0766b5f005
Please refer to alias, in bottom of commit. > dbn Execute the command: jupyter notebook > dbn bash jovyan@eedcc93a837d:~$ > dbn start.sh Execute the command: exit > dbnr Set username to: jovyan usermod: no changes Set jovyan GID to: 100 Execute the command: jupyter notebook Running as root is not recommended. Use --allow-root to bypass. exit > dbnr bash root@893cb78b8c9c:~# > dbnr start.sh Set username to: jovyan usermod: no changes Set jovyan GID to: 100 Execute the command: No arguments supplied HOSTNAME=d45c52e788b7 TERM=xterm SHELL=/bin/bash NB_USER=jovyan LC_ALL=en_US.UTF-8 PATH=/opt/conda/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin _=/usr/bin/env MINICONDA_VERSION=4.3.30 PWD=/home/jovyan LANG=en_US.UTF-8 HOME=/home/jovyan SHLVL=2 LANGUAGE=en_US.UTF-8 no_proxy=*.local, 169.254/16 DEBIAN_FRONTEND=noninteractive CONDA_DIR=/opt/conda NB_GID=100 NB_UID=1000 root@d45c52e788b7:~# > dbnrs Set username to: jovyan usermod: no changes Set jovyan GID to: 100 Granting jovyan sudo access Execute the command: jupyter notebook Copy/paste this URL into your browser when you connect for the first time, .... > dbnrs bash root@f293dce949db:~# > dbnrs start.sh Set username to: jovyan usermod: no changes Set jovyan GID to: 100 Granting jovyan sudo access Execute the command: No arguments supplied HOSTNAME=d0cd57ea32e2 SHELL=/bin/bash TERM=xterm LC_ALL=en_US.UTF-8 USER=jovyan SUDO_USER=root SUDO_UID=0 USERNAME=jovyan MAIL=/var/mail/jovyan PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin PWD=/home/jovyan LANG=en_US.UTF-8 SHLVL=1 SUDO_COMMAND=/bin/bash -c env; PATH=$PATH; bash HOME=/home/jovyan LANGUAGE=en_US.UTF-8 LOGNAME=jovyan SUDO_GID=0 _=/usr/bin/env jovyan@d0cd57ea32e2:~$ > dbns Container must be run as root to grant sudo permissions Execute the command: jupyter notebook Copy/paste this URL in.. > dbns bash jovyan@ce5c2491fa32:~$ > dbns start.sh Container must be run as root to grant sudo permissions Execute the command: exit ###### Build user setup docker build -t $USER/base-notebook -f Dockerfile . # Normal, dbn: docker-base-notebook alias dbn='docker run -ti --rm -p 8888:8888 -v "$PWD":/home/jovyan/work --name base-notebook $USER/base-notebook' # Root, dbnr: dbn with root alias dbnr='docker run -ti --rm -p 8888:8888 --user root -v "$PWD":/home/jovyan/work --name base-notebook $USER/base-notebook' # Jovyan SUDO, dbnr: dbn with SUDO for jovyan alias dbnrs='docker run -ti --rm -p 8888:8888 --user root -e GRANT_SUDO=yes -v "$PWD":/home/jovyan/work --name base-notebook $USER/base-notebook' # Root, fail to sudo for jovyan. alias dbns='docker run -ti --rm -p 8888:8888 -e GRANT_SUDO=yes -v "$PWD":/home/jovyan/work --name base-notebook $USER/base-notebook'
Base Jupyter Notebook Stack
Small base image for defining your own stack
What it Gives You
- Minimally-functional Jupyter Notebook 5.2.x (e.g., no pandoc for document conversion)
- Miniconda Python 3.x
- No preinstalled scientific computing packages
- Unprivileged user
jovyan(uid=1000, configurable, see options) in groupusers(gid=100) with ownership over/home/jovyanand/opt/conda - tini as the container entrypoint and start-notebook.sh as the default command
- A start-singleuser.sh script useful for running a single-user instance of the Notebook server, as required by JupyterHub
- A start.sh script useful for running alternative commands in the container (e.g.
ipython,jupyter kernelgateway,jupyter lab) - Options for a self-signed HTTPS certificate and passwordless
sudo
Basic Use
The following command starts a container with the Notebook server listening for HTTP connections on port 8888 with a randomly generated authentication token configured.
docker run -it --rm -p 8888:8888 jupyter/base-notebook
Take note of the authentication token included in the notebook startup log messages. Include it in the URL you visit to access the Notebook server or enter it in the Notebook login form.
Notebook Options
The Docker container executes a start-notebook.sh script script by default. The start-notebook.sh script handles the NB_UID, NB_GID and GRANT_SUDO features documented in the next section, and then executes the jupyter notebook.
