Deploy Tracecat using a Docker Compose template.
:z
suffix to the Caddy volume mount:
./Caddyfile:/etc/caddy/Caddyfile:z
in the Docker Compose file.PUBLIC_APP_URL
and PUBLIC_API_URL
in the .env
file to the IP address or host you are accessing Tracecat from.For example, if you are port forwarding Tracecat from http://localhost
(port 80) inside AWS EC2 to http://localhost:8080
on your local machine,
you must set PUBLIC_APP_URL
to http://localhost:8080
and PUBLIC_API_URL
to http://localhost:8080/api/
.Moreover, if you are using a Windows machine, make sure to set PUBLIC_APP_URL
to 127.0.0.1
(not localhost
).You can set these options when running the env.sh
configuration script..env
file to run.
We created a helpful shell script to generate the .env
file.
Use the commands listed below to download the required configuration files
(env.sh
, .env.example
) and generate your own .env
file.
env.sh
, you’ll be prompted to input the following:
y
(use y
unless you are a Tracecat developer)PUBLIC_APP_URL
to - defaults to localhost
n
localhost
or
127.0.0.1
as the IP address. Avoid using 0.0.0.0
, as the frontend will
attempt to call 0.0.0.0/api/
to access the backend API, causing connection
issues.PUBLIC_APP_PORT
in the .env
file. For example, to expose Tracecat UI at
http://localhost:8082
, set PUBLIC_APP_PORT=8082
in the .env
file.n
changes where Tracecat’s remote repository is installed.
Do not set production mode to n
unless you are a Tracecat developer.By default, Tracecat will install the remote repository to the user’s home directory at ~/.local/lib/python3.12/site-packages/
.
Setting production mode to y
will install the remote repository to the PYTHONUSERBASE
directory specified in enviroment variables.Caddyfile
to configure this service.
80
), you can set
PUBLIC_APP_PORT
in the .env
file. For example, to expose Tracecat UI at
http://localhost:8080
, set PUBLIC_APP_PORT=8080
in the .env
file.docker-compose.yml
and generated .env
files are in the same directory.
http://localhost:${PUBLIC_APP_PORT}
.
To access the Tracecat GUI, visit http://localhost:${PUBLIC_APP_PORT}
.
http://localhost:${PUBLIC_APP_PORT}/api/docs
.env.sh
setup can become super admin.
You must sign up using exactly that email address to gain super admin privileges.
To proceed, sign up and create an account with a strong and secure password using the super admin email you configured.
Check out the admin tutorial for more information.
PUBLIC_APP_URL
- Tracecat frontend URL.PUBLIC_APP_PORT
- Tracecat frontend port.PUBLIC_API_URL
- Tracecat API URL.NEXT_PUBLIC_APP_URL
- Browser client will use this URL to access the Tracecat frontend.NEXT_PUBLIC_API_URL
- Browser client will use this URL to access the Tracecat API.BASE_DOMAIN
- Caddy will use this domain to reverse proxy the Tracecat frontend and API. Defaults to :{PUBLIC_APP_PORT}
ADDRESS
- Caddy will use this address to bind to the network. Defaults to 0.0.0.0
INTERNAL_API_URL
- Tracecat API URL (defaults to http://api:8000
)INTERNAL_EXECUTOR_URL
- Tracecat executor URL (defaults to http://executor:8000
)NEXT_SERVER_API_URL
- Tracecat API URL (defaults to INTERNAL_API_URL
)PUBLIC_APP_URL
.
Please check the following:
PUBLIC_APP_URL
to 0.0.0.0
. Browsers cannot connect to this address. Use localhost
, 127.0.0.1
, or your machine’s actual IP address instead.127.0.0.1
. Run ip addr
to find your WSL IP address (usually 172.x.x.x
) and use that instead.NEXT_PUBLIC_API_URL
to an address your browser can reach.docker compose ps
to verify all services are running.docker compose logs api
and docker compose logs temporal
..env
file to better understand Tracecat’s configurations. View .env.example
file.