Lab Guide Working with Containers on Windows 10–Includes Docker and Nano Step-By-Step

Hands on Lab Guide for Free Online Labs at: https://labondemand.com/Launch/40A59076

Working with Containers on Windows 10

Access machines from: https://labondemand.com/Launch/40A59076

Objective

In this lab, you will gain fundamental knowledge for managing Windows Server containers on Windows 10 by using Docker commands. You will learn how to:

1. Install the pre-requisites for Docker on Windows 10.
2. Install Docker.
3. Install a Nano Server base image that is used to create containers.
4. Create containers with and without Hyper-V isolation.
5. Create layered container images from containers.
6. Remove Windows Server containers and Windows Server container images by using Docker.

You will also learn about the parent-child relationship between containers and between container images. Finally, you will learn how to deploy a Nano Server package and install the Web server role in a container.

Scenario

Virtual machines have created many efficiencies within the datacenter, allowing each physical server to run multiple workloads across multiple virtual machines. This has meant increases in workload and application density on individual servers, not to mention improved resilience and flexibility.

Each virtual machine running on a physical host requires a complete, running operating system that consumes significant memory, CPU, and storage. Furthermore, managing virtual machine sprawl can add significant complexity to the administration of the environment.

In contrast to a virtual machine, a container provides a lightweight way to package an application so that it does not need a complete virtual machine to run. The container wraps the application with only the minimum components it needs to run. This makes containers highly modular and portable, just like shipping containers. Because containers consume fewer resources to run an application than a virtual machine, they can result in even higher application and workload densities.

Containers wrap a piece of software in a complete file system that contains everything they need to run: code, runtime, system tools, system libraries, even OS requirements—anything you can install on a server. This guarantees that a container will always run the same, regardless of the environment it is running in. As an example, when a developer hands off a container image containing an application to the IT department, the IT department does not have to worry about ensuring that all the dependencies are met, because these dependencies are met within the container itself.

Although applications running in containers can have their own file system, registry, and network configuration, and run in an isolated user mode, they still share the kernel and host operating system. This may be acceptable as long as it is safe to trust the host machine running the containers, which might be the case in a single tenant situation. In a multi-tenant situation, the risk for compromise is increased. For example, a malicious tenant could create a container application that tries to attack other containers through the shared kernel and operating system. Even in single tenant environments, there still exists a risk that a patch to the host operating system could break the container application.

To mitigate these risks, with Windows Server 2016 and Windows 10 (Insider Preview builds 14325 and up), it is possible to create containers that use Hyper-V isolation. With Hyper-V isolation, the containers run in their own Hyper-V virtual machine. Containers running in a Hyper-V virtual machine do not share the same kernel.

The Docker security team recommends that you run Docker inside a virtual machine. Because Windows Server 2016 supports nested virtualization, it is possible to run Docker in a virtual machine and still use Hyper-V isolation for enhanced security.

Virtual Machines

1. DC01
2. W10 Build 1607

Exercise 1 : Examine lab set up details

In the lab environment, a number of steps have already been completed for you in order to save time in the lab. In this exercise, you will review the steps that have already been completed for you and that are also prerequisites for using containers in Windows 10. First, you will review the optional features that were installed as part of the lab setup. Next, you will review the Windows PowerShell commands that were executed to download container images. Finally, you will review the container images that were saved to the local hard disk.

1. Sign in to W10-CLIENT
   If necessary, click the Switch to Machine icon to the right of this instruction to switch to W10-CLIENT (may be labled W10 BUILD 1607 in the UI). Sign in to W10-CLIENT as CONTOSO\LabAdmin using Passw0rd! as the password.
   Your Lab may be connected to DC01 and not W10-CLIENT. You MUST switch to the W10-CLIENT machine before logging on and proceeding or you will encounter errors later in this lab.

   IMPORTANT: The VM may have a different label, such as W10 BUILD 1607, in the lab UI.  Ensure you connect to the Windows 10 client regardless of the display name in the UI.
   To paste the password, in the lab environment, on the Commands menu, click Paste, and then click Paste Password.

