pypi server logo

pypi badge ci workflow Generic badge Generic badge

pypiserver is a minimal PyPI compatible server for pip or easy_install. It is based on bottle and serves packages from regular directories. Wheels, bdists, eggs and accompanying PGP-signatures can be uploaded either with pip, setuptools, twine, pypi-uploader, or simply copied with scp.

pypiserver implements the same interfaces as PyPI, allowing standard Python packaging tooling such as pip and twine to interact with it as a package index just as they would with PyPI, while making it much easier to get a running index server.

Table of Contents

• pypiserver - minimal PyPI server for use with pip/easy_install
• pypiserver
  • Quickstart Installation and Usage
    • More details about pypi server run
    • More details about pypi-server update
  • Client-Side Configurations
    • Configuring pip
    • Configuring easy_install
    • Uploading Packages Remotely
      • Apache Like Authentication (htpasswd)
      • Upload with setuptools
      • Upload with twine
  • Using the Docker Image
  • Alternative Installation Methods
    • Installing the Very Latest Version
  • Recipes
    • Managing the Package Directory
    • Serving Thousands of Packages
    • Managing Automated Startup
      • Running As a systemd Service
      • Launching through supervisor
      • Running As a service with NSSM
    • Using a Different WSGI Server
      • Apache
      • gunicorn
      • paste
    • Behind a Reverse Proxy
      • Nginx
      • Supporting HTTPS
      • Traefik
    • Utilizing the API
      • Using Ad-Hoc Authentication Providers
    • Use with MicroPython
    • Custom Health Check Endpoint
      • Configure a custom health endpoint by CLI arguments
      • Configure a custom health endpoint by script
  • Sources
  • Known Limitations
  • Similar Projects
    • Unmaintained or archived
  • Related Software
• Licensing

pypiserver works with Python 3.6+ and PyPy3.

Older Python versions may still work, but they are not tested.

For legacy Python versions, use pypiserver-1.x series. Note that these are not officially supported, and will not receive bugfixes or new features.

If you're using Windows, you'll have to use their "Windows counterparts". The same is true for the rest of this documentation.

1. Install pypiserver with this command

   pip install pypiserver # Or: pypiserver[passlib,cache]
   mkdir ~/packages # Copy packages into this directory.

   [!TIP] See also Alternative Installation methods

2. Copy some packages into your ~/packages folder and then get your pypiserver up and running

   pypi-server run -p 8080 ~/packages & # Will listen to all IPs.

3. From the client computer, type this

   # Download and install hosted packages.
   pip install --extra-index-url http://localhost:8080/simple/ ...
   # or
   pip install --extra-index-url http://localhost:8080 ...
   # Search hosted packages.
   pip search --index http://localhost:8080 ...
   # Note that pip search does not currently work with the /simple/ endpoint.

   [!TIP] See also Client-side configurations for avoiding tedious typing.

4. Enter pypi-server -h in the cmd-line to print a detailed usage message

   usage: pypi-server [-h] [-v] [--log-file FILE] [--log-stream STREAM]
    [--log-frmt FORMAT] [--hash-algo HASH_ALGO]
    [--backend {auto,simple-dir,cached-dir}] [--version]
    {run,update} ...
   start PyPI compatible package server serving packages from PACKAGES_DIRECTORY. If PACKAGES_DIRECTORY is not given on the command line, it uses the default ~/packages. pypiserver scans this directory recursively for packages. It skips packages and directories starting with a dot. Multiple package directories may be specified.
   positional arguments:
    {run,update}
    run Run pypiserver, serving packages from
    PACKAGES_DIRECTORY
    update Handle updates of packages managed by pypiserver. By
    default, a pip command to update the packages is
    printed to stdout for introspection or pipelining. See
    the `-x` option for updating packages directly.
   optional arguments:
    -h, --help show this help message and exit
    -v, --verbose Enable verbose logging; repeat for more verbosity.
    --log-file FILE Write logging info into this FILE, as well as to
    stdout or stderr, if configured.
    --log-stream STREAM Log messages to the specified STREAM. Valid values are
    stdout, stderr, and none
    --log-frmt FORMAT The logging format-string. (see `logging.LogRecord`
    class from standard python library)
    --hash-algo HASH_ALGO
    Any `hashlib` available algorithm to use for
    generating fragments on package links. Can be disabled
    with one of (0, no, off, false).
    --backend {auto,simple-dir,cached-dir}
    A backend implementation. Keep the default 'auto' to
    automatically determine whether to activate caching or
    not
    --version show program's version number and exit
   Visit https://github.com/pypiserver/pypiserver for more information
   

