Menu
Estimated reading time: 20 minutes
Nov 7, 2017 - All this can be achieved with Linux Network Namespaces in Docker Compose. Here are working examples for both OSX and Linux. Has also provided us with a consistent configuration fallback for local development.
Welcome to Docker Desktop!
The Docker Desktop for Windows section contains information about the Docker Desktop Community Stable release. For information about features available in Edge releases, see the Edge release notes. For information about Docker Desktop Enterprise (DDE) releases, see Docker Desktop Enterprise.
Docker is a full development platform to build, run, and share containerized applications. Docker Desktop is the best way to get started with Docker on Windows.
See Install Docker Desktop for download information, system requirements, and installation instructions.
Test your installation
- Open a terminal window (Command Prompt or PowerShell, but not PowerShell ISE).
- Run
docker --version
to ensure that you have a supported version of Docker: - Pull the hello-world image from Docker Hub and run a container:
- List the
hello-world
image that was downloaded from Docker Hub: - List the
hello-world
container (that exited after displaying “Hello from Docker!”): - Explore the Docker help pages by running some help commands:
Explore the application
In this section, we demonstrate the ease and power of Dockerized applications byrunning something more complex, such as an OS and a webserver.
- Pull an image of the Ubuntu OS and run an interactive terminal inside the spawned container:Do not use PowerShell ISEInteractive terminals do not work in PowerShell ISE (but they do in PowerShell). See docker/for-win/issues/223.
- You are in the container. At the root
#
prompt, check thehostname
of the container:Notice that the hostname is assigned as the container ID (and is also used in the prompt). - Exit the shell with the
exit
command (which also stops the container): - List containers with the
--all
option (because no containers are running).Thehello-world
container (randomly named,relaxed_sammet
) stopped after displaying its message. Theubuntu
container (randomly named,laughing_kowalevski
) stopped when you exited the container. - Pull and run a Dockerized nginx web server that we name,
webserver
: - Point your web browser at
http://localhost
to display the nginx start page. (You don’t need to append:80
because you specified the default HTTP port in thedocker
command.) - List only your running containers:
- Stop the running nginx container by the name we assigned it,
webserver
: - Remove all three containers by their names -- the latter two names will differ for you:
Docker Settings dialog
The Docker Desktop menu allows you to configure your Docker settings such as installation, updates, version channels, Docker Hub login,and more.
This section explains the configuration options accessible from the Settings dialog.
- Open the Docker Desktop menu by clicking the Docker icon in the Notifications area (or System tray):
- Select Settings to open the Settings dialog:
General
On the General tab of the Settings dialog, you can configure when to start and update Docker.
- Start Docker when you log in - Automatically start Docker Desktop upon Windows system login.
- Automatically check for updates - By default, Docker Desktop automatically checks for updates and notifies you when an update is available.Click OK to accept and install updates (or cancel to keep the currentversion). You can manually update by choosing Check for Updates from themain Docker menu.
- Send usage statistics - By default, Docker Desktop sends diagnostics,crash reports, and usage data. This information helps Docker improve andtroubleshoot the application. Clear the check box to opt out. Docker may periodically prompt you for more information.
- Expose daemon on tcp://localhost:2375 without TLS - Click this option to enable legacy clients to connect to the Docker daemon. You must use this option with caution as exposing the daemon without TLS can result in remote code execution attacks.
Shared drives
Share your local drives (volumes) with Docker Desktop, so that they areavailable to your Linux containers.
Permission for shared drives are tied to the credentials you provide here. Ifyou run
docker
commands under a different username than the one configuredhere, your containers cannot access the mounted volumes.To apply shared drives, you are prompted for your Windows system (domain)username and password. You can select an option to have Docker store thecredentials so that you don’t need to enter them every time.
Tips on shared drives, permissions, and volume mounts
- Shared drives are only required for mounting volumes in Linux containers, not for Windows containers. For Linux containers, you need to share the drive where the Dockerfile and volume are located. If you get errors such as
file not found
orcannot start service
you may need to enable shared drives. See Volume mounting requires shared drives for Linux containers.) - If possible, avoid volume mounts from the Windows host, and instead mount on the Linux VM, or use a data volume (named volume) or data container. There are a number of issues with using host-mounted volumes and network paths for database files. See Volume mounts from host paths use a nobrl option to override database locking.
- Docker Desktop sets permissions to read/write/execute for users, groups and others 0777 or a+rwx.This is not configurable. See Permissions errors on data directories for shared volumes.
- Ensure the domain user has access to shared drives, as described in Verify domain user has permissions for shared drives.
- You can share local drives with your containers but not with Docker Machinenodes. See the FAQ, Can I share local drives and filesystem with my Docker Machine VMs?.
Firewall rules for shared drives
Shared drives require port 445 to be open between the host machine and thevirtual machine that runs Linux containers. Docker detects if port 445 is closedand shows the following message when you try to add a shared drive:
To share the drive, allow connections between the Windows host machine and thevirtual machine in Windows Firewall or your third party firewall software. Youdo not need to open port 445 on any other network.
