Подсистема Docker в Windows Docker Engine on Windows

Подсистема и клиент Docker не входят в состав Windows, потому их нужно устанавливать и настраивать отдельно. The Docker Engine and client aren’t included with Windows and need to be installed and configured individually. Кроме того, подсистема Docker может принимать множество пользовательских конфигураций. Furthermore, the Docker Engine can accept many custom configurations. Например, можно настроить то, как управляющая программа принимает входящие запросы, сетевые параметры по умолчанию и параметры ведения журнала и отладки. Some examples include configuring how the daemon accepts incoming requests, default networking options, and debug/log settings. В ОС Windows эти конфигурации можно указать в файле конфигурации или с помощью диспетчера служб Windows. On Windows, these configurations can be specified in a configuration file or by using Windows Service control manager. В этом документе объясняется установка и настройка подсистемы Docker; также представлены примеры некоторых часто используемых конфигураций. This document details how to install and configure the Docker Engine, and also provides some examples of commonly used configurations.

Установка Docker Install Docker

Для работы с контейнерами Windows требуется Docker. You need Docker in order to work with Windows Containers. Docker состоит из подсистемы Docker (dockerd.exe) и клиента Docker (docker.exe). Docker consists of the Docker Engine (dockerd.exe), and the Docker client (docker.exe). Самый простой способ установить все необходимые компоненты изложен в кратком руководстве, которое поможет настроить и запустить первый контейнер. The easiest way to get everything installed is in the quickstart guide, which will help you get everything set up and run your first container.

Сведения об установке с помощью сценария см. в разделе Использование сценария для установки Docker EE. For scripted installations, see Use a script to install Docker EE.

Прежде чем использовать Docker, необходимо установить образы контейнеров. Before you can use Docker, you’ll need to install the container images. Дополнительные сведения см. в документации по образам контейнеров. For more information, see docs for our container base images.

Настройка Docker с помощью файла конфигурации Configure Docker with a configuration file

Предпочтительным способом настройки подсистемы Docker в Windows является использование файла конфигурации. The preferred method for configuring the Docker Engine on Windows is using a configuration file. Путь к файлу конфигурации — C:\ProgramData\Docker\config\daemon.json. The configuration file can be found at ‘C:\ProgramData\Docker\config\daemon.json’. Если этот файл еще не существует, его можно создать. You can create this file if it doesn’t already exist.

Не все доступные параметры конфигурации Docker применяются к Docker в Windows. Not every available Docker configuration option applies to Docker on Windows. В примере ниже показаны параметры конфигурации, которые применяются. The following example shows the configuration options that do apply. Дополнительные сведения о конфигурации подсистемы Docker см. в статье Docker daemon configuration file (Файл конфигурации управляющей программы Docker). For more information about Docker Engine configuration, see Docker daemon configuration file.

Достаточно только внести необходимые изменения в файл конфигурации. You only need to add the desired configuration changes to the configuration file. Например, в этом случае подсистема Docker настраивается на прием входящих подключений через порт 2375. For example, the following sample configures the Docker Engine to accept incoming connections on port 2375. В других параметрах конфигурации будут использоваться значения по умолчанию. All other configuration options will use default values.

Аналогично в примере ниже настраивается хранение образов и контейнеров по альтернативному пути в управляющей программе Docker. Likewise, the following sample configures the Docker daemon to keep images and containers in an alternate path. Если оно не указано, по умолчанию используется значение c:\programdata\docker . If not specified, the default is c:\programdata\docker .

В примере ниже управляющая программа Docker настраивается на прием только защищенных подключений через порт 2376. The following sample configures the Docker daemon to only accept secured connections over port 2376.

Настройка Docker в службе Docker Configure Docker on the Docker service

Подсистему Docker можно также настроить, изменив службу Docker командой sc config . The Docker Engine can also be configured by modifying the Docker service with sc config . При использовании этого способа флаги подсистемы Docker задаются непосредственно в службе Docker. Using this method, Docker Engine flags are set directly on the Docker service. Выполните указанную ниже команду в командной строке (cmd.exe, не PowerShell). Run the following command in a command prompt (cmd.exe not PowerShell):

Не нужно выполнять эту команду в том случае, если файл daemon.json уже содержит запись «hosts»: [«tcp://0.0.0.0:2375»] . You don’t need to run this command if your daemon.json file already contains the «hosts»: [«tcp://0.0.0.0:2375»] entry.

