Hi,

I've had a problem recently with a personal NodeJS DockerFile inspired from yours. I installed bower globally but it started failing some time ago, complaining about "bower" not being a known command.

Long story short, I fixed it by modifying the path creation line :
New-Item -path $env:APPDATA -Name 'npm' -itemType "directory"
instead of
New-Item $($env:APPDATA + '\npm')

I've added a test command to the Dockerfile :
RUN dir C:\Users\ContainerAdministrator\AppData\Roaming\npm
which confirms that npm was a 0-length file.

Am I the first to notice this error ? Honestly I don't understand how or why bower started not working... I have proof the same lines just worked 6 months ago, maybe with an older npm version.
I can do a pull request if you confirm it needs fixing.

Hi Stefan, have you had any luck using MSMQ and related sub features in containers. My findings are that only MSMQ-DCOM can be installed inside containers. Have you tried this and / or had any more luck?

hello, when I use this image ,I got some exception.
I use docker command like this:
docker run -d -p 5000:5000 --restart=always -v C:\registry:C:\registry --name registry stefanscherer/registry-windows:2.5.1

the container is create sucess,but when start, it throw exception:
docker: Error response from daemon: container ec87fe5b36715a580b43e38fafe28655afc7cfd559bc1a39e77ca7dfffe21c70 encountered an error during CreateContainer: failure in a Windows system call: The system cannot find the path specified. (0x3) extra info: {"SystemType":"Container","Name":"ec87fe5b36715a580b43e38fafe28655afc7cfd559bc1a39e77ca7dfffe21c70","Owner":"docker","IsDummy":false,"VolumePath":"\\\\?\\Volume{a006cf77-f9ca-11e6-8da1-d43d7ef82142}","IgnoreFlushesDuringBoot":true,"LayerFolderPath":"C:\\ProgramData\\docker\\windowsfilter\\ec87fe5b36715a580b43e38fafe28655afc7cfd559bc1a39e77ca7dfffe21c70","Layers":[{"ID":"21082560-4910-57f6-a566-8d88fdcee239","Path":"C:\\ProgramData\\docker\\windowsfilter\\b5c801c5e0c76089f2cbbe5fd30d0920fd7f2fdfadb6aea4561f9571baffab1a"},{"ID":"d90f568e-70e3-58de-8178-99f05898ded8","Path":"C:\\ProgramData\\docker\\windowsfilter\\df9a9696464b64c302d5f0cfc11a92b61c384d23769a2193425b52f11817cf84"},{"ID":"58253145-22c0-54bf-9f8f-87a73a312653","Path":"C:\\ProgramData\\docker\\windowsfilter\\c16396cb6ec58afa829404484519a4f1d549b449486aca640f39bb00b6df9746"},{"ID":"5b061320-1dcf-5edb-b5c6-980af538f6ac","Path":"C:\\ProgramData\\docker\\windowsfilter\\359a8eddd24f82fa8129cd9e9c1078cfa756d8196be61983fd6e7869e32291f7"},{"ID":"03cd5278-b52f-5301-a32f-39e1e0806197","Path":"C:\\ProgramData\\docker\\windowsfilter\\0fb2f600e557132c684372cfdf7713218ff7cb39feab4f0edc79df89e81e2b23"}],"HostName":"ec87fe5b3671","MappedDirectories":[{"HostPath":"c:\\registry","ContainerPath":"c:\\registry","ReadOnly":false,"BandwidthMaximum":0,"IOPSMaximum":0}],"HvPartition":false,"EndpointList":["5454e416-95ae-4dbe-b936-92cc16642c45"],"Servicing":false,"AllowUnqualifiedDNSQuery":true}.
I use windows server 2016 Datacenter 10.0.14393
By the way, My OS language is Simple-Chinese

Read the Quick Start: Windows Server Containers and Docker to get started with a first tutorial has bad url, kind of 404 on msdn https://msdn.microsoft.com/virtualization/windowscontainers/quick_start/manage_docker.

I would have fixed it but not sure where you want to point to ? https://docs.microsoft.com/virtualization/windowscontainers/manage-docker/configure-docker-daemon

I set up a basic node server and Dockerfile. When I run it, it says that it is running, however it cannot be accessed. Is there something that I need to do to make it work, such as opening a port in the container, or enabling some Docker setting?

I am using the following in my Dockerfile:

FROM stefanscherer/node-windows:7-nano
WORKDIR /app
COPY . /app
EXPOSE 3000
CMD ["node", "server"]

And my server.js file looks like this:

const http = require('http');

const hostname = '127.0.0.1';
const port = 3000;

const server = http.createServer((req, res) => {
  res.statusCode = 200;
  res.setHeader('Content-Type', 'text/plain');
  res.end('Hello World\n');
});

server.listen(port, () => {
  console.log(`Server running at http://${hostname}:${port}/`);
});

I then build it with

docker build --rm --no-cache -t test/nanoserver-node-test .

And run it like this

docker run -p 3000:3000 test/nanoserver-node-test

I get a "Server running at http://127.0.0.1:3000/" message that looks like everything is fine, but when I visit that URL, or http://localhost:3000, or http://0.0.0.0:3000, I just get a "This site can’t be reached".

Any ideas?

Hi Stefan,

Today I have attempted to get the registry-windows container installed and working. I was able to start it up, but I cannot push images to it. I have tried many different things, the results always look similar to the output below. I was able to attach to the running registry container and looked at the winevent logs, but did not find anything useful. Do you have any suggestions on how I may be able to debug my issue?

