pretix on Ubuntu 24.04 on Azure User Guide
Overview
pretix is a leading open source platform for selling event tickets and managing registrations. From an ordinary browser you can build a public ticket shop and checkout, create products and quotas, manage orders, payments, vouchers and check in, and run the whole organizer backend for conferences, concerts and meetups. The cloudimg image ships the open source pretix 2026.6.0 (Apache 2.0) installed the official manual way into a Python 3.12 virtual environment, served by gunicorn behind an nginx reverse proxy on port 80, with a Celery background worker, on a hardened, fully patched Ubuntu 24.04 LTS base. A bundled local PostgreSQL 16 database and a local Redis (cache, sessions and the Celery broker) make the appliance complete and useful on its own. gunicorn listens only on the loopback interface (127.0.0.1:8345), PostgreSQL only on 127.0.0.1:5432 and Redis only on 127.0.0.1:6379, with the entire datastore kept on a dedicated Azure data disk. A unique administrator password, a unique database password and a unique Django secret are all generated on the first boot of every VM, and the well known default login is rotated away. Backed by 24/7 cloudimg support.
What is included:
- pretix open source 2026.6.0 (Apache 2.0) in a Python 3.12 venv, served by gunicorn under systemd
- A Celery background worker (
pretix-worker) plus a periodic task timer for cart expiry, mails and invoices - A bundled PostgreSQL 16 database and a local Redis, already installed and ready
- The pretix organizer backend and public ticket shop on
:80behind an nginx reverse proxy - A per VM administrator login generated on first boot and recorded in a root only file
- The well known default login (
admin@localhost/admin) rotated away and rejected on every VM - A per VM Django secret and a per VM PostgreSQL password generated on first boot, never baked into the image
- gunicorn bound to
127.0.0.1:8345, PostgreSQL to127.0.0.1:5432and Redis to127.0.0.1:6379, never exposed - A dedicated Azure data disk holding the PostgreSQL datadir and the pretix data directory (media and secret)
- A ready to use demo organizer and event ("Demo Conference 2026") with example ticket products
postgresql@16-main,redis-server,pretix-web,pretix-workerandnginxas enabled systemd units- An unauthenticated
/healthzendpoint for Azure Load Balancer health probes - 24/7 cloudimg support
Prerequisites
An active Azure subscription, an SSH key pair, and a VNet plus subnet in the target region. Standard_D2s_v4 (2 vCPU / 8 GiB RAM) is a sensible starting point; size up for heavier traffic or larger events. NSG inbound: allow 22/tcp from your management network and 80/tcp (and 443/tcp once you add TLS) for the web application. pretix serves plain HTTP on port 80 out of the box; for production, terminate TLS in front of it with your own domain. The bundled PostgreSQL and Redis are never exposed: they listen on 127.0.0.1 only, so ports 5432 and 6379 stay off the network, as does the gunicorn port 8345.
Step 1 - Deploy from the Azure Marketplace
Sign in to the Azure Portal, choose Create a resource, search the Marketplace for pretix by cloudimg, and select Create. On Basics pick your subscription, resource group, region and size; under Administrator account choose SSH public key and paste your key; under Inbound port rules allow SSH (22) and HTTP (80). Review the dedicated data disk on the Disks tab, then Review + create then Create.
Step 2 - Deploy from the Azure CLI
az vm create \
--resource-group <your-rg> \
--name pretix \
--image <marketplace-image-urn> \
--size Standard_D2s_v4 \
--admin-username azureuser \
--generate-ssh-keys \
--public-ip-sku Standard
Then open port 80 to the web application:
az vm open-port --resource-group <your-rg> --name pretix --port 80
Step 3 - Confirm the services are running
SSH in as azureuser and confirm PostgreSQL, Redis, the pretix web and worker services and nginx are all active. Note that PostgreSQL listens only on 127.0.0.1:5432, Redis only on 127.0.0.1:6379 and gunicorn only on 127.0.0.1:8345, while nginx serves the web application on port 80.
systemctl is-active postgresql@16-main redis-server pretix-web pretix-worker nginx
ss -tlnp | grep -E ':80 |:8345 |:5432 |:6379 ' | sed 's/ */ /g'
Step 4 - Retrieve the per VM administrator login
Every VM generates its own pretix administrator password on first boot and writes it, along with the login e-mail and URL, to a root only credentials file. Read it with sudo:
sudo cat /root/pretix-credentials.txt
You sign in to the pretix control panel as admin@localhost with the PRETIX_ADMIN_PASSWORD from this file. The well known default password admin has been rotated away and is rejected. On the box itself you can also run sudo -u postgres psql -d pretix to reach the database directly over the local socket without a password.
Step 5 - Sign in to the organizer backend
Browse to http://<your-vm-public-ip>/control/ and sign in with the e-mail and password from Step 4. The pretix control panel opens the sign in page shown below.

