Documentation
DocumentationDiscussions

Using Azure Container Instances (ACI)

For hosting in Azure without a virtual machine, Seq can be deployed to Azure Container Instances.

🚧

Premium File Share Required

Azure Container Instances provides persistent storage only through Azure Files, which is a networked file system. Seq will encounter regular storage corruptions if run on a regular Azure Files share. Instead, an Azure Premium Files share must be used.

While Azure Container Instances is suitable for basic hosting, Datalust recommends using Azure Kubernetes Services (AKS) or virtual machines for mission-critical or heavily-loaded Seq deployments in Azure.

Finding the official Microsoft documentation

Azure frequently changes as it evolves. For the latest information on deploying containers on ACI, see the Azure Container Instances documentation.

Deploying with az in Azure Cloud Shell

πŸ“˜

These instructions demonstrate deploying the container without HTTPS encryption or authentication enabled.

To enable authentication, see Getting Started with Docker.

For HTTPS in Azure, see HTTPS/TLS.

Seq can be deployed to ACI using the az command in Azure Cloud Shell, accessed using the command prompt icon beside the Azure Portal's main search box.

Bash syntax is used in the examples below.

1. Create a resource group

Hosting the container requires several resources to be deployed. To easily deploy, manage, and tear down these resources, we'll create a resource group, which we'll call seq-aci:

az group create --name seq-aci --location eastus

2. Create a storage account and premium file share

Seq needs a Premium Files volume to persist data on ACI.

First, the storage account, which we'll call seqacistorage:

az storage account create \
  --name seqacistorage \
  --resource-group seq-aci \
  --location eastus \
  --kind FileStorage \
  --sku Premium_LRS

Then the file share, which we'll call seq-aci-data:

az storage share-rm create \
  --name seq-data \
  --resource-group seq-aci \
  --storage-account seqacistorage \
  --quota 100 \
  --output none

To connect to the storage account, we'll need to retrieve its key. This will produce a large base-64 encoded string:

az storage account keys list \
  --resource-group seq-aci \
  --account-name seqacistorage \
  --query "[0].value" \
  --output tsv

3. Deploy the container

The argument to --azure-file-volume-account-key is the large string produced in the previous step.

You'll need to choose a unique --dns-name-label, and use this in the SEQ_API_CANONICALURI environment variable.

az container create \
  --resource-group seq-aci \
  --name seq-aci-container \
  --image datalust/seq:latest \
  --dns-name-label seq-aci-dns \
  --ports 80 443 \
  --restart-policy OnFailure \
  --environment-variables \
    'ACCEPT_EULA'='Y' \
    'SEQ_API_CANONICALURI'='http://seq-aci-dns.eastus.azurecontainer.io/' \
  --azure-file-volume-share-name seq-data \
  --azure-file-volume-account-name seqacistorage \
  --azure-file-volume-account-key "QUnGu7Iz+4R...c728qLY7+AStEEElJg==" \
  --azure-file-volume-mount-path /data \
  --query ipAddress.fqdn

This will print the fully-qualified domain name and URL of your running Seq container.

Enabling HTTPS (TLS/SSL)

To enable HTTPS, if you have a .pfx or .pem certificate available, see HTTPS (TLS/SSL) for instructions.

Alternatively, if you prefer to use a service such as LetsEncrypt for obtaining TLS certificates automatically, check out Caddy, which can be deployed alongside Seq in a "sidecar" container . Note that Datalust does not provide support for Caddy, but we'll happily try to point you in the right direction if you get stuck!

πŸ“˜

Whichever method you choose, you'll need to update the SEQ_API_CANONICALURI environment variable that's passed to the container to include the HTTPS URL.