Powershell console output (server 2)

The push refers to a repository [10.133.68.137:5000/myawesomeimage]
7ec736b79f0c: Retrying in 1 second
95d8bac835f3: Retrying in 1 second
5a7224111239: Retrying in 1 second
eaeb6837ba74: Retrying in 1 second
e3e35a236840: Retrying in 1 second
e6bb3b716717: Waiting
8d2aadcb2f54: Waiting
55cc5c7b4783: Skipped foreign layer
f358be10862c: Skipped foreign layer
received unexpected HTTP status: 503 Service Unavailable

Server 2 daemon.json:

{
            "graph": "e:\\images",
            "insecure-registries": [ "10.133.68.137:5000" ]
}

Server 1: (10.133.68.137) registry startup command:

docker run -d -p 5000:5000 --restart=always --name registry -v E:\registry:C:\registry stefanscherer/registry-windows:2.6.1

Thanks,
Nick

Can you please update Consul version to 0.8.0-rc1 and later to 0.8.0 final when it is ready?
Versions before 0.8 use broken go which prevents using docker volumes.
Thanks.

I found a way to generate all neccessary certificates using pure powershell with no requirement for open SSL. Works out of the box with any Windows 10 box and .NET 4.6 and up.

Hi @StefanScherer I wondered if you had any thoughts on patching of a windows estate running lots of windows containers. For example, take the recent malware threat that has hit NHS organizations in the UK and many others worldwide. There has been the need to patch machines quickly to reassure the public and customers. Given the size of the windows base images, this is challenging. So my questions are:

1. Is patching the host enough or must you patch the host and all running containers to secure against threats? When I say patch the containers I really mean rebuilding the images using the latest base image versions released monthly. Have you found an effective way to query for the latest versions automatically?

2. Do you have an idea of a good model for continuously keeping the windows clusters up to date? I think what you have in this repo with appveyor is a nice continuous model, just wondered if you have thoughts on the evolution of this into the inclusion of deployments.

Hi Stefan.

First of all every cool that you've created a nodejs image using windows!

I've created a container using:

docker run -it --rm --name my-yarn-app -v "${pwd}:C:\App" -w "C:\App" -p 3000:3000 -p 9000:9000 stefanscherer/node-windows powershell

I tried to install node-sass but ran into a problem

npm install node-sass --save-dev

and I got

PS C:\App> npm install node-sass --save-dev
npm info it worked if it ends with ok
npm info using [email protected]
npm info using [email protected]
npm info ok
npm info it worked if it ends with ok
npm info using [email protected]
npm info using [email protected]
npm ERR! Windows_NT 10.0.14393
npm ERR! argv "C:\\nodejs\\node.exe" "C:\\nodejs\\node_modules\\npm\\bin\\npm-cli.js" "install" "node-sass" "--save-dev"
npm ERR! node v6.8.0
npm ERR! npm  v3.10.8
npm ERR! path C:\ContainerMappedDirectories
npm ERR! code ENOENT
npm ERR! errno -4058
npm ERR! syscall lstat

npm ERR! enoent ENOENT: no such file or directory, lstat 'C:\ContainerMappedDirectories'
npm ERR! enoent ENOENT: no such file or directory, lstat 'C:\ContainerMappedDirectories'
npm ERR! enoent This is most likely not a problem with npm itself
npm ERR! enoent and is related to npm not being able to find a file.
npm ERR! enoent

npm ERR! Please include the following file with any support request:
npm ERR!     C:\App\npm-debug.log

Any ideas?

Thank you for working on node images! It's a great help for the whole community.

I was testing stefanscherer/node-windows:6 image and noticed that taskkill command is missing inside the image. It's understandable since node-windows is based on a nano server but taskkill is crucial for some server side applications since Node doesn't allow to kill processes that easily. Everyone is using taskkill for that purpose.

I was wondering if it's possible to include taskkill in the image by default?

Hello,

I am successfully running an internal registry based on your image but would like to add TLS / HTTPS support. The easiest way from my point of view would be to add a Web Server to the image and configure some kind of reverse proxy to map incoming https requests to the registry at port 5000. Am I missing something? Is there an easier way?

Thanks in advance

When starting the nanoserver MongoDB image with a volume I the container doesn't start and I get a cryptic error

docker run --rm -it --mount source=myvol,target=c:/Data/db stefanscherer/mongo-windows:latest

docker: Error response from daemon: container 
7c2a36d7fe3dcf608eb1b8afd16fcc4ad0573db464a5d5ad863d3cc0041b411c 
encountered an error during CreateContainer: failure in a Windows system call: The request is not supported. (0x32) 

<rest of message removed>

If I remove the volume mount it starts perfectly OK. I'm seeing this problem locally (Windows 10 - Docker Version 17.12.0-ce-win47 (15139)) and also when running the container in Azure

Hi,

do have any plan to create a template for Plex or Emby media System ?

Thanks for your efforts !

Current stefanscherer/chocolatey image is based on an outdated microsoft/windowsservercore image and has an outdated version of Chocolatey (v0.10.6.1 vs v0.10.7). It would be very appreciated if you could rebuild the image and push to docker hub!

Hi Stefan, firstly thanks for your awesome repo and contributions, its a fantastic resource.
I was wondering if you have any thoughts from a security perspective regarding windows containers. A couple of areas that I am thinking of are:

1. security scanning of the containers, finding vulnerabilities, locking down ports (firewall in container? or similar to iptables)
2. locking down scripting capabilities for people creating containers in an organisation. So for example, say you limit access to base containers from a known store, that are full patched and scanned and have say Java installed, but then disabling the potential to run powershell's invoke-webrequest or similar to install chocolatey then further packages etc in an uncontrolled way. I guess you could do this from a network perspective but thats somewhat unrealistic in a general development network.

Perhaps its just a case of scanning the containers and verifying against a whitelist or similar. Be really interested to hear if you have started to experiment with anything or have any thoughts on this.

Hi Stefan,

your examples and tips are great help for me.

