Security
SSL/TLS
Tracelake can be configured to use SSL/TLS with self-signed certificates, with Let’s Encrypt certificates or with your own certificates.
For production environments, we recommend using your own certificates.
Self-signed certificates
To use self-signed certificates, set the TRACELAKE_HOSTNAME
environment variable to your domain name when starting the container. Tracelake will automatically configure itself to use HTTPS with self-signed certificates. Make sure to open port 80 (for redirect) and 443 for HTTP and HTTPS requests.
Example deployment command:
Let’s Encrypt certificates
To use Let’s Encrypt certificates, set the TRACELAKE_HOSTNAME
environment variable to your domain name, set TRACELAKE_TLS_SETTINGS
to a valid email address. This email address will be used by Let’s Encrypt to contact you if there are any issues with your certificates. You also need to make sure that your server is accessible from the internet and make sure port 80 is open for HTTP requests. Tracelake will automatically configure itself to use HTTPS with Let’s Encrypt certificates.
Example deployment command:
Own certificates
To use your own certificates, set the TRACELAKE_HOSTNAME
environment variable to your domain name, set TRACELAKE_TLS_SETTINGS
to “/certs/cert.pem /certs/key.pem” and make sure to mount the /certs
directory with your certificates.
The certificates must be valid for the domain name you set in TRACELAKE_HOSTNAME
. Also make sure that the certificates can be read by the Tracelake container. The certificate and key will be accessed by user “django” (UID 1000) inside the container, so either equivalent user must exist on the host machine or the files must be readable by all.
Example deployment command:
Refer to the Caddy documentation for more information about the TRACELAKE_TLS_SETTINGS
environment variable.