Enter pypi-server run -h in the cmd-line to print a detailed usage

usage: pypi-server run [-h] [-v] [--log-file FILE] [--log-stream STREAM]
 [--log-frmt FORMAT] [--hash-algo HASH_ALGO]
 [--backend {auto,simple-dir,cached-dir}] [--version]
 [-p PORT] [-i HOST] [-a AUTHENTICATE]
 [-P PASSWORD_FILE] [--disable-fallback]
 [--fallback-url FALLBACK_URL]
 [--health-endpoint HEALTH_ENDPOINT] [--server METHOD]
 [-o] [--welcome HTML_FILE] [--cache-control AGE]
 [--log-req-frmt FORMAT] [--log-res-frmt FORMAT]
 [--log-err-frmt FORMAT]
 [package_directory [package_directory ...]]
positional arguments:
 package_directory The directory from which to serve packages.
optional arguments:
 -h, --help show this help message and exit
 -v, --verbose Enable verbose logging; repeat for more verbosity.
 --log-file FILE Write logging info into this FILE, as well as to
 stdout or stderr, if configured.
 --log-stream STREAM Log messages to the specified STREAM. Valid values are
 stdout, stderr, and none
 --log-frmt FORMAT The logging format-string. (see `logging.LogRecord`
 class from standard python library)
 --hash-algo HASH_ALGO
 Any `hashlib` available algorithm to use for
 generating fragments on package links. Can be disabled
 with one of (0, no, off, false).
 --backend {auto,simple-dir,cached-dir}
 A backend implementation. Keep the default 'auto' to
 automatically determine whether to activate caching or
 not
 --version show program's version number and exit
 -p PORT, --port PORT Listen on port PORT (default: 8080)
 -i HOST, -H HOST, --interface HOST, --host HOST
 Listen on interface INTERFACE (default: 0.0.0.0)
 -a AUTHENTICATE, --authenticate AUTHENTICATE
 Comma-separated list of (case-insensitive) actions to
 authenticate (options: download, list, update;
 default: update).
 
 Any actions not specified are not authenticated, so
 to authenticate downloads and updates, but allow
 unauthenticated viewing of the package list, you would
 use:
 
 pypi-server -a 'download, update' -P
 ./my_passwords.htaccess
 
 To disable authentication, use:
 
 pypi-server -a . -P .
 
 See the `-P` option for configuring users and
 passwords.
 
 Note that when uploads are not protected, the
 `register` command is not necessary, but `~/.pypirc`
 still needs username and password fields, even if
 bogus.
 -P PASSWORD_FILE, --passwords PASSWORD_FILE
 Use an apache htpasswd file PASSWORD_FILE to set
 usernames and passwords for authentication.
 
 To allow unauthorized access, use:
 
 pypi-server -a . -P .
 
 --disable-fallback Disable the default redirect to PyPI for packages not
 found in the local index.
 --fallback-url FALLBACK_URL
 Redirect to FALLBACK_URL for packages not found in the
 local index.
 --health-endpoint HEALTH_ENDPOINT
 Configure a custom liveness endpoint. It always
 returns 200 Ok if the service is up. Otherwise, it
 means that the service is not responsive.
 --server METHOD Use METHOD to run the server. Valid values include
 paste, cherrypy, twisted, gunicorn, gevent, wsgiref,
 and auto. The default is to use "auto", which chooses
 one of paste, cherrypy, twisted, or wsgiref.
 -o, --overwrite Allow overwriting existing package files during
 upload.
 --welcome HTML_FILE Use the contents of HTML_FILE as a custom welcome
 message on the home page.
 --cache-control AGE Add "Cache-Control: max-age=AGE" header to package
 downloads. Pip 6+ requires this for caching.AGE is
 specified in seconds.
 --log-req-frmt FORMAT
 A format-string selecting Http-Request properties to
 log; set to '%s' to see them all.
 --log-res-frmt FORMAT
 A format-string selecting Http-Response properties to
 log; set to '%s' to see them all.
 --log-err-frmt FORMAT
 A format-string selecting Http-Error properties to
 log; set to '%s' to see them all.

