Public | Automated Build

Last pushed: 2 years ago
Short Description
ENV-configurable pypicloud image.
Full Description


Dockerfile to build a docker image for running a pypicloud instance.


Configuration is provided via runtime environment variables.

Env Var Default Description
PYPI_ADMIN_PASSWORD secret (encrypted) The encrypted password to use for the admin user if using config auth method. This must be the encrypted form. See below.
PYPI_DB_URL sqlite:////var/lib/pypicloud/db.sqlite The DB connection URL for the local metadata cache.
PYPI_AUTH_DB_URL sqlite:////var//lib/pypicloud/db.sqlite The DB connection URL for the auth DB if PYPI_AUTH=sql
PYPI_SESSION_ENCRYPT_KEY replaceme Key to use when encryption session data.
PYPI_SESSION_VALIDATE_KEY replaceme Key used to validate session data.
PYPI_FALLBACK redirect Behavior when package is not found in DB. Options: redirect, cache, none (docs)
PYPI_FALLBACK_URL The URL of another package index fro which to fetch packages when falling back.
PYPI_STORAGE file The package storage strategy. Options: file, s3, cloudfront (docs)
PYPI_STORAGE_DIR /var/lib/pypicloud/packages Where to store packages when using the file option for PYPI_STORAGE variable.
PYPI_STORAGE_BUCKET changeme The S3 bucket to store packages when using the s3 option for PYPI_STORAGE variable.
AWS_ACCESS_KEY_ID changeme The AWS access key ID to use when accessing an s3 bucket.
AWS_SECRET_ACCESS_KEY changeme The AWS secret access key to use when accessing an S3 bucket.
PYPI_AUTH config The authentication mode to use. Options: config, sql, remote, ldap (docs)
PYPI_DEFAULT_READ authenticated List of groups allowed to read packages that don't have explicit restrictions.
PYPI_CACHE_UPDATE authenticated List of groups allowed to update the package cache.
PYPI_HTTP The interface and port to bind to. (docs)
PYPI_PROCESSES 20 The number of concurrent worker processes to run.
PYPI_SSL_KEY (none) Container path to the SSL private key if terminating SSL at the container.
PYPI_SSL_CRT (none) Container path to the SSL certificate if terminating SSL at the container.

Generating Passwords

$ docker run --rm -it joshbenner/pypicloud gen-password

Enter the password twice. An encrypted value will be printed that can be put in the PYPI_ADMIN_PASSWORD environment variable. It will look something like:


SSL Termination

Terminating SSL at a proxy or load balancer is recommended. However, SSL options are available if you require SSL termination at the container:


These paths must be available to the application running inside the container at runtime.

LDAP Authentication

LDAP authentication can be enabled by setting PYPI_AUTH to ldap, as well as configuring the following additional LDAP-specific options:

Env Var Default Description
PYPI_LDAP_URL The LDAP connection URL. Example: ldap://
PYPI_LDAP_SERVICE_DN The DN used to bind to LDAP. Requires read access to directory. Example: cn=SuperUser,dc=example,dc=com
PYPI_LDAP_SERVICE_PASSWORD The password used to bind to the service DN.
PYPI_LDAP_BASEDN The DN under which all users are found. Base of search in PYPI_LDAP_USERSEARCH
PYPI_LDAP_USERSEARCH The LDAP search that will find all potential users. Only searches under PYPI_LDAP_BASEDN.
PYPI_LDAP_IDFIELD The LDAP field that has the user name.
PYPI_LDAP_ADMIN_DNS Space-separated list of DNs that have a field listing user DNs to be considered admins.
PYPI_LDAP_ADMIN_FIELD The field in the DNs in PYPI_LDAP_ADMIN_DNS that identifies admin user DNs.
Docker Pull Command
Source Repository