2. Open Windows PowerShell as Administrator
   If prompted to allow other computers to see your computer, click Yes.
   On the taskbar, right-click Windows PowerShell, and then click Run as Administrator. When prompted, click Yes.
   Please ensure you open Windows PowerShell as administrator. If you do not open Windows PowerShell as administrator, subsequent lab steps will fail.

3. Display the Containers feature
   At the Windows PowerShell command prompt, type the following command, and then press ENTER.
   Get-WindowsOptionalFeature -Online -FeatureName containers
   TIP: You can click the Type Text icon to the right of this note to paste the command into the Windows PowerShell window.

   NOTE: The output shows that the Containers feature is installed. This feature is, at the time of this writing, available only on Windows Insiders build 14352 and up. This feature must be installed either through Control Panel or by using the Enable-WindowsOptionalFeature cmdlet. The installation of the feature requires a restart.

Get-WindowsOptionalFeature -Online -FeatureName containers

4. Display Hyper-V features
   At the Windows PowerShell command prompt, type the following command, and then press ENTER.
   Get-WindowsOptionalFeature -Online -FeatureName *hyper*
   TIP: You can click the Type Text icon to the right of this note to paste the command into the PowerShell window.

   NOTE: Hyper-V is also required as a pre-requisite feature to enable containers. This feature was installed by using the Enable-WindowsOptionalFeature cmdlet.

   NOTE: This lab environment runs on Windows Server 2016, which can be used to enable nested virtualization. Nested virtualization allows guest virtual machines to run in virtual machines. For more information on nested virtualization, please see https://msdn.microsoft.com/en-us/virtualization/hyperv_on_windows/user_guide/nesting.

Get-WindowsOptionalFeature -Online -FeatureName *hyper*

5. Examine the Windows PowerShell commands
   The Screenshot shows the Windows PowerShell commands used to enable the containers and Hyper-V features.
   The Screenshot shows the commands you would have to run on a new instance of Windows 10 (Insider build 14325 and up) to enable containers.

6. Examine the command to download and save the image
   The Screenshot shows the commands that were used to download and save the Nano Server base image.

   Please click the Knowledge [bulb in head] icon for an explanation of why it was necessary to use this particular command.
   Windows Insider build 14372 and higher does not use the Install-ContainerImage or Install-ContainerOSImage cmdlets to install base images. These cmdlets are deprecated and will be removed in future releases.

   In place of these commands, you would normally use the docker pull command to retrieve an image from a repository and install it locally. To save time in this lab and avoid having to download 300 MB file, the image was downloaded from the repository and saved locally as part of the lab setup. A tag was added to the image and the default tag removed as part of the preparation of the image for the lab (You will learn about tags in a later exercise). Because the image is available locally, you will use the docker load command to install the image in later lab steps.

7. Examine the image file
   Click the Action [lightning bolt] icon to the right of this instruction to open C:\ContainerSource in File Explorer.
   As of this writing, only Nano Server is supported as a container image in Windows 10. For more information on system requirements and supported OS images, please see https://msdn.microsoft.com/en-us/virtualization/windowscontainers/deployment/system_requirements.

start c:\ContainerSource

8. Close File Explorer
   Close File Explorer.
9. Leave Windows PowerShell open
   Leave Windows PowerShell open for subsequent steps.

Congratulations. You have now reviewed the lab setup of the Windows 10 client computer that you will use to create and manage Hyper-V containers.

Exercise 2 : Install Docker

Docker is required in order to work with Windows containers. Docker consists of the Docker Engine and the Docker client. In this exercise, you will use Windows PowerShell cmdlets to install both the Docker Engine and the Docker client on the Windows 10 client computer. Additionally, you will examine some of the changes that occurred on the host as a result of installing and starting the Docker service, in particular, changes to the network configuration on the Docker host machine.

