dstack is a developer friendly and security first SDK to simplify the deployment of arbitrary containerized apps into TEE.
- 🔒 Secure Deployment: Deploy containerized apps securely in TEE in minutes
- 🛠️ Familiar Tools: Use familiar tools - just write a docker-compose.yaml
- 🔑 Secret Management: Safely manage secrets and sensitive data
- 📡 ZT-HTTPS: Expose services via automated TLS termination
dstack is community driven. Open sourced and built by Kevin Wang and many others from Phala Network, inspired by Andrew Miller (Flashbots & Teleport), and contributed by Nethermind and many others.
- dstack-vmm: A service running in a bare TDX host to manage CVMs
- dstack-gateway: A reverse proxy to forward TLS connections to CVMs
- dstack-kms: A KMS server to generate keys for CVMs
- dstack-guest-agent: A service running in CVM to serve containers' key derivation and attestation requests
- meta-dstack: A Yocto meta layer to build CVM guest images
- A bare metal TDX server setup following canonical/tdx
- Public IPv4 address assigned to the machine
- At least 16GB RAM, 100GB free disk space
- A domain with DNS access if you want to set up dstack-gatewayfor Zero Trust HTTPS
Note
Check the Hardware Requirements for more information on buying a bare metal server or renting a server from cloud providers.
If you are looking for a cloud-managed dstack, go to the docs to learn how to sign up for a Phala Cloud Account and deploy your first CVM on dstack.
# For Ubuntu 24.04
sudo apt install -y build-essential chrpath diffstat lz4 wireguard-tools xorriso
# Install Rust
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | shgit clone https://github.com/Dstack-TEE/meta-dstack.git --recursive
cd meta-dstack/
mkdir build
cd build
../build.sh hostcfgThis outputs the following message:
Config file ../build-config.sh created, please edit it to configure the build
Review and customize the build-config.sh configuration file according to your environment requirements. The file contains network ports, domain settings, and other important parameters.
vim ./build-config.shOnce configured, run the build script again to generate the necessary artifacts:
../build.sh hostcfgIf everything is okay, you should see the built artifacts in the build directory:
$ ls
certs  images  dstack-kms  kms.toml  run  dstack-vmm  vmm.toml  dstack-gateway  gateway.tomlOption A: Download guest image
# This will download the guest image from the release page
../build.sh dl 0.5.2Option B: Build from source
# This will build the guest image from source using the yocto meta layer. This will take a while.
../build.sh guestImportant
Note on Reproducible Builds: The build command above does not guarantee reproducibility. For reproducible builds across different build environments, please refer to the reproducible build instructions in the meta-dstack repository.
Now you can open 3 terminals to start the components:
- KMS: ./dstack-kms -c kms.toml
- Gateway: sudo ./dstack-gateway -c gateway.toml
- VMM: ./dstack-vmm -c vmm.toml
Warning
This configuration is for local development, and the kms is not secure. You should not use it in production. For production, you should follow the deployment guide and read the security guide.
You can manage VMs via the dashboard or CLI.
Open the dstack-vmm webpage http://localhost:9080 (change the port according to your configuration) on your local machine to deploy a docker-compose.yaml file:
After the container is deployed, it should take some time to start the CVM and the containers. Time would be vary depending on your workload.
- [Logs]: Click this button to view the CVM logs and monitor container startup progress
- [Dashboard]: Once the container is running, click this button to view container information and logs. (Note: This button is only visible when dstack-gateway is enabled. If disabled, you'll need to add a port mapping to port 8090 to access the CVM dashboard)
When deploying a new App, you can pass private data via Encrypted Environment Variables. These variables can be referenced in the docker-compose.yaml file as shown below:
The environment variables will be encrypted in the client-side and decrypted in the CVM before being passed to the containers.
