How to set up Docker containers on Windows Server

Why use Docker containers on Windows Server?

Docker started on Linux because the project developers used that platform. They found it beneficial to use Linux's native functionality to segment and protect the containers from each other and the OS.

However, sometimes containers need to run on Windows. This often occurs when the application needs to use Windows-only technologies such as ASP.NET or Windows Management Instrumentation. Many major applications that were written in ASP.NET are still in use. Containerization offers a way to manage these ASP.NET programs in a controlled environment. Every container deployed will be identical. An organization can have the ideal situation by deploying known good containers that are not subject to unexpected changes and updates.

There are many benefits to using Docker on Windows. Windows containers are lightweight packages with only the necessary services and application code to shorten deployments from hours to seconds. Updates are streamlined into the container image. If a container image is bad, it does not take long to revert to the previous image. The speed and convenience of containers are not possible with VMs. It's all about providing a service rather than the VM.

How do Docker containers work on Windows?

Docker's tight integration with Linux meant that the system resources and APIs that a Windows container would expect don't exist. Microsoft had to devise a way to run Docker on Windows Server to handle the cornerstone technologies of several Microsoft products, such as Internet Information Services (IIS) and Active Server Pages (ASP).

Four container base images are available to run Docker on Windows: Nano Core, Server Core, Windows and Windows Server. The Docker Hub repository holds Microsoft's official Windows-based Docker images at this link. These images have no GUI and have varying Windows API sets. The lightest is Nano Server, which is suited for application developers. Server Core is the next largest and suited for Windows Server apps. Windows is the largest and has complete Windows API support. The Windows Server base image also has full Windows API support and is suited for workloads that need server features. This link provides more details on the specifics of each image and which might be a better fit for a particular situation.  

Following certain guidelines is recommended for optimal results. While running Linux and Windows containers on the same host is possible, it's not a good idea or best practice. From an administrator's standpoint, it is easier to run containers for different OSes on separate servers running their native OS.

Microsoft added Linux functionality to Windows with the Windows Subsystem for Linux, but the company does not recommend it for running Linux containers on Windows Server in production.

What are the requirements to run Docker on Windows Server?

The following are the basic requirements for running Docker containers on Windows Server.

• Windows Server OS. Docker can run on Windows Server 2016, 2019, 2022 and 2025 with the Hyper-V role installed to use Hyper-V isolation.
• Hardware. A Windows container host running from a Hyper-V VM with Hyper-V isolation must use nested virtualization, which requires at least 4 GB RAM.
• Supported Docker container runtime.

How to set up Docker on Windows Server

You can install Docker on Windows in several ways. The easiest method is to use the Microsoft scripts, which do all the heavy lifting for the administrator.

The Microsoft script installs the open source container management tools as a Windows service on a standard Hyper-V VM or physical host. Don't install Docker Desktop, a tool for developers to deploy containers that is not designed for production workloads.

How to set up Docker on Windows Server

To install Docker on Windows Server 2022, start a PowerShell session with elevated privileges and run the following command to download the Docker install script from the Microsoft repository on GitHub:

Invoke-WebRequest -UseBasicParsing "https://raw.githubusercontent.com/microsoft/Windows-Containers/Main/helpful_tools/Install-DockerCE/install-docker-ce.ps1" -o install-docker-ce.ps1

In the same admin PowerShell window, run the script using the following command, which will reboot the host to complete the installation: 

.\install-docker-ce.ps1

The install script adds Docker as a Windows service and sets up the Docker network. By default, all Docker containers have a separate network that is proxied via the host.

Check the Docker container host by running the hello-world image:

docker run hello-world

If you see introductory text about Docker, then everything should function properly.

How to install and run a Docker container on Windows

When running Docker on Windows, the administrator can run both Windows and Linux-based images.

The docker.exe basic command line usage options are the same as those for Linux.

To view the running containers, use the docker ps command.

Use the docker run <container name> command to start a container.

Some of the differences between Docker for Windows and Linux are noticeable and important. Windows does not have bash, the Bourne Again Shell. The shell installed in Windows containers is PowerShell. We can run the Server Core image with an interactive shell to demonstrate this.

docker run -it mcr.microsoft.com/windows/servercore:ltsc2022 powershell

For new Docker users, exercise caution at this point. After running the command, it might appear they are at the host machine's command prompt, but they are inside the Docker container. If the administrator uses the hostname command from the command line, it will show the container ID, not the host name. This can be a point of confusion for administrators new to Docker.

Each container has a unique identifier. Docker's default behavior is to give the docker container the name of the unique identifier, such as 435523445. Running the hostname command will show 435523445. The command line looks identical in both the container and the host. Be careful to make sure you know where you are before executing any critical commands.

Similar to Linux, admins should do nothing besides run and remove containers. This mindset differs from managing VMs, which require more care and feeding. Containers are designed to be disposable. A specific instance might last minutes, hours, days or even weeks. Eventually, you build a new container to replace the old one. Administrators shouldn't tweak containers because any modifications made in the previous container will be lost.

Taking things further, the administrator can run a base IIS container by using a command. To use this example requires a folder called c:\wwwdata. The following Docker command creates and runs a container named myIISTest from the specific IIS image, exposing the container port 80 to the host's port 8081, mounting the c:\wwwdata folder inside the container at c:\inetpub\wwwroot. The -ti parameters give the ability to interact with the container with a shell.

docker run -ti -p 8081:80 -v c:\wwwdata:c:\inetpub\wwwroot --name myIISTest mcr.microsoft.com/windows/servercore/iis

Use the exit command to stop and exit the container. To ensure a container persists, append a -d parameter to the command line to run it in the background or detached mode. To reuse our previous example:

docker run mcr.microsoft.com/windows/servercore/iis -d -p 8081:80 -v c:\wwwdata:c:\inetpub\wwwroot -name myIISTest

Building Docker images in Windows works the same as in Linux, but Linux uses the forward slash in paths, while the Windows version of Docker supports both forward and back slashes.

How to manage and troubleshoot Docker on Windows

The hallmark of Docker containers is their disposable nature, but admins need tools to see how containers are performing and whether they need replacing. The Windows Admin Center is a free Microsoft tool available at the following link. It provides a GUI interface for server management.

The Windows Admin Center does not work with containers by default, but you can download a containers extension for this functionality. From the Windows Admin Center, go to the Extensions tab and search for containers, then install. The extension gives the most frequently used options for container management.

Windows Admin Center makes it easy to run containers, but it's important to know how Docker works to understand how to deal with issues.

The built-in diagnostic tools that come with Docker are also available in Docker on Windows. The simple ones include docker ps -a which is the "process status" command with the -a parameter to show all Docker containers on the system, both running and stopped.

If a container gives an exited status and it was not stopped by the administrator, then try the docker logs -tf <container id> command. This displays the time-stamped logs of the container to troubleshoot the issue. Using the > redirect outputs the contents to a file for further analysis.

docker logs -tf my_container_name > output.txt

It's also useful to find usage statistics from the built-in Docker tools. The docker stats command gives near-real-time information about the running containers, including memory utilization, CPU utilization and disk stats on a per-container basis.

Because Docker is installed as a service, administrators can use the services.msc snap-in in the Remote Server Administration Tools (RSAT) to see the status of the Docker service. If it's not running, then no Docker containers will function. If the Docker service fails to run or restarts for some reason, the error log in the Windows Event Viewer should provide some clues to the problem.

Stuart Burns is an enterprise Linux administrator at a leading company that specializes in catastrophe and disaster modeling.