More details about pypi-server update

usage: pypi-server update [-h] [-v] [--log-file FILE] [--log-stream STREAM]
 [--log-frmt FORMAT] [--hash-algo HASH_ALGO]
 [--backend {auto,simple-dir,cached-dir}] [--version]
 [-x] [-d DOWNLOAD_DIRECTORY] [-u]
 [--blacklist-file IGNORELIST_FILE]
 [package_directory [package_directory ...]]
positional arguments:
 package_directory The directory from which to serve packages.
optional arguments:
 -h, --help show this help message and exit
 -v, --verbose Enable verbose logging; repeat for more verbosity.
 --log-file FILE Write logging info into this FILE, as well as to
 stdout or stderr, if configured.
 --log-stream STREAM Log messages to the specified STREAM. Valid values are
 stdout, stderr, and none
 --log-frmt FORMAT The logging format-string. (see `logging.LogRecord`
 class from standard python library)
 --hash-algo HASH_ALGO
 Any `hashlib` available algorithm to use for
 generating fragments on package links. Can be disabled
 with one of (0, no, off, false).
 --backend {auto,simple-dir,cached-dir}
 A backend implementation. Keep the default 'auto' to
 automatically determine whether to activate caching or
 not
 --version show program's version number and exit
 -x, --execute Execute the pip commands rather than printing to
 stdout
 -d DOWNLOAD_DIRECTORY, --download-directory DOWNLOAD_DIRECTORY
 Specify a directory where packages updates will be
 downloaded. The default behavior is to use the
 directory which contains the package being updated.
 -u, --allow-unstable Allow updating to unstable versions (alpha, beta, rc,
 dev, etc.)
 --blacklist-file IGNORELIST_FILE, --ignorelist-file IGNORELIST_FILE
 Don't update packages listed in this file (one package
 name per line, without versions, '#' comments
 honored). This can be useful if you upload private
 packages into pypiserver, but also keep a mirror of
 public packages that you regularly update. Attempting
 to pull an update of a private package from `pypi.org`
 might pose a security risk - e.g. a malicious user
 might publish a higher version of the private package,
 containing arbitrary code.

Always specifying the pypi url on the command line is a bit cumbersome. Since pypiserver redirects pip/easy_install to the pypi.org index if it doesn't have a requested package, it is a good idea to configure them to always use your local pypi index.

For pip command this can be done by setting the environment variable PIP_EXTRA_INDEX_URL in your .bashr/.profile/.zshrc

export PIP_EXTRA_INDEX_URL=http://localhost:8080/simple/

or by adding the following lines to ~/.pip/pip.conf

[global]
extra-index-url = http://localhost:8080/simple/

For easy_install command you may set the following configuration in ~/.pydistutils.cfg

[easy_install]
index_url = http://localhost:8080/simple/

Instead of copying packages directly to the server's folder (i.e. with scp), you may use python tools for the task, e.g. python setup.py upload. In that case, pypiserver is responsible for authenticating the upload-requests.

It is possible to disable authentication for uploads (e.g. in intranets). To avoid lazy security decisions, read help for -P and -a options.

1. First make sure you have the passlib module installed (note that passlib>=1.6 is required), which is needed for parsing the Apache htpasswd file specified by the -P, --passwords option (see next steps)

    pip install passlib

2. Create the Apache htpasswd file with at least one user/password pair with this command (you'll be prompted for a password)

    htpasswd -sc htpasswd.txt <some_username>

 import pam
 pypiserver.default_config(auther=pam.authenticate)

Please see Using Ad-hoc authentication providers for more information.

