Docker image for Radicale, the CalDAV/CardDAV server.
This container is for Radicale version 2.x, as of 2017.07.
Special points:
- Security: run as a normal user (not root!) with the help of su-exec (ie. gosu in C)
- Safe volume permissions:
/config
and/data
can be mounted by your user or root and they will still be readable by theradicale
user inside the container - Small size: run on python:3-alpine
- Git and Bcrypt included for versioning and authentication and InfCloud if you need an UI
This image aims to be tagged along Radicale.
For example, given Radicale releases version 2.1.8
, we update the VERSION
in the Dockerfile, then push a Git tag 2.1.8.0
.
This will automatically produce a corresponding Docker image version on Docker HUB to be pulled, eg. docker pull tomsquest/docker-radicale:2.1.8.0
.
The last number (x.y.z.LASTNUMBER) is our image revision. We increment it when we change something in the image without updating the version of Radicale.
At all time, the master
branch is released as version latest
on Docker HUB. You can pull latest with: docker pull tomsquest/docker-radicale:latest
.
Minimal instruction:
docker run -d --name radicale \
-p 5232:5232 \
tomsquest/docker-radicale
Production-grade run:
docker run -d --name radicale \
-p 127.0.0.1:5232:5232 \
--read-only \
--init \
--pids-limit 50 \
--security-opt="no-new-privileges:true" \
--health-cmd="curl --fail http://localhost:5232 || exit 1" \
--health-interval=30s \
--health-retries=3 \
-v ~/radicale/data:/data \
-v ~/radicale/config:/config:ro \
tomsquest/docker-radicale
A Docker compose file is included. It can be extended.
Sharing files from the host and the container can be problematic:
the radicale
user in the container does not match the user running the container on the host.
To solve this, this image offers three options:
- Use a user/group with id
2999
on the host - Specify a custom user/group id on run
- Build the image with a custom user/group
The image creates a user and a group with Id 2999
.
You can create an user/group on your host matching this Id.
Example:
sudo addgroup --gid 2999 radicale
sudo adduser --gid 2999 --uid 2999 --shell /bin/false --disabled-password --no-create-home radicale
The user and group Ids used in the image can be overridden when the container is run.
This is done with the UID
and GID
env variables, eg. docker run -e UID=123 -e GID=456 tomsquest/docker-radicale
.
Beware, the --read-only
run flag cannot be used in this case. Using custom UID/GID at runtime modifies the filesystem and the modification is made impossible with the --read-only
flag.
You can build the image with custom user and group Ids and still use the --read-only
flag.
But, you will have to keep up-do-date with this image.
Usage: docker build --build-arg=UID=5000 --build-arg=GID=5001 .
To customize Radicale configuration, either:
- (recommended): use this repository preconfigured config file,
- Or, use a custom config file
- get the config file from Radicale repository
- Change
hosts
to be accessible from the Docker host (thus, sethosts = 0.0.0.0:5232
) - Mount the config in the container
-v /my_custom_config_directory:/config
Then puts these two files in a directory and use the config volume -v /my_custom_config_directory:/config
when running the container.
First install the test dependencies
pip install --user -r requirements-test.txt
To run the tests (your user will need to be a member of the docker
group)
pytest -v test.py
- Robert Beal: fixed/configurable userId, versioning...
- Loader23: config volume idea
- Waja: less layers is more, InfCloud integration (UI for Radicale)
- Thomas Queste: initial image