Advanced Docker configuration for Devolutions Server

On this page

, This article covers advanced configuration options for Devolutions Server's Docker deployment, including complete environment variable reference, certificate management, performance tuning, and security hardening.

Environment variables reference

Database connection variables

Variable Required Default Description
DATABASE_HOST Yes SQL Server hostname. For non-standard ports, use host,port format (e.g., sql.example.com,1433).
AZURE_SQL_HOST Yes* Alias for DATABASE_HOST (Azure-specific naming).
DATABASE_NAME Yes Devolutions Server database name.
AZURE_SQL_DATABASE Yes* Alias for DATABASE_NAME.
DATABASE_USERNAME Yes SQL authentication username (use least-privilege account with db_owner on Devolutions Server database).
AZURE_SQL_USERNAME Yes* Alias for DATABASE_USERNAME.
DATABASE_PASSWORD Yes SQL authentication password (treat as secret, use Docker secrets or Azure Key Vault).
AZURE_SQL_PASSWORD Yes* Alias for DATABASE_PASSWORD.
DATABASE_PORT No 1433 SQL Server port (appended to host if not already specified in DATABASE_HOST).
AZURE_SQL_PORT No 1433 Alias for DATABASE_PORT.
DATABASE_ENCRYPT No false Set to true to encrypt the SQL Server connection (TLS). Required when the SQL Server enforces encryption. Read on every container start — pass it on every docker run.
DATABASE_TRUST_SERVER_CERTIFICATE No false Set to true to trust the SQL Server's certificate without validation. Use with DATABASE_ENCRYPT=true when the server presents a self-signed certificate (e.g. SQL Server 2022 in a container).

Variables marked with * are aliases. Use either the standard or Azure-specific naming, not both.

Web server configuration

Variable Required Default Description
HOSTNAME No localhost Server hostname (overridden by WEBSITE_HOSTNAME on Azure).
WEB_SCHEME No http Protocol: http or https. Set to https to enable TLS.
WEB_PORT / PORT No 5000 Port the container listens on.
EXTERNAL_WEB_SCHEME No Mirrors WEB_SCHEME External protocol when behind reverse proxy (e.g., https when proxy handles TLS).
EXTERNAL_WEB_PORT No Mirrors WEB_PORT External port when behind reverse proxy (e.g., 443 for standard HTTPS).

TLS certificate configuration

Variable Required Default Description
TLS_CERTIFICATE_FILE No* Path to mounted PEM certificate file (e.g., /opt/devolutions/dvls/certs/server.pem)
TLS_PRIVATE_KEY_FILE No* Path to mounted PEM private key file (e.g., /opt/devolutions/dvls/certs/server.key)
TLS_CERTIFICATE_B64 No* Base64-encoded certificate content (written to App_Data/server.pem)
TLS_PRIVATE_KEY_B64 No* Base64-encoded private key content (written to App_Data/server.key)

If WEB_SCHEME=https and no certificate is provided, a self-signed certificate is auto-generated (valid ~5 years, 2048-bit RSA). Use file mounts or base64 variables for production certificates.

Operating mode configuration

DVLS_INIT and DVLS_UPDATE_MODE are mutually exclusive. Setting both to true will cause an error.

Variable Required Default Description
DVLS_INIT No false Set to true to run initialization mode (creates schema, admin user, then exits).
DVLS_UPDATE_MODE No false Set to true to run update mode (backs up, migrates database, then exits).
DVLS_BACKUP_PATH No /tmp/dvls-backup Backup location during updates (mount volume to persist backups).

Initialization mode variables

These variables are only used during initialization (DVLS_INIT=true):

Variable Required Default Description
DVLS_ADMIN_USERNAME No dvls-admin Admin account username created during initialization.
DVLS_ADMIN_PASSWORD No dvls-admin Admin account password. MUST be changed in production!
DVLS_ADMIN_EMAIL No admin@<HOSTNAME> Admin account email address

System configuration

Variable Required Default Description
DVLS_PATH No /opt/devolutions/dvls Installation root path (appsettings and App_Data location).
DVLS_EXECUTABLE_PATH No /opt/devolutions/dvls/Devolutions.Server Devolutions Server executable path in runtime mode.
DVLS_TELEMETRY No true Enable/disable telemetry collection.
DVLS_ENCRYPTION_CONFIG_B64 No Base64-encoded encryption configuration (required for consistent encryption across scaled instances).

