I had to rebuild my container with some new code deployment and for some reason its now throwing a permission error trying to copy the nginx.conf file. I dont provide a custom one, nor do I try to run as a non-root user:

/entrypoint.sh: 45: /entrypoint.sh: cannot create /etc/nginx/nginx.conf: Permission denied

Any ideas as to why this might be happening?

Would love to see some more generic tags.

My thoughts are the addition of:
stable - the most stable version (so latest may not be stable, IE for bleeding edge versions of OS, python, uwsgi, etc.)
alpine-stable - the stable version of alpine
alpine-latest - the latest alpine version (which may also not be stable)

Thanks for the consideration and the images.

I'm trying to get a Django app working with uwsgi-nginx-docker as the base image. I can't get any response from the app, however, and uwsgi gives this warning:

!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!
no request plugin is loaded, you will not be able to manage requests.
you may need to install the package for your language of choice, or simply load it with --plugin.
!!!!!!!!!!! END OF WARNING !!!!!!!!!!

I can see from the Dockerfile that the image does a "RUN apk add --no-cache uwsgi-python", and that python3_plugin.so is in /usr/lib/uwsgi. Why isn't uwsgi picking it up? I'm curious why it's not in /usr/lib/uwsgi/plugins where I've normally seen it.

Thanks for any ideas on this one.

Since running containers under root is bad perhaps support for running as a different user is useful?

Upgrade from oldstable to stable.
By default, python-3.5 and python-2.7 Docker images use Jessie, which is oldstable.

Allows to have newer packages like supervisor (3.0 -> 3.3, fixing annoying bugs).

I cannot overwrite all properties that are set in uwsgi-nginx-docker/python2.7/uwsgi.ini within my own uwsgi.ini, because in the supervisord.conf the order of loading the init files is "wrong". What other implications would it have to change the order to this:
command=/usr/local/bin/uwsgi --ini /etc/uwsgi/uwsgi.ini --ini /app/uwsgi.ini
?

build with docker-compose up -d

Step 13/27 : COPY uwsgi.ini /etc/uwsgi/
ERROR: Service 'api-server' failed to build: COPY failed: stat /var/lib/docker/tmp/docker-builder834430273/uwsgi.ini: no such file or directory

What did I do wrong?

invalid cheaper value: must be lower than processes

The defaults are:
ENV UWSGI_CHEAPER 2
ENV NGINX_WORKER_PROCESSES 1

This cause the above error unless you set NGINX_WORKER_PROCESSES >= UWSGI_CHEAPER

Hi
How can I change run user to my custom user?

Hi there!
Thank you very much for your base docker image!

We are using your docker image for our microservice architecture (especially our python services) and have major issues connecting to a SSH port for our application.

Before you updated the image 12 days ago everything worked like a charm. But now we have some serious issues, because every SSH interaction is not working properly anymore.

Can you help us figuring out why your image isn't providing a service with SSH anymore?

Thank you very much in advance. And thanks a lot for your work!

Kind regards from Germany, Osnabrück.
Lennart Blom

Hello,

This line fails: COPY nginx.conf /etc/nginx/conf.d/
Because there is no nginx.conf in this base distro.

Hi,

I was wondering, now that Buster is the latest stable distribution, if there were any plans to create a Dockerfile for Debian Buster. Would it possibly be as simple as just changing the initial FROM line/base image?

Thanks

I am extending python3.5 version of this image and I am trying to make STATIC_URL point to the directory with statics that Django creates. I seem to not able to do so with python3.5 version. Is there support yet for this option? Should I just overwrite whole nginx configuration?

I am following VS Code guide about deploying the container:
https://code.visualstudio.com/docs/python/tutorial-deploy-containers

We have a number of flask API's running as docker containers and using this as a base. We are in the process of implementing DataDog's ddtrace and need to call python as "ddtrace python3". Is there a way to hijack the entrypoint to do this?

When i try to run my image (which i use this one as base) i get the following error:

docker: Error response from daemon: invalid header field value "oci runtime error: container_linux.go:247: starting container process caused "exec: \"/entrypoint.sh\": permission denied"\n".

I tried to add "RUN chmod +x /entrypoint.sh" since some people said this solved there problem in other projects, but that didn't work for me.