By default, allow connections to
10.0.75.1
on port 445 (the Windows host) from10.0.75.2
(the virtual machine). If your firewall rules seem correct, you mayneed to toggle orreinstall the File and Print sharing service on the Hyper-V virtual network cardShared drives on demand
You can share a drive “on demand” the first time a particular mount is requested.
If you run a Docker command from a shell with a volume mount (as shown in theexample below) or kick off a Compose file that includes volume mounts, you get apopup asking if you want to share the specified drive.
You can select to Share it, in which case it is added your Docker Desktop Shared Drives list and available tocontainers. Alternatively, you can opt not to share it by selecting Cancel.
Advanced
The Linux VM restarts after changing the settings on the Advanced tab. This takes a few seconds.
- CPUs - Change the number of processors assigned to the Linux VM.
- Memory - Change the amount of memory the Docker Desktop Linux VM uses.
- Swap - Configure the swap file size.
Network
You can configure Docker Desktop networking to work on a virtual private network (VPN).
- Internal Virtual Switch - You can specify a network address translation (NAT) prefix and subnet mask to enable Internet connectivity.
- DNS Server - You can configure the DNS server to use dynamic or static IP addressing.
Note: Some users reported problems connecting to Docker Hub on Docker Desktop Stable version. This would manifest as an error when trying to run
docker
commands that pull images from Docker Hub that are not alreadydownloaded, such as a first time run of docker run hello-world
. If youencounter this, reset the DNS server to use the Google DNS fixed address:8.8.8.8
. For more information, seeNetworking issues in Troubleshooting.Updating these settings requires a reconfiguration and reboot of the Linux VM.
Proxies
Docker Desktop lets you configure HTTP/HTTPS Proxy Settings andautomatically propagates these to Docker and to your containers. For example,if you set your proxy settings to
http://proxy.example.com
, Docker uses thisproxy when pulling containers.When you start a container, your proxy settings propagate into the containers. For example:
In the output above, the
HTTP_PROXY
, http_proxy
, and no_proxy
environmentvariables are set. When your proxy configuration changes, Docker restartsautomatically to pick up the new settings. If you have containers that you wishto keep running across restarts, you should consider usingrestart policies.Daemon
You can configure the Docker daemon to hone how your containers run.Advanced mode lets you edit the JSON directly. Basic mode lets youconfigure the common daemon options with interactive settings.
Experimental features
Docker Desktop Edge releases have the experimental versionof Docker Engine enabled by default, described in the Docker Experimental Features README on GitHub.
Experimental features provide early access to future product functionality.These features are intended for testing and feedback only as they may changebetween releases without warning or can be removed entirely from a futurerelease. Experimental features must not be used in production environments.Docker does not offer support for experimental features. For more information,see Experimental features.
To enable experimental features in the Docker CLI, edit the
config.json
file and set experimental
to enabled.To enable experimental features from the Docker Desktop menu, clickSettings (Preferences on macOS) > Daemon and then select theExperimental features check box.
On both Edge and Stable releases, you can toggle the Experimental features on and off. If you toggle it off, Docker Desktop uses the current generallyavailable release of Docker Engine.
Run
docker version
to see if you are in Experimental mode. Experimental modeis listed under Server
data. If Experimental
is true
, then Docker isrunning in experimental mode, as shown here:Insecure registries
You can set up your own registries on the BasicDaemon settings.
Normally, you store public or private images in Docker Huband Docker Trusted Registry. Here, youcan use Docker to set up your own insecure registry. Simply add URLs for insecure registries and registry mirrors on which to host your images.
For more information, see How do I add custom CA certificates?and How do I add client certificates? in the FAQs.
Daemon configuration file
The Advanced daemon settings provide the original option to directly editthe JSON configuration file for the daemon.
Updating these settings requires a reconfiguration and reboot of the Linux VM.
For a full list of options on the Docker daemon, see daemon, and also sub-topics:
Kubernetes
Docker Desktop includes a standalone Kubernetes server that runs on your Windows host, so that you can test deploying your Docker workloads on Kubernetes.
The Kubernetes client command,
kubectl
, is included and configured to connectto the local Kubernetes server. If you have kubectl
already installed andpointing to some other environment, such as minikube
or a GKE cluster, be sureto change context so that kubectl
is pointing to docker-for-desktop
:You can also change it through the Docker Desktop menu:
If you installed
kubectl
by another method, andexperience conflicts, remove it.- To enable Kubernetes support and install a standalone instance of Kubernetesrunning as a Docker container, select Enable Kubernetes and click theApply button. This instantiates images required to run the Kubernetes server as containers, and installs the
kubectl.exe
command in the path. - By default, Kubernetes containers are hidden from commands like
dockerservice ls
, because managing them manually is not supported. To make themvisible, select Show system containers (advanced) and click Apply.Most users do not need this option. - To disable Kubernetes support at any time, deselect Enable Kubernetes.The Kubernetes containers are stopped and removed, and the
/usr/local/bin/kubectl
command is removed.For more information on using the Kubernetes integration with Docker Desktop, see Deploy on Kubernetes.