Распространенные конфигурации Common configuration

В следующих примерах файла конфигурации представлены распространенные конфигурации Docker. The following configuration file examples show common Docker configurations. Их можно объединить в один файл конфигурации. These can be combined into a single configuration file.

Создание сети по умолчанию Default network creation

Чтобы настроить подсистему Docker таким образом, чтобы не была создана сеть NAT по умолчанию, используйте следующую конфигурацию. To configure the Docker Engine so that it doesn’t create a default NAT network, use the following configuration.

Дополнительные сведения см. в статье Управление сетями Docker. For more information, see Manage Docker Networks.

Задание группы безопасности для Docker Set Docker security group

После входа в систему на узле Docker и запуска команд Docker эти команды выполняются через именованный канал. When you’ve signed in to the Docker host and are locally running Docker commands, these commands are run through a named pipe. По умолчанию только члены группы «Администраторы» могут получить доступ к подсистеме Docker через именованный канал. By default, only members of the Administrators group can access the Docker Engine through the named pipe. Чтобы указать группу безопасности, имеющую такой доступ, используйте флаг group . To specify a security group that has this access, use the group flag.

Конфигурация прокси-сервера Proxy configuration

Чтобы задать данные о прокси-сервере для docker search и docker pull , создайте переменную среды Windows с именем HTTP_PROXY или HTTPS_PROXY и значением, содержащим данные о прокси-сервере. To set proxy information for docker search and docker pull , create a Windows environment variable with the name HTTP_PROXY or HTTPS_PROXY , and a value of the proxy information. Это можно сделать в PowerShell, используя команду следующего вида: This can be completed with PowerShell using a command similar to this:

После задания переменной перезапустите службу Docker. Once the variable has been set, restart the Docker service.

Дополнительные сведения см. в разделе Windows Configuration File (Файл конфигурации Windows) на сайте Docker.com. For more information, see Windows Configuration File on Docker.com.

Удаление Docker How to uninstall Docker

В этом разделе описывается, как удалить Docker и выполнить полную очистку компонентов системы Docker в Windows 10 или Windows Server 2016. This section will tell you how to uninstall Docker and perform a full cleanup of Docker system components from your Windows 10 or Windows Server 2016 system.

Все команды в этих инструкциях необходимо выполнять из сеанса PowerShell с повышенными привилегиями. You must run all commands in these instructions from an elevated PowerShell session.

Подготовка системы к удалению Docker Prepare your system for Docker’s removal

Перед удалением Docker убедитесь, что в системе не запущены контейнеры. Before you uninstall Docker, make sure no containers are running on your system.

Выполните следующие командлеты, чтобы найти работающие контейнеры: Run the following cmdlets to check for running containers:

Кроме того, перед удалением Docker рекомендуется удалить все контейнеры, образы контейнеров, сети и тома из системы. It’s also good practice to remove all containers, container images, networks, and volumes from your system before removing Docker. Это можно сделать, выполнив следующий командлет: You can do this by running the following cmdlet:

Удаление Docker Uninstall Docker

Затем необходимо начать собственно удаление Docker. Next, you’ll need to actually uninstall Docker.

Удаление Docker в Windows 10 To uninstall Docker on Windows 10

• На компьютере с Windows 10 перейдите в раздел Параметры >Приложения. Go to Settings >Apps on your Windows 10 machine
• В разделе Приложения и компоненты найдите пункт Docker для Windows Under Apps & Features, find Docker for Windows
• Последовательно выберите Docker для Windows >Удалить. Go to Docker for Windows >Uninstall

Удаление Docker в Windows Server 2016 To uninstall Docker on Windows Server 2016:

