Rename to base-notebook

(c) Copyright IBM Corp. 2016

base-notebook/.dockerignore

@@ -0,0 +1,2 @@
+# Documentation
+README.md

base-notebook/Dockerfile

@@ -0,0 +1,89 @@
+# Copyright (c) Jupyter Development Team.
+# Distributed under the terms of the Modified BSD License.
+
+# Debian Jessie image released 2016 May 03.
+FROM debian@sha256:32a225e412babcd54c0ea777846183c61003d125278882873fb2bc97f9057c51
+
+MAINTAINER Jupyter Project <jupyter@googlegroups.com>
+
+USER root
+
+# Install all OS dependencies for notebook server that starts but lacks all
+# features (e.g., download as all possible file formats)
+ENV DEBIAN_FRONTEND noninteractive
+RUN apt-get update && apt-get install -yq --no-install-recommends \
+    wget \
+    bzip2 \
+    ca-certificates \
+    sudo \
+    locales \
+    && apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+RUN echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && \
+    locale-gen
+
+# Install Tini
+RUN wget --quiet https://github.com/krallin/tini/releases/download/v0.9.0/tini && \
+    echo "faafbfb5b079303691a939a747d7f60591f2143164093727e870b289a44d9872 *tini" | sha256sum -c - && \
+    mv tini /usr/local/bin/tini && \
+    chmod +x /usr/local/bin/tini
+
+# Configure environment
+ENV CONDA_DIR /opt/conda
+ENV PATH $CONDA_DIR/bin:$PATH
+ENV SHELL /bin/bash
+ENV NB_USER jovyan
+ENV NB_UID 1000
+ENV LC_ALL en_US.UTF-8
+ENV LANG en_US.UTF-8
+ENV LANGUAGE en_US.UTF-8
+
+# Create jovyan user with UID=1000 and in the 'users' group
+RUN useradd -m -s /bin/bash -N -u $NB_UID $NB_USER && \
+    mkdir -p /opt/conda && \
+    chown jovyan /opt/conda
+
+USER jovyan
+
+# Setup jovyan home directory
+RUN mkdir /home/$NB_USER/work && \
+    mkdir /home/$NB_USER/.jupyter && \
+    mkdir /home/$NB_USER/.local && \
+    echo "cacert=/etc/ssl/certs/ca-certificates.crt" > /home/$NB_USER/.curlrc
+
+# Install conda as jovyan
+RUN cd /tmp && \
+    mkdir -p $CONDA_DIR && \
+    wget --quiet https://repo.continuum.io/miniconda/Miniconda3-3.19.0-Linux-x86_64.sh && \
+    echo "9ea57c0fdf481acf89d816184f969b04bc44dea27b258c4e86b1e3a25ff26aa0 *Miniconda3-3.19.0-Linux-x86_64.sh" | sha256sum -c - && \
+    /bin/bash Miniconda3-3.19.0-Linux-x86_64.sh -f -b -p $CONDA_DIR && \
+    rm Miniconda3-3.19.0-Linux-x86_64.sh && \
+    $CONDA_DIR/bin/conda install --quiet --yes conda==3.19.1 && \
+    $CONDA_DIR/bin/conda config --system --add channels conda-forge && \
+    conda clean -tipsy
+
+# Install Jupyter notebook as jovyan
+RUN conda install --quiet --yes \
+    'notebook=4.2*' \
+    && conda clean -tipsy
+
+# Install JupyterHub to get the jupyterhub-singleuser startup script
+RUN pip install 'jupyterhub==0.5'
+
+USER root
+
+# Configure container startup as root
+EXPOSE 8888
+WORKDIR /home/$NB_USER/work
+ENTRYPOINT ["tini", "--"]
+CMD ["start-notebook.sh"]
+
+# Add local files as late as possible to avoid cache busting
+COPY start-notebook.sh /usr/local/bin/
+COPY start-singleuser.sh /usr/local/bin/
+COPY jupyter_notebook_config.py /home/$NB_USER/.jupyter/
+RUN chown -R $NB_USER:users /home/$NB_USER/.jupyter
+
+# Switch back to jovyan to avoid accidental container runs as root
+USER jovyan