SSH Access Configuration

Variable Required Default Description
SSH_ENABLED No false Enable SSH daemon for debugging (auto-enabled on Azure unless explicitly disabled),
SSH_PORT No 2222 SSH listen port (publish with -p 2222:2222),
SSH_PASSWORD Yes* Docker! Root password for SSH (REQUIRED if SSH_ENABLED=true, MUST be changed in production!

If SSH_ENABLED=true without SSH_PASSWORD, the container will refuse to start for security reasons.

Azure Web App variables

These variables are automatically set by Azure App Service:

Variable Set By Description
WEBSITE_HOSTNAME Azure Overrides HOSTNAME (e.g., dvls-prod.azurewebsites.net)
WEBSITE_INSTANCE_ID Azure Presence forces EXTERNAL_WEB_SCHEME=https and EXTERNAL_WEB_PORT=443, auto-enables SSH

TLS certificate configuration

Auto-generated self-signed certificate

When WEB_SCHEME=https without certificate variables, Devolutions Server generates a self-signed certificate (valid ~5 years, 2048-bit RSA, CN=hostname):

docker run -d --name dvls-server `
  -e DATABASE_HOST=your-sql-server `
  -e DATABASE_NAME=dvls `
  -e DATABASE_USERNAME=dvls_user `
  -e DATABASE_PASSWORD='YourPassword!' `
  -e HOSTNAME=localhost `
  -e WEB_SCHEME=https `
  -e PORT=5000 `
  -p 5000:5000 `
  devolutions/devolutions-server:release-2025.3

docker run -d --name dvls-server \
  -e DATABASE_HOST=your-sql-server \
  -e DATABASE_NAME=dvls \
  -e DATABASE_USERNAME=dvls_user \
  -e DATABASE_PASSWORD='YourPassword!' \
  -e HOSTNAME=localhost \
  -e WEB_SCHEME=https \
  -e PORT=5000 \
  -p 5000:5000 \
  devolutions/devolutions-server:release-2025.3

docker run -d --name dvls-server \
  -e DATABASE_HOST=your-sql-server \
  -e DATABASE_NAME=dvls \
  -e DATABASE_USERNAME=dvls_user \
  -e DATABASE_PASSWORD='YourPassword!' \
  -e HOSTNAME=localhost \
  -e WEB_SCHEME=https \
  -e PORT=5000 \
  -p 5000:5000 \
  devolutions/devolutions-server:release-2025.3

For development and testing only. Browsers will show security warnings.

Certificate files via volume mount

Mount certificate files from the host:

mkdir -p /host/certs
cp /path/to/server.pem /host/certs/
cp /path/to/server.key /host/certs/
chmod 600 /host/certs/server.key

docker run -d --name dvls-server `
  -e DATABASE_HOST=your-sql-server `
  -e DATABASE_NAME=dvls `
  -e DATABASE_USERNAME=dvls_user `
  -e DATABASE_PASSWORD='YourPassword!' `
  -e HOSTNAME=devolutions-server.company.com `
  -e WEB_SCHEME=https `
  -e PORT=5000 `
  -e TLS_CERTIFICATE_FILE=/opt/devolutions/dvls/certs/server.pem `
  -e TLS_PRIVATE_KEY_FILE=/opt/devolutions/dvls/certs/server.key `
  -p 5000:5000 `
  -v /host/certs:/opt/devolutions/dvls/certs:ro `
  devolutions/devolutions-server:release-20XX.X

mkdir -p /host/certs
cp /path/to/server.pem /host/certs/
cp /path/to/server.key /host/certs/
chmod 600 /host/certs/server.key

