Custom Certificates

Use Custom Certificates in CVAT

CVAT use traefik as a reverse proxy to manage SSL certificates. By default, traefik uses Let’s Encrypt to generate SSL certificates. However, you can use your own certificates instead of Let’s Encrypt.

See:

Setup Custom Certificates

Create Certificates Directory

Create a certs directory in the root of the project:

mkdir -p ./certs

Move your certificates to the ./certs directory:

mv /path/to/cert.pem ./certs/cert.pem
mv /path/to/key.pem ./certs/key.pem

Change Traefik Configuration

Create tls.yml in the root of the project directory with the following content:

tls:
  stores:
    default:
      defaultCertificate:
        certFile: /certs/cert.pem
        keyFile: /certs/key.pem

Edit the docker-compose.https.yml file and change the traefik service configuration as follows:

  traefik:
    environment:
      TRAEFIK_ENTRYPOINTS_web_ADDRESS: :80
      TRAEFIK_ENTRYPOINTS_web_HTTP_REDIRECTIONS_ENTRYPOINT_TO: websecure
      TRAEFIK_ENTRYPOINTS_web_HTTP_REDIRECTIONS_ENTRYPOINT_SCHEME: https
      TRAEFIK_ENTRYPOINTS_websecure_ADDRESS: :443
      # Disable Let's Encrypt
      # TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_EMAIL: "${ACME_EMAIL:?Please set the ACME_EMAIL env variable}"
      # TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_TLSCHALLENGE: "true"
      # TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_STORAGE: /letsencrypt/acme.json
    ports:
      - 80:80
      - 443:443
    # Add certificates volume and tls.yml rules
    volumes:
      - ./certs:/certs
      - ./tls.yml:/etc/traefik/rules/tls.yml

Start CVAT

Start CVAT with the following command:

docker compose -f docker-compose.yml -f docker-compose.https.yml up -d