官方的 mcr.microsoft.com/dotnet/framework/aspnet:4.8 容器映象,已經預先安裝好 Web Server (IIS) 與 ASP.NET 4.8 角色服務,但預設只有啟用一些最常見的 IIS 功能,如果你現有的 IIS 站台想要容器化,但又需要額外安裝角色服務的話,那你就可以參考本篇文章說明。
建立容器
docker run --name=mysite --isolation=process -d -p 80:80 -p 443:443 -v C:\Projects\WebApplication1:C:\Inetpub\wwwroot mcr.microsoft.com/dotnet/framework/aspnet:4.8
以下對上述參數進行說明:
--name=mysite 設定容器好記名稱為 mysite,方便後續命令說明。--isolation=process 由於我們要複製現有的 PFX 憑證進容器,在 Windows 10 的 Windows Containers 必須要使用 proccess 隔離模式執行,才能執行 docker cp 命令複製檔案。-d 代表我們要將容器跑成 detach 模式。-p 80:80 -p 443:443 由於 Windows Containers 執行容器時,預設採用 nat 模式,所以需要將容器的 IP:Ports 對應到本機 Ports 比較方便測試。-v C:\Projects\WebApplication1:C:\Inetpub\wwwroot 將一個現有的 ASP.NET MVC 5 專案對應到容器的 C:\Inetpub\wwwroot 路徑。mcr.microsoft.com/dotnet/framework/aspnet:4.8 已經預載 Web Server (IIS) 與 ASP.NET 4.8 角色服務。這是微軟官方的「多架構」容器映象,詳見 Windows Container 版本相容性與多重架構容器映像介紹 文章。
接著透過 docker exec 進入容器中操作:
docker exec -it -w c:\inetpub\wwwroot mysite powershell
取得所有角色服務
雖然我們可以用 Get-WindowsFeature 取得所有 Windows 功能清單,預設會顯示 Display Name, Name 與 Install State 三個欄位,但是有些服務的名稱過長,無法完整顯示名稱。因此我們要改用 Get-WindowsFeature | Format-Table -Wrap 來顯示出完整的資訊:
注意:在我的部落格可以按下快速鍵 f 進入「全幅螢幕」模式,可以更好的閱讀以下表格。
PS C:\> Get-WindowsFeature | Format-Table -Wrap
Display Name Name Install State
------------ ---- -------------
[ ] Active Directory Certificate Services AD-Certificate Removed
[ ] Certification Authority ADCS-Cert-Authority Removed
[ ] Certificate Enrollment Policy Web Service ADCS-Enroll-Web-Pol Removed
[ ] Certificate Enrollment Web Service ADCS-Enroll-Web-Svc Removed
[ ] Certification Authority Web Enrollment ADCS-Web-Enrollment Removed
[ ] Network Device Enrollment Service ADCS-Device-Enrollment Removed
[ ] Online Responder ADCS-Online-Cert Removed
[ ] Active Directory Domain Services AD-Domain-Services Removed
[ ] Active Directory Federation Services ADFS-Federation Removed
[ ] Active Directory Lightweight Directory Services ADLDS Removed
[ ] Active Directory Rights Management Services ADRMS Removed
[ ] Active Directory Rights Management Server ADRMS-Server Removed
[ ] Identity Federation Support ADRMS-Identity Removed
[ ] Device Health Attestation DeviceHealthAttestationService Removed
[ ] DHCP Server DHCP Available
[ ] DNS Server DNS Available
[X] File and Storage Services FileAndStorage-Services Installed
[ ] File and iSCSI Services File-Services Removed
[ ] File Server FS-FileServer Removed
[ ] BranchCache for Network Files FS-BranchCache Removed
[ ] Data Deduplication FS-Data-Deduplication Removed
[ ] DFS Namespaces FS-DFS-Namespace Removed
[ ] DFS Replication FS-DFS-Replication Removed
[ ] File Server Resource Manager FS-Resource-Manager Removed
[ ] File Server VSS Agent Service FS-VSS-Agent Removed
[ ] iSCSI Target Server FS-iSCSITarget-Server Removed
[ ] iSCSI Target Storage Provider (VDS and VSS hardware providers) iSCSITarget-VSS-VDS Removed
[ ] Server for NFS FS-NFS-Service Removed
[ ] Work Folders FS-SyncShareService Removed
[X] Storage Services Storage-Services Installed
[ ] Host Guardian Service HostGuardianServiceRole Removed
[ ] Hyper-V Hyper-V Removed
[ ] Print and Document Services Print-Services Removed
[ ] Print Server Print-Server Removed
[ ] LPD Service Print-LPD-Service Removed
[ ] Remote Access RemoteAccess Removed
[ ] DirectAccess and VPN (RAS) DirectAccess-VPN Removed
[ ] Routing Routing Removed
[ ] Web Application Proxy Web-Application-Proxy Removed
[ ] Remote Desktop Services Remote-Desktop-Services Removed
[ ] Remote Desktop Licensing RDS-Licensing Removed