docker run -d --name dvls-server \
  -e DATABASE_HOST=your-sql-server \
  -e DATABASE_NAME=dvls \
  -e DATABASE_USERNAME=dvls_user \
  -e DATABASE_PASSWORD='YourPassword!' \
  -e HOSTNAME=devolutions-server.company.com \
  -e WEB_SCHEME=https \
  -e PORT=5000 \
  -e TLS_CERTIFICATE_FILE=/opt/devolutions/dvls/certs/server.pem \
  -e TLS_PRIVATE_KEY_FILE=/opt/devolutions/dvls/certs/server.key \
  -p 5000:5000 \
  -v /host/certs:/opt/devolutions/dvls/certs:ro \
  devolutions/devolutions-server:release-20XX.X

mkdir -p /host/certs
cp /path/to/server.pem /host/certs/
cp /path/to/server.key /host/certs/
chmod 600 /host/certs/server.key

docker run -d --name dvls-server \
  -e DATABASE_HOST=your-sql-server \
  -e DATABASE_NAME=dvls \
  -e DATABASE_USERNAME=dvls_user \
  -e DATABASE_PASSWORD='YourPassword!' \
  -e HOSTNAME=devolutions-server.company.com \
  -e WEB_SCHEME=https \
  -e PORT=5000 \
  -e TLS_CERTIFICATE_FILE=/opt/devolutions/dvls/certs/server.pem \
  -e TLS_PRIVATE_KEY_FILE=/opt/devolutions/dvls/certs/server.key \
  -p 5000:5000 \
  -v /host/certs:/opt/devolutions/dvls/certs:ro \
  devolutions/devolutions-server:release-20XX.X


Certificate format requirements:

  • Certificate: PEM format (.pem, .crt)

  • Private key: PEM format (.key, .pem)

  • Chain: Include intermediate certificates in the certificate file

Example certificate file with chain:

-----BEGIN CERTIFICATE-----
<Your certificate>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<Intermediate CA certificate>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<Root CA certificate>
-----END CERTIFICATE-----

Base64-encoded certificates

Use base64-encoded certificates when working with secrets management systems (Azure Key Vault, Kubernetes Secrets):

cat server.pem | base64 > server.pem.b64
cat server.key | base64 > server.key.b64

docker run -d --name dvls-server `
  -e DATABASE_HOST=your-sql-server `
  -e DATABASE_NAME=dvls `
  -e DATABASE_USERNAME=dvls_user `
  -e DATABASE_PASSWORD='YourPassword!' `
  -e HOSTNAME=devolutions-server.company.com `
  -e WEB_SCHEME=https `
  -e PORT=5000 `
  -e TLS_CERTIFICATE_B64="$(cat server.pem.b64)" `
  -e TLS_PRIVATE_KEY_B64="$(cat server.key.b64)" `
  -p 5000:5000 `
  devolutions/devolutions-server:release-20XX.X

cat server.pem | base64 > server.pem.b64
cat server.key | base64 > server.key.b64

docker run -d --name dvls-server \
  -e DATABASE_HOST=your-sql-server \
  -e DATABASE_NAME=dvls \
  -e DATABASE_USERNAME=dvls_user \
  -e DATABASE_PASSWORD='YourPassword!' \
  -e HOSTNAME=devolutions-server.company.com \
  -e WEB_SCHEME=https \
  -e PORT=5000 \
  -e TLS_CERTIFICATE_B64="$(cat server.pem.b64)" \
  -e TLS_PRIVATE_KEY_B64="$(cat server.key.b64)" \
  -p 5000:5000 \
  devolutions/devolutions-server:release-20XX.X

cat server.pem | base64 > server.pem.b64
cat server.key | base64 > server.key.b64

docker run -d --name dvls-server \
  -e DATABASE_HOST=your-sql-server \
  -e DATABASE_NAME=dvls \
  -e DATABASE_USERNAME=dvls_user \
  -e DATABASE_PASSWORD='YourPassword!' \
  -e HOSTNAME=devolutions-server.company.com \
  -e WEB_SCHEME=https \
  -e PORT=5000 \
  -e TLS_CERTIFICATE_B64="$(cat server.pem.b64)" \
  -e TLS_PRIVATE_KEY_B64="$(cat server.key.b64)" \
  -p 5000:5000 \
  devolutions/devolutions-server:release-20XX.X

Certificate and private key are written to /opt/devolutions/dvls/App_Data/ and referenced in Devolutions Server configuration.