Once your app is deployed and listening on an HTTP port, you can access it through dstack-gateway's public domain using these ingress mapping rules:
- <id>[-[<port>][s|g]].<base_domain>→ maps to port- <port>in the CVM
Examples:
- 3327603e03f5bd1f830812ca4a789277fc31f577-8080.test0.dstack.org→ port- 8080(TLS termination to any TCP)
- 3327603e03f5bd1f830812ca4a789277fc31f577-8080g.test0.dstack.org→ port- 8080(TLS termination with HTTP/2 negotiation)
- 3327603e03f5bd1f830812ca4a789277fc31f577-8080s.test0.dstack.org→ port- 8080(TLS passthrough to any TCP)
The <id> can be either the app ID or instance ID. When using the app ID, the load balancer will select one of the available instances. Adding an s suffix enables TLS passthrough to the app instead of terminating at dstack-gateway. Adding a g suffix enables HTTPS/2 with TLS termination for gRPC applications.
Note: If dstack-gateway is disabled, you'll need to use port mappings configured during deployment to access your application via the host's IP address and mapped ports.
For development images (dstack-x.x.x-dev), you can SSH into the CVM for inspection:
# Find the CVM wg IP address in the dstack-vmm dashboard
ssh root@10.0.3.2To get a TDX quote within app containers:
1. Mount the socket in docker-compose.yaml
version: '3'
services:
  nginx:
    image: nginx:latest
    volumes:
      - /var/run/dstack.sock:/var/run/dstack.sock
    ports:
      - "8080:80"
    restart: always2. Execute the quote request command
# The argument report_data accepts binary data encoding in hex string.
# The actual report_data passing the to the underlying TDX driver is sha2_256(report_data).
curl --unix-socket /var/run/dstack.sock http://localhost/GetQuote?report_data=0x1234deadbeef | jq .  Container logs can be obtained from the CVM's dashboard page or by curl:
curl 'http://<appid>.<the domain you set for dstack-gateway>:9090/logs/<container name>?since=0&until=0&follow=true&text=true×tamps=true&bare=true'Replace <appid> and <container name> with actual values. Available parameters:
| Parameter | Description | 
|---|---|
| since=0 | Starting Unix timestamp for log retrieval | 
| until=0 | Ending Unix timestamp for log retrieval | 
| follow | Enables continuous log streaming | 
| text | Returns human-readable text instead of base64 encoding | 
| timestamps | Adds timestamps to each log line | 
| bare | Returns the raw log lines without json format | 
Example response:
$ curl 'http://0.0.0.0:9190/logs/zk-provider-server?text×tamps'
{"channel":"stdout","message":"2024-09-29T03:05:45.209507046Z Initializing Rust backend...\n"}
{"channel":"stdout","message":"2024-09-29T03:05:45.209543047Z Calling Rust function: init\n"}
{"channel":"stdout","message":"2024-09-29T03:05:45.209544957Z [2024-09-29T03:05:44Z INFO  rust_prover] Initializing...\n"}
{"channel":"stdout","message":"2024-09-29T03:05:45.209546381Z [2024-09-29T03:05:44Z INFO  rust_prover::groth16] Starting setup process\n"}dstack-gateway supports TLS passthrough for custom domains.
See the example here for more details.
Got to the dstack-vmm webpage, click the [Upgrade] button, select or paste the compose file you want to upgrade to, and click the [Upgrade] button again. The app id does not change after the upgrade. Stop and start the app to apply the upgrade.
In the tutorial above, we used a TLS certificate with a private key external to the TEE. To establish trust, we need to generate and maintain the certificate's private key within the TEE and provide evidence that all TLS certificates for the domain originated solely from dstack-gateway CVM.
By combining Certificate Transparency Logs and CAA DNS records, we can make the best effort to minimize security risks. Here's our approach:
- Set CAA records to allow only the account created in dstack-gateway CVM to request Certificates
- Launch a program to monitor Certificate Transparency Log and give alarm once any certificate issued to a pubkey that isn't generated by dstack-gateway CVM
To launch Certbot, you need to own a domain hosted on Cloudflare. Obtain an API token with DNS operation permissions from the Cloudflare dashboard. Configure it in the build-config.sh:
# The directory to store the auto obtained TLS certificate and key
GATEWAY_CERT=${CERBOT_WORKDIR}/live/cert.pem
GATEWAY_KEY=${CERBOT_WORKDIR}/live/key.pem
# For certbot
CF_ZONE_ID=cc0a40...
