Install Portainer BE with Docker Swarm on Windows Container Service

These installation instructions are for Portainer Business Edition (BE). For Portainer Community Edition (CE) refer to the CE install documentation.

Introduction

Portainer consists of two elements, the Portainer Server, and the Portainer Agent. Both elements run as lightweight Docker containers on a Docker engine. This document will help you install the Portainer Server container on your Windows server with Windows Containers. To add a new WCS environment to an existing Portainer Server installation, please refer to the Portainer Agent installation instructions.

To get started, you will need:

  • The latest version of Docker installed and working.

  • Swarm mode enabled and working, including the overlay network for the swarm service communication.

  • Administrator access on the manager node of your Swarm cluster.

  • By default, Portainer will expose the UI over port 9443 and expose a TCP tunnel server over port 8000. The latter is optional and is only required if you plan to use the Edge compute features with Edge agents.

  • The manager and worker nodes must be able to communicate with each other over port 9001.

  • A license key for Portainer Business Edition.

The installation instructions also make the following assumptions about your environment:

  • Your environment meets our requirements. While Portainer may work with other configurations, it may require configuration changes or have limited functionality.

  • You are running a single manager node in your swarm. If you have more than one, please read this knowledge base article before proceeding.

  • If your nodes are using DNS records to communicate, that all records are resolvable across the cluster.

Preparation

To run Portainer Server in a Windows Server/Desktop Environment you need to create exceptions in the firewall. These can easily be added through PowerShell by running the following commands:

netsh advfirewall firewall add rule name="cluster_management" dir=in action=allow protocol=TCP localport=2377
netsh advfirewall firewall add rule name="node_communication_tcp" dir=in action=allow protocol=TCP localport=7946
netsh advfirewall firewall add rule name="node_communication_udp" dir=in action=allow protocol=UDP localport=7946
netsh advfirewall firewall add rule name="overlay_network" dir=in action=allow protocol=UDP localport=4789
netsh advfirewall firewall add rule name="swarm_dns_tcp" dir=in action=allow protocol=TCP localport=53
netsh advfirewall firewall add rule name="swarm_dns_udp" dir=in action=allow protocol=UDP localport=53

You will also need to install the Windows Container Host Service and install Docker. Microsoft have provided a PowerShell script to perform the necessary actions. You can download the script and run it with the following commands:

Invoke-WebRequest -UseBasicParsing "https://raw.githubusercontent.com/microsoft/Windows-Containers/Main/helpful_tools/Install-DockerCE/install-docker-ce.ps1" -o install-docker-ce.ps1
.\install-docker-ce.ps1

Once this is complete you will need to restart your Windows server. After the restart completes, you're ready to install Portainer itself.

Deployment

Portainer can be directly deployed as a service in your Docker cluster. Note that this method will automatically deploy a single instance of the Portainer Server, and deploy the Portainer Agent as a global service on every node in your cluster.

Only do this once for your environment, regardless of how many nodes are in the cluster. You do not need to add each node in your cluster as a separate environment in Portainer. Deploying the manifest to your swarm will include every node in the cluster automatically. Adding each node as a separate environment will also consume more of your licensed node count than you may expect.

You can use our YML manifest to run Portainer in Windows using Windows Containers. In PowerShell, run:

curl https://downloads.portainer.io/ee2-20/portainer_windows_stack.yml -o portainer-windows-stack.yml

Then use the downloaded YML manifest to deploy your stack:

docker stack deploy --compose-file=portainer-windows-stack.yml portainer

By default, Portainer generates and uses a self-signed SSL certificate to secure port 9443. Alternatively you can provide your own SSL certificate during installation or via the Portainer UI after installation is complete.

Logging In

Now that the installation is complete, you can log into your Portainer Server instance by opening a web browser and going to:

https://localhost:9443

Replace localhost with the relevant IP address or FQDN if needed, and adjust the port if you changed it earlier.

You will be presented with the initial setup page for Portainer Server.

Last updated