Database configuration

Connection string format

Devolutions Server constructs the SQL Server connection string from environment variables:

Server=<DATABASE_HOST>,<DATABASE_PORT>;Database=<DATABASE_NAME>;User Id=<DATABASE_USERNAME>;Password=<DATABASE_PASSWORD>;Encrypt=<DATABASE_ENCRYPT>;TrustServerCertificate=<DATABASE_TRUST_SERVER_CERTIFICATE>;

Standard port (1433)

-e DATABASE_HOST=sql.example.com `
-e DATABASE_PORT=1433

-e DATABASE_HOST=sql.example.com \
-e DATABASE_PORT=1433

-e DATABASE_HOST=sql.example.com \
-e DATABASE_PORT=1433

Or omit DATABASE_PORT (defaults to 1433):

-e DATABASE_HOST=sql.example.com

-e DATABASE_HOST=sql.example.com

-e DATABASE_HOST=sql.example.com

Non-standard port

Option 1: Include port in hostname:

-e DATABASE_HOST=sql.example.com,1435

-e DATABASE_HOST=sql.example.com,1435

-e DATABASE_HOST=sql.example.com,1435

Option 2: Separate port variable:

-e DATABASE_HOST=sql.example.com `
-e DATABASE_PORT=1435

-e DATABASE_HOST=sql.example.com \
-e DATABASE_PORT=1435

-e DATABASE_HOST=sql.example.com \
-e DATABASE_PORT=1435

Azure SQL database

-e AZURE_SQL_HOST=dvls-sql-server.database.windows.net `
-e AZURE_SQL_DATABASE=dvls `
-e AZURE_SQL_USERNAME=dvls_user@dvls-sql-server `
-e AZURE_SQL_PASSWORD='YourPassword!'

-e AZURE_SQL_HOST=dvls-sql-server.database.windows.net \
-e AZURE_SQL_DATABASE=dvls \
-e AZURE_SQL_USERNAME=dvls_user@dvls-sql-server \
-e AZURE_SQL_PASSWORD='YourPassword!'

-e AZURE_SQL_HOST=dvls-sql-server.database.windows.net \
-e AZURE_SQL_DATABASE=dvls \
-e AZURE_SQL_USERNAME=dvls_user@dvls-sql-server \
-e AZURE_SQL_PASSWORD='YourPassword!'

Encrypted database connection (TLS)

By default, Devolutions Server connects to SQL Server without TLS. If your SQL Server enforces encryption (for example SQL Server 2022, which requires TLS by default, or any instance with "Force Encryption" enabled), the connection will fail unless you enable encryption on the client side.

These variables are read on every container start, not just during initialization. The SQL connection string is regenerated from them on each boot, so pass them on every docker run — initialization, runtime, and update. Omitting them at runtime rewrites the connection string with encryption disabled and the connection will fail.

Scenario Required variables
SQL Server with a CA-trusted certificate DATABASE_ENCRYPT=true
SQL Server with a self-signed certificate (e.g. containerized SQL Server 2022) DATABASE_ENCRYPT=true and DATABASE_TRUST_SERVER_CERTIFICATE=true 
docker run -d --name dvls-server \
  -e DATABASE_HOST=your-sql-server \
  -e DATABASE_NAME=dvls \
  -e DATABASE_USERNAME=dvls_user \
  -e DATABASE_PASSWORD='YourPassword!' \
  -e DATABASE_ENCRYPT=true \
  -e DATABASE_TRUST_SERVER_CERTIFICATE=true \
  -e HOSTNAME=localhost \
  -e WEB_SCHEME=https \
  -e PORT=5000 \
  -e DVLS_ENCRYPTION_CONFIG_B64="$(cat /tmp/encryption.config.b64)" \
  -p 5000:5000 \
  devolutions/devolutions-server:release-20XX.X

Setting DATABASE_TRUST_SERVER_CERTIFICATE=true disables certificate validation. Use it only with self-signed certificates in trusted networks; for production, install a CA-trusted certificate on SQL Server and set only DATABASE_ENCRYPT=true.

