How to create a Dockerized PyPI server in 5min with simple authentication
With this post I will show you how to deploy a simple PyPI Server, using docker. Since I work with with Python, there is a need to reuse code amongst my python projects. Due to the confidentiality of some projects, I'm not able to publish all of them in the public registry.
Motivation π
If you have a small company, or you are a data scientist who write code and would like to reuse your stuff not necessarily through GIT repos, making use of good stuff like semantic versioning, you're on the right post! π
What do you need β
In order to create your own PyPI Server you will need to have installed some tools;
- Docker β I used the latest version available, but it would work on older versions as well;
- Docker Compose β It's a nice way to declare how your container should behave. You can append some minor tweaks, as environment variables, mount points, port exposure, all via file declaration. I'm using some of the latest docker-compose implementations, but we can downgrade it to a lower version. For reference take a look at this link https://docs.docker.com/compose/compose-file/;
- Apache Utils β It's a tool responsible for handling some apache related stuff. I'm looking for a tool called "htpasswd" that belongs to that package. I will explain later what it does.
TL;DR β Running! π
Assuming that you have the tools above installed, just walk through these 4 steps.
- Clone this repository: https://github.com/joepreludian/pypiserver.git
- Run the "setup.sh"
- Create an user/password credential (following the simple step of setup.sh and,
- You are ready to use it! Point your browser to http://localhost:8010 and you would be able to see the welcome screen of you brand new PyPI repo.
Installing dependencies βοΈ
Supposing that you donΒ΄t have all the stuff ready yet, I would recommend you that you walk through the steps below. They're pretty straightforward. I will assume that you are running a GNU/Linux environment with a Debian based system. (If you want that I cover other distros, please let me know!)
Installing Docker π³
It's documentation is pretty complete; I strongly recommend you to take a peek at: https://docs.docker.com/engine/install/debian/
Installing Docker-compose π’
I think that the installation process became simpler: https://docs.docker.com/compose/install/; In a nutshell what do you need to do is to put the binary somewhere else on your system. Usually they used to move to /usr/local/bin folder. Add Write permissions and you will be set.
(for more information, please take a look on the link above)
Installing htpasswd π
So, this is a very ancient app. It has been used on apache in order to provide a simple authentication service with some files called .htaccess. It create a text/based authentication database that you can make use of for some simple applications, or even to create like a minimal homepage with authentication. It should not be used on large systems and it isn't secure enough for being used as a primary source of password.
Since we are dealing with a small project, that's totally fine. The command bellow installs the apache2-utils via apt-get.
$ sudo apt install apache2-utils
And that's it. The documentation is pretty simple. I would recommend to take a look when you have a chance: https://httpd.apache.org/docs/2.4/programs/htpasswd.html
Extra: Publishing your Poetry based project πͺ
Recently I'm using poetry as a python package manager for my projects. It supports Pyenv and it's a neat, well design tool that also works as a build tool, according PEP 517 (https://www.python.org/dev/peps/pep-0517/) https://python-poetry.org/ (In the future I could write my impressions about it if you guys want)
It's a well designed tool and it looks promising to become a standard.
But in a nutshell, in order to enable your brand new PyPI server with Poetry you just need to do the following commands below;
Final considerations π¬
This git repo that I created aims to ease the way to run a PyPI server for small projects, POCs or small companies behind a VPN. There is a lot of security concerns that you need to address before publishing it in a production environment. So donΒ΄t use over internet if you aren't sure.
For further reading, take a look on the links below:
- https://github.com/pypiserver/pypiserver
- https://hub.docker.com/r/pypiserver/pypiserver
- https://github.com/joepreludian/pypiserver (take a look at the README file π)
Thank you! I hope you like it!