I'm trying to build a Windows container with MSYS2
I was able to build an image based on windowsservercore. I have created a dockerfile, which downloads and installs 7z, and the latest MSYS2 tar, and extracts it:

FROM microsoft/windowsservercore
# Make sure we're in temp for the downloads
WORKDIR c:/windows/temp

# Switch to PowerShell
SHELL ["powershell", "-command"] 

RUN Invoke-WebRequest -UserAgent 'DockerCI' -outfile 7zsetup.exe http://www.7-zip.org/a/7z1604-x64.exe
RUN Invoke-WebRequest -UserAgent 'DockerCI' -outfile msys2-x86_64-latest.tar.xz http://repo.msys2.org/distrib/msys2-x86_64-latest.tar.xz 


RUN Start-Process .\7zsetup -ArgumentList '/S /D=c:/7zip' -Wait
RUN C:\7zip\7z e msys2-x86_64-latest.tar.xz -Wait
RUN C:\7zip\7z x msys2-x86_64-latest.tar -o"C:\\" 
RUN del *

#ENV PATH C:\msys64\usr\bin;C:\Windows;C:\Windows\System32
ENV MSYSTEM MSYS2

CMD powershell

So far so good. I can run the image with interactive shell - no problem:
docker run -it --rm msys2

Bur when I try to execute a simple command like
C:\msys64\usr\bin\pacman.exe --help

there is no message on the stdout

What is needed to see the stdout for MSYS2 binaries in an interactive shell?

Hi @StefanScherer do you know where we can download the binaries for 17.06.0-ce from?
Used to be able to get them from the moby repo releases page. There is nothing on the https://github.com/docker/docker-ce repo and the link on the documentation to https://get.docker.com/builds/Windows/x86_64/docker-17.06.0-ce.zip is broken.

works on docker with windows containers
docker run -d -p 8500:8500 stefanscherer/consul-windows

this does not
docker run -d -p 8500:8500 consul

In the latest version of nanoserver images it is possible to use Get-FileHash, so it's no possible to verify the nodejs archive before its extraction.

By the way, Expand-Archive works also, so it's now possible to replace
[System.IO.Compression.ZipFile]::ExtractToDirectory('C:\node.zip', 'C:') ;
with
Expand-Archive 'C:\node.zip' 'C:' ;
in the nodejs nano dockerfiles

I though yarn would be installed in this images but it doesn't seem to be. Is there a way to install or run yarn?

cd : Cannot find path 'C:\go\src\github.com\docker\swarm' because it does not
exist.
At line:1 char:134

• ... docker ; git clone https://github.com/docker/swarm ; cd swarm ; git c ...

•                                                      ~~~~~~~~
  

  • CategoryInfo : ObjectNotFound: (C:\go\src\github.com\docker\swa
    rm:String) [Set-Location], ItemNotFoundException
  • FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.SetLo
    cationCommand

Start-Process : This command cannot be run due to the error: The system cannot
find the file specified.
At line:1 char:167

• ... ut v1.2.3 ; Start-Process -FilePath godep.exe -ArgumentList go, insta ...

•             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidOperation: (:) [Start-Process], InvalidOp
    erationException
  • FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.C
    ommands.StartProcessCommand

Hi @StefanScherer
I have a mssql server container image that I am trying to build (using the ms image as the base) however I frequently get the following issue:

Service 'sqldb' failed to build: container 1d285522703e6516ab66ee2a7f87ed4d366c706dbba313570c421e4902dfe84e encountered an error during Start: failure in a Windows system call: This operation returned because the timeout period expired. (0x5b4)

Have you seen this before? I am building on a m4.large AWS EC2 instance and have read that slow storage can be the issue, but I am not entirely sure. The issues seems to stem from starting the SQL SERVER windows service. Strangely I have followed the process used in the Dockerfile from the base image. Any tips for debugging this more effectively?

Thanks for any pointers you can offer.

The 7 et 6 nodejs onbuild nano images are based on microsoft/windowsservercore image and not on microsoft/nanoserver image.

This is because the 6.9 and 7.2 nano onbuild dockerfiles use node:7.2.0 and node:6.9.1 instead of node:7.2.0-nano and node:6.9.1-nano.

I have a question about this nodejs dockerfile. It uses microsoft/windowsservercore to download nodejs, then switches to microsoft/nanoserver to build the image.

Is there a reason for using two different windows images to do this?

I tried the node nano dockerfile,

FROM nanoserver

COPY nodejs /windows/system32

CMD [ "node.exe" ]

with hyper-v container nano image, it works pretty well. But when I tried it in a windows TP5 nano server (in Azure), it failed with below error:

msg="hcsshim::ImportLayer failed in Win32: The filename or extension is too long. (0xce) layerId=\\\\?\\C:\\ProgramData\\docker\\windowsfilter\\0cca83375d700cfdc9dfb627b4102584a767720ba4cf55339f63020fc2aa7deb flavour=1 folder=C:\\Windows\\TEMP\\hcs306829939"

Have you tried it in nano server? Is there any difference between nano server container and hyper-v nano container?

Any help will be highly appreciated. Thanks.

Possible to setup a Linux host using this strategy? Do I just manually copy over the certs and update daemon.json?