[ ] Volume Activation Services VolumeActivation Removed
[X] Web Server (IIS) Web-Server Installed
[X] Web Server Web-WebServer Installed
[X] Common HTTP Features Web-Common-Http Installed
[X] Default Document Web-Default-Doc Installed
[X] Directory Browsing Web-Dir-Browsing Installed
[X] HTTP Errors Web-Http-Errors Installed
[X] Static Content Web-Static-Content Installed
[ ] HTTP Redirection Web-Http-Redirect Available
[ ] WebDAV Publishing Web-DAV-Publishing Available
[X] Health and Diagnostics Web-Health Installed
[X] HTTP Logging Web-Http-Logging Installed
[ ] Custom Logging Web-Custom-Logging Available
[ ] Logging Tools Web-Log-Libraries Available
[ ] ODBC Logging Web-ODBC-Logging Available
[ ] Request Monitor Web-Request-Monitor Available
[ ] Tracing Web-Http-Tracing Available
[X] Performance Web-Performance Installed
[X] Static Content Compression Web-Stat-Compression Installed
[ ] Dynamic Content Compression Web-Dyn-Compression Available
[X] Security Web-Security Installed
[X] Request Filtering Web-Filtering Installed
[ ] Basic Authentication Web-Basic-Auth Available
[ ] Centralized SSL Certificate Support Web-CertProvider Available
[ ] Client Certificate Mapping Authentication Web-Client-Auth Available
[ ] Digest Authentication Web-Digest-Auth Available
[ ] IIS Client Certificate Mapping Authentication Web-Cert-Auth Available
[ ] IP and Domain Restrictions Web-IP-Security Available
[ ] URL Authorization Web-Url-Auth Available
[ ] Windows Authentication Web-Windows-Auth Available
[X] Application Development Web-App-Dev Installed
[ ] .NET Extensibility 3.5 Web-Net-Ext Available
[X] .NET Extensibility 4.8 Web-Net-Ext45 Installed
[ ] Application Initialization Web-AppInit Available
[ ] ASP Web-ASP Available
[ ] ASP.NET 3.5 Web-Asp-Net Available
[X] ASP.NET 4.8 Web-Asp-Net45 Installed
[ ] CGI Web-CGI Available
[X] ISAPI Extensions Web-ISAPI-Ext Installed
[X] ISAPI Filters Web-ISAPI-Filter Installed
[ ] Server Side Includes Web-Includes Available
[ ] WebSocket Protocol Web-WebSockets Available
[ ] FTP Server Web-Ftp-Server Available
[ ] FTP Service Web-Ftp-Service Available
[ ] FTP Extensibility Web-Ftp-Ext Available
[ ] Management Tools Web-Mgmt-Tools Available
[ ] IIS Management Console Web-Mgmt-Console Available
[ ] IIS 6 Management Compatibility Web-Mgmt-Compat Available
[ ] IIS 6 Metabase Compatibility Web-Metabase Available
[ ] IIS 6 Scripting Tools Web-Lgcy-Scripting Available
[ ] IIS 6 WMI Compatibility Web-WMI Available
[ ] IIS Management Scripts and Tools Web-Scripting-Tools Available
[ ] Management Service Web-Mgmt-Service Available
[ ] Windows Deployment Services WDS Available
[ ] Transport Server WDS-Transport Available
[ ] Windows Server Update Services UpdateServices Removed
[ ] WID Connectivity UpdateServices-WidDB Removed
[ ] WSUS Services UpdateServices-Services Removed
[ ] SQL Server Connectivity UpdateServices-DB Removed
[ ] .NET Framework 3.5 Features NET-Framework-Features Available
[ ] .NET Framework 3.5 (includes .NET 2.0 and 3.0) NET-Framework-Core Removed
[ ] HTTP Activation NET-HTTP-Activation Available
[ ] Non-HTTP Activation NET-Non-HTTP-Activ Available
[X] .NET Framework 4.8 Features NET-Framework-45-Features Installed
[X] .NET Framework 4.8 NET-Framework-45-Core Installed
[X] ASP.NET 4.8 NET-Framework-45-ASPNET Installed
[X] WCF Services NET-WCF-Services45 Installed
[ ] HTTP Activation NET-WCF-HTTP-Activation45 Available
[ ] Message Queuing (MSMQ) Activation NET-WCF-MSMQ-Activation45 Available
