Docker Image

[nilshoell]

Hey @oGGy990, would you be interested in having a minimal Docker image based on the snap version here? I was creating one with @kretzlaff, and we wondered if this is something for this repo, or rather a new one. All existing images use the old version, not the snap packages, which is why we wanted to create a new one. Let me know if I should create a PR, otherwise we will create a new repo.

[oGGy990]

Hi @nilshoell and @kretzlaff, I'm not really convinced, some "official" Docker image for this repository should be using snap. After all, snap is just something like Docker: a light container but getting auto-updates by the snap-daemon. But usually, you don't run the daemon within a docker container, so the benefit of auto-updating is not really given.

Additionally, the upstream docker images (see https://github.com/certbot/certbot/blob/master/tools/docker/plugin/Dockerfile) are also based on a pip-installation.

I wouldn't be opposed to a submission of a Dockerfile which closely matches the upstream ones, using the tooling provided in the core image (https://hub.docker.com/r/certbot/certbot/) and their dependency pinning - in contrast to the current images on Docker Hub, which usually just run setup.py after downloading the sources.

But feel free to enlighten me on the benefits of using snap within Docker. :smile:

[nilshoell]

snap is just something like Docker: a light container but getting auto-updates by the snap-daemon

I didn't really consider that, that's a good point.

The main reason I wanted to have something based on snap is simply that the official installation instructions heavily recommend it, and to me it sounds like pip is only half-supported:

Installing Certbot through pip is only supported on a best effort basis [...]

However, considering the official docker image is also using pip, that might be less of a concern. I will take a look at how the upstream images are build and how they integrate plugins, and come back to you with an update if I can reproduce that.

[oGGy990]

...it sounds like pip is only half-supported:

Installing Certbot through pip is only supported on a best effort basis [...]

Yes. Usually the core python packages are, at least on Linux systems, installed through your package manager. Additionally installing packages directly through pip may have unintended side effects. That's why many python programs use a venv, just like certbot-auto did in the past, or I was suggesting installations of the plugin without any dependency management at all as your certbot installation should already have required them. For a Docker/snap build, this is perfectly okay though, as you as the creator of the container have almost full control on what the container contains, no other package manager is following and the container only contains exactly the python packages certbot and its plugins need in their pinned versions.