My docker file:
FROM tiangolo/uwsgi-nginx:python2.7
COPY configs/nginx.conf /etc/nginx/conf.d/

Copy sample app

COPY ./ /app

#install requirements
RUN pip install -r requirements.txt

ENV PRODUCTION_ENV 1

EXPOSE 5050

I want to add my custom nginx.conf. Is it possible with this image?

On tiangolo/uwsgi-nginx:python3.5, when I am trying to start the container from this images, it tells me

nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)

I see the following in Dockerfile:

# Copy the base uWSGI ini file to enable default dynamic uwsgi process number
COPY uwsgi.ini /etc/uwsgi/
...
# By default, run 2 processes
ENV UWSGI_CHEAPER 2
# By default, when on demand, run up to 16 processes
ENV UWSGI_PROCESSES 16

...but so far can't find these ENV vars being referenced anywhere. Perhaps its just a misunderstanding on my part. I don't see them being used in the uwsgi script line in the supervisord conf either. Perhaps UWSGI itself magically looks for these variables, but I didn't see that document in the UWSGI docs either.

Hi, please forgive my ignorance, I'm lookin at this RUN line:
https://github.com/tiangolo/uwsgi-nginx-docker/blob/master/python2.7/Dockerfile#L13

My question is, are gettext-base and ca-certificates necessary? I like to keep my Docker images as minimal as possible and only add packages if they'll be used.

Thank you for your work. Reading through this project is helping me a lot.

Add Alpine base image for Python 3.6

Some users are fans of Alpine Linux, so it would be nice to have an additional base image based on Alpine.

It will be good to have smth like prestart.sh in uwsgi-nginx-flask-docker

There were some CVEs announced recently for Nginx which relate to Denial-of-Service vulnerabilities in HTTP/2 processing on older versions. All of the builds should be modified to use at least 1.16.1.

Here are the vulnerability details:

• A denial of service vulnerability exists in the HTTP/2 protocol stack due to improper handling of exceptional conditions. An unauthenticated, remote attacker can exploit this, by manipulating the window size and stream priority of a large data request, to cause a denial of service condition. (CVE-2019-9511)

• A denial of service vulnerability exists in the HTTP/2 protocol stack due to improper handling of exceptional conditions. An unauthenticated, remote attacker can exploit this, by creating multiple request streams and continually shuffling the priority of the streams, to cause a denial of service condition. (CVE-2019-9513)

• A denial of service vulnerability exists in the HTTP/2 protocol stack due to improper handling of exceptional conditions. An unauthenticated, remote attacker can exploit this, by sending a stream of headers with a zero length header name and zero length header value, to cause a denial of service condition. (CVE-2019-9516)

https://www.tenable.com/plugins/nessus/127907

Do you plan to use slim base image? Currently, python3.6 image takes 960 Mb, but if build it from python:3.6-slim-stretch base image, image results in only 431 Mb - more than twice smaller. Further compacting is possible if remove build-essentials after uwsgi install - it can cut some hundred Mb more

Hi! I tried to build this (python3.6-alpine3.7) dockerfile, because now I have poor Internet connection and can't pull it, and got an error while running gpg:

Fetching GPG key B0F4253373F8F6F510D42178520A9993A1C052F8 from ha.pool.sks-keyservers.net
gpg: keybox '/tmp/tmp.EoBIOd/pubring.kbx' created
gpg: keyserver receive failed: Address not available
Fetching GPG key B0F4253373F8F6F510D42178520A9993A1C052F8 from hkp://keyserver.ubuntu.com:80
gpg: key 520A9993A1C052F8: 6 signatures not checked due to missing keys
gpg: /tmp/tmp.EoBIOd/trustdb.gpg: trustdb created
gpg: key 520A9993A1C052F8: public key "Maxim Dounin <[email protected]>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1
gpg: Signature made Tue Dec 26 16:02:14 2017 UTC
gpg:                using RSA key 520A9993A1C052F8
gpg: Good signature from "Maxim Dounin <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: B0F4 2533 73F8 F6F5 10D4  2178 520A 9993 A1C0 52F8
rm: can't remove '/tmp/tmp.EoBIOd/S.gpg-agent.extra': No such file or directory
rm: can't remove '/tmp/tmp.EoBIOd/S.gpg-agent.ssh': No such file or directory

Maybe someone knows how to fix this?
Thanks

Thanks a TON for this wonderful project! Just a minor issue in the docker hub page https://hub.docker.com/r/tiangolo/uwsgi-nginx/, the link for "You can see the third-party benchmarks here" leads to VB and F# frameworks.