В сеансе PowerShell с повышенными привилегиями используйте командлеты Uninstall-Package и Uninstall-Module, чтобы удалить модуль Docker и соответствующий ему поставщик Управление пакетами из системы, как показано в следующем примере: From an elevated PowerShell session, use the Uninstall-Package and Uninstall-Module cmdlets to remove the Docker module and its corresponding Package Management Provider from your system, as shown in the following example:

Вы можете найти поставщик пакетов, который использовался для установки Docker с помощью команды PS C:\> Get-PackageProvider -Name *Docker* You can find the Package Provider that you used to install Docker with PS C:\> Get-PackageProvider -Name *Docker*

Очистка данных и системных компонентов Docker Clean up Docker data and system components

После удаления Docker необходимо удалить сети Docker по умолчанию, чтобы их конфигурация не оставалась в системе после того, как Docker будет удален. After you uninstall Docker, you’ll need to remove Docker’s default networks so their configuration won’t remain on your system after Docker is gone. Это можно сделать, выполнив следующий командлет: You can do this by running the following cmdlet:

Удалите сети по умолчанию Docker в Windows Server 2016. To remove Docker’s default networks on Windows Server 2016.

Выполните следующий командлет, чтобы удалить программные данные Docker из системы: Run the following cmdlet to remove Docker’s program data from your system:

Можно также удалить необязательные компоненты Windows, связанные с Docker и контейнерами в Windows. You may also want to remove the Windows optional features associated with Docker/containers on Windows.

К ним относится компонент «Контейнеры», который автоматически включается в любом экземпляре Windows 10 или Windows Server 2016 при установке Docker. This includes the «Containers» feature, which is automatically enabled on any Windows 10 or Windows Server 2016 when Docker is installed. Это также может быть компонент «Hyper-V», который автоматически включается в Windows 10 при установке Docker, однако в Windows Server 2016 он включается вручную. It may also include the «Hyper-V» feature, which is automatically enabled on Windows 10 when Docker is installed, but must be explicitly enabled on Windows Server 2016.

Компонент Hyper-V является общим компонентом виртуализации, который обеспечивает гораздо большую функциональность, чем при использовании одних только контейнеров. The Hyper-V feature is a general virtualization feature that enables much more than just containers. Прежде чем отключить Hyper-V, убедитесь, что в системе нет других виртуальных компонентов, которые зависят от Hyper-V. Before disabling the Hyper-V feature, make sure there are no other virtualized components on your system that require Hyper-V.

Удаление компонентов Windows 10 To remove Windows features on Windows 10:

• Выберите последовательно Панель управления >Программы >Программы и компоненты >Включение или отключение компонентов Windows. Go to Control Panel >Programs >Programs and Features >Turn Windows features on or off.
• Найдите имя компонента, который требуется отключить — в данном случае это Контейнеры и (необязательно) Hyper-V. Find the name of the feature or features you want to disable—in this case, Containers and (optionally) Hyper-V.
• Снимите флажок рядом с именем компонента, который нужно отключить. Uncheck the box next to the name of the feature you want to disable.
• Нажмите кнопку ОК. Select «OK»

Удаление компонентов Windows Server 2016 To remove Windows features on Windows Server 2016:

В сеансе PowerShell с повышенными привилегиями выполните следующие командлеты, чтобы отключить компоненты Контейнеры и (необязательно) Hyper-V. From an elevated PowerShell session, run the following cmdlets to disable the Containers and (optionally) Hyper-V features from your system:

Перезагрузка системы Reboot your system

Чтобы завершить удаление компонентов и очистить систему, выполните следующий командлет из сеанса PowerShell с повышенными привилегиями для перезагрузки системы: To finish uninstallation and cleanup, run the following cmdlet from an elevated PowerShell session to reboot your system:

Docker Desktop for Windows user manual

Estimated reading time: 16 minutes

Welcome to Docker Desktop! The Docker Desktop for Windows user manual provides information on how to configure and manage your Docker Desktop settings.

For information about Docker Desktop download, system requirements, and installation instructions, see Install Docker Desktop.

Settings

The Docker Desktop menu allows you to configure your Docker settings such as installation, updates, version channels, Docker Hub login, and more.

This section explains the configuration options accessible from the Settings dialog.