[ ] Named Pipe Activation NET-WCF-Pipe-Activation45 Available
[ ] TCP Activation NET-WCF-TCP-Activation45 Available
[X] TCP Port Sharing NET-WCF-TCP-PortSharing45 Installed
[ ] Background Intelligent Transfer Service (BITS) BITS Removed
[ ] IIS Server Extension BITS-IIS-Ext Removed
[ ] Compact Server BITS-Compact-Server Removed
[ ] BitLocker Drive Encryption BitLocker Removed
[ ] BranchCache BranchCache Removed
[ ] Client for NFS NFS-Client Removed
[ ] Containers Containers Removed
[ ] Data Center Bridging Data-Center-Bridging Removed
[ ] Enhanced Storage EnhancedStorage Removed
[ ] Failover Clustering Failover-Clustering Removed
[ ] Group Policy Management GPMC Removed
[ ] Host Guardian Hyper-V Support HostGuardian Removed
[ ] I/O Quality of Service DiskIo-QoS Removed
[ ] IIS Hostable Web Core Web-WHC Available
[ ] IP Address Management (IPAM) Server IPAM Removed
[ ] iSNS Server service ISNS Removed
[ ] Management OData IIS Extension ManagementOdata Available
[ ] Media Foundation Server-Media-Foundation Removed
[ ] Message Queuing MSMQ Available
[ ] Message Queuing Services MSMQ-Services Available
[ ] Message Queuing Server MSMQ-Server Available
[ ] Directory Service Integration MSMQ-Directory Available
[ ] HTTP Support MSMQ-HTTP-Support Available
[ ] Message Queuing Triggers MSMQ-Triggers Available
[ ] Routing Service MSMQ-Routing Available
[ ] Message Queuing DCOM Proxy MSMQ-DCOM Available
[ ] Multipath I/O Multipath-IO Removed
[ ] Network Load Balancing NLB Removed
[ ] Network Virtualization NetworkVirtualization Removed
[ ] Peer Name Resolution Protocol PNRP Removed
[ ] Quality Windows Audio Video Experience qWave Removed
[ ] Remote Differential Compression RDC Removed
[ ] Remote Server Administration Tools RSAT Available
[ ] Feature Administration Tools RSAT-Feature-Tools Removed
[ ] BitLocker Drive Encryption Administration Utilities RSAT-Feature-Tools-BitLocker Removed
[ ] DataCenterBridging LLDP Tools RSAT-DataCenterBridging-LLDP-Tools Removed
[ ] Failover Clustering Tools RSAT-Clustering Removed
[ ] Failover Cluster Module for Windows PowerShell RSAT-Clustering-PowerShell Removed
[ ] Failover Cluster Automation Server RSAT-Clustering-AutomationServer Removed
[ ] Failover Cluster Command Interface RSAT-Clustering-CmdInterface Removed
[ ] IP Address Management (IPAM) Client IPAM-Client-Feature Removed
[ ] Shielded VM Tools RSAT-Shielded-VM-Tools Removed
[ ] Storage Migration Service Tools RSAT-SMS Removed
[ ] Storage Replica Module for Windows PowerShell RSAT-Storage-Replica Removed
[ ] System Insights Module for Windows PowerShell RSAT-System-Insights Removed
[ ] Role Administration Tools RSAT-Role-Tools Available
[ ] AD DS and AD LDS Tools RSAT-AD-Tools Available
[ ] Active Directory module for Windows PowerShell RSAT-AD-PowerShell Available
[ ] AD DS Tools RSAT-ADDS Available
[ ] Active Directory Administrative Center RSAT-AD-AdminCenter Available
[ ] AD DS Snap-Ins and Command-Line Tools RSAT-ADDS-Tools Available
[ ] AD LDS Snap-Ins and Command-Line Tools RSAT-ADLDS Available
[ ] Hyper-V Management Tools RSAT-Hyper-V-Tools Available
[ ] Hyper-V Module for Windows PowerShell Hyper-V-PowerShell Available
[ ] Windows Server Update Services Tools UpdateServices-RSAT Available
[ ] API and PowerShell cmdlets UpdateServices-API Available
[ ] DHCP Server Tools RSAT-DHCP Available
[ ] DNS Server Tools RSAT-DNS-Server Available
[ ] Remote Access Management Tools RSAT-RemoteAccess Removed