You probably mean this: https://www.techempower.com/benchmarks/#section=test&runid=a979de55-980d-4721-a46f-77298b3f3923&hw=ph&test=fortune&l=z8kflr-v&a=2

Or even better, this:
https://www.techempower.com/benchmarks/#section=test&runid=a979de55-980d-4721-a46f-77298b3f3923&hw=ph&test=query&l=z8kflr-v&a=2

Hi, would it be possible to enable SSL support for uwsgi? Without SSL support, trying to establish websocket connections will lead to the worker crashing down.

I guess the modification should be something like

# Install uWSGI
RUN pip install uwsgi`

to

# uwsgi-ssl version (not tested)
RUN apt-get install libssl-dev
RUN UWSGI_PROFILE_OVERRIDE=ssl=true pip install uwsgi -I --no-cache-dir`

Also related: https://stackoverflow.com/questions/24183053/how-to-build-uwsgi-with-ssl-support-to-use-the-websocket-handshake-api-function

Add Alpine base image for Python 3.5

Some users are fans of Alpine Linux, so it would be nice to have an additional base image based on Alpine.

这个跟nginx配置有关系吗。怎么保证他的稳定性,我怎么查看docker中nginx的日志

I'm currently looking into running your flask image (https://github.com/tiangolo/uwsgi-nginx-flask-docker) which is extended from this one. However, I would like to run an instance of celery (http://www.celeryproject.org/) within the same container (since it needs access to many of the same modules I define in my flask app).

I can do this by extending from your image and writing a new supervisor config based on the one in this repository, and adding my configuration for celery, but it would be really nice if the current version preemptively included additional supervisor configuration, e.g.:

[include]
files = /etc/supervisor/conf.d/*.conf

(taken from an idea here: https://blog.trifork.com/2014/03/11/using-supervisor-with-docker-to-manage-processes-supporting-image-inheritance/). That way, your image could be extended, and any additional supervisor programs could be configured separately yet still run in the same container, without the need to duplicate and overwrite the existing config file.

this image works great.... nice-to-have would be multi arch manifest to support arm. I've tested manually and ARM64 builds clean.

If I set:
ENV NGINX_WORKER_PROCESSES auto

The output from the logs only shows two workers, even though I have 8 CPU cores available:

detected number of CPU cores: 8
current working directory: /app
detected binary path: /usr/local/bin/uwsgi
your memory page size is 4096 bytes
detected max file descriptor number: 1048576
lock engine: pthread robust mutexes
thunder lock: disabled (you can enable it with --thunder-lock)
uwsgi socket 0 bound to UNIX address /tmp/uwsgi.sock fd 3
uWSGI running as root, you can use --uid/--gid/--chroot options
*** WARNING: you are running uWSGI as root !!! (use the --uid flag) *** 
Python version: 3.7.4 (default, Sep 12 2019, 16:02:06)  [GCC 6.3.0 20170516]
*** Python threads support is disabled. You can enable it with --enable-threads ***
Python main interpreter initialized at 0x55ffff39bf90
uWSGI running as root, you can use --uid/--gid/--chroot options
*** WARNING: you are running uWSGI as root !!! (use the --uid flag) *** 
your server socket listen backlog is limited to 100 connections
your mercy for graceful operations on workers is 60 seconds
mapped 1239640 bytes (1210 KB) for 16 cores
*** Operational MODE: preforking ***
WSGI app 0 (mountpoint='') ready in 0 seconds on interpreter 0x55ffff39bf90 pid: 10 (default app)
uWSGI running as root, you can use --uid/--gid/--chroot options
*** WARNING: you are running uWSGI as root !!! (use the --uid flag) *** 
*** uWSGI is running in multiple interpreter mode ***
spawned uWSGI master process (pid: 10)
spawned uWSGI worker 1 (pid: 33, cores: 1)
spawned uWSGI worker 2 (pid: 34, cores: 1)

Is this expected?