1. Create a folder for Docker executables
   At the Windows PowerShell command prompt, type the following command, and then press ENTER.
   New-Item -Type Directory -Path $env:ProgramFiles\docker\

   Please ensure you are connected to W10-CLIENT and logged on as Contoso\LabAdmin using Passw0rd! as the password. You can click the Switch to Machine icon to the right of this instruction to verify that you are connected to W10-CLIENT.

   Also, please ensure you have opened Windows PowerShell as administrator. Otherwise, this and subsequent steps will fail.
   TIP: You can click the Type Text icon to the right of this note to paste the command into the Windows PowerShell window.

New-Item -Type Directory -Path $env:ProgramFiles\docker\

2. Copy the docker daemon and client
   At the Windows PowerShell command prompt, type the following command, and then press ENTER.
   Copy-Item C:\ContainerSource\d*.exe $env:ProgramFiles\docker -Recurse
   TIP: You can click the Type Text icon to the right of this note to paste the command into the Windows PowerShell window.

   NOTE: Normally, you would download these files from the Docker repository located at https://master.dockerproject.org. To save time in the lab, these files have been downloaded as part of the lab setup.
   Copy-Item C:\ContainerSource\d*.exe $env:ProgramFiles\docker -Recurse

3. Add the Docker directory to the system path
   At the Windows PowerShell command prompt, type the following command, and then press ENTER.
   [Environment]::SetEnvironmentVariable(“Path”, $env:Path + “;$env:ProgramFiles\docker”, [EnvironmentVariableTarget]::Machine)

   You can click the Type Text icon to the right of this note to paste command into the Windows PowerShell window.
   [Environment]::SetEnvironmentVariable(“Path”, $env:Path + “;$env:ProgramFiles\docker”, [EnvironmentVariableTarget]::Machine)

4. Close and reopen Windows PowerShell
   Close Windows PowerShell and reopen Windows PowerShell as Administrator.
   IMPORTANT: Please open Windows PowerShell as Administrator.
   You are performing this action so that the modified path is recognized.
5. View the network configuration
   At the Windows PowerShell command prompt, type ipconfig, and then press ENTER.
   Only one network adapter is present.

6. Install Docker as a Windows service
   At the Windows PowerShell command prompt, type the following command, and then press ENTER.
   dockerd –register-service
   You can click the Type Text icon to the right of this note to paste the command into the Windows PowerShell window.
   dockerd –register-service
7. Start the Docker service
   At the Windows PowerShell command prompt, type the following command, and then press ENTER.
   Start-Service Docker
   Start-Service Docker
8. View the network configuration
   At the Windows PowerShell command prompt, type ipconfig, and then press ENTER.
   Starting the Docker service causes a virtual switch to be added. This switch is enabled for Network Address Translation (NAT) sharing. Containers are linked to this virtual switch and will receive an IP address somewhere in the 172.16.0.0 – 172.16.31.0/24 range. Note that it is possible to use DHCP to assign IP addresses to containers, rather than have addresses automatically assigned by NAT sharing.

9. View the default Docker network
   At the Windows PowerShell command prompt, type the following command, and then press ENTER.
   docker network ls
   Windows containers support four different networking modes.
• Network Address Translation (NAT) mode. This is the default mode. With NAT mode, each container connects to an internal virtual switch and uses WinNAT to connect to a private IP address subnet. WinNAT performs both network and port address translation between the host and the containers. The NAT mode can be overridden by other modes that are described below.
• Transparent mode. Each container is connected to an external virtual switch and will be attached directly to the physical network. IP addresses can be assigned statically or dynamically by using an external DHCP server.
• L2 Bridge mode. Each container is attached to an external virtual switch. Network traffic between two containers in the same IP subnet and attached to the same container host will be directly bridged. Network traffic between two containers on different IP subnets or attached to different container hosts will be sent out through the external virtual switch. On egress, network traffic originating from the container will have the source MAC address re-written to that of the container host. On ingress, network traffic destined for a container will have the destination MAC address re-written to that of the container itself.
• L2 Tunnel mode. This mode should only be used in a Microsoft cloud stack. Similar to L2 Bridge mode, each container is connected to an external virtual switch with the MAC addresses re-written on egress and ingress. However, ALL container network traffic is forwarded to the physical host’s virtual switch regardless of Layer-2 connectivity. This allows network policy to be enforced in the physical host’s virtual switch, as programmed by higher-levels of the networking stack—for example, Network Controller or Network Resource Provider.
  For more information on container networking, please see https://msdn.microsoft.com/en-us/virtualization/windowscontainers/management/container_networking.