CF_API_TOKEN=g-DwMH...
# ACME_URL=https://acme-v02.api.letsencrypt.org/directory
ACME_URL=https://acme-staging-v02.api.letsencrypt.org/directoryThen re-run the build script:
../build.shThen run the certbot in the build/ and you will see the following log:
$ RUST_LOG=info,certbot=debug ./certbot renew -c certbot.toml
2024-10-25T07:41:00.682990Z  INFO certbot::bot: creating new ACME account
2024-10-25T07:41:00.869246Z  INFO certbot::bot: created new ACME account: https://acme-staging-v02.api.letsencrypt.org/acme/acct/168601853
...
2024-10-25T07:41:35.852790Z DEBUG certbot::acme_client: setting challenge ready for https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/14584884443/mQ-I2A
2024-10-25T07:41:35.934425Z DEBUG certbot::acme_client: challenges are ready, waiting for order to be ready
2024-10-25T07:41:37.972434Z DEBUG certbot::acme_client: order is ready, uploading csr
2024-10-25T07:41:38.052901Z DEBUG certbot::acme_client: order is processing, waiting for challenge to be accepted
2024-10-25T07:41:40.088190Z DEBUG certbot::acme_client: order is valid, getting certificate
2024-10-25T07:41:40.125988Z DEBUG certbot::acme_client: removing dns record 6ab5724e8fa7e3e8f14e93333a98866a
2024-10-25T07:41:40.377379Z DEBUG certbot::acme_client: stored new cert in /home/kvin/codes/meta-dstack/dstack/build/run/certbot/backup/2024-10-25T07:41:40.377174477Z
2024-10-25T07:41:40.377472Z  INFO certbot::bot: checking if certificate needs to be renewed
2024-10-25T07:41:40.377719Z DEBUG certbot::acme_client: will expire in Duration { seconds: 7772486, nanoseconds: 622281542 }
2024-10-25T07:41:40.377752Z  INFO certbot::bot: certificate /home/kvin/codes/meta-dstack/dstack/build/run/certbot/live/cert.pem is up to date
What the command does:
- Registered to letsencrypt and got a new account https://acme-staging-v02.api.letsencrypt.org/acme/acct/168601853
- Auto set CAA records for the domain on cloudflare, you can open the CF dashboard to see the record:
- Auto requested a new certificate from Let's Encrypt. Automatically renews the certificate to maintain its validity
Execute dstack-gateway with sudo ./dstack-gateway -c gateway.toml, then access the web portal to check the dstack-gateway CVM managed Let's Encrypt account. The account's private key remains securely sealed within the TEE.
To enhance security, we've limited TLS certificate issuance to dstack-gateway via CAA records. However, since these records can be modified through Cloudflare's domain management, we need to implement global CA certificate monitoring to maintain security oversight.
ct_monitor tracks Certificate Transparency logs via https://crt.sh, comparing their public key with the ones got from dstack-gateway RPC. It immediately alerts when detecting unauthorized certificates not issued through dstack-gateway:
$ ./ct_monitor -t https://localhost:9010/prpc -d <YOUR_DOMAIN>
2024-10-25T08:12:11.366463Z  INFO ct_monitor: monitoring <YOUR_DOMAIN>...
