HTTPS (TLS/SSL)
The datalust/seq
container can serve its web user interface and event ingestion endpoint over HTTPS.
To configure HTTPS for Seq, you'll first need a certificate for the hostname that Seq is listening on. That is, if you want to use Seq at https://seq.example.com
then you'll need an SSL certificate for that domain.
For TLS to provide effective security, you need to ensure that both the apps writing log events, and the client machines used to browse to Seq web user interface, trust the certificate assigned to the Seq server.
It is possible to disable certificate validation in apps, or ignore certificate validation warnings in web browsers, but in both of these cases it is unlikely TLS provides any material protection against an observer intercepting communication with the server.
Certificates can be stored in the container-local /data/Certificates
directory. Adding certificates at the following paths will cover both the regular UI and limited ingestion port:
/data/Certificates/443.pfx
/data/Certificates/45341.pfx
Setting a password
Seq can find the password to open the certificate with through the certificates.defaultPassword
configuration value. This can either be passed using the SEQ_CERTIFICATES_DEFAULTPASSWORD
environment variable, with seq secret set
, or in an init scripts using seqsvr secret set
:
#!/bin/bash
cat /my/default-password.txt | seqsvr secret set -k certificates.defaultPassword --value-stdin
rm /my/default-password.txt
Updated about 3 years ago