FYI, we are utilizing images based off of https://github.com/coderobin/windows-container/blob/master/windowsservercore/windows-build-uwp-461/Dockerfile to build UWP projects

http://stackoverflow.com/questions/38702808/docker-is-not-allowing-to-mount-a-directory-into-a-drupal-container/38709202#38709202

docker-compose need to have a proper subjectAltName as per the following open issue on github

For example, I setup TLS on a new vm on azure, and docker cli commands work fine, but docker-compose gives the following error:

backports.ssl_match_hostname.CertificateError: hostname '<mydockervm>.canadaeast.cloudapp.azure.com' doesn't match either of '127.0.0.1', '10.0.0.4'

The solution is to add proper DNS entry to subjectAltName like so:

subjectAltName = IP:10.0.0.4,IP:127.0.0.1,DNS.1:*.cloudapp.net,DNS.2:*.*.cloudapp.azure.com

Thanks for the great examples. I am trying to get a PHP image working (just basic php-cli for now, no need to serve with IIS yet). Based off some of the examples I saw here, I came up with this:

FROM microsoft/aspnet:4.6.2-windowsservercore-10.0.14393.576

WORKDIR /Users/ContainerAdministrator/Downloads

SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop';"]

# Install PHP
RUN $url = ('http://windows.php.net/downloads/releases/php-7.1.0-nts-Win32-VC14-x64.zip'); \
    Write-Host ('Downloading {0} ...' -f $url); \
    (New-Object System.Net.WebClient).DownloadFile($url, 'php.zip'); \
    \
    Write-Host 'Installing ...'; \
    Expand-Archive -Path php.zip -DestinationPath c:\php; \
    \
    [Environment]::SetEnvironmentVariable('PATH', $env:Path + ';C:\php', [EnvironmentVariableTarget]::Machine); \
    $env:PATH = [Environment]::GetEnvironmentVariable('PATH', [EnvironmentVariableTarget]::Machine);

RUN Write-Host 'Verifying install ...'; \
    Write-Host '  php --version'; php --version;

Everything works until php --version, which fails with RC=1. If I comment out the last line, the dockerfile builds, but when I run the container, the php command always fails with RC=1 and no output.

I adapted this to a powershell script to run on my Windows 10 host and it installs PHP just fine. I wondered if you had any tips for why this might be - is there a simple configuration I've missed? I've also asked the same question here on msdn

I'd be happy to contribute the PHP image back to this repo once I get it working!

How are you getting traefik to see the remote api on windows 10? I can't seem to find a way of overriding the host option from tcp://localhost:2375 to tcp://0.0.0.0:2375 or equivalent, as such using the container with docker mode fails for me as it cannot get the information about the running containers.
By the way I am runing win 10 and Docker for Windows Beta Channel release.

https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-docker/configure-docker-daemon

I'm just getting started with Windows.. and wanted to verify the latest instructions are correct. Seems one of your links is pre-dating the hyper-v Docker for Windows 10 instructions and I cannot tell if I can ignore them or not..

thank you for all the container examples

Hi @StefanScherer was wondering whether you might perhaps have any recent updates on support for swarm mode and the overlay driver on windows 10 and server 2016? I have Creators Update 1703 installed on my local machine and am able to create the overlay driver and the services seemingly ok. My server also has the latest windows updates and I believe this is what is required to use the latest network features.

At the moment I only need to test on a single machine so swarm mode is not so important across hosts, however I want to utilize the overlay network to use network isolation on my continuous integration server which does not work so well with a single nat network (dns clashes etc). Its my understanding that a swarm of one should be fine.

As said previously I am able to create services and attach to the network. docker inspect shows everything as I would expect it to be. If I docker exec into the service containers and run ipconfig I can see that i have 2 virtual adapters one with the overlay network ip address 10.0.0.x e.g and another with a 172.x.x.x class b ip address with the gateway that matches the ip address of the virtual adaper (HNS) on the host. Pinging between the containers in the services seems fine.

I cannot, though, no matter what I try, access the containers externally. I have tried the gateway, the private ip addresses and everything I can think of. I have tried from other machines on the network in case its the nat windows problem, but I am having no success.

I am a little confused as to whether this should be working or I need to raise an issue (or its already raised!).

I am basing my understanding off this :- https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-containers/swarm-mode which suggests to me that swarm mode and the overlay driver are ready to go if you have the patch levels correct (except mesh networking support). The level of official communication from MS over support from this seems to be inconsistent at best (updates seem to have stopped around April / May time but I am sure this is all being worked on).

Do you happen to have any better information or awareness about what should be working and what still has issues?

Really appreciate anything you can share.

Thanks!

Hi Stefan, sorry about the cross post, not sure if you are active on the docker/for-win repo or not (if so please feel free to close this). Have you come across issues with docker-compose as detailed here in 514.

I was expecting / hoping that things would be a little more stable using docker v1.13.1 and compose v1.11.1, but looks like the issues with networking still exist. I am randomly getting problems when using compose to deploy where one of the services fails with an unspecified error similar to

Cannot start service xyz: failed to create endpoint xyz_1 on network nat: HNS failed with error : Unspecified error

its quite random and a docker-compose down, then a docker-compose up often resolves it.

Be really intersted / grateful to hear if you have come across this.

Hi,
I am facing the problem that e.g. coreutils (http://gnuwin32.sourceforge.net/packages/coreutils.htm) are not working within nanoserver-containers. When starting one of the utils nothing has happend and there is no error output as well?
On the other hand coreutils are working on nearly all windows platform (WinXp, Win7, Win10).

FYI: I am using Docker Community Edition Version 17.09.0-ce-win33 (13620) and most recent nanoserver.
Thx in advance for help!

Use Case:
WHEN a common DNS name exists for all managers in a swarm (e.g. manager.nonprod.blah.io)
AND each node must support communication using the following DNS name examples
COMPUTERNAME
COMPUTERNAME.ACTIVE_DIRECTORY_DOMAIN
manager.nonprod.blah.io
AND each node in the swarm has DockerTLS enabled using the stefanscherer/dockertls-windows image
THEN dockerhost -H COMPUTERNAME ps should execute successfully
AND dockerhost -H COMPUTERNAME.ACTIVE_DIRECTORY_DOMAIN ps should execute successfully
AND dockerhost -H manager.nonprod.blah.io ps should execute successfully.

