Docker Compose
Deploy Tracecat using a Docker Compose template.
If you’re deploying Tracecat into an external instance (e.g. AWS EC2, GCP Compute Engine, Azure VM),
please note that you’ll have to set PUBLIC_APP_URL
and PUBLIC_API_URL
in the .env
file
to the IP address or host you are accessing Tracecat from.
For example, if you are port forwarding Tracecat from http://localhost
(port 80) inside AWS EC2
to http://localhost:8080
on your local machine, you must set PUBLIC_APP_URL
to http://localhost:8080
and PUBLIC_API_URL
to http://localhost:8080/api/
.
You can set these options when running the env.sh
configuration script.
Prerequisites
Verify Prerequisites
To verify that Docker Compose and Docker are installed on the machine where you plan to install Tracecat, run the following commands.
# Check Docker installation
docker
# Check Docker Compose installation
docker compose
Download Configuration Files
Tracecat requires a set of environment variables and credentials stored in .env
file to run.
We created a helpful shell script to generate the .env
file.
Use the commands listed below to download the required configuration files
(env.sh
, .env.example
) and generate your own .env
file.
curl -o env.sh https://raw.githubusercontent.com/TracecatHQ/tracecat/0.11.0/env.sh
curl -o .env.example https://raw.githubusercontent.com/TracecatHQ/tracecat/0.11.0/.env.example
chmod +x env.sh && ./env.sh
You should see the following instructions after executing env.sh
.
If you’re deploying Tracecat into local docker compose, input:
y
(yes to production mode)localhost
(default host)n
(no to postgres SSL mode).
If you’re deploying Tracecat into an external / Cloud VM, input:
y
(yes to production mode)<host-where-tracecat-is-exposed>
(e.g.localhost:8080
)n
(no to postgres SSL mode).
Download Caddyfile
Tracecat uses Caddy as a reverse proxy.
You’ll need to download the following Caddyfile
to configure this service.
curl -o Caddyfile https://raw.githubusercontent.com/TracecatHQ/tracecat/0.11.0/Caddyfile
Download Docker Compose File
curl -o docker-compose.yml https://raw.githubusercontent.com/TracecatHQ/tracecat/0.11.0/docker-compose.yml
Start Tracecat
Run the command below to start Tracecat and all related services.
Make sure your docker-compose.yml
and generated .env
files are in the same directory.
docker compose up
Your Tracecat instance should now be running on http://localhost
.
To access the Tracecat GUI, visit http://localhost
.
Tracecat comes with a REST API, you can visit the live API docs at
http://localhost/api/docs
.
Next Steps
- Log into Tracecat and build your first playbook. View quickstart.
- Tracecat comes with basic (email + password) authentication. Find out how to configure other authentication methods. View docs.
- Read inline comments in the generated
.env
file to better understand Tracecat’s configurations. View.env.example
file - (Optional) Configure external-facing webhooks. View docs.