Install Portainer BE with Docker on Windows Container Service

These installation instructions are for Portainer Business Edition (BE). For Portainer Community Edition (CE) refer to the CE install documentation.

Introduction

Portainer consists of two elements, the Portainer Server, and the Portainer Agent. Both elements run as lightweight Docker containers on a Docker engine. This document will help you install the Portainer Server container on your Windows server with Windows Containers. To add a new WCS environment to an existing Portainer Server installation, please refer to the Portainer Agent installation instructions.

To get started, you will need:

  • Administrator access on the machine that will host your Portainer Server instance

  • By default, Portainer Server will expose the UI over port 9443 and expose a TCP tunnel server over port 8000. The latter is optional and is only required if you plan to use the Edge compute features with Edge agents.

  • A license key for Portainer Business Edition.

The installation instructions also make the following assumption about your environment:

  • Your environment meets our requirements. While Portainer may work with other configurations, it may require configuration changes or have limited functionality.

Preparation

To run Portainer Server in a Windows Server/Desktop Environment you need to create exceptions in the firewall. These can easily be added through PowerShell by running the following commands:

netsh advfirewall firewall add rule name="cluster_management" dir=in action=allow protocol=TCP localport=2377
netsh advfirewall firewall add rule name="node_communication_tcp" dir=in action=allow protocol=TCP localport=7946
netsh advfirewall firewall add rule name="node_communication_udp" dir=in action=allow protocol=UDP localport=7946
netsh advfirewall firewall add rule name="overlay_network" dir=in action=allow protocol=UDP localport=4789
netsh advfirewall firewall add rule name="swarm_dns_tcp" dir=in action=allow protocol=TCP localport=53
netsh advfirewall firewall add rule name="swarm_dns_udp" dir=in action=allow protocol=UDP localport=53

You will also need to install the Windows Container Host Service and install Docker. Microsoft have provided a PowerShell script to perform the necessary actions. You can download the script and run it with the following commands:

Invoke-WebRequest -UseBasicParsing "https://raw.githubusercontent.com/microsoft/Windows-Containers/Main/helpful_tools/Install-DockerCE/install-docker-ce.ps1" -o install-docker-ce.ps1
.\install-docker-ce.ps1

Once this is complete you will need to restart your Windows server. After the restart completes, you're ready to install Portainer itself.

Deployment

First, create the volume that Portainer Server will use to store its database. Using PowerShell:

docker volume create portainer_data

Then, download and install the Portainer Server container:

docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart always -v \\.\pipe\docker_engine:\\.\pipe\docker_engine -v portainer_data:C:\data portainer/portainer-ee:2.20.3

By default, Portainer generates and uses a self-signed SSL certificate to secure port 9443. Alternatively you can provide your own SSL certificate during installation or via the Portainer UI after installation is complete.

If you see an error message similar to:

"\\.\pipe\dockerDesktopEngine" includes invalid characters for a local volume name

then you may not have Windows containers properly enabled. If you are using Docker Desktop, right click the icon in your tray and select Switch to Windows Containers.

If you require HTTP port 9000 open for legacy reasons, add the following to your docker run command:

-p 9000:9000

Logging In

Now that the installation is complete, you can log into your Portainer Server instance by opening a web browser and going to:

https://localhost:9443

Replace localhost with the relevant IP address or FQDN if needed, and adjust the port if you changed it earlier.

You will be presented with the initial setup page for Portainer Server.

Last updated