DocumentationDiscussions
DocumentationDiscussions

HTTPS (TLS/SSL)

The datalust/seq container can serve its web user interface and event ingestion endpoint over HTTPS.

To configure HTTPS for Seq, you'll first need a certificate for the hostname that Seq is listening on. That is, if you want to use Seq at https://seq.example.com then you'll need an SSL certificate for that domain.

🚧

For TLS to provide effective security, you need to ensure that both the apps writing log events, and the client machines used to browse to Seq web user interface, trust the certificate assigned to the Seq server.

It is possible to disable certificate validation in apps, or ignore certificate validation warnings in web browsers, but in both of these cases it is unlikely TLS provides any material protection against an observer intercepting communication with the server.

Certificates can be stored in the container-local /data/Certificates directory. Adding certificates at the following paths will cover both the regular UI and limited ingestion port:

  • /data/Certificates/443.pfx
  • /data/Certificates/45341.pfx

Setting a password

Seq can find the password to open the certificate with through the certificates.defaultPassword configuration value. This can either be passed using the SEQ_CERTIFICATES_DEFAULTPASSWORD environment variable, with seq secret set, or in an init scripts using seqsvr secret set:

#!/bin/bash
cat /my/default-password.txt | seqsvr secret set -k certificates.defaultPassword --value-stdin
rm /my/default-password.txt

Did this page help you?