Example applications for dstack - Deploy containerized apps to TEEs with end-to-end security in minutes
Getting Started • Examples • Contributing • Documentation • Community
This repository contains ready-to-deploy examples demonstrating how to build and run applications on dstack, the developer-friendly SDK for deploying containerized apps in Trusted Execution Environments (TEE).
- Security Features - Remote attestation, verification, and privacy-preserving apps
- Secret Management - Secure handling of credentials and sensitive data in TEE environments
- Networking Patterns - HTTPS termination, custom domains, port forwarding in the cloud
- Best Practices - Production-ready implementations following TEE security principles
Before you begin, ensure you have:
- Access to a dstack environment
- Basic understanding of TEE concepts
- Basic familiarity with Docker Compose configuration files
- Git for cloning the repository
You can deploy dstack on your own server, or use Phala Cloud.
# Clone the repository
git clone https://github.com/Dstack-TEE/dstack-examples.git
cd dstack-examples
# Choose an example
cd attestation/configid-based
# Copy the docker-compose.yaml content to your dstack deployment
# Follow the example-specific README for deployment instructions| Example | Description |
|---|---|
| attestation/configid-based | ConfigID-based remote attestation verification |
| attestation/rtmr3-based | RTMR3-based attestation (legacy) |
| Example | Description |
|---|---|
| custom-domain | Set up custom domain with automatic TLS certificate management via zt-https |
| ssh-over-gateway | SSH tunneling through dstack gateway |
| tcp-port-forwarding | Arbitrary TCP port forwarding |
| tor-hidden-service | Run Tor hidden services in TEEs |
| Example | Description |
|---|---|
| launcher | Generic launcher pattern for Docker Compose apps |
| webshell | Web-based shell access for debugging |
| prelaunch-script | Pre-launch script patterns used by Phala Cloud |
| Example | Description |
|---|---|
| lightclient | Blockchain light client integration |
| timelock-nts | Timelock decryption with NTS |
| private-docker-image-deployment | Using private Docker registries |
- dstack Documentation - Official platform documentation
- Main Repository - Core dstack framework
- Security Guide - Security best practices
- Contributing Guide - How to contribute
Use the dev.sh script for validation and development tasks:
./dev.sh help # Show available commands
./dev.sh validate <example> # Validate a specific example
./dev.sh validate-all # Validate all examples
./dev.sh security # Run security checks
./dev.sh lint # Run linting checks
./dev.sh check-all # Run all checksWe welcome contributions! Please see our Contributing Guidelines for details.
- Telegram: Join our community
- Issues: GitHub Issues
When reporting issues, please include:
- Example name and version
- Steps to reproduce
- Expected vs actual behavior
- Relevant logs and error messages
This project is licensed under the Apache 2.0 License - see the LICENSE file for details.