docker network ls

10. View detailed network information
    At the Windows PowerShell command prompt, type the following command, and then press ENTER.
    docker network inspect nat
    This command shows detailed configuration information about the NAT network in a JavaScript Object Notation (JSON) file format.

docker network inspect nat

11. Leave Windows PowerShell open
    Leave Windows PowerShell open for subsequent steps.

Congratulations. You have now installed Docker. In the next exercise, you will install the base Nano Server container image.

Exercise 3 : Install the base container image

Windows containers are deployed from templates or images. Typically, these images are downloaded from the cloud and installed on the local host using the Install-ContainerImage cmdlet. However, as you have seen in the first exercise, the Nano Server container image was directly downloaded from the Microsoft repository and stored locally in the C:\ContainerSource folder.

In this exercise, you will install a Nano Server container image by using the docker load command. After installing the image, you will use additional docker commands to list the image and add a tag to it.

1. Install the Nano Server image
   At the Windows PowerShell command prompt, type the following command, and then press ENTER.
   docker load -i C:\ContainerSource\nanoserver.tar.gz
   TIP: You can click the Type Text icon to the right of this note to paste the command into the Windows PowerShell window.

   NOTE: You would be more likely to use the docker pull command to download and install base images in a production environment; however, downloading the image, storing it locally, and then installing it with the docker load command does have advantages. For example, you can use this method to scan the image for malware ahead of time, or you can use this method to install the image on a computer that does not have Internet access.

docker load -i C:\ContainerSource\nanoserver.tar.gz

2. List the Docker images
   At the Window PowerShell command prompt, type the following command, and then press ENTER.
   docker images
   A container image is a reusable component that you can use as a template or snapshot starting point to create containers. Container images are stored in a flat-file repository. To create containers, you need to know the name of the container images that are installed.

docker images

3. Tag the Nano Server image
   At the Windows PowerShell command prompt, type the following command, and then press ENTER.
   docker tag microsoft/nanoserver:10.0.14393 nanoserver:latest
   docker tag microsoft/nanoserver:10.0.14393 nanoserver:latest
4. List the Docker images
   At the Windows PowerShell command prompt, type the following command, and then press ENTER.
   docker images
   Tagging an image with :latest is a convention that is useful when using the docker build command to create a container that relies on a dockerfile for predefined commands to create the container. In the dockerfile, you can specify the image to use to inherit the container from. If you install a more current image, you can remove the tag from the previous image and add it to the most current image.

docker images

5. Leave Windows PowerShell open
   Leave Windows PowerShell open for subsequent steps.

Congratulations. You have now installed the base Nano Server container image. In the next exercise, you will learn how to create and manage containers.

Exercise 4 : Run and manage containers

In this exercise, you will run containers and learn some basic Docker commands for managing containers. You will learn how to create containers, how to create container images, and how to remove containers and container images.

1. Create a container and run a program
   At the Windows PowerShell command prompt, type the following command, and then press ENTER.
   docker run -it –isolation=hyperv –name dockerdemo nanoserver cmd
   It may take a few moments for the command prompt to appear.
   A container is a running process that is started based on an image—in this case the Nano Server base image.

   The run command used in this step causes a program to run in a new container and a terminal console session to open. The following provides a brief explanation of the syntax used in this command.