1. You need to restart the server with the -P option only once (but user/password pairs can later be added or updated on the fly)

    ./pypi-server run -p 8080 -P htpasswd.txt ~/packages &

1. On client-side, edit or create a ~/.pypirc file with a similar content:

    [distutils]
    index-servers =
    pypi
    local
    [pypi]
    username:<your_pypi_username>
    password:<your_pypi_passwd>
    [local]
    repository: http://localhost:8080
    username: <some_username>
    password: <some_passwd>

2. Then from within the directory of the python-project you wish to upload, issue this command:

    python setup.py sdist upload -r local

To avoid storing you passwords on disk, in clear text, you may either:

• use the register setuptools's command with the -r option, like that

   python setup.py sdist register -r local upload -r local

• use twine library, which breaks the procedure in two steps. In addition, it supports signing your files with PGP-Signatures and uploading the generated .asc files to pypiserver::

   twine upload -r local --sign -identity user_name ./foo-1.zip

Starting with version 1.2.5, official Docker images will be built for each push to main, each dev, alpha, or beta release, and each final release. The most recent full release will always be available under the tag latest, and the current main branch will always be available under the tag unstable.

You can always check to see what tags are currently available at our Docker Repo.

To run the most recent release of pypiserver with Docker, simply

 docker run pypiserver/pypiserver:latest run

This starts pypiserver serving packages from the /data/packages directory inside the container, listening on the container port 8080.

The container takes all the same arguments as the normal pypi-server executable, with the exception of the internal container port (-p), which will always be 8080.

Of course, just running a container isn't that interesting. To map port 80 on the host to port 8080 on the container::

 docker run -p 80:8080 pypiserver/pypiserver:latest run

You can now access your pypiserver at localhost:80 in a web browser.

To serve packages from a directory on the host, e.g. ~/packages

 docker run -p 80:8080 -v ~/packages:/data/packages pypiserver/pypiserver:latest run

To authenticate against a local .htpasswd file::

 docker run -p 80:8080 -v ~/.htpasswd:/data/.htpasswd pypiserver/pypiserver:latest run -P .htpasswd packages

You can also specify pypiserver to run as a Docker service using a composefile. An example composefile is provided as docker-compose.yaml

When trying the methods below, first use the following command to check whether previous versions of pypiserver already exist, and (optionally) uninstall them::

# VERSION-CHECK: Fails if not installed.
pypi-server --version
# UNINSTALL: Invoke again until it fails.
pip uninstall pypiserver

In case the latest version in pypi is a pre-release, you have to use pip's --pre option. And to update an existing installation combine it with --ignore-installed

pip install pypiserver --pre -I

You can even install the latest pypiserver directly from github with the following command, assuming you have git installed on your PATH

pip install git+git://github.com/pypiserver/pypiserver.git

The pypi-server command has the update command that searches for updates of available packages. It scans the package directory for available packages and searches on pypi.org for updates. Without further options pypi-server update will just print a list of commands which must be run in order to get the latest version of each package. Output looks like:

$ ./pypi-server update 
checking 106 packages for newer version
.........u.e...........e..u.............
.....e..............................e...
..........................
no releases found on pypi for PyXML, Pymacs, mercurial, setuptools
# update raven from 1.4.3 to 1.4.4
pip -q install --no-deps --extra-index-url https://pypi.org/simple/ -d /home/ralf/packages/mirror raven==1.4.4
# update greenlet from 0.3.3 to 0.3.4
pip -q install --no-deps --extra-index-url https://pypi.org/simple/ -d /home/ralf/packages/mirror greenlet==0.3.4

It first prints for each package a single character after checking the available versions on pypi. A dot(.) means the package is up-to-date, 'u' means the package can be updated and 'e' means the list of releases on pypi is empty. After that it shows a pip command line which can be used to update a one package. Either copy and paste that or run pypi-server update -x in order to really execute those commands. You need to have pip installed for that to work however.

Specifying an additional -u option will also allow alpha, beta and release candidates to be downloaded. Without this option these releases won't be considered.