Would love to see a python 3.8 version of this project :)

These are super nice images, they pair awesomely with traefik 👍

When i am trying to run multiple container instance with this same image i am getting the following error.

Bind for 0.0.0.0:443 failed: port is already allocated

Is there any solution for this ?
how can we using something like nginx-proxy with this image ?

Hi, thanks for this image!
I could not see nginx logs. In my case they are redirected to stdout and stderr by default, so they should be visible in docker logs, but they are not. It seems to be an issue with supervisor: http://veithen.github.io/2015/01/08/supervisord-redirecting-stdout.html.
Adding the following to supervisord.conf works in my case:

[program:nginx]
(...)
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0

Add Alpine base image for Python 2.7.

Some users are fans of Alpine Linux, so it would be nice to have an additional base image based on Alpine.

Hey guys,

I'm trying to leverage on this container to build my app with Django and MS SQL.

The prerequisite is of course to have the ODBC driver installed. So I did the below step in my Dockerfile:

RUN apt-get update && apt-get install -y ca-certificates \
    && curl -k https://packages.microsoft.com/keys/microsoft.asc | apt-key add - \
    && curl -k https://packages.microsoft.com/config/debian/10/prod.list > /etc/apt/sources.list.d/mssql-release.list \
    && apt-get update \
    && ACCEPT_EULA=Y apt-get -y install msodbcsql17 \
    && ACCEPT_EULA=Y apt-get -y install mssql-tools \
    && echo 'export PATH="$PATH:/opt/mssql-tools/bin"' >> ~/.bash_profile \
    && echo 'export PATH="$PATH:/opt/mssql-tools/bin"' >> ~/.bashrc \
    && /bin/bash -c "source ~/.bashrc" \
    && apt-get install -y unixodbc-dev \
    && apt-get install -y libgssapi-krb5-2

This built the image perfectly. When I run it with Docker on my laptop, the app works fine. However, after deploying the image to Azure web app service, the below error happens.

('IM004', "[IM004] [unixODBC][Driver Manager]Driver's SQLAllocHandle on SQL_HANDLE_HENV failed (0) (SQLDriverConnect)")

Really appreciate any help from you guys.

The nginx.conf doesn't contain a 'listen' line, so the sed -i in entrypoint.sh doesn't work.

Hi!

I have been using your base image tiangolo/uwsgi-nginx:python3.6 for a long time with great results but recently I encountered the error described in the following link:
https://www.bountysource.com/issues/46820777-openssl-1-1-uwsgi-psycopg2-no-ciphers-error

Seems the ubuntu base image used is inheriting the same issue, I have no solution for the bug except changing to your Alpine base image where the problem doesn't occur. Just letting you know in case you know of a workaround or feel like downgrading the version of the affected packages until the issue is solved.

Would be great to have a Python 3.7 version of this Docker.
Thanks for the nice project :)

The root of this project doesn't have an nginx.conf file.

So the Dockerfile command: COPY nginx.conf /etc/nginx/conf.d/ fails.
COPY failed: stat /var/lib/docker/tmp/docker-builder489751094/nginx.conf: no such file or directory

I was trying to build the docker image of uwsgi-nginx-docker on top of the base image containing Ubuntu-16.04 & Python3.5.2.
I was getting an error E: Unable to locate package gnupg1
But when I run the corresponding command in my local system, gnupg1 gets installed.

What should I do to?

I read this issue: tiangolo/uwsgi-nginx-flask-docker#3
It seems that setting need-app = true is not enough to kill the container, as supervisor keeps on restarting the app.
Please consider adding autoresetart=false in supervisord.conf section for uwsgi, or to make these easily configurable in other some way.
To have supervisor actually kill the container you'd have to set up some more configuration, see:
https://serverfault.com/questions/760726/how-to-exit-all-supervisor-processes-if-one-exited-with-0-result

I'm using a custom uwsgi.ini file. And when I run it on this flask version of the image I'm getting:

invalid cheaper value: must be lower than processes
...
root@46f39eb48cf2:/opt/app# printenv | grep UWSGI
UWSGI_CHEAPER=2
UWSGI_PROCESSES=10

In the default /etc/nginx/nginx.conf worker_processes is set to 1. However, I'd like to change this value.