Suggested Implementation
Add a parameter to createCerts to supply an array of additional DNS names.
Modify the following line of createCerts to iterate over the array of additional DNS names and include them in the subjectAltName.
"subjectAltName = " + (($ipAddresses.Split(',') | ForEach-Object { "IP:$_" }) -join ',') + ",DNS.1:$serverName" | Out-File extfile.cnf -Encoding Ascii
Use an environment variable $env:ALTERNATIVE_NAMES to load the array of additional DNS names as a comma separated list.

docker-windows-box master 1d ⍉ ➜ vagrant box list
windows_2016_docker     (vmware_desktop, 0)
windows_2016_tp5_docker (vmware_desktop, 0)
docker-windows-box master 1d ➜ vagrant up      
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Box 'windows_2016_docker' could not be found. Attempting to find and install...
    default: Box Provider: virtualbox
    default: Box Version: >= 0
==> default: Box file was not detected as metadata. Adding it directly...
==> default: Adding box 'windows_2016_docker' (v0) for provider: virtualbox
    default: Downloading: windows_2016_docker
An error occurred while downloading the remote file. The error
message, if any, is reproduced below. Please fix this error and try
again.

Couldn't open file /Users/patrickscott/dev/winblows/docker-windows-box/windows_2016_docker

Not sure what I'm doing wrong - am I missing something? Thanks in advance if you can help!

Hi, Thanks for the build. I am trying to use it in client mode... I am using this:

docker run --name=agent -h agent -it --rm -p 8300-8302:8300-8302 -p 8301:8301/udp -p 8302:8302/udp 8400:8400 -p 8500:8500 -p 8600:53/udp consul -node tal-agent -join 10.0.4.211 -advertise 10.0.0.147

On a whim I tried:

docker run --name=agent -h agent -it --rm -p 8300-8302:8300-8302 -p 8301:8301/udp -p 8302:8302/udp 8400:8400 -p 8500:8500 -p 8600:53/udp consul -server=false -node tal-agent -join 10.0.4.211 -advertise 10.0.0.147

but either way I get this error:
2016/12/22 10:04:42 [ERR] consul: 'dev1consul' and 'tals_agent' are both in bootstrap mode. Only one node should be in bootstrap mode, not adding raft peer.

Thoughts?

docker run -p 80:80 --name n1 stefanscherer/node-windows:latest

docker : Unable to find image 'stefanscherer/node-windows:latest' locally
In Zeile:1 Zeichen:1

• docker run -p 80:80 --name n1 stefanscherer/node-windows:latest

• - CategoryInfo          : NotSpecified: (Unable to find ...latest' locally:String) [], RemoteException
  - FullyQualifiedErrorId : NativeCommandError
  
  

latest:
Pulling from stefanscherer/node-windows
9c7f9c7d9bc2:
Already exists
de5064718b3f: Pulling fs layer
2d286c1a4f1c:
Pulling fs layer
19356717adef:
Pulling fs layer
36a06ad2056c: Pulling fs layer
8dedd37e14ab:
Pulling fs layer
36a06ad2056c: Waiting
1c08f012b6c8:
Pulling fs layer
8dedd37e14ab:
Waiting
2561c5981334: Pulling fs layer
1c08f012b6c8: Waiting
2d286c1a4f1c:
Verifying Checksum
2d286c1a4f1c: Download complete
19356717adef:
Verifying Checksum
19356717adef: Download complete
8dedd37e14ab:
Verifying Checksum
8dedd37e14ab: Download complete
36a06ad2056c: Verifying Checksum
36a06ad2056c: Download complete
2561c5981334:
Verifying Checksum
2561c5981334: Download complete
1c08f012b6c8:
Verifying Checksum
1c08f012b6c8: Download complete
de5064718b3f:
Verifying Checksum
de5064718b3f: Download complete
C:\Program Files\Docker\docker.exe: failed to register layer: re-exec error: exit status 1: output: hard links not supported with legacy writer.
See 'C:\Program Files\Docker\docker.exe run --help'.

The dockertls container should provide a docker-machine compatible config.json file so I can easily change my Docker engines with eval $(docker-machine env xxx) or docker-machine env xx | iex.

This is a config.json which works with docker-machine 0.8.x. This would help me until docker/machine#3329 will be updated and merged into a future version of docker-machine.

$ cat config.json 
{
    "ConfigVersion": 3,
    "Driver": {
        "IPAddress": "mywindowsdocker.northeurope.cloudapp.azure.com",
        "MachineName": "mywindowsdocker",
        "SSHUser": "none",
        "SSHPort": 3389,
        "SSHKeyPath": "",
        "StorePath": "/Users/stefan/.docker/machine",
        "SwarmMaster": false,
        "SwarmHost": "",
        "SwarmDiscovery": "",
        "EnginePort": 2376,
        "SSHKey": ""
    },
    "DriverName": "generic",
    "HostOptions": {
        "Driver": "",
        "Memory": 0,
        "Disk": 0,
        "EngineOptions": {
            "ArbitraryFlags": [],
            "Dns": null,
            "GraphDir": "",
            "Env": [],
            "Ipv6": false,
            "InsecureRegistry": [],
            "Labels": [],
            "LogLevel": "",
            "StorageDriver": "",
            "SelinuxEnabled": false,
            "TlsVerify": true,
            "RegistryMirror": [],
            "InstallURL": "https://get.docker.com"
        },
        "SwarmOptions": {
            "IsSwarm": false,
            "Address": "",
            "Discovery": "",
            "Agent": false,
            "Master": false,
            "Host": "tcp://0.0.0.0:3376",
            "Image": "swarm:latest",
            "Strategy": "spread",
            "Heartbeat": 0,
            "Overcommit": 0,
            "ArbitraryFlags": [],
            "ArbitraryJoinFlags": [],
            "Env": null,
            "IsExperimental": false
        },
        "AuthOptions": {
            "CertDir": "/Users/stefan/.docker/machine/machines/mywindowsdocker",
            "CaCertPath": "/Users/stefan/.docker/machine/machines/mywindowsdocker/ca.pem",
            "CaPrivateKeyPath": "/Users/stefan/.docker/machine/machines/mywindowsdocker/ca-key.pem",
            "CaCertRemotePath": "",
            "ServerCertPath": "/Users/stefan/.docker/machine/machines/mywindowsdocker/server.pem",
            "ServerKeyPath": "/Users/stefan/.docker/machine/machines/mywindowsdocker/server-key.pem",
            "ClientKeyPath": "/Users/stefan/.docker/machine/machines/mywindowsdocker/key.pem",
            "ServerCertRemotePath": "",
            "ServerKeyRemotePath": "",
            "ClientCertPath": "/Users/stefan/.docker/machine/machines/mywindowsdocker/cert.pem",
            "ServerCertSANs": [],
            "StorePath": "/Users/stefan/.docker/machine/machines/mywindowsdocker"
        }
    },
    "Name": "mywindowsdocker"
}

Only the client pem's are needed for docker-machine:

~/.docker/machine/machines/mywindowsdocker
$ ls -1
ca.pem
cert.pem
config.json
key.pem

Most critical part was to set SSHPort to 3389 - the RDP port which is automatically opened creating an Azure VM. Otherwise docker-machine tries to connect to SSH port 22 to "ping" the machine if it is up and running.

The IPAddress may contain the DNS name, so I can stop and restart the Docker engine VM getting new IP addresses without a problem.

Of course many docker-machine commands does not work, but using docker-machine to just switch the DOCKER_* environment variables is good for now.

Switching to a Windows Docker engine

eval $(docker machine env mywindowsdocker)
docker version

Going back to Docker for Mac

eval $(docker-machine env -unset)

I have just built the Go 1.6 Docker image for Windows

C:\Users\vagrant\dockerfiles-windows\docker [master ≡ +1 ~0 -0 !]> docker images
REPOSITORY                    TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
golang                        1.6                 1ed1b774b0d3        5 minutes ago       1.047 GB
golang                        latest              1ed1b774b0d3        5 minutes ago       1.047 GB
windowsservercore             10.0.10586.0        6801d964fda5        3 months ago        0 B
windowsservercore             latest              6801d964fda5        3 months ago        0 B
nanoserver                    10.0.10586.0        8572198a60f1        3 months ago        0 B

But it has 1GB in size. Pushing that to a private registry showed two layers with about 500 MB each. One for the Git installation, one for Go installation.

So this would be very interesting how to optimize such installation as the multi line powershell RUN commands (download MSI, install MSI, remove MSI) does not seem to have the desired effect as on Linux.

C:\Users\vagrant\dockerfiles-windows\golang [master ≡ +1 ~0 -0 !]> docker push 192.168.254.134:5000/golang:1.6
The push refers to a repository [192.168.254.134:5000/golang] (len: 1)
1ed1b774b0d3: Pushed
f37087de98b8: Pushed
03d4f6452729: Pushed
bcd1d31f5e47: Pushed
af6aef812930: Pushed
136e89977594: Pushed
d38b1cbefadf: Pushed
5573977f85d4: Pushed
1.6: digest: sha256:015dc344ca60f751df649a353c9a0aecd48446d8e9e60b37a0b6687a30b4c301 size: 12846