Open the Docker Desktop menu by clicking the Docker icon in the Notifications area (or System tray):

Select Settings to open the Settings dialog:

General

On the General tab of the Settings dialog, you can configure when to start and update Docker.

Automatically check for updates: By default, Docker Desktop is configured to check for newer versions automatically. If you have installed Docker Desktop as part of an organization, you may not be able to update Docker Desktop yourself. In that case, upgrade your existing organization to a Team plan and clear this checkbox to disable the automatic check for updates.

Start Docker when you log in: Select this option to automatically start Docker Desktop when you log into your Windows machine.

Expose daemon on tcp://localhost:2375 without TLS: Click this option to enable legacy clients to connect to the Docker daemon. You must use this option with caution as exposing the daemon without TLS can result in remote code execution attacks.

Use the WSL 2 based engine: WSL 2 provides better performance than the legacy Hyper-V backend. For more information, see Docker Desktop WSL 2 backend.

Send usage statistics: By default, Docker Desktop sends diagnostics, crash reports, and usage data. This information helps Docker improve and troubleshoot the application. Clear the check box to opt out. Docker may periodically prompt you for more information.

Show weekly tips: Displays useful advice and suggestions about using Docker.

Open Docker Desktop dashboard at startup: Automatically opens the dashboard when starting Docker Desktop.

Resources

The Resources tab allows you to configure CPU, memory, disk, proxies, network, and other resources. Different settings are available for configuration depending on whether you are using Linux containers in WSL 2 mode, Linux containers in Hyper-V mode, or Windows containers.

Advanced

The Advanced tab is only available in Hyper-V mode, because in WSL 2 mode and Windows container mode these resources are managed by Windows. In WSL 2 mode, you can configure limits on the memory, CPU, and swap size allocated to the WSL 2 utility VM.

Use the Advanced tab to limit resources available to Docker.

CPUs: By default, Docker Desktop is set to use half the number of processors available on the host machine. To increase processing power, set this to a higher number; to decrease, lower the number.

Memory: By default, Docker Desktop is set to use 2 GB runtime memory, allocated from the total available memory on your machine. To increase the RAM, set this to a higher number. To decrease it, lower the number.

Swap: Configure swap file size as needed. The default is 1 GB.

Disk image size: Specify the size of the disk image.

Disk image location: Specify the location of the Linux volume where containers and images are stored.

You can also move the disk image to a different location. If you attempt to move a disk image to a location that already has one, you get a prompt asking if you want to use the existing image or replace it.

File sharing

The File sharing tab is only available in Hyper-V mode, because in WSL 2 mode and Windows container mode all files are automatically shared by Windows.

Use File sharing to allow local directories on Windows to be shared with Linux containers. This is especially useful for editing source code in an IDE on the host while running and testing the code in a container. Note that configuring file sharing is not necessary for Windows containers, only Linux containers. If a directory is not shared with a Linux container you may get file not found or cannot start service errors at runtime. See Volume mounting requires shared folders for Linux containers.

File share settings are:

Add a Directory: Click + and navigate to the directory you want to add.

Apply & Restart makes the directory available to containers using Docker’s bind mount ( -v ) feature.

Tips on shared folders, permissions, and volume mounts

Share only the directories that you need with the container. File sharing introduces overhead as any changes to the files on the host need to be notified to the Linux VM. Sharing too many files can lead to high CPU load and slow filesystem performance.

Shared folders are designed to allow application code to be edited on the host while being executed in containers. For non-code items such as cache directories or databases, the performance will be much better if they are stored in the Linux VM, using a data volume (named volume) or data container.

Docker Desktop sets permissions to read/write/execute for users, groups and others 0777 or a+rwx. This is not configurable. See Permissions errors on data directories for shared volumes.

Windows presents a case-insensitive view of the filesystem to applications while Linux is case-sensitive. On Linux it is possible to create 2 separate files: test and Test , while on Windows these filenames would actually refer to the same underlying file. This can lead to problems where an app works correctly on a developer Windows machine (where the file contents are shared) but fails when run in Linux in production (where the file contents are distinct). To avoid this, Docker Desktop insists that all shared files are accessed as their original case. Therefore if a file is created called test , it must be opened as test . Attempts to open Test will fail with “No such file or directory”. Similarly once a file called test is created, attempts to create a second file called Test will fail.

