Docker image for Radicale, the CalDAV/CardDAV server.
This container is for Radicale version 2.x, as of 2017.07.
- Security: run as a normal user (not root!) with the help of su-exec (ie. gosu in C)
- Process management: use Tini to handle init (pid 0)
- Safe volume permissions:
/datacan be mounted by your user or root and they will still be readable by the
radicaleuser inside the container
- Small size: run on python:3-alpine
- Git and Bcrypt included for versioning and authentication and InfCloud if you need an UI
Radicale Version & Image Tag
This image aims to be tagged along Radicale.
For example, given Radicale releases version
2.1.8, we update the
VERSION in the Dockerfile, then push a Git tag
This will automatically produce a corresponding Docker image version on Docker HUB to be pulled, eg.
docker pull tomsquest/docker-radicale:220.127.116.11.
The last number (x.y.z.LASTNUMBER) is our image revision. We increment it when we change something in the image without updating the version of Radicale.
At all time, the
master branch is released as version
latest on Docker HUB. You can pull latest with:
docker pull tomsquest/docker-radicale:latest or simply
docker pull tomsquest/docker-radicale
docker run -d --name radicale \ -p 5232:5232 \ tomsquest/docker-radicale
Run latest and keeps the stored data:
docker run -d --name radicale \ -p 5232:5232 \ --read-only -v ~/radicale/data:/data \ tomsquest/docker-radicale
Run latest, keeps the stored data and a custom config:
docker run -d --name radicale \ -p 5232:5232 \ --read-only \ -v ~/radicale/data:/data \ -v ~/radicale/config:/config:ro \ tomsquest/docker-radicale
Run latest, using custom UID and GID (
--read-only is not possible with this method):
docker run -d --name radicale \ -p 5232:5232 \ --read-only \ -e UID=1111 \ -e GID=2222 \ -v ~/radicale/data:/data \ -v ~/radicale/config:/config:ro \ tomsquest/docker-radicale
If you want another user to run the docker container and so "share" files with fixed permission between the host and the container, two options:
- Create a user on your host with ID
2999(hardcoded in the built image):
useradd --uid 2999 radicale
-e GID=456for user and group Id's.
--read-onlyis not possible with this method as it modifies the filesystem at runtime.
- Or build the image yourself and specify the user ID you want:
docker build -t radicale --build-arg=UID=5000 --build-arg=GID=5001 .(see the Building section below)
The first option is far easier. Robert Beal said it simply:
The main problem with building is that you either have to do so on your own environment (and push the image to your own registry so that prod can access it) or you build on your production environment (which isn't ideal either). It means dealing with source code and git pulls etc... and you have to manage updating it all so more responsibility is put on the consumer.
Build the image:
docker build -t radicale .
Then run the container:
docker run -d --name radicale -p 5232:5232 radicale
When building, you can specify the user ID and group ID of the
radicale user created in the container.
This is useful because files created by the
radicale user can then match one of your user on your host.
This is an optional feature of this image.
By default, the
radicale user has a user ID of
2999 and a group ID of
By the way, we could have "change" the IDs when the container is run, but this would prevent us from running the container readonly (with the
# Let's create a user/group 5000/5001 on your host sudo addgroup --gid 5001 radicale sudo adduser --gid 5001 --uid 5000 --shell /bin/false --disabled-password --no-create-home radicale # Then build the image with these IDs docker build -t radicale --build-arg=UID=5000 --build-arg=GID=5001 .
Radicale configuration is in one file
To customize Radicale configuration, either:
- (recommended): use this repository preconfigured config file,
- Or, get the config file from Radicale repository and tweak it (change
hoststo be accessible from the Docker host,
filesystem_folderto point to the data volume...)
Then puts these two files in a directory and use the config volume
-v /my_custom_config_directory:/config when running the container.