You can pass Jupyter command line options through the start-notebook.sh script when launching the container. For example, to secure the Notebook server with a custom password hashed using IPython.lib.passwd() instead of the default token, run the following:
docker run -d -p 8888:8888 jupyter/base-notebook start-notebook.sh --NotebookApp.password='sha1:74ba40f8a388:c913541b7ee99d15d5ed31d4226bf7838f83a50e'
For example, to set the base URL of the notebook server, run the following:
docker run -d -p 8888:8888 jupyter/base-notebook start-notebook.sh --NotebookApp.base_url=/some/path
For example, to disable all authentication mechanisms (not a recommended practice):
docker run -d -p 8888:8888 jupyter/base-notebook start-notebook.sh --NotebookApp.token=''
You can sidestep the start-notebook.sh script and run your own commands in the container. See the Alternative Commands section later in this document for more information.
Docker Options
You may customize the execution of the Docker container and the command it is running with the following optional arguments.
-e GEN_CERT=yes- Generates a self-signed SSL certificate and configures Jupyter Notebook to use it to accept encrypted HTTPS connections.-e NB_UID=1000- Specify the uid of thejovyanuser. Useful to mount host volumes with specific file ownership. For this option to take effect, you must run the container with--user root. (Thestart-notebook.shscript willsu jovyanafter adjusting the user id.)-e NB_GID=100- Specify the gid of thejovyanuser. Useful to mount host volumes with specific file ownership. For this option to take effect, you must run the container with--user root. (Thestart-notebook.shscript willsu jovyanafter adjusting the group id.)-e GRANT_SUDO=yes- Gives thejovyanuser passwordlesssudocapability. Useful for installing OS packages. For this option to take effect, you must run the container with--user root. (Thestart-notebook.shscript willsu jovyanafter addingjovyanto sudoers.) You should only enablesudoif you trust the user or if the container is running on an isolated host.-v /some/host/folder/for/work:/home/jovyan/work- Mounts a host machine directory as folder in the container. Useful when you want to preserve notebooks and other work even after the container is destroyed. You must grant the within-container notebook user or group (NB_UIDorNB_GID) write access to the host directory (e.g.,sudo chown 1000 /some/host/folder/for/work).--group-add users- use this argument if you are also specifying a specific user id to launch the container (-u 5000), rather than launching the container as root and relying on NB_UID and NB_GID to set the user and group.
SSL Certificates
You may mount SSL key and certificate files into a container and configure Jupyter Notebook to use them to accept HTTPS connections. For example, to mount a host folder containing a notebook.key and notebook.crt:
docker run -d -p 8888:8888 \
-v /some/host/folder:/etc/ssl/notebook \
jupyter/base-notebook start-notebook.sh \
--NotebookApp.keyfile=/etc/ssl/notebook/notebook.key
--NotebookApp.certfile=/etc/ssl/notebook/notebook.crt
Alternatively, you may mount a single PEM file containing both the key and certificate. For example:
docker run -d -p 8888:8888 \
-v /some/host/folder/notebook.pem:/etc/ssl/notebook.pem \
jupyter/base-notebook start-notebook.sh \
--NotebookApp.certfile=/etc/ssl/notebook.pem
In either case, Jupyter Notebook expects the key and certificate to be a base64 encoded text file. The certificate file or PEM may contain one or more certificates (e.g., server, intermediate, and root).
For additional information about using SSL, see the following:
- The docker-stacks/examples for information about how to use Let's Encrypt certificates when you run these stacks on a publicly visible domain.
- The jupyter_notebook_config.py file for how this Docker image generates a self-signed certificate.
- The Jupyter Notebook documentation for best practices about running a public notebook server in general, most of which are encoded in this image.
Conda Environments
The default Python 3.x Conda environment resides in /opt/conda.
The commands jupyter, ipython, python, pip, and conda (among others) are available in both environments. For convenience, you can install packages into either environment regardless of what environment is currently active using commands like the following:
# install a package into the default (python 3.x) environment
pip install some-package
conda install some-package
Alternative Commands
start.sh
The start.sh script supports the same features as the default start-notebook.sh script (e.g., GRANT_SUDO), but allows you to specify an arbitrary command to execute. For example, to run the text-based ipython console in a container, do the following:
docker run -it --rm jupyter/base-notebook start.sh ipython
Or, to run JupyterLab instead of the classic notebook, run the following:
docker run -it --rm -p 8888:8888 jupyter/base-notebook start.sh jupyter lab
This script is particularly useful when you derive a new Dockerfile from this image and install additional Jupyter applications with subcommands like jupyter console, jupyter kernelgateway, etc.
Others
You can bypass the provided scripts and specify your an arbitrary start command. If you do, keep in mind that certain features documented above will not function (e.g., GRANT_SUDO).