Python Docker Container Images

Table of Contents

• Docker Images
  • -dev
  • -dev-macos
  • Supported architectures
• Environment Variables
• Build arguments
• Changelog
• Users and permissions
• Crond
• SSHD
• Adding SSH key
• Complete Python stack
• Orchestration Actions

Docker Images

❗For better reliability we release images with stability tags (wodby/python:3-X.X.X) which correspond to git tags. We strongly recommend using images only with stability tags.

About images:

• All images are based on Alpine Linux
• Base image: python
• GitHub actions builds
• Docker Hub

Supported tags and respective Dockerfile links:

• 3.14, 3, latest (Dockerfile)
• 3.13 (Dockerfile)
• 3.12 (Dockerfile)
• 3.11 (Dockerfile)
• 3.10 (Dockerfile)
• 3.14-dev, 3-dev (Dockerfile)
• 3.13-dev (Dockerfile)
• 3.12-dev (Dockerfile)
• 3.11-dev (Dockerfile)
• 3.10-dev (Dockerfile)
• 3.14-dev-macos, 3-dev-macos (Dockerfile)
• 3.13-dev-macos (Dockerfile)
• 3.12-dev-macos (Dockerfile)
• 3.11-dev-macos (Dockerfile)
• 3.10-dev-macos (Dockerfile)

-dev

Images with -dev tag have sudo allowed for all commands for wodby user.

-dev-macos

Same as -dev but the default user/group wodby has uid/gid 501/20 to match the macOS default user/group ids.

Supported architectures

All images built for linux/amd64, -dev-macos images additionally built for linux/arm64

Environment Variables

Variable	Default value
GIT_USER_EMAIL	wodby@example.com
GIT_USER_NAME	wodby
GUNICORN_APP	myapp.wsgi:application
GUNICORN_BACKLOG	2048
GUNICORN_KEEPALIVE	2
GUNICORN_LOGLEVEL	info
GUNICORN_PROC_NAME	Gunicorn
GUNICORN_PYTHONPATH
GUNICORN_SPEW	False
GUNICORN_TIMEOUT	30
GUNICORN_WORKER_CLASS	sync
GUNICORN_WORKER_CONNECTIONS	1000
GUNICORN_WORKERS	4
SSH_DISABLE_STRICT_KEY_CHECKING
SSH_PRIVATE_KEY
SSHD_GATEWAY_PORTS	no
SSHD_HOST_KEYS_DIR	/etc/ssh
SSHD_LOG_LEVEL	INFO
SSHD_PASSWORD_AUTHENTICATION	no
SSHD_PERMIT_USER_ENV	no
SSHD_USE_DNS	yes

Build arguments

Argument	Default value
PYTHON_DEV
PYTHON_DEBUG
WODBY_GROUP_ID	1000
WODBY_USER_ID	1000

Change WODBY_USER_ID and WODBY_GROUP_ID mainly for local dev version of images, if it matches with existing system user/group ids the latter will be deleted.

Tools

Tool	all versions
UV	latest

Changelog

Changes per stability tag reflected in the git tags description under releases.

Crond

You can run Crond with this image changing the command to sudo -E crond -f -d 0 and mounting a crontab file to ./crontab:/etc/crontabs/www-data. Example crontab file contents:

# min	hour	day	month	weekday	command
*/1	*	*	*	*	echo "test" > /mnt/files/cron

SSHD

You can run SSHD with this image by changing the command to sudo /usr/sbin/sshd -De and mounting authorized public keys to /home/wodby/.ssh/authorized_keys

Adding SSH key

You can add a private SSH key to the container by mounting it to /home/wodby/.ssh/id_rsa

Users and permissions

Default container user is wodby:wodby (UID/GID 1000). Gunicorn runs from www-data:www-data user (UID/GID 82) by default. User wodby is a part of www-data group.

Codebase volume $APP_ROOT (/usr/src/app) owned by wodby:wodby. Files volume $FILES_DIR (/mnt/files) owned by www-data:www-data with 775 mode.

Helper scripts

• files_chmod – in case you need write access for wodby user to a file/dir generated by www-data on this volume run sudo files_chmod [FILEPATH] script (FILEPATH must be under /mnt/files), it will recursively change the mode to ug=rwX,o=rX

• files_chown – in case you manually uploaded files under wodby user to files volume and want to change the ownership of those files to www-data run sudo files_chown [FILEPATH] script (FILEPATH must be under /mnt/files), it will recursively change ownership to www-data:www-data

Complete Python stack

See https://github.com/wodby/docker4python

Orchestration Actions

Usage:

make COMMAND [params ...]

commands:
    migrate
    check-ready [host max_try wait_seconds delay_seconds]
    files-import source
    files-link public_dir