave a […]

%d bloggers like this: