docs/index.md at 6749273ccfc0985bb97100a1251a32bbe6773fac

8.6 KiB

Raw Blame History

description

keywords

redirect_from

title

Getting Started

windows, edge, tutorial, run, docker, local, machine

/docker-for-windows/

/docker-for-windows/index/

/docker-for-windows/started/

/engine/installation/windows/

/installation/windows/

/win/

/windows/

/windows/started/

/winkit/

/winkit/getting-started/

Docker Desktop for Windows user manual

Welcome to Docker Desktop! The Docker Desktop for Windows user manual provides information on how to add TLS certificates and switch between Windows and Linux containers.

For information about Docker Desktop download, system requirements, and installation instructions, see Install Docker Desktop.

Add TLS certificates

You can add trusted Certificate Authorities (CAs) (used to verify registry server certificates) and client certificates (used to authenticate to registries) to your Docker daemon.

Switch between Windows and Linux containers

From the Docker Desktop menu, you can toggle which daemon (Linux or Windows) the Docker CLI talks to. Select Switch to Windows containers to use Windows containers, or select Switch to Linux containers to use Linux containers (the default).

For more information on Windows containers, refer to the following documentation:

Microsoft documentation on Windows containers.
Build and Run Your First Windows Server Container (Blog Post) gives a quick tour of how to build and run native Docker Windows containers on Windows 10 and Windows Server 2016 evaluation releases.
Getting Started with Windows Containers (Lab) shows you how to use the MusicStore application with Windows containers. The MusicStore is a standard .NET application and, forked here to use containers, is a good example of a multi-container application.
To understand how to connect to Windows containers from the local host, see I want to connect to a container from Windows

Settings dialog changes with Windows containers

When you switch to Windows containers, the Settings dialog only shows those tabs that are active and apply to your Windows containers:

If you set proxies or daemon configuration in Windows containers mode, these apply only on Windows containers. If you switch back to Linux containers, proxies and daemon configurations return to what you had set for Linux containers. Your Windows container settings are retained and become available again when you switch back.

Dashboard

The Docker Dashboard enables you to interact with containers and applications and manage the lifecycle of your applications directly from your machine. The Dashboard UI shows all running, stopped, and started containers with their state. It provides an intuitive interface to perform common actions to inspect and manage containers and Docker Compose applications. For more information, see Docker Desktop Dashboard.

Docker Hub

Select Sign in /Create Docker ID from the Docker Desktop menu to access your Docker Hub{: target="blank" rel="noopener" class="" } account. Once logged in, you can access your Docker Hub repositories directly from the Docker Desktop menu.

For more information, refer to the following Docker Hub topics{: target="blank" rel="noopener" class="" }:

Organizations and Teams in Docker Hub{: target="blank" rel="noopener" class="" }
Builds and Images{: target="blank" rel="noopener" class="" }

Two-factor authentication

Docker Desktop enables you to sign into Docker Hub using two-factor authentication. Two-factor authentication provides an extra layer of security when accessing your Docker Hub account.

You must enable two-factor authentication in Docker Hub before signing into your Docker Hub account through Docker Desktop. For instructions, see Enable two-factor authentication for Docker Hub.

After you have enabled two-factor authentication:

Go to the Docker Desktop menu and then select Sign in / Create Docker ID.
Enter your Docker ID and password and click Sign in.
After you have successfully signed in, Docker Desktop prompts you to enter the authentication code. Enter the six-digit code from your phone and then click Verify.

{:width="500px"}

After you have successfully authenticated, you can access your organizations and repositories directly from the Docker Desktop menu.

Pause/Resume

Starting with the Docker Desktop 4.2 release, you can pause your Docker Desktop session when you are not actively using it and save CPU resources on your machine. When you pause Docker Desktop, the Linux VM running Docker Engine will be paused, the current state of all your containers are saved in memory, and all processes are frozen. This reduces the CPU usage and helps you retain a longer battery life on your laptop. You can resume Docker Desktop when you want by clicking the Resume option.

Note

The Pause/Resume feature is currently not available in the Windows containers mode.

To pause Docker Desktop, right-click the Docker icon in the notifications area (or System tray) and then click Pause.

{:width="300px"}

Docker Desktop now displays the paused status on the Docker menu and on all screens on the Docker Dashboard. You can still access the Preferences and the Troubleshoot menu from the Dashboard when you've paused Docker Desktop.

Select {: .inline} > Resume to resume Docker Desktop.

Note

When Docker Desktop is paused, running any commands in the Docker CLI will automatically resume Docker Desktop.

Adding TLS certificates

You can add trusted Certificate Authorities (CAs) to your Docker daemon to verify registry server certificates, and client certificates, to authenticate to registries.

How do I add custom CA certificates?

Docker Desktop supports all trusted Certificate Authorities (CAs) (root or intermediate). Docker recognizes certs stored under Trust Root Certification Authorities or Intermediate Certification Authorities.

Docker Desktop creates a certificate bundle of all user-trusted CAs based on the Windows certificate store, and appends it to Moby trusted certificates. Therefore, if an enterprise SSL certificate is trusted by the user on the host, it is trusted by Docker Desktop.

To learn more about how to install a CA root certificate for the registry, see Verify repository client with certificates in the Docker Engine topics.

How do I add client certificates?

You can add your client certificates in ~/.docker/certs.d/<MyRegistry><Port>/client.cert and ~/.docker/certs.d/<MyRegistry><Port>/client.key. You do not need to push your certificates with git commands.

When the Docker Desktop application starts, it copies the ~/.docker/certs.d folder on your Windows system to the /etc/docker/certs.d directory on Moby (the Docker Desktop virtual machine running on Hyper-V).

You need to restart Docker Desktop after making any changes to the keychain or to the ~/.docker/certs.d directory in order for the changes to take effect.

The registry cannot be listed as an insecure registry (see Docker Daemon). Docker Desktop ignores certificates listed under insecure registries, and does not send client certificates. Commands like docker run that attempt to pull from the registry produce error messages on the command line, as well as on the registry.

To learn more about how to set the client TLS certificate for verification, see Verify repository client with certificates in the Docker Engine topics.

Where to go next

Try out the walkthrough at Get Started{: target="blank" rel="noopener" class=""}.
Dig in deeper with Docker Labs example walkthroughs and source code.
Refer to the Docker CLI Reference Guide{: target="blank" rel="noopener" class=""}.

8.6 KiB Raw Blame History