If you run into this problem, significant speedups can be gained by enabling pypiserver's directory caching functionality. The only requirement is to install the watchdog package, or it can be installed during pypiserver installation, by specifying the cache extras option::

pip install pypiserver[cache]

Additional speedups can be obtained by using your webserver's builtin caching functionality. For example, if you are using nginx as a reverse-proxy as described below in Behind a reverse proxy, you can easily enable caching. For example, to allow nginx to cache up to 10 gigabytes of data for up to 1 hour::

proxy_cache_path /data/nginx/cache
 levels=1:2
 keys_zone=pypiserver_cache:10m
 max_size=10g
 inactive=60m
 use_temp_path=off;
server {
 # ...
 location / {
 proxy_cache pypiserver_cache;
 proxy_pass http://localhost:8080;
 }
}

There are a variety of options for handling the automated starting of pypiserver upon system startup. Two of the most common are systemd and supervisor for linux systems. For windows creating services with scripts isn't an easy task without a third party tool such as NSSM.

systemd is installed by default on most modern Linux systems and as such, it is an excellent option for managing the pypiserver process. An example config file for systemd can be seen below

[Unit]
Description=A minimal PyPI server for use with pip/easy_install.
After=network.target
[Service]
Type=simple
# systemd requires absolute path here too.
PIDFile=/var/run/pypiserver.pid
User=www-data
Group=www-data
ExecStart=/usr/local/bin/pypi-server run -p 8080 -a update,download --log-file /var/log/pypiserver.log -P /etc/nginx/.htpasswd /var/www/pypi
ExecStop=/bin/kill -TERM $MAINPID
ExecReload=/bin/kill -HUP $MAINPID
Restart=always
WorkingDirectory=/var/www/pypi
TimeoutStartSec=3
RestartSec=5
[Install]
WantedBy=multi-user.target

Adjusting the paths and adding this file as pypiserver.service into your systemd/system directory will allow management of the pypiserver process with systemctl, e.g. systemctl start pypiserver.

More useful information about systemd can be found at https://www.digitalocean.com/community/tutorials/how-to-use-systemctl-to-manage-systemd-services-and-units

supervisor has the benefit of being a pure python package and as such, it provides excellent cross-platform support for process management. An example configuration file for supervisor is given below

[program:pypi]
command=/home/pypi/pypi-venv/bin/pypi-server run -p 7001 -P /home/pypi/.htpasswd /home/pypi/packages
directory=/home/pypi
user=pypi
autostart=true
autorestart=true
stderr_logfile=/var/log/pypiserver.err.log
stdout_logfile=/var/log/pypiserver.out.log

From there, the process can be managed via supervisord using supervisorctl.

For Windows download NSSM from https://nssm.cc unzip to a desired location such as Program Files. Decide whether you are going to use win32 or win64, and add that exe to environment PATH.

Create a start_pypiserver.bat

pypi-server run -p 8080 C:\Path\To\Packages &

From the command prompt

nssm install pypiserver

This command will launch a NSSM gui application

Path: C:\Path\To\start_pypiserver.bat
Startup directory: Auto generates when selecting path
Service name: pypiserver

There are more tabs, but that is the basic setup. If the service needs to be running with a certain login credentials, make sure you enter those credentials in the logon tab.

Start the service

nssm start pypiserver

nssm --help
nssm stop <servicename>
nssm restart <servicename>
nssm status <servicename>

• The bottle web-server which supports many WSGI-servers, among others, paste, cherrypy, twisted and wsgiref (part of Python); you select them using the --server flag.

• You may view all supported WSGI servers using the following interactive code

  >>> from pypiserver import bottle
  >>> list(bottle.server_names.keys())
  ['cgi', 'gunicorn', 'cherrypy', 'eventlet', 'tornado', 'geventSocketIO',
  'rocket', 'diesel', 'twisted', 'wsgiref', 'fapws3', 'bjoern', 'gevent',
  'meinheld', 'auto', 'aiohttp', 'flup', 'gae', 'paste', 'waitress']

• If none of the above servers matches your needs, invoke just the pypiserver:app() method which returns the internal WSGI-app WITHOUT starting-up a server - you may then send it to any WSGI server you like. Read also the Utilizing the API section.

• Some examples are given below - you may find more details in bottle site.

To use your Apache2 with pypiserver, prefer to utilize mod_wsgi as explained in bottle's documentation.