I would suggest one of these approaches:

1. set the value to auto (so it is set to the number of CPU cores)
2. create an ENV variable NGINX_WORKER_PROCESSES (which can be set in Dockerfiles) and which is written into the config.

Having problems with ssl certificates on python3.7 image. Can be reproduced with:

~ docker run -it --rm tiangolo/uwsgi-nginx:python3.7 curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

worked fine with tiangolo/uwsgi-nginx:python3.7-2020-05-07

Hi!

I just noticed that when I override NGINX_WORKER_CONNECTIONS this line creates duplicate entries in the nginx config if the container is restarted.

Duplicate lines however prevent nginx from coming up after the container restart.

When I start tiangolo/uwsgi-nginx-flask:python3.7 I get the following warning:

Checking for script in /app/prestart.sh
Running script /app/prestart.sh
Running inside /app/prestart.sh, you could add migrations to this file, e.g.:

#! /usr/bin/env bash

# Let the DB start
sleep 10;
# Run migrations
alembic upgrade head

/app/pkg_resources/py2_warn.py:22: UserWarning: Setuptools will stop working on Python 2
************************************************************
You are running Setuptools on Python 2, which is no longer
supported and
>>> SETUPTOOLS WILL STOP WORKING <<<
in a subsequent release (no sooner than 2020-04-20).
Please ensure you are installing
Setuptools using pip 9.x or later or pin to `setuptools<45`
in your environment.
If you have done those things and are still encountering
this message, please comment in
https://github.com/pypa/setuptools/issues/1458
about the steps that led to this unsupported combination.
************************************************************
  sys.version_info < (3,) and warnings.warn(pre + "*" * 60 + msg + "*" * 60)

I believe this has to do with supervisor but it looks like supervisord version 4.1.0 is being used which is compatible with Python 3.4 and up. Anyone familiar with this issue and knows how to solve it?

Since commit 062ee99 (12 hours ago) our docker builds have been failing and i narrowed it down to this commit. I reverted the commit, published a new image: https://hub.docker.com/r/trycom/uwsgi-nginx-docker/tags/ and used that instead and everything worked as normal.

To reproduce, simply create a Dockerfile

FROM tiangolo/uwsgi-nginx:python3.6
RUN pip install requests=2.11.1
RUN pip install googlemaps

and you'll get the error when attempting to pip install googlemaps. Yesterday this used to work, so having published a reverted image you can do the following to see expected results:

FROM trycom/uwsgi-nginx-docker:39f6fdb
RUN pip install requests=2.11.1
RUN pip install googlemaps

Also, as a separate comment, you should tag your docker images with the commit so we dont have to publish our own reverted versions

I can't get this container running, unfortunately ..
I'm trying to use tiangolo/uwsgi-nginx:python3.7, but always when starting the container I receive the following:

/usr/local/bin/uwsgi: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.27' not found (required by /usr/local/bin/uwsgi)
/usr/local/bin/uwsgi: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.28' not found (required by /usr/local/bin/uwsgi)
2019-11-27 13:31:41,983 INFO exited: uwsgi (exit status 1; not expected)
2019-11-27 13:31:42,987 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2019-11-27 13:31:42,990 INFO spawned: 'uwsgi' with pid 11
/usr/local/bin/uwsgi: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.27' not found (required by /usr/local/bin/uwsgi)
/usr/local/bin/uwsgi: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.28' not found (required by /usr/local/bin/uwsgi)
2019-11-27 13:31:42,998 INFO exited: uwsgi (exit status 1; not expected)
2019-11-27 13:31:45,009 INFO spawned: 'uwsgi' with pid 12
/usr/local/bin/uwsgi: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.27' not found (required by /usr/local/bin/uwsgi)
/usr/local/bin/uwsgi: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.28' not found (required by /usr/local/bin/uwsgi)
2019-11-27 13:31:45,018 INFO exited: uwsgi (exit status 1; not expected)
2019-11-27 13:31:48,030 INFO spawned: 'uwsgi' with pid 13
/usr/local/bin/uwsgi: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.27' not found (required by /usr/local/bin/uwsgi)
/usr/local/bin/uwsgi: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.28' not found (required by /usr/local/bin/uwsgi)
2019-11-27 13:31:48,039 INFO exited: uwsgi (exit status 1; not expected)

seems like a version miss-match?