• -it: This option causes an interactive shell (console session) to open on the container. Technically, these are two options: -i opens a pseudo-tty terminal console session, and -t keeps STDIN open even if not attached.
• –isolation=hyperv: This flag causes a Hyper-V container to be created. When a container is created by using this parameter, there is kernel-level isolation between the container host and the container. Otherwise, Hyper-V containers are created and managed identically to Windows Server containers. For more information on Hyper-V isolation, please see https://msdn.microsoft.com/en-us/virtualization/windowscontainers/management/hyperv_container.
• –name=dockerdemo: This flag assigns the name dockerdemo to the container. By default, containers are identified by a unique ID. Assigning a name to the container can make management tasks easier.
• nanoserver: This is the name of the image that will be used to create the container. Recall that when you added the tag, you also assigned this name to the image.
• cmd: This causes a command prompt to open in the container.
  For more information on the docker run command, please see https://docs.docker.com/engine/reference/run/.
  docker run -it –isolation=hyperv –name dockerdemo nanoserver cmd
2. Examine files in a container
   At the console session command prompt of the container, type dir, and then press ENTER.
   Working in a container is similar to working in a virtual or physical machine. You can issue operating system commands such as mkdir, ipconfig, dir, and so on. You can also start a Windows PowerShell session.

3. View the networking configuration
   At the console session command prompt, type ipconfig, and then press ENTER.
   The container is on the same network as the virtual switch you examined earlier (172.16.0.0/12).

4. Ping the external host
   At the console session command prompt, type ping dc01.contoso.com, and then press ENTER.
   You are able to communicate with external hosts. DC01.contoso.com is the domain controller used in the lab environment.

ping dc01.contoso.com

5. Open the Windows PowerShell command prompt
   On the taskbar, right-click Windows PowerShell, and then click Run as Administrator to open a second Windows PowerShell Command Prompt window. Click Yes when prompted.
   Please do not close the console session for your container.
6. List the containers
   At the Windows PowerShell command prompt, type the following command, and then press ENTER.
   docker ps

docker ps

7. Exit the container
   Switch to the console session you left open in a previous step. At the console session command prompt, type exit, and then press ENTER. The console session exits and the container stops.
8. List the containers
   Switch to the Windows PowerShell window where you ran the docker ps command. At the Windows PowerShell command prompt, type docker ps, and then press ENTER.
   No containers are listed. By default, the ps command lists only running containers.
   docker ps
9. List the containers
   At the Windows PowerShell command prompt, type docker ps -a, and then press ENTER.

docker ps -a

10. Start the container
    At the Windows PowerShell command prompt, type docker start dockerdemo, and then press ENTER. Optionally, after running this command, run the docker ps command, as shown in the Screenshot.

docker start dockerdemo

11. Attach to the container
    Switch to the other Windows PowerShell window. At the Windows PowerShell command prompt, type docker attach dockerdemo, and then press ENTER. Press ENTER again. The console session resumes.
    docker attach dockerdemo
12. View the networking configuration
    At the console session command prompt, type ipconfig, and then press ENTER.
    The IP address is different from the address originally assigned by NAT sharing.

13. Create a file on the container
    At the console session command prompt, type ipconfig > c:\ipconfig.txt, and then press ENTER.
    This command redirects the output of the ipconfig command to a text file named ipconfig.txt.
14. Display the contents of the text file
    At the console session command prompt, type type c:\ipconfig.txt, and then press ENTER.
    The contents of the text file you created in the previous step are displayed.
15. Exit the console session
    At the console session command prompt, type exit, and then press ENTER.
16. Create a new container image
    At the Windows PowerShell command prompt, type docker commit dockerdemo newcontainerimage, and then press ENTER.
    In this task, you are creating a reusable container image to use as a template for the creation of subsequent containers. At this point, any changes you make to the running container, such as creating the ipconfig.txt file, are held in a scratch space. To retain those changes, you need to create a new container image that contains those changes.

    The commit command changes only the state of the file system on a container, not the state or the memory of the container.
    The versioned Docker file system is based on additive layers. A Docker image is a snapshot of the file system at a particular time. A Docker image is made up of layers representing saved changes in the file system at particular points in time. These layers are additive and stack on top of each other. In this way, a Docker image is similar to a Git commit.
     