base-notebook/README.md

@@ -0,0 +1,63 @@
+![docker pulls](https://img.shields.io/docker/pulls/jupyter/base-notebook.svg) ![docker stars](https://img.shields.io/docker/stars/jupyter/base-notebook.svg)
+
+# Base Jupyter Notebook Stack
+
+Small base image for defining your own stack
+
+## What it Gives You
+
+* Minimally-functional Jupyter Notebook 4.2.x (e.g., no pandoc for document conversion)
+* Miniconda Python 3.x
+* No preinstalled scientific computing packages
+* Unprivileged user `jovyan` (uid=1000, configurable, see options) in group `users` (gid=100) with ownership over `/home/jovyan` and `/opt/conda`
+* [tini](https://github.com/krallin/tini) as the container entrypoint and [start-notebook.sh](./start-notebook.sh) as the default command
+* A [start-singleuser.sh](../minimal-notebook/start-singleuser.sh) script for use as an alternate command that runs a single-user instance of the Notebook server, as required by [JupyterHub](#JupyterHub)
+* Options for HTTPS, password auth, and passwordless `sudo`
+
+## Basic Use
+
+The following command starts a container with the Notebook server listening for HTTP connections on port 8888 without authentication configured.
+
+```
+docker run -d -p 8888:8888 jupyter/base-notebook
+```
+
+## Notebook Options
+
+You can pass [Jupyter command line options](http://jupyter.readthedocs.org/en/latest/config.html#command-line-arguments) through the [`start-notebook.sh` command](https://github.com/jupyter/docker-stacks/blob/master/minimal-notebook/start-notebook.sh#L15) when launching the container. For example, to set the base URL of the notebook server you might do the following:
+
+```
+docker run -d -p 8888:8888 jupyter/minimal-notebook start-notebook.sh --NotebookApp.base_url=/some/path
+```
+
+You can sidestep the `start-notebook.sh` script entirely by specifying a command other than `start-notebook.sh`. If you do, the `NB_UID` and `GRANT_SUDO` features documented below will not work. See the Docker Options section for details.
+
+## Docker Options
+
+You may customize the execution of the Docker container and the Notebook server it contains with the following optional arguments.
+
+* `-e PASSWORD="YOURPASS"` - Configures Jupyter Notebook to require the given password. Should be conbined with `USE_HTTPS` on untrusted networks.
+* `-e USE_HTTPS=yes` - Configures Jupyter Notebook to accept encrypted HTTPS connections. If a `pem` file containing a SSL certificate and key is not provided (see below), the container will generate a self-signed certificate for you.
+* `-e NB_UID=1000` - Specify the uid of the `jovyan` user. Useful to mount host volumes with specific file ownership. For this option to take effect, you must run the container with `--user root`. (The `start-notebook.sh` script will `su jovyan` after adjusting the user id.)
+* `-e GRANT_SUDO=yes` - Gives the `jovyan` user passwordless `sudo` capability. Useful for installing OS packages. For this option to take effect, you must run the container with `--user root`. (The `start-notebook.sh` script will `su jovyan` after adding `jovyan` to sudoers.) **You should only enable `sudo` if you trust the user or if the container is running on an isolated host.**
+* `-v /some/host/folder/for/work:/home/jovyan/work` - Host mounts the default working directory on the host to preserve work even when the container is destroyed and recreated (e.g., during an upgrade).
+* `-v /some/host/folder/for/server.pem:/home/jovyan/.local/share/jupyter/notebook.pem` - Mounts a SSL certificate plus key for `USE_HTTPS`. Useful if you have a real certificate for the domain under which you are running the Notebook server.
+
+## Conda Environment
+
+The default Python 3.x [Conda environment](http://conda.pydata.org/docs/using/envs.html) resides in `/opt/conda`. The commands `ipython`, `python`, `pip`, `easy_install`, and `conda` (among others) are available in this environment.
+
+
+## JupyterHub
+
+[JupyterHub](https://jupyterhub.readthedocs.org) requires a single-user instance of the Jupyter Notebook server per user.   To use this stack with JupyterHub and [DockerSpawner](https://github.com/jupyter/dockerspawner), you must specify the container image name and override the default container run command in your `jupyterhub_config.py`:
+
+```python
+# Spawn user containers from this image
+c.DockerSpawner.container_image = 'jupyter/minimal-notebook'
+
+# Have the Spawner override the Docker run command
+c.DockerSpawner.extra_create_kwargs.update({
+	'command': '/usr/local/bin/start-singleuser.sh'
+})
+```