Shared folders on demand

You can share a folder “on demand” the first time a particular folder is used by a container.

If you run a Docker command from a shell with a volume mount (as shown in the example below) or kick off a Compose file that includes volume mounts, you get a popup asking if you want to share the specified folder.

You can select to Share it, in which case it is added your Docker Desktop Shared Folders list and available to containers. Alternatively, you can opt not to share it by selecting Cancel.

Proxies

Docker Desktop lets you configure HTTP/HTTPS Proxy Settings and automatically propagates these to Docker. For example, if you set your proxy settings to http://proxy.example.com , Docker uses this proxy when pulling containers.

Your proxy settings, however, will not be propagated into the containers you start. If you wish to set the proxy settings for your containers, you need to define environment variables for them, just like you would do on Linux, for example:

For more information on setting environment variables for running containers, see Set environment variables.

Network

The Network tab is not available in Windows container mode because networking is managed by Windows.

You can configure Docker Desktop networking to work on a virtual private network (VPN). Specify a network address translation (NAT) prefix and subnet mask to enable Internet connectivity.

DNS Server: You can configure the DNS server to use dynamic or static IP addressing.

Some users reported problems connecting to Docker Hub on Docker Desktop. This would manifest as an error when trying to run docker commands that pull images from Docker Hub that are not already downloaded, such as a first time run of docker run hello-world . If you encounter this, reset the DNS server to use the Google DNS fixed address: 8.8.8.8 . For more information, see Networking issues in Troubleshooting.

Updating these settings requires a reconfiguration and reboot of the Linux VM.

WSL Integration

In WSL 2 mode, you can configure which WSL 2 distributions will have the Docker WSL integration.

By default, the integration will be enabled on your default WSL distribution. To change your default WSL distro, run wsl —set-default . (For example, to set Ubuntu as your default WSL distro, run wsl —set-default ubuntu ).

You can also select any additional distributions you would like to enable the WSL 2 integration on.

For more details on configuring Docker Desktop to use WSL 2, see Docker Desktop WSL 2 backend.

Docker Engine

The Docker Engine page allows you to configure the Docker daemon to determine how your containers run.

Type a JSON configuration file in the box to configure the daemon settings. For a full list of options, see the Docker Engine dockerd commandline reference.

Click Apply & Restart to save your settings and restart Docker Desktop.

Command Line

On the Command Line page, you can specify whether or not to enable experimental features.

You can toggle the experimental features on and off in Docker Desktop. If you toggle the experimental features off, Docker Desktop uses the current generally available release of Docker Engine.

Experimental features

Experimental features provide early access to future product functionality. These features are intended for testing and feedback only as they may change between releases without warning or can be removed entirely from a future release. Experimental features must not be used in production environments. Docker does not offer support for experimental features.

For a list of current experimental features in the Docker CLI, see Docker CLI Experimental features.

Run docker version to verify whether you have enabled experimental features. Experimental mode is listed under Server data. If Experimental is true , then Docker is running in experimental mode, as shown here:

Kubernetes

The Kubernetes tab is not available in Windows container mode.

Docker Desktop includes a standalone Kubernetes server that runs on your Windows machince, so that you can test deploying your Docker workloads on Kubernetes. To enable Kubernetes support and install a standalone instance of Kubernetes running as a Docker container, select Enable Kubernetes.

For more information about using the Kubernetes integration with Docker Desktop, see Deploy on Kubernetes.

Reset

The Restart Docker Desktop and Reset to factory defaults options are now available on the Troubleshoot menu. For information, see Logs and Troubleshooting.

Troubleshoot

Visit our Logs and Troubleshooting guide for more details.

Log on to our Docker Desktop for Windows forum to get help from the community, review current user topics, or join a discussion.

Log on to Docker Desktop for Windows issues on GitHub to report bugs or problems and review community reported issues.