After signing in you land on the dashboard, which lists your upcoming events. The image ships with a ready to use demo organizer and a Demo Conference 2026 event so you can explore straight away.

Step 6 - Manage products and quotas
Open the demo event, then Products, to manage the ticket types on sale. Each product has a name and a default price, and quotas control how many are available. The demo event ships with a Regular Ticket and a Student Ticket backed by a quota of 100. Use Create a new product to add more ticket types, and the Quotas, Categories, Questions, Vouchers and Check-in sections to build out a full event.

Step 7 - Open the public ticket shop
Every live event has a public ticket shop where attendees choose products and check out. The demo event's shop is reachable at http://<your-vm-public-ip>/demo/conf2026/. Attendees pick quantities and add tickets to their cart; a real deployment then takes payment through a configured payment provider.

Step 8 - The rotated default credential and per VM secrets
A fresh pretix installation seeds a well known default administrator, admin@localhost / admin, and generates a Django secret. On the cloudimg image none of these ship in the image: the administrator password, the PostgreSQL password and the Django secret are all regenerated as unique per VM values on the first boot, and the well known default login is rejected. You can prove both facts on the box with the bundled round trip check, which signs in with the per VM password and confirms the default is refused.
sudo bash /usr/local/sbin/pretix-cred-roundtrip.sh
The check prints OK when the per VM administrator authenticates (HTTP 302 to the control panel) and the default admin@localhost / admin is rejected.
Step 9 - Set your own domain
pretix builds absolute URLs from its configured base URL, so the appliance boots with the URL set to the VM public IP as a working evaluation default. Before selling real tickets, set your own domain: edit the url in /etc/pretix/pretix.cfg, add TLS (terminate HTTPS at nginx or an Azure Application Gateway with your certificate), configure a real mail server in the [mail] section for order e-mails, and set up a payment provider. Then restart the services:
sudo sed -i 's#^url=.*#url=https://tickets.yourdomain.com#' /etc/pretix/pretix.cfg
sudo systemctl restart pretix-web pretix-worker nginx
Where your data lives
The pretix application code and virtual environment live on the OS disk under /var/pretix. The complete pretix datastore lives on a dedicated Azure data disk mounted at /var/lib/pretix-data: the PostgreSQL 16 cluster (organizers, events, products, orders and users) under /var/lib/pretix-data/postgresql, and the pretix data directory (uploaded media, generated tickets and the Django secret) under /var/lib/pretix-data/data. Because the data disk is captured into the image and re provisioned with every VM, and is independently resizable, your ticketing data is kept separate from the operating system disk. PostgreSQL and Redis are bound to loopback and are never exposed to the network; for on box maintenance use sudo -u postgres psql -d pretix. For a large scale deployment, move uploaded media to object storage and enlarge the data disk.
Production notes
For production, put your own domain and a TLS certificate in front of pretix by terminating HTTPS at nginx or an Azure Application Gateway, configure a mail server and a payment provider, and restrict the NSG so only the ports you need are open. Real payments require a configured payment provider; no payment method is enabled by default. Take regular backups of the PostgreSQL database and the media directory. Keep the VM patched; the image ships with unattended security upgrades enabled.
Licensing and trademark
This image ships the open source pretix (Apache 2.0), not pretix Hosted or any Enterprise only plugins. cloudimg is not affiliated with or endorsed by rami.io GmbH or the pretix project. pretix is a trademark of its respective owner.
Support
cloudimg provides 24/7 support for this image. Contact support@cloudimg.co.uk for help with deployment, configuration or scaling.