SQL Server Authentication vs Windows Authentication

Devolutions Server Docker containers only support SQL Server Authentication (username/password). Windows Authentication (Integrated Security) is not supported in Linux containers.

Reverse proxy configuration

When Devolutions Server runs behind a reverse proxy, nginx ingress, or Azure App Service, configure external URL settings:

docker run -d --name dvls-server `
  -e DATABASE_HOST=your-sql-server `
  -e DATABASE_NAME=dvls `
  -e DATABASE_USERNAME=dvls_user `
  -e DATABASE_PASSWORD='YourPassword!' `
  -e HOSTNAME=devolutions-server.company.com `
  -e WEB_SCHEME=http `
  -e PORT=5000 `
  -e EXTERNAL_WEB_SCHEME=https `
  -e EXTERNAL_WEB_PORT=443 `
  devolutions/devolutions-server:release-20XX.X

docker run -d --name dvls-server \
  -e DATABASE_HOST=your-sql-server \
  -e DATABASE_NAME=dvls \
  -e DATABASE_USERNAME=dvls_user \
  -e DATABASE_PASSWORD='YourPassword!' \
  -e HOSTNAME=devolutions-server.company.com \
  -e WEB_SCHEME=http \
  -e PORT=5000 \
  -e EXTERNAL_WEB_SCHEME=https \
  -e EXTERNAL_WEB_PORT=443 \
  devolutions/devolutions-server:release-20XX.X

docker run -d --name dvls-server \
  -e DATABASE_HOST=your-sql-server \
  -e DATABASE_NAME=dvls \
  -e DATABASE_USERNAME=dvls_user \
  -e DATABASE_PASSWORD='YourPassword!' \
  -e HOSTNAME=devolutions-server.company.com \
  -e WEB_SCHEME=http \
  -e PORT=5000 \
  -e EXTERNAL_WEB_SCHEME=https \
  -e EXTERNAL_WEB_PORT=443 \
  devolutions/devolutions-server:release-20XX.X

Key settings:

  • WEB_SCHEME=http - Container uses HTTP

  • EXTERNAL_WEB_SCHEME=https - Public URL is HTTPS

  • EXTERNAL_WEB_PORT=443 - Standard HTTPS port (omitted in URLs)

  • HOSTNAME=devolutions-server.company.com - Public hostname

Devolutions Server generates URLs like https://devolutions-server.company.com/ in the UI and API responses.

Security hardening

Secrets management

Do NOT hardcode passwords in docker run commands or compose files.

Docker Secrets (Swarm mode)

echo "YourPassword!" | docker secret create dvls_db_password -

docker service create `
  --name dvls-server `
  --secret dvls_db_password `
  -e DATABASE_PASSWORD_FILE=/run/secrets/dvls_db_password `
  ...

echo "YourPassword!" | docker secret create dvls_db_password -

docker service create \
  --name dvls-server \
  --secret dvls_db_password \
  -e DATABASE_PASSWORD_FILE=/run/secrets/dvls_db_password \
  ...

echo "YourPassword!" | docker secret create dvls_db_password -

docker service create \
  --name dvls-server \
  --secret dvls_db_password \
  -e DATABASE_PASSWORD_FILE=/run/secrets/dvls_db_password \
  ...

Environment files

# .env file (keep out of version control)
DATABASE_PASSWORD=YourPassword!
DVLS_ADMIN_PASSWORD=AdminPassword!

docker run -d --name dvls-server `
  --env-file .env `
  -e DATABASE_HOST=your-sql-server `
  ...

# .env file (keep out of version control)
DATABASE_PASSWORD=YourPassword!
DVLS_ADMIN_PASSWORD=AdminPassword!

docker run -d --name dvls-server \
  --env-file .env \
  -e DATABASE_HOST=your-sql-server \
  ...