Investigating the layers in the Docker registry shows

• Git layer has

drwxr-xr-x  0 0      0           0 Feb 18 00:54 Files/Windows/System32/catroot2/{127D0A1D-4EF2-11D1-8608-00C04FC295EE}/
-rwxr-xr-x  0 0      0      196876 Feb 18 00:26 Files/Windows/System32/catroot2/{127D0A1D-4EF2-11D1-8608-00C04FC295EE}/catdb
-rwxr-xr-x  0 0      0         464 Feb 18 00:30 Files/Windows/System32/catroot2/{127D0A1D-4EF2-11D1-8608-00C04FC295EE}.$wcidirs$
drwxr-xr-x  0 0      0           0 Feb 18 00:54 Files/Windows/System32/catroot2/{F750E6C3-38EE-11D1-85E5-00C04FC295EE}/
-rwxr-xr-x  0 0      0    36962572 Feb 18 00:26 Files/Windows/System32/catroot2/{F750E6C3-38EE-11D1-85E5-00C04FC295EE}/catdb
-rwxr-xr-x  0 0      0         464 Feb 18 00:30 Files/Windows/System32/catroot2/{F750E6C3-38EE-11D1-85E5-00C04FC295EE}.$wcidirs
...
-rwxr-xr-x  0 0      0     4325640 Oct 30 11:43 Files/Windows/System32/wbem/Repository/INDEX.BTR
-rwxr-xr-x  0 0      0       74800 Oct 30 11:42 Files/Windows/System32/wbem/Repository/MAPPING1.MAP
-rwxr-xr-x  0 0      0       74760 Oct 30 11:43 Files/Windows/System32/wbem/Repository/MAPPING2.MAP
-rwxr-xr-x  0 0      0       74760 Oct 30 11:43 Files/Windows/System32/wbem/Repository/MAPPING3.MAP
-rwxr-xr-x  0 0      0    22200588 Oct 30 11:43 Files/Windows/System32/wbem/Repository/OBJECTS.DATA
...
-rwxr-xr-x  0 0      0       69832 Feb 18 00:28 Files/Windows/System32/winevt/Logs/Application.evtx
-rwxr-xr-x  0 0      0       69832 Oct 30 11:42 Files/Windows/System32/winevt/Logs/HardwareEvents.evtx
-rwxr-xr-x  0 0      0       69832 Oct 30 11:42 Files/Windows/System32/winevt/Logs/Internet Explorer.evtx
-rwxr-xr-x  0 0      0       69832 Oct 30 11:42 Files/Windows/System32/winevt/Logs/Key Management Service.evtx
-rwxr-xr-x  0 0      0       69832 Oct 30 11:42 Files/Windows/System32/winevt/Logs/Microsoft-Windows-Dhcp-Client%4Admin.evtx
-rwxr-xr-x  0 0      0       69832 Feb 18 00:28 Files/Windows/System32/winevt/Logs/Microsoft-Windows-Dhcpv6-Client%4Admin.evtx
-rwxr-xr-x  0 0      0       69832 Feb 18 00:28 Files/Windows/System32/winevt/Logs/Microsoft-Windows-GroupPolicy%4Operational.evtx
-rwxr-xr-x  0 0      0       69832 Feb 18 00:28 Files/Windows/System32/winevt/Logs/Microsoft-Windows-Known Folders API Service.evtx
-rwxr-xr-x  0 0      0       69832 Oct 30 11:42 Files/Windows/System32/winevt/Logs/Microsoft-Windows-NetworkProfile%4Operational.evtx
-rwxr-xr-x  0 0      0       69832 Feb 18 00:26 Files/Windows/System32/winevt/Logs/Microsoft-Windows-PowerShell%4Admin.evtx
-rwxr-xr-x  0 0      0       69832 Feb 18 00:28 Files/Windows/System32/winevt/Logs/Microsoft-Windows-PowerShell%4Operational.evtx
-rwxr-xr-x  0 0      0       69832 Feb 18 00:28 Files/Windows/System32/winevt/Logs/Microsoft-Windows-RestartManager%4Operational.evtx
-rwxr-xr-x  0 0      0       69832 Oct 30 11:43 Files/Windows/System32/winevt/Logs/Microsoft-Windows-Security-SPP-UX-Notifications%4ActionCenter.evtx
-rwxr-xr-x  0 0      0       69832 Oct 30 11:42 Files/Windows/System32/winevt/Logs/Microsoft-Windows-TaskScheduler%4Maintenance.evtx
-rwxr-xr-x  0 0      0       69832 Oct 30 11:42 Files/Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx
-rwxr-xr-x  0 0      0       69832 Feb 18 00:28 Files/Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx
-rwxr-xr-x  0 0      0       69832 Oct 30 11:43 Files/Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx
-rwxr-xr-x  0 0      0       69832 Feb 18 00:28 Files/Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx
-rwxr-xr-x  0 0      0       69832 Oct 30 11:43 Files/Windows/System32/winevt/Logs/Microsoft-Windows-User Profile Service%4Operational.evtx
-rwxr-xr-x  0 0      0       69832 Feb 18 00:28 Files/Windows/System32/winevt/Logs/Microsoft-Windows-WMI-Activity%4Operational.evtx
-rwxr-xr-x  0 0      0       69832 Feb 18 00:28 Files/Windows/System32/winevt/Logs/Microsoft-Windows-WinRM%4Operational.evtx
-rwxr-xr-x  0 0      0     1118408 Feb 18 00:28 Files/Windows/System32/winevt/Logs/Security.evtx
-rwxr-xr-x  0 0      0     1118408 Feb 18 00:28 Files/Windows/System32/winevt/Logs/System.evtx

and the Go layer has

-rwxr-xr-x  0 0      0       20660 Feb 18 00:46 Files/Windows/Installer/SourceHash{19AD9EC2-3505-4F0C-8B0F-7E8FF637289B}
-rwxr-xr-x  0 0      0    74526904 Feb 18 00:46 Files/Windows/Installer/add4fd.msi
...
-rwxr-xr-x  0 0      0     5087476 Feb 18 00:36 Files/Windows/System32/wbem/Repository/INDEX.BTR
-rwxr-xr-x  0 0      0       76288 Feb 18 00:34 Files/Windows/System32/wbem/Repository/MAPPING1.MAP
-rwxr-xr-x  0 0      0       76292 Feb 18 00:36 Files/Windows/System32/wbem/Repository/MAPPING2.MAP
-rwxr-xr-x  0 0      0       76284 Feb 18 00:34 Files/Windows/System32/wbem/Repository/MAPPING3.MAP
-rwxr-xr-x  0 0      0    23249144 Feb 18 00:36 Files/Windows/System32/wbem/Repository/OBJECTS.DATA
...
-rwxr-xr-x  0 0      0     1118408 Feb 18 00:47 Files/Windows/System32/winevt/Logs/Application.evtx
-rwxr-xr-x  0 0      0       69832 Oct 30 11:42 Files/Windows/System32/winevt/Logs/HardwareEvents.evtx
-rwxr-xr-x  0 0      0       69832 Oct 30 11:42 Files/Windows/System32/winevt/Logs/Internet Explorer.evtx
-rwxr-xr-x  0 0      0       69832 Oct 30 11:42 Files/Windows/System32/winevt/Logs/Key Management Service.evtx
-rwxr-xr-x  0 0      0       69832 Oct 30 11:42 Files/Windows/System32/winevt/Logs/Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx
-rwxr-xr-x  0 0      0       69832 Oct 30 11:42 Files/Windows/System32/winevt/Logs/Microsoft-Windows-Crypto-DPAPI%4Operational.evtx
-rwxr-xr-x  0 0      0       69832 Feb 18 00:47 Files/Windows/System32/winevt/Logs/Microsoft-Windows-Dhcp-Client%4Admin.evtx
-rwxr-xr-x  0 0      0       69832 Feb 18 00:47 Files/Windows/System32/winevt/Logs/Microsoft-Windows-Dhcpv6-Client%4Admin.evtx
-rwxr-xr-x  0 0      0       69832 Feb 18 00:47 Files/Windows/System32/winevt/Logs/Microsoft-Windows-GroupPolicy%4Operational.evtx
-rwxr-xr-x  0 0      0       69832 Feb 18 00:47 Files/Windows/System32/winevt/Logs/Microsoft-Windows-Known Folders API Service.evtx
-rwxr-xr-x  0 0      0       69832 Oct 30 11:42 Files/Windows/System32/winevt/Logs/Microsoft-Windows-NetworkProfile%4Operational.evtx
-rwxr-xr-x  0 0      0       69832 Feb 18 00:30 Files/Windows/System32/winevt/Logs/Microsoft-Windows-PowerShell%4Admin.evtx
-rwxr-xr-x  0 0      0       69832 Feb 18 00:47 Files/Windows/System32/winevt/Logs/Microsoft-Windows-PowerShell%4Operational.evtx
-rwxr-xr-x  0 0      0       69832 Feb 18 00:46 Files/Windows/System32/winevt/Logs/Microsoft-Windows-RestartManager%4Operational.evtx
-rwxr-xr-x  0 0      0       69832 Oct 30 11:42 Files/Windows/System32/winevt/Logs/Microsoft-Windows-TaskScheduler%4Maintenance.evtx
-rwxr-xr-x  0 0      0       69832 Oct 30 11:42 Files/Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx
-rwxr-xr-x  0 0      0       69832 Feb 18 00:47 Files/Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx
-rwxr-xr-x  0 0      0       69832 Oct 30 11:43 Files/Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx
-rwxr-xr-x  0 0      0       69832 Feb 18 00:47 Files/Windows/System32/winevt/Logs/Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx
-rwxr-xr-x  0 0      0       69832 Oct 30 11:43 Files/Windows/System32/winevt/Logs/Microsoft-Windows-User Profile Service%4Operational.evtx
-rwxr-xr-x  0 0      0       69832 Feb 18 00:47 Files/Windows/System32/winevt/Logs/Microsoft-Windows-WMI-Activity%4Operational.evtx
-rwxr-xr-x  0 0      0       69832 Feb 18 00:47 Files/Windows/System32/winevt/Logs/Microsoft-Windows-WinRM%4Operational.evtx
-rwxr-xr-x  0 0      0     1118408 Feb 18 00:47 Files/Windows/System32/winevt/Logs/Security.evtx
-rwxr-xr-x  0 0      0     1118408 Feb 18 00:47 Files/Windows/System32/winevt/Logs/System.evtx
-rwxr-xr-x  0 0      0       69832 Feb 18 00:47 Files/Windows/System32/winevt/Logs/Windows PowerShell.evtx

