Skip to content

Security

SSL/TLS

Tracelake can be configured to use SSL/TLS with self-signed certificates, with Let’s Encrypt certificates or with your own certificates.

For production environments, we recommend using your own certificates.

Self-signed certificates

To use self-signed certificates, set the TRACELAKE_HOSTNAME environment variable to your domain name when starting the container. Tracelake will automatically configure itself to use HTTPS with self-signed certificates. Make sure to open port 80 (for redirect) and 443 for HTTP and HTTPS requests.

Example deployment command:

Terminal window
docker run -d --restart unless-stopped \
-v tracelake_data:/app/tracelake_server/data \
-e TRACELAKE_HOSTNAME=tracelake.internal.example.com \
-e TRACELAKE_PORTAL_TOKEN=••••••••••••••• \
--name tracelake -p 80:80 -p 443:443 registry.tracelake.com/tracelake:latest

Let’s Encrypt certificates

To use Let’s Encrypt certificates, set the TRACELAKE_HOSTNAME environment variable to your domain name, set TRACELAKE_TLS_SETTINGS to a valid email address. This email address will be used by Let’s Encrypt to contact you if there are any issues with your certificates. You also need to make sure that your server is accessible from the internet and make sure port 80 is open for HTTP requests. Tracelake will automatically configure itself to use HTTPS with Let’s Encrypt certificates.

Example deployment command:

Terminal window
docker run -d --restart unless-stopped \
-v tracelake_data:/app/tracelake_server/data \
-e TRACELAKE_HOSTNAME=tracelake.public.example.com \
-e TRACELAKE_PORTAL_TOKEN=••••••••••••••• \
--name tracelake -p 80:80 -p 443:443 registry.tracelake.com/tracelake:latest

Own certificates

To use your own certificates, set the TRACELAKE_HOSTNAME environment variable to your domain name, set TRACELAKE_TLS_SETTINGS to “/certs/cert.pem /certs/key.pem” and make sure to mount the /certs directory with your certificates.

The certificates must be valid for the domain name you set in TRACELAKE_HOSTNAME. Also make sure that the certificates can be read by the Tracelake container. The certificate and key will be accessed by user “django” (UID 1000) inside the container, so either equivalent user must exist on the host machine or the files must be readable by all.

Example deployment command:

Terminal window
docker run -d --restart unless-stopped \
-v tracelake_data:/app/tracelake_server/data \
-v /path/to/certs:/certs \
-e TRACELAKE_HOSTNAME=tracelake.internal.example.com \
-e TRACELAKE_TLS_SETTINGS="/certs/cert.pem /certs/key.pem" \
-e TRACELAKE_PORTAL_TOKEN=••••••••••••••• \
--name tracelake -p 80:80 -p 443:443 registry.tracelake.com/tracelake:latest

Refer to the Caddy documentation for more information about the TRACELAKE_TLS_SETTINGS environment variable.