# .env file (keep out of version control)
DATABASE_PASSWORD=YourPassword!
DVLS_ADMIN_PASSWORD=AdminPassword!

docker run -d --name dvls-server \
  --env-file .env \
  -e DATABASE_HOST=your-sql-server \
  ...

Azure Key Vault

Use Managed Identity to retrieve secrets from Key Vault at runtime. See Devolutions Server deployment to Azure App Service using a container for more details.

Network isolation

Use Docker networks to isolate Devolutions Server:

docker network create dvls-network

docker run -d --name dvls-server `
  --network dvls-network `
  -p 127.0.0.1:5000:5000 `
  -e DATABASE_HOST=sql-server `
  ...

docker network create dvls-network

docker run -d --name dvls-server \
  --network dvls-network \
  -p 127.0.0.1:5000:5000 \
  -e DATABASE_HOST=sql-server \
  ...

docker network create dvls-network

docker run -d --name dvls-server \
  --network dvls-network \
  -p 127.0.0.1:5000:5000 \
  -e DATABASE_HOST=sql-server \
  ...

SSH access

Disable SSH in production unless required for debugging:

-e SSH_ENABLED=false

-e SSH_ENABLED=false

-e SSH_ENABLED=false

If SSH is enabled:

  • Use strong passwords.

  • Change default password.

  • Restrict access with firewall rules.

  • Consider SSH key authentication (requires custom image).

Version updates

Version tagging

  • Images are tagged by release version (e.g., release-2025.3, release-2026.1) and by specific build (e.g., 2025.3.1.0, 2025.3.2.0).

  • No latest tag exists - always specify a version.

  • Minor/patch updates within the same release version are automatically included when pulling the release tag.

  • Database update mode is only required when changing major versions (e.g., release-2025.3release-2026.1).

Version 2026.1 is used for illustration; replace with the actual latest major version when updating.

Major version update

docker pull devolutions/devolutions-server:release-2026.1
docker stop dvls-server

# Run update mode to migrate database
docker run --rm `
  -e DATABASE_HOST=your-sql-server `
  -e DATABASE_NAME=dvls `
  -e DATABASE_USERNAME=dvls_user `
  -e DATABASE_PASSWORD='YourPassword!' `
  -e DVLS_UPDATE_MODE=true `
  -e DVLS_BACKUP_PATH=/backup `
  -e DVLS_ENCRYPTION_CONFIG_B64="$(cat /tmp/encryption.config.b64)" `
  -v dvls-backups:/backup `
  devolutions/devolutions-server:release-2026.1

docker rm dvls-server
docker run -d --name dvls-server `
  -e DATABASE_HOST=your-sql-server `
  -e DATABASE_NAME=dvls `
  -e DATABASE_USERNAME=dvls_user `
  -e DATABASE_PASSWORD='YourPassword!' `
  -e HOSTNAME=localhost `
  -e WEB_SCHEME=https `
  -e PORT=5000 `
  -e DVLS_ENCRYPTION_CONFIG_B64="$(cat /tmp/encryption.config.b64)" `
  -p 5000:5000 `
  devolutions/devolutions-server:release-2026.1

docker pull devolutions/devolutions-server:release-2026.1
docker stop dvls-server

# Run update mode to migrate database
docker run --rm \
  -e DATABASE_HOST=your-sql-server \
  -e DATABASE_NAME=dvls \
  -e DATABASE_USERNAME=dvls_user \
  -e DATABASE_PASSWORD='YourPassword!' \
  -e DVLS_UPDATE_MODE=true \
  -e DVLS_BACKUP_PATH=/backup \
  -e DVLS_ENCRYPTION_CONFIG_B64="$(cat /tmp/encryption.config.b64)" \
  -v dvls-backups:/backup \
  devolutions/devolutions-server:release-2026.1

docker rm dvls-server
docker run -d --name dvls-server \
  -e DATABASE_HOST=your-sql-server \
  -e DATABASE_NAME=dvls \
  -e DATABASE_USERNAME=dvls_user \
  -e DATABASE_PASSWORD='YourPassword!' \
  -e HOSTNAME=localhost \
  -e WEB_SCHEME=https \
  -e PORT=5000 \
  -e DVLS_ENCRYPTION_CONFIG_B64="$(cat /tmp/encryption.config.b64)" \
  -p 5000:5000 \
  devolutions/devolutions-server:release-2026.1

docker pull devolutions/devolutions-server:release-2026.1
docker stop dvls-server