1. Adapt and place the following Apache configuration either into top-level scope, or inside some <VirtualHost> (contributed by Thomas Waldmann):

   WSGIScriptAlias / /yoursite/wsgi/pypiserver-wsgi.py
   WSGIDaemonProcess pypisrv user=pypisrv group=pypisrv umask=0007 \
    processes=1 threads=5 maximum-requests=500 \
    display-name=wsgi-pypisrv inactivity-timeout=300
   WSGIProcessGroup pypisrv
   WSGIPassAuthorization On # Required for authentication (https://github.com/pypiserver/pypiserver/issues/288)
   <Directory /yoursite/wsgi >
    Require all granted
   </Directory>

   or if using older Apache < 2.4, substitute the last part with this::

   <Directory /yoursite/wsgi >
    Order deny,allow
    Allow from all
   </Directory>

2. Then create the /yoursite/cfg/pypiserver.wsgi file and make sure that the user and group of the WSGIDaemonProcess directive (pypisrv:pypisrv in the example) have the read permission on it

   import pypiserver
   conf = pypiserver.default_config(
    root = "/yoursite/packages",
    password_file = "/yoursite/htpasswd", )
   application = pypiserver.app(**conf)

   [!TIP] If you have installed pypiserver in a virtualenv, follow mod_wsgi's instructions and prepend the python code above with the following

   import site
   site.addsitedir('/yoursite/venv/lib/pythonX.X/site-packages')

The following command uses gunicorn to start pypiserver

gunicorn -w4 'pypiserver:app(root="/home/ralf/packages")'

or when using multiple roots

gunicorn -w4 'pypiserver:app(root=["/home/ralf/packages", "/home/ralf/experimental"])'

paste allows to run multiple WSGI applications under different URL paths. Therefore, it is possible to serve different set of packages on different paths.

The following example paste.ini could be used to serve stable and unstable packages on different paths

 [composite:main]
 use = egg:Paste#urlmap
 /unstable/ = unstable
 / = stable
 [app:stable]
 use = egg:pypiserver#main
 root = ~/stable-packages
 [app:unstable]
 use = egg:pypiserver#main
 root = ~/stable-packages
 ~/unstable-packages
 [server:main]
 use = egg:gunicorn#main
 host = 0.0.0.0
 port = 9000
 workers = 5
 accesslog = -

pip install paste pastedeploy gunicorn pypiserver

gunicorn_paster paste.ini

You can run pypiserver behind a reverse proxy as well.

Extend your nginx configuration

upstream pypi {
 server pypiserver.example.com:12345 fail_timeout=0;
}
server {
 server_name myproxy.example.com;
 location / {
 proxy_set_header Host $host:$server_port;
 proxy_set_header X-Forwarded-Proto $scheme;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_pass http://pypi;
 }
}

As of pypiserver 1.3, you may also use the X-Forwarded-Host header in your reverse proxy config to enable changing the base URL. For example if you want to host pypiserver under a particular path on your server

upstream pypi {
 server localhost:8000;
}
server {
 location /pypi/ {
 proxy_set_header X-Forwarded-Host $host:$server_port/pypi;
 proxy_set_header X-Forwarded-Proto $scheme;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_pass http://pypi;
 }
}

Using a reverse proxy is the preferred way of getting pypiserver behind HTTPS. For example, to put pypiserver behind HTTPS on port 443, with automatic HTTP redirection, using nginx

upstream pypi {
 server localhost:8000;
}
server {
 listen 80 default_server;
 server_name _;
 return 301 https://$host$request_uri;
}
server {
 listen 443 ssl;
 server_name pypiserver.example.com;
 ssl_certificate /etc/star.example.com.crt;
 ssl_certificate_key /etc/star.example.com.key;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers HIGH:!aNULL:!MD5;
 location / {
 proxy_set_header Host $host:$server_port;
 proxy_set_header X-Forwarded-Proto $scheme;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_pass http://pypi;
 }
}

It is also possible to use Traefik to put pypiserver behind HTTPS on port 443, with automatic HTTP redirection using Docker Compose. Please see the provided docker-compose.yml example for more information.

In order to enable ad-hoc authentication-providers or to use WSGI-servers not supported by bottle out-of-the-box, you needed to launch pypiserver via its API.

• The main entry-point for configuring pypiserver is the pypiserver:app() function. This function returns the internal WSGI-app that you my then send to any WSGI-server you like.

