Docker Spaces
Last updated
Last updated
Spaces accommodate custom for apps outside the scope of Streamlit and Gradio. Docker Spaces allow users to go beyond the limits of what was previously possible with the standard SDKs. From FastAPI and Go endpoints to Phoenix apps and ML Ops tools, Docker Spaces can help in many different setups.
Selecting Docker as the SDK when will initialize your Space by setting the sdk property to docker in your README.md file’s YAML block. Alternatively, given an existing Space repository, set sdk: docker inside the YAML block at the top of your Spaces README.md file. You can also change the default exposed port 7860 by setting app_port: 7860. Afterwards, you can create a usual Dockerfile.
Copied
Internally you could have as many open ports as you want. For instance, you can install Elasticsearch inside your Space and call it internally on its default port 9200.
If you want to expose apps served on multiple ports to the outside world, a workaround is to use a reverse proxy like Nginx to dispatch requests from the broader internet (on a single port) to different internal ports.
You can manage a Space's environment variables in the Space Settings. Read more [here](./spaces-overview.md#managing-the-environment).
Buildtime
Copied
Runtime
Variables are injected in the container’s environment at runtime.
Buildtime
For example, if SECRET_EXAMPLE is the name of the secret you created in the Settings tab, you can read it at build time by mounting it to a file, then reading it with $(cat /run/secrets/SECRET_EXAMPLE).
See an example below:
Copied
Copied
Runtime
The container runs with user ID 1000. To avoid permission issues you should create a user and set its WORKDIR before any COPY or download.
Copied
Always specify the `--chown=user` with `ADD` and `COPY` to ensure the new files are owned by your user.
If you still face permission issues, you might need to use chmod or chown in your Dockerfile to grant the right permissions. For example, if you want to use the directory /data, you can do:
Copied
You should always avoid superfluous chowns.
Updating metadata for a file creates a new copy stored in the new layer. Therefore, a recursive chown can result in a very large image due to the duplication of all affected files.
Rather than fixing permission by running chown:
Copied
you should always do:
Copied
(same goes for ADD command)
Finally, in some cases, you might want to use an external storage solution from your Space’s code like an external hosted DB, S3, etc.
Variables are passed as build-args when building your Docker Space. Read for a complete guide on how to use this in the Dockerfile.
In Docker Spaces, the secrets management is different for security reasons. Once you create a secret in the , you can expose the secret by adding the following line in your Dockerfile:
Same as for public Variables, at runtime, you can access the secrets as environment variables. For example, in Python you would use os.environ.get("SECRET_EXAMPLE"). Check out this of a Docker Space that uses secrets.
The data written on disk is lost whenever your Docker Space restarts, unless you opt-in for a upgrade.
You can also use our Datasets Hub for specific cases, where you can store state and data in a git LFS repository. You can find an example of persistence , which uses the for programmatically uploading files to a dataset repository.