For information about providing feedback on the documentation or update it yourself, see Contribute to documentation.

Switch between Windows and Linux containers

From the Docker Desktop menu, you can toggle which daemon (Linux or Windows) the Docker CLI talks to. Select Switch to Windows containers to use Windows containers, or select Switch to Linux containers to use Linux containers (the default).

For more information on Windows containers, refer to the following documentation:

Microsoft documentation on Windows containers.

Build and Run Your First Windows Server Container (Blog Post) gives a quick tour of how to build and run native Docker Windows containers on Windows 10 and Windows Server 2016 evaluation releases.

Getting Started with Windows Containers (Lab) shows you how to use the MusicStore application with Windows containers. The MusicStore is a standard .NET application and, forked here to use containers, is a good example of a multi-container application.

To understand how to connect to Windows containers from the local host, see Limitations of Windows containers for localhost and published ports

Settings dialog changes with Windows containers

When you switch to Windows containers, the Settings dialog only shows those tabs that are active and apply to your Windows containers:

If you set proxies or daemon configuration in Windows containers mode, these apply only on Windows containers. If you switch back to Linux containers, proxies and daemon configurations return to what you had set for Linux containers. Your Windows container settings are retained and become available again when you switch back.

Dashboard

The Docker Desktop Dashboard enables you to interact with containers and applications and manage the lifecycle of your applications directly from your machine. The Dashboard UI shows all running, stopped, and started containers with their state. It provides an intuitive interface to perform common actions to inspect and manage containers and Docker Compose applications. For more information, see Docker Desktop Dashboard.

Docker Hub

Select Sign in /Create Docker ID from the Docker Desktop menu to access your Docker Hub account. Once logged in, you can access your Docker Hub repositories directly from the Docker Desktop menu.

For more information, refer to the following Docker Hub topics:

Two-factor authentication

Docker Desktop enables you to sign into Docker Hub using two-factor authentication. Two-factor authentication provides an extra layer of security when accessing your Docker Hub account.

You must enable two-factor authentication in Docker Hub before signing into your Docker Hub account through Docker Desktop. For instructions, see Enable two-factor authentication for Docker Hub.

After you have enabled two-factor authentication:

Go to the Docker Desktop menu and then select Sign in / Create Docker ID.

Enter your Docker ID and password and click Sign in.

After you have successfully signed in, Docker Desktop prompts you to enter the authentication code. Enter the six-digit code from your phone and then click Verify.

After you have successfully authenticated, you can access your organizations and repositories directly from the Docker Desktop menu.

Adding TLS certificates

You can add trusted Certificate Authorities (CAs) to your Docker daemon to verify registry server certificates, and client certificates, to authenticate to registries.

How do I add custom CA certificates?

Docker Desktop supports all trusted Certificate Authorities (CAs) (root or intermediate). Docker recognizes certs stored under Trust Root Certification Authorities or Intermediate Certification Authorities.

Docker Desktop creates a certificate bundle of all user-trusted CAs based on the Windows certificate store, and appends it to Moby trusted certificates. Therefore, if an enterprise SSL certificate is trusted by the user on the host, it is trusted by Docker Desktop.

To learn more about how to install a CA root certificate for the registry, see Verify repository client with certificates in the Docker Engine topics.

How do I add client certificates?

You can add your client certificates in

/client.key . You do not need to push your certificates with git commands.

When the Docker Desktop application starts, it copies the

/.docker/certs.d folder on your Windows system to the /etc/docker/certs.d directory on Moby (the Docker Desktop virtual machine running on Hyper-V).

You need to restart Docker Desktop after making any changes to the keychain or to the

/.docker/certs.d directory in order for the changes to take effect.

The registry cannot be listed as an insecure registry (see Docker Daemon). Docker Desktop ignores certificates listed under insecure registries, and does not send client certificates. Commands like docker run that attempt to pull from the registry produce error messages on the command line, as well as on the registry.

To learn more about how to set the client TLS certificate for verification, see Verify repository client with certificates in the Docker Engine topics.

Where to go next

Try out the walkthrough at Get Started.

Dig in deeper with Docker Labs example walkthroughs and source code.