• To get all pypiserver:app() keywords and their explanations, read the function pypiserver:default_config()

• Finally, to fire-up a WSGI-server with the configured app, invoke the bottle:run(app, host, port, server) function. Note that pypiserver ships with its own copy of bottle; to use it, import it like that: from pypiserver import bottle

The auther keyword of pypiserver:app() function maybe set only using the API. This can be any callable that returns a boolean when passed the username and the password for a given request.

For example, to authenticate users based on the /etc/passwd file under Unix, you may delegate such decisions to the python-pam library by following these steps:

1. Ensure python-pam module is installed

   pip install python-pam

2. Create a python-script along these lines

   $ cat > pypiserver-start.py
   import pypiserver
   from pypiserver import bottle
   import pam
   app = pypiserver.app(root='./packages', auther=pam.authenticate)
   bottle.run(app=app, host='0.0.0.0', port=80, server='auto')
   [Ctrl+ D]

3. Invoke the python-script to start-up pypiserver

   python pypiserver-start.py

The MicroPython interpreter for embedded devices can install packages with the module upip.py. The module uses a specialized json-endpoint to retrieve package information. This endpoint is supported by pypiserver.

It can be tested with the UNIX port of micropython

cd micropython
ports/unix/micropython -m tools.upip install -i http://my-server:8080 -p /tmp/mymodules micropython-foobar

Installing packages from the REPL of an embedded device works in this way:

import network
import upip
sta_if = network.WLAN(network.STA_IF)
sta_if.active(True)
sta_if.connect('<your ESSID>', '<your password>')
upip.index_urls = ["http://my-server:8080"]
upip.install("micropython-foobar")

Further information on micropython-packaging can be found here: https://docs.micropython.org/en/latest/reference/packages.html

pypiserver provides a default health endpoint at /health. It always returns 200 Ok if the service is up. Otherwise, it means that the service is not responsive.

In addition, pypiserver allows users to customize the health endpoint. Alphanumeric characters, hyphens, forward slashes and underscores are allowed and the endpoint should not overlap with any existing routes. Valid examples: /healthz, /health/live-1, /api_health, /action/health

Run pypiserver with --health-endpoint argument:

pypi-server run --health-endpoint /action/health

import pypiserver
from pypiserver import bottle
app = pypiserver.app(root="./packages", health_endpoint="/action/health")
bottle.run(app=app, host="0.0.0.0", port=8080, server="auto")

Try curl http://localhost:8080/action/health

To create a copy of the repository, use

git clone https://github.com/pypiserver/pypiserver.git
cd pypiserver

To receive any later changes, in the above folder use:

git pull

The following limitations are known:

• Command pypi -U that compares uploaded packages with pypi to see if they are outdated, does not respect a http-proxy environment variable (see #19.
• It accepts documentation uploads but does not save them to disk (see #47 for a discussion)
• It does not handle misspelled packages as pypi-repo does, therefore it is suggested to use it with --extra-index-url instead of --index-url (see #38).

Please use Github's bugtracker for other bugs you find.

There are lots of other projects, which allow you to run your own PyPI server. If pypiserver doesn't work for you, the following are among the most popular alternatives:

• devpi-server: a reliable fast pypi.org caching server, part of the comprehensive github-style pypi index server and packaging meta tool. (version: 2.1.4, access date: 8/3/2015)

• Check this SO question: How to roll my own pypi

These projects were once alternatives to pypiserver but are now either unmaintained or archived.

• pip2pi a simple cmd-line tool that builds a PyPI-compatible local folder from pip requirements

• flask-pypi-proxy A proxy for PyPI that also enables uploading custom packages.

Though not direct alternatives for pypiserver's use as an index server, the following is a list of related software projects that you may want to familiarize with:

• pypi-uploader: A command-line utility to upload packages to your pypiserver from pypi without having to store them locally first.

• twine: A command-line utility for interacting with PyPI or pypiserver.

• warehouse: the software that powers PyPI itself. It is not generally intended to be run by end-users.

pypiserver contains a copy of bottle which is available under the MIT license, and the remaining part is distributed under the zlib/libpng license. See the LICENSE.txt file.