    Containers can share these layers, which is one reason why Docker is more resource-efficient than full virtual machines, in which nothing is shared.
    docker commit dockerdemo newcontainerimage

17. Display the container images
    At the Windows PowerShell command prompt, type docker images, and then press ENTER.
    You should see that a new image named newcontainerimage is present in the list of images.

docker images

18. Create a new container from a new image
    At the Windows PowerShell command prompt, type docker run -it –name newcontainer newcontainerimage cmd, and then press ENTER. When the command completes, an interactive console session is opened on the new container.
    This command creates a new container named newcontainer from the newcontainer image you created in a previous step.

    You are not using the –isolation=hyperv parameter with this command. Unless you have a business or security requirement for this level of container isolation, its use is optional.
    docker run -it –name newcontainer newcontainerimage cmd

19. Verify the presence of the ipconfig.txt file
    At the console session command prompt, type type c:\ipconfig.txt, and then press ENTER.
    This step verifies that the changes you baked into the image in the previous steps are present in the new container.

20. View the network configuration
    At the console session prompt, type ipconfig, and then press ENTER.
    The IP address of the container is different from the one you stored in the C:\ipconfig.txt file.

21. Exit the console session
    At the console session command prompt, type exit, and then press ENTER.
22. Remove newcontainer
    At the Windows PowerShell command prompt, type docker rm newcontainer, and then press ENTER.
    This command removes the container you just created.

    Had you created the container by using the –rm operator—for example, docker run -it –rm –name newcontainer newcontainerimage cmd—the container would have been automatically removed when you exited the console session.
    docker rm newcontainer

23. Remove dockerdemo
    At the Windows PowerShell command prompt, type docker rm dockerdemo, and then press ENTER.
    This command removes the dockerdemo container you created at the beginning of this exercise.
    docker rm dockerdemo
24. Remove the newcontainer image
    At the Windows PowerShell command prompt, type docker rmi newcontainerimage, and then press ENTER.
    This command removes the container image you created earlier.

docker rmi newcontainerimage

25. Verify the image deletion
    At the Windows PowerShell command prompt, type docker images, and then press ENTER.

docker images

26. Close all open windows
    Close all open windows. You will open a new Windows PowerShell command prompt window in the next exercise.

Congratulations. You have now created containers and container images, and removed containers and container images. In the next exercise, you will create a website that is hosted in a container.

Exercise 5 : Manage images and containers

In this exercise, you will take the lessons you have learned about creating and managing containers and container images and create a website that is hosted in a container.

1. Open Windows PowerShell as Administrator
   On the taskbar, right-click Windows PowerShell, and then click Run as Administrator. When prompted, click Yes.
2. Change the directory to C:\Build\IIS
   At the Windows PowerShell command prompt, type cd \build\iis, and then press ENTER.
   This folder and its contents were pre-created as part of the lab setup.
   cd \build\iis
3. List the dockerfile contents
   At the Windows PowerShell command prompt, type type dockerfile, and then press ENTER. The contents of the dockerfile text file are displayed.
   The dockerfile lists the instructions for automating the creation of the container image. In the previous exercise, you learned about the high-level workflow for creating images: start a container based on an image, add things to the container and configure it, and then commit the changes as a layer to make a new image.

   A dockerfile provides an alternative way to create container images by using automation. With a dockerfile, you can automate many of the tasks that you would perform directly against the container or by using the docker run command.

   This dockerfile contains instructions to use the Nano Server image as the base image and to copy the packages directory from the local host to the image.

