Full tutorial with minor adaptation done in some monthes

Local Docker environment

Test with downloding 1.0 (no build)

docker pull playerla/flaskmegaturorial:1.0
docker-compose -f docker-compose.yml up --no-build
docker-compose exec web flask shell

I used Docker toolbox ("Native" Linux container on WSL 2 was still preview). See .env file for password and secret configuration. Now using Docker for windows with WSL2 backend.

Database migration utility

Removing database volume

Usefull on a permission denied, wrong former password stored on volume:

docker-compose stop db
docker-compose rm -v db
docker-compose up -d --build
# Run tool in a client container
docker run --network flask-mega-tuto_default -it --rm mysql mysql -hdb -uroot -p
# or attach in db container
docker-compose exec db mysql -hdb -p

Reindexing all posts in search engine

Elastic volume has not been configured in this docker-compose file (not persistent)

docker-compose exec web flask index update

Get mails

docker-compose logs -f smtp

DEV Environment

  • Windows 10, VirtualBox, WSL.
  • VSCode
  • Python 3.8

SMTP configuration with api key for local postfix relay

Testing with local smtp

python -m smtpd -n -c DebuggingServer localhost:25


pybabel extract -F babel.cfg -k _l -o messages.pot .
pybabel init -i messages.pot -d core/translations -l fr
# ... Edit messages.po
pybabel compile -d core/translations
# ... Modify python code and extract new pending translations
pybabel extract -F babel.cfg -k _l -o messages.pot .
pybabel update -i messages.pot -d core/translations
pybabel compile -d core/translations

Switch Python version for Windows (livereload support 3.7)

$env:Path = "$env:LOCALAPPDATA\Programs\Python\Python37\;$env:Path"

Last version of livereload was broken I made a fix (a revert see 4fce73) Livereload work with <script> tag injection in <head>:

    return render_template_string("<html><head>world!<!-- script is injected here--></head><html>")

Elasticsearch on WSL

Fix elastic on WSL read only mode :

curl -XPUT -H "Content-Type: application/json" http://localhost:9200/_all/_settings -d '{"index.blocks.read_only_allow_delete": false}'

VSCode Extension


  • Python
  • Jinja
  • Gitlens
  • Brower Preview
  • Remote SSH/WSL
  • SQlite
  • SFTP
  • Docker
  • reStructuredText

Should take a look:

  • AREPL for python
  • Better TOML
  • TODO Highlight
  • Bracket pair colorizer 2
  • Toogle

Hardened deployement tested on the Vagrant-VirtualBox (manual install of the application)

Deployed on /opt with user vagrant (SFTP extension is used here)

chown root:root /opt -R
find /opt -type d -exec setfacl -m "g:ubuntu:r-x" {} +
find /opt -type d -exec setfacl -m "g:vagrant:rwx" {} +
find /opt -type f -exec setfacl -m "g:vagrant:rwx" {} +
find /opt -type f -exec setfacl -m "g:ubuntu:r--" {} +

Check :

  • user 'ubuntu' not in sudoers
  • ubuntu permissions:executable+x, database+w and its folder +w
chown root:ubuntu /opt/microblog.db
chmod g+w /opt/microblog.db
chown root:ubuntu /opt/venv/bin/*
chmod g+x /opt/venv/bin/*
chown root:ubuntu /opt
chmod g+w /opt

Heroku configuration

heroku cli use git config to identify remote app, set :

git remote add heroku

or on each command you will be asked for app-name : heroku command -a app-name


  • Redis
  • SendGrid
  • Postgres
  • SearchBox Elasticsearch

Heroku searchly : create index

Google cloud

Setup .\google-credentials.json content in $GOOGLE_CREDENTIALS

$GOOGLE_CREDENTIALS= ""; gc .\google-credentials.json | % { $GOOGLE_CREDENTIALS += $_ };
$env:EDITOR="code -w"
heroku config:edit GOOGLE_CREDENTIALS
heroku buildpacks:add --index 1

NB: a .profile is executed at startup for manipulating the environment

Reference and links

Articles on python and docker

Migration in real life

Introduction to Docker-compose