# Run update mode to migrate database
docker run --rm \
  -e DATABASE_HOST=your-sql-server \
  -e DATABASE_NAME=dvls \
  -e DATABASE_USERNAME=dvls_user \
  -e DATABASE_PASSWORD='YourPassword!' \
  -e DVLS_UPDATE_MODE=true \
  -e DVLS_BACKUP_PATH=/backup \
  -e DVLS_ENCRYPTION_CONFIG_B64="$(cat /tmp/encryption.config.b64)" \
  -v dvls-backups:/backup \
  devolutions/devolutions-server:release-2026.1

docker rm dvls-server
docker run -d --name dvls-server \
  -e DATABASE_HOST=your-sql-server \
  -e DATABASE_NAME=dvls \
  -e DATABASE_USERNAME=dvls_user \
  -e DATABASE_PASSWORD='YourPassword!' \
  -e HOSTNAME=localhost \
  -e WEB_SCHEME=https \
  -e PORT=5000 \
  -e DVLS_ENCRYPTION_CONFIG_B64="$(cat /tmp/encryption.config.b64)" \
  -p 5000:5000 \
  devolutions/devolutions-server:release-2026.1

Minor/patch update (e.g., 2025.3.1 to 2025.3.2)

docker pull devolutions/devolutions-server:release-2025.3
docker stop dvls-server
docker rm dvls-server

docker run -d --name dvls-server `
  -e DATABASE_HOST=your-sql-server `
  -e DATABASE_NAME=dvls `
  -e DATABASE_USERNAME=dvls_user `
  -e DATABASE_PASSWORD='YourPassword!' `
  -e HOSTNAME=localhost `
  -e WEB_SCHEME=https `
  -e PORT=5000 `
  -e DVLS_ENCRYPTION_CONFIG_B64="$(cat /tmp/encryption.config.b64)" `
  -p 5000:5000 `
  devolutions/devolutions-server:release-2025.3

docker pull devolutions/devolutions-server:release-2025.3
docker stop dvls-server
docker rm dvls-server

docker run -d --name dvls-server \
  -e DATABASE_HOST=your-sql-server \
  -e DATABASE_NAME=dvls \
  -e DATABASE_USERNAME=dvls_user \
  -e DATABASE_PASSWORD='YourPassword!' \
  -e HOSTNAME=localhost \
  -e WEB_SCHEME=https \
  -e PORT=5000 \
  -e DVLS_ENCRYPTION_CONFIG_B64="$(cat /tmp/encryption.config.b64)" \
  -p 5000:5000 \
  devolutions/devolutions-server:release-2025.3

docker pull devolutions/devolutions-server:release-2025.3
docker stop dvls-server
docker rm dvls-server

docker run -d --name dvls-server \
  -e DATABASE_HOST=your-sql-server \
  -e DATABASE_NAME=dvls \
  -e DATABASE_USERNAME=dvls_user \
  -e DATABASE_PASSWORD='YourPassword!' \
  -e HOSTNAME=localhost \
  -e WEB_SCHEME=https \
  -e PORT=5000 \
  -e DVLS_ENCRYPTION_CONFIG_B64="$(cat /tmp/encryption.config.b64)" \
  -p 5000:5000 \
  devolutions/devolutions-server:release-2025.3

Security checklist

Consult Devolutions Server security hardening for:

  • Administration accounts settings

  • Password policies

  • Multifactor authentication

  • IP restrictions

  • Audit logging

  • Encryption settings

See also

Devolutions Forum logo Share your feedback