   For more information on dockerfiles, please see https://github.com/wsargent/docker-cheat-sheet#dockerfile.

type dockerfile

4. Create the server container image
   At the Windows PowerShell command prompt, type docker build –t nanoserver_iis1 c:\build\iis, and then press ENTER.
   This command causes Docker to use the dockerfile located at C:\build\iis to create a container image named nanoserver_iis1 that contains the relevant Nano Server package files that are copied from the IIS\packages folder. The –t option is used to specify the name for the image.

docker build –t nanoserver_iis1 c:\build\iis

5. Verify the container image creation
   At the Windows PowerShell command prompt, type docker images, and then press ENTER. You should see nanoserver_iis1 listed in the output.

docker images

6. Run the container
   At the Windows PowerShell command prompt, type the following command, and then press ENTER.
   docker run -it –name iis1 nanoserver_iis1 cmd

   If, after a few minutes, the console session does not appear, press ENTER.
   You are creating a container from the image you just created by using the dockerfile and attaching an interactive terminal session to it. In the next steps, you will make additional configuration changes to the image.
   docker run -it –name iis1 nanoserver_iis1 cmd

7. Change to the packages directory
   In the console session attached to the IIS1 container, type cd packages, and then press ENTER.
8. Install the IIS role
   At the console session command prompt, type the following command, and then press ENTER.
   dism /online /apply-unattend:.\unattend.xml
   To install roles and features online with Nano Server running, you must use Windows packages that you download from the online package repository by using the NanoServerPackage provider of the PackageManagement (One Get) PowerShell module. Once you have downloaded the packages, you create an unattend.xml file to install the packages by using the DISM command. For more information on installing roles and features on Nano Server, please see https://technet.microsoft.com/en-us/library/mt126167.aspx.

   The packages and the custom unattend.xml file were downloaded and created as part of the lab setup. When you created the image by using the docker build command, these files were copied to the new image.

9. Start the web service
   At the console session command prompt, type net start w3svc, and then press ENTER.

10. Exit the console session
    At the console session command prompt, type exit, and then press ENTER.
11. Create a new container image
    At the Windows PowerShell command prompt, type docker commit iis1 nanoserver_iis2, and then press ENTER.
    You may wish to close and reopen the Windows PowerShell Command Prompt window.

    After a few moments, a reusable docker image that contains the web site role is created. To view the images, you can use the “docker images”, as shown in the attached screenshot.

docker commit iis1 nanoserver_iis2

12. Configure a firewall rule to allow HTTP traffic
    At the Windows PowerShell command prompt, type the following command, and then press ENTER.
    if (!(Get-NetFirewallRule | where {$_.Name –eq “TCP80”})) { New-NetFirewallRule –Name “TCP80” –DisplayName “HTTP on TCP/80” –Protocol tcp –LocalPort 80 –Action Allow -Enabled True}
    You can click the Type Text icon to the right of this note to paste the command into the Windows PowerShell window.

if (!(Get-NetFirewallRule | where {$_.Name –eq “TCP80”})) { New-NetFirewallRule –Name “TCP80” –DisplayName “HTTP on TCP/80” –Protocol tcp –LocalPort 80 –Action Allow -Enabled True}

13. Deploy the Nano Server with the IIS role container
    At the Windows PowerShell command prompt, type docker run –it –name iiscontainer –p 80:80 nanoserver_iis2 cmd, and then press ENTER.
    Please wait for the console session to appear before proceeding to the next step. This will take 30–60 seconds.
    This command creates a container based on the container image you just created. The –p 80:80 option creates a port mapping between port 80 on the container host and the container. The –it option causes an interactive command prompt to be opened on the container.
    docker run –it –name iiscontainer –p 80:80 nanoserver_iis2 cmd
14. Sign in to DC01
    Click the Switch to Machine icon to the right of this instruction to switch to the DC01 virtual machine. If necessary, sign in as CONOSO\Administrator using Passw0rd! as the password.
15. Open Internet Explorer
    On the taskbar, click Internet Explorer.
16. Browse to the website running on the container
    In Internet Explorer, browse to http://10.10.10.41. The default IIS page opens from the website running on the container that is hosted by W10-CLIENT (10.10.10.41).
    http://10.10.10.41
17. End the lab
    This is the end of the lab.

    Click Done to end the lab.
    Clicking Done will cause the lab to end. Please click Done only if you are sure you want to finish and exit the lab.

Congratulations! You have successfully created a web server and modified a website in a container.

Click Continue to close the lab.

From <https://labondemand.com/LabProfile/Manual/28143?showScreenshots=1>