Reset
Reset and Restart options
On Edge releases, the Restart Docker Desktop, Reset Kubernetes Cluster, and Reset to factory defaults options are available on the Troubleshoot menu.
On Stable releases, you can restart Docker or reset its configuration using the Reset tab.
- Restart Docker Desktop - Shuts down and restarts the Docker application.
- Reset Kubernetes Cluster - Deletes all stacks and Kubernetes resources.
- Reset to factory defaults - Resets Docker to factory defaults. This isuseful in cases where Docker stops working or becomes unresponsive.
Troubleshoot
Visit our Logs and Troubleshooting guide for more details.
Log on to our Docker Desktop for Windows forum to get help from the community, review current user topics, or join a discussion.
Log on to Docker Desktop for Windows issues on GitHub to report bugs or problems and review community reported issues.
For information about providing feedback on the documentation or update it yourself, see Contribute to documentation.
Switch between Windows and Linux containers
From the Docker Desktop menu, you can toggle which daemon (Linux or Windows)the Docker CLI talks to. Select Switch to Windows containers to use Windowscontainers, or select Switch to Linux containers to use Linux containers(the default).
For more information on Windows containers, refer to the following documentation:
- Microsoft documentation on Windows containers.
- Build and Run Your First Windows Server Container (Blog Post)gives a quick tour of how to build and run native Docker Windows containers on Windows 10 and Windows Server 2016 evaluation releases.
- Getting Started with Windows Containers (Lab)shows you how to use the MusicStoreapplication with Windows containers. The MusicStore is a standard .NET application and,forked here to use containers, is a good example of a multi-container application.
- To understand how to connect to Windows containers from the local host, seeLimitations of Windows containers for
localhost
and published ports
Settings dialog changes with Windows containers
When you switch to Windows containers, the Settings dialog only shows those tabs that are active and apply to your Windows containers:
If you set proxies or daemon configuration in Windows containers mode, theseapply only on Windows containers. If you switch back to Linux containers,proxies and daemon configurations return to what you had set for Linuxcontainers. Your Windows container settings are retained and become availableagain when you switch back.
Docker Hub
Select Sign in /Create Docker ID from the Docker Desktop menu to access your Docker Hub account. Once logged in, you can access your Docker Hub repositories directly from the Docker Desktop menu.
For more information, refer to the following Docker Hub topics:
Two-factor authentication
Docker Desktop enables you to sign into Docker Hub using two-factor authentication. Two-factor authentication provides an extra layer of security when accessing your Docker Hub account.
You must enable two-factor authentication in Docker Hub before signing into your Docker Hub account through Docker Desktop. For instructions, see Enable two-factor authentication for Docker Hub.
After you have enabled two-factor authentication:
- Go to the Docker Desktop menu and then select Sign in / Create Docker ID.
- Enter your Docker ID and password and click Sign in.
- After you have successfully signed in, Docker Desktop prompts you to enter the authentication code. Enter the six-digit code from your phone and then click Verify.
After you have successfully authenticated, you can access your organizations and repositories directly from the Docker Desktop menu.
Adding TLS certificates
You can add trusted Certificate Authorities (CAs) to your Docker daemon to verify registry servercertificates, and client certificates, to authenticate to registries. For more information, see How do I add custom CA certificates?and How do I add client certificates?in the FAQs.
How do I add custom CA certificates?
Docker Desktop supports all trusted Certificate Authorities (CAs) (root orintermediate). Docker recognizes certs stored under Trust RootCertification Authorities or Intermediate Certification Authorities.
Docker Desktop creates a certificate bundle of all user-trusted CAs based onthe Windows certificate store, and appends it to Moby trusted certificates. Therefore, if an enterprise SSL certificate is trusted by the user on the host, it is trusted by Docker Desktop.
To learn more about how to install a CA root certificate for the registry, seeVerify repository client with certificatesin the Docker Engine topics.
How do I add client certificates?
You can add your client certificatesin
~/.docker/certs.d/<MyRegistry>:<Port>/client.cert
and~/.docker/certs.d/<MyRegistry>:<Port>/client.key
. You do not need to push your certificates with git
commands.When the Docker Desktop application starts, it copies the
~/.docker/certs.d
folder on your Windows system to the /etc/docker/certs.d
directory on Moby (the Docker Desktop virtual machine running on Hyper-V).You need to restart Docker Desktop after making any changes to the keychainor to the
~/.docker/certs.d
directory in order for the changes to take effect.The registry cannot be listed as an insecure registry (seeDocker Daemon). Docker Desktop ignorescertificates listed under insecure registries, and does not send clientcertificates. Commands like
docker run
that attempt to pull from the registryproduce error messages on the command line, as well as on the registry.To learn more about how to set the client TLS certificate for verification, seeVerify repository client with certificatesin the Docker Engine topics.
Where to go next
- Try out the walkthrough at Get Started.
- Dig in deeper with Docker Labs example walkthroughs and source code.
- Refer to the Docker CLI Reference Guide.