base-notebook/jupyter_notebook_config.py

@@ -0,0 +1,39 @@
+# Copyright (c) Jupyter Development Team.
+from jupyter_core.paths import jupyter_data_dir
+import subprocess
+import os
+import errno
+import stat
+
+PEM_FILE = os.path.join(jupyter_data_dir(), 'notebook.pem')
+
+c = get_config()
+c.NotebookApp.ip = '*'
+c.NotebookApp.port = 8888
+c.NotebookApp.open_browser = False
+
+# Set a certificate if USE_HTTPS is set to any value
+if 'USE_HTTPS' in os.environ:
+    if not os.path.isfile(PEM_FILE):
+        # Ensure PEM_FILE directory exists
+        dir_name = os.path.dirname(PEM_FILE)
+        try:
+            os.makedirs(dir_name)
+        except OSError as exc: # Python >2.5
+            if exc.errno == errno.EEXIST and os.path.isdir(dir_name):
+                pass
+            else: raise
+        # Generate a certificate if one doesn't exist on disk
+        subprocess.check_call(['openssl', 'req', '-new', 
+            '-newkey', 'rsa:2048', '-days', '365', '-nodes', '-x509',
+            '-subj', '/C=XX/ST=XX/L=XX/O=generated/CN=generated',
+            '-keyout', PEM_FILE, '-out', PEM_FILE])
+        # Restrict access to PEM_FILE
+        os.chmod(PEM_FILE, stat.S_IRUSR | stat.S_IWUSR)
+    c.NotebookApp.certfile = PEM_FILE
+
+# Set a password if PASSWORD is set
+if 'PASSWORD' in os.environ:
+    from IPython.lib import passwd
+    c.NotebookApp.password = passwd(os.environ['PASSWORD'])
+    del os.environ['PASSWORD']

base-notebook/start-notebook.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+# Handle special flags if we're root
+if [ $UID == 0 ] ; then
+    # Change UID of NB_USER to NB_UID if it does not match
+    if [ "$NB_UID" != $(id -u $NB_USER) ] ; then
+        usermod -u $NB_UID $NB_USER
+        chown -R $NB_UID $CONDA_DIR
+    fi
+
+    # Enable sudo if requested
+    if [ ! -z "$GRANT_SUDO" ]; then
+        echo "$NB_USER ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/notebook
+    fi
+
+    # Start the notebook server
+    exec su $NB_USER -c "env PATH=$PATH jupyter notebook $*"
+else
+    # Otherwise just exec the notebook
+    exec jupyter notebook $*
+fi

base-notebook/start-singleuser.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+set -e
+
+notebook_arg=""
+if [ -n "${NOTEBOOK_DIR:+x}" ]
+then
+    notebook_arg="--notebook-dir=${NOTEBOOK_DIR}"
+fi
+
+exec jupyterhub-singleuser \
+  --port=8888 \
+  --ip=0.0.0.0 \
+  --user=$JPY_USER \
+  --cookie-name=$JPY_COOKIE_NAME \
+  --base-url=$JPY_BASE_URL \
+  --hub-prefix=$JPY_HUB_PREFIX \
+  --hub-api-url=$JPY_HUB_API_URL \
+  ${notebook_arg} \
+  $@