So lots of caching and the backup of the MSI as well in each layer.

This is problematic: https://github.com/StefanScherer/dockerfiles-windows/blob/master/jenkins-swarm-slave/Dockerfile#L4

In Windows, setting the HOME variable isn't enough, since %USERPROFILE% doesn't get updated. This means, Cigwin/MSYS tools will drop SSH keys and stuff in the %USERPROFILE%.

Possible Solutions:

• Update the HOME path to be /c/users/containeradministrator, like a traditional slave that will remain compatible with *NIX tools
• Update %USERPROFILE% (This is actually pretty complicated and involves registry rewrites, refreshing both PATH and ENVs, etc)

Hi @StefanScherer have you found a way to set an exclusion path for Windows Defender on a windows container hosts system to ignore / exclude all the container file systems that are being created (e.g \device\harddiskvolumeX...

Running procmon I can see that MsMpEng.exe is being stressed when running containers on my build slaves with many many entries point to \device\harddiskvolumeX... or similar. As soon as I have a few containers running windows defender consumes virtually all available CPU.
I'd prefer not to disable windows defender entirely, but if this is the recommended option then so be it, I just can't find clarification that this is what is recommended.

It would seem that windows defender inside the container has been addressed but on the host perhaps not. I would find it odd that I am the first person to experience this, but my google fu is not returning too much in the way of assistance.

Are you disabling this or managing things regarding Windows Defender at all?

Hi Stefan,
have you been able to access the web interface for your traefik container? I am having difficulties accessing it, and continually get the err 500 Internal Server Error.
Furthermore, when I check docker logs [container] nothing is being written to the access logs to help diagnose the issue. My configuration mirrors your initial commit in 202f354
Thanks

A major weak spot right now for Windows Containers is the support for a POSIX shell that supports TTY.

Installing a POSIX-compliant runtime and SHELL statement pointing at an installed shell (bash, sh, zsh) doesn't offer TTY and stdout is only capable on docker without the -t option. You essentially have to either issue commands with no stdout or not be able to interact.

Additionally, the Windows Subsystem for Linux doesn't install on containers.

Real world example of why this is important:

Jenkins v2 Swarm can't light up Windows Container support because executors expect to be able to issue the id and cat commands with TTY with build containers

With AWS bringing Windows Containers into Beta (http://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_Windows.html), this seems like a huge win for MS to sell Cloud Lic for Jenkins users.

BTW, Fantastic work on this container digest. We have all been cultivating this stuff since last fall, but good to see some MVPs organizing the public effort.

Your repo is excellent, thanks for sharing all this. I was wondering if it would be possible to create a docker image for the Microsoft Azure storage emulators. This will be a bless for developers writing integrations that don't use windows.
https://docs.microsoft.com/en-us/azure/storage/storage-use-emulator

I get an unauthorized: authentication required error when trying to used node-windows:latest and build the image. Am I missing something?

Everytime I try to npm install a file I get the following error:
getaddrinfo EAI_AGAIN registry.npmjs.org:443

I am using stefanscherer/node-windows:8.9.3 image but have had this issue with many other images as well.

Initial npm error:

npm logs:

I noticed you installed chcolatey making a web request and running the install script (iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1'));), but I also noticed some people use the following: Install-PackageProvider -Name chocolatey -Force

Do you know the difference?