2024-10-25T08:12:11.366488Z  INFO ct_monitor: fetching known public keys from https://localhost:9010/prpc
2024-10-25T08:12:11.566222Z  INFO ct_monitor: got 2 known public keys
2024-10-25T08:12:13.142122Z  INFO ct_monitor: ✅ checked log id=14705660685
2024-10-25T08:12:13.802573Z  INFO ct_monitor: ✅ checked log id=14705656674
2024-10-25T08:12:14.494944Z ERROR ct_monitor: ❌ error in CTLog { id: 14666084839, issuer_ca_id: 295815, issuer_name: "C=US, O=Let's Encrypt, CN=R11", common_name: "<YOUR_DOMAIN>", name_value: "*.<YOUR_DOMAIN>", not_before: "2024-09-24T02:23:15", not_after: "2024-12-23T02:23:14", serial_number: "03ae796f56a933c8ff7e32c7c0d662a253d4", result_count: 1, entry_timestamp: "2024-09-24T03:21:45.825" }
2024-10-25T08:12:14.494998Z ERROR ct_monitor: error: certificate has issued to unknown pubkey: 30820122300d06092a864886f70d01010105000382010f003082010a02820101009de65c767caf117880626d1acc1ee78f3c6a992e3fe458f34066f92812ac550190a67e49ebf4f537003c393c000a8ec3e114da088c0cb02ffd0881fd39a2b32cc60d2e9989f0efab3345bee418262e0179d307d8d361fd0837f85d17eab92ec6f4126247e614aa01f4efcc05bc6303a8be68230f04326c9e85406fc4d234e9ce92089253b11d002cdf325582df45d5da42981cd546cbd2e9e49f0fa6636e747a345aaf8cefa02556aa258e1f7f90906be8fe51567ac9626f35bc46837e4f3203387fee59c71cea400000007c24e7537debc1941b36ff1612990233e4c219632e35858b1771f17a71944adf6c657dd7303583e3aeed199bd36a3152f49980f4f30203010001
dstack undergoes regular security audits to ensure the highest standards of security for TEE-based deployments.
A comprehensive security audit was conducted to evaluate the security architecture and implementation of dstack. The audit report is available at:
The audit covers key security aspects including:
- TEE integration and attestation mechanisms
- Cryptographic implementations and key management
- Network security and TLS configurations
- Container isolation and runtime security
- Smart contract security (for blockchain integrations)
For additional security guidance and best practices, see the Security Guide.
dstack-vmm may throw this error when creating a new VM if the Unix Socket CID is occupied.
Solution:
- 
List the occupied CID: ps aux | grep 'guest-cid=' 
- 
Choose a new range of the CID not conflicting with the CID in use. You can change build/vmm.tomlfile and restartdstack-vmm. For example, you may find 33000-34000 free to use:[cvm] cid_start = 33000 cid_pool_size = 1000 
- 
When building from scratch, change the CID configs in build-config.shinstead, becausevmm.tomlfile is generated bybuild.sh.
Note
You may encounter this problem when upgrading from an older version of dstack, because CID was introduced in build-config.sh in later versions. In such case, please follow the docs to add the missing entries in build-config.sh and rebuild dstack.
When running ../build.sh guest, you might encounter this error:
Traceback (most recent call last):
  File "/meta-dstack/poky/bitbake/bin/bitbake-worker", line 278, in child
    bb.utils.disable_network(uid, gid)
  File "/meta-dstack/poky/bitbake/lib/bb/utils.py", line 1696, in disable_network
    with open("/proc/self/uid_map", "w") as f:
PermissionError: [Errno 1] Operation not permitted
Solution:
This error occurs because Ubuntu 23.10 and later versions restrict unprivileged user namespaces by default.
sudo sysctl kernel.apparmor_restrict_unprivileged_userns=0Then try building again. For more information about this restriction, see the Ubuntu discourse post.
The dstack logo and branding assets are available in the media kit:
- Horizontal logos: Primary and dark versions in PNG/SVG formats
- Vertical logos: Primary and dark versions in PNG/SVG formats
- Icons: Primary and dark versions in PNG/SVG formats
All assets are provided in high-resolution formats suitable for both digital and print use.
Copyright 2024 Phala Network and Contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Made with ❤️ by the dstack community