[ ] Remote Access module for Windows PowerShell RSAT-RemoteAccess-PowerShell Removed
[ ] RPC over HTTP Proxy RPC-over-HTTP-Proxy Available
[ ] Setup and Boot Event Collection Setup-and-Boot-Event-Collection Removed
[ ] Simple TCP/IP Services Simple-TCPIP Available
[ ] SMB 1.0/CIFS File Sharing Support FS-SMB1 Available
[ ] SMB 1.0/CIFS Client FS-SMB1-CLIENT Available
[ ] SMB 1.0/CIFS Server FS-SMB1-SERVER Removed
[ ] SMB Bandwidth Limit FS-SMBBW Available
[ ] SNMP Service SNMP-Service Removed
[ ] SNMP WMI Provider SNMP-WMI-Provider Removed
[ ] Software Load Balancer SoftwareLoadBalancer Removed
[ ] Storage Migration Service SMS Available
[ ] Storage Migration Service Proxy SMS-Proxy Available
[ ] Storage Replica Storage-Replica Removed
[X] System Data Archiver System-DataArchiver Installed
[ ] System Insights System-Insights Available
[ ] Telnet Client Telnet-Client Available
[ ] VM Shielding Tools for Fabric Management FabricShieldedTools Available
[ ] Windows Defender Antivirus Windows-Defender Removed
[ ] Windows Internal Database Windows-Internal-Database Available
[X] Windows PowerShell PowerShellRoot Installed
[X] Windows PowerShell 5.1 PowerShell Installed
[ ] Windows PowerShell 2.0 Engine PowerShell-V2 Removed
[ ] Windows PowerShell Desired State Configuration Service DSC-Service Available
[ ] Windows PowerShell Web Access WindowsPowerShellWebAccess Available
[ ] Windows Process Activation Service WAS Available
[ ] Process Model WAS-Process-Model Available
[ ] .NET Environment 3.5 WAS-NET-Environment Available
[ ] Configuration APIs WAS-Config-APIs Available
[ ] Windows Server Backup Windows-Server-Backup Removed
[ ] Windows Server Migration Tools Migration Removed
[ ] Windows Standards-Based Storage Management WindowsStorageManagementService Removed
[ ] Windows Subsystem for Linux Microsoft-Windows-Subsystem-Linux Removed
[ ] WinRM IIS Extension WinRM-IIS-Ext Available
[ ] WINS Server WINS Removed
[X] WoW64 Support WoW64-Support Installed
安裝所需的 IIS 角色服務
我們可以專注在 Web Server (IIS) 這項就好,挑選一些現有 ASP.NET 應用程式所需的角色服務。
假設我們需要額外安裝以下 3 個 IIS 角色服務:
- Dynamic Content Compression (
Web-Dyn-Compression)
- IP and Domain Restrictions (
Web-IP-Security)
- URL Authorization (
Web-Url-Auth)
IIS Management Scripts and Tools (Web-Scripting-Tools) 主要提供 WMI 給其他語言呼叫使用,在容器中通常不用特別安裝。詳見 Managing Applications and Application Pools on IIS 7.0 with WMI 說明。
那麼我們就可以在容器中輸入以下命令,一口氣把這 3 個角色服務裝好:
Install-WindowsFeature Web-Dyn-Compression,Web-IP-Security,Web-Url-Auth
如果成功安裝,會看到以下訊息:
PS C:\> Install-WindowsFeature Web-Dyn-Compression,Web-IP-Security,Web-Url-Auth
Success Restart Needed Exit Code Feature Result
------- -------------- --------- --------------
True No Success {Dynamic Content Compression, IP and Domai...
在 IIS.net 網站上其實也有許多好用的 IIS 模組可以安裝,我以最常見的 URL Rewrite 模組為例,示範在容器中完整的安裝過程。
以下是可以成功安裝 URL Rewrite Module 2.1 的命令:
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\InetStp' -Name MajorVersion -Value 9
$ProgressPreference = 'SilentlyContinue'
wget https://download.microsoft.com/download/1/2/8/128E2E22-C1B9-44A4-BE2A-5859ED1D4592/rewrite_amd64_en-US.msi -OutFile rewrite_amd64_en-US.msi
msiexec /i "rewrite_amd64_en-US.msi" /q /log rewrite.log
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\InetStp' -Name MajorVersion -Value 10
這幾行命令,最主要的還是第一行與最後一行,因為 IIS.net 網站上雖然有許多好用工具,但是其安裝檔都已經年久失修,已經不認得目前最新的 IIS 10.0 版。因此,你在執行安裝之前,最好先修改 HKLM\SOFTWARE\Microsoft\InetStp 機碼下的 MajorVersion 資料,這代表目前主機安裝的 IIS 主要版本,只要在安裝模組的時候先「騙」過 MSI 安裝程式,讓他以為我們還在用舊版的 IIS,如此一來才不會導致安裝失敗! 🔥
相關連結