Configure HTTPS for LightBeam Endpoint FQDN Standalone deployment
PreviousSecuring LightBeam on EKS with AWS Certificate Manager on Elastic Load BalancerNextUsing Custom Certificates with LightBeam
Last updated
Last updated
To configure the valid certificate for the ingress endpoint's host/IP address, a valid domain is essential. This domain will be utilized to create a subdomain for the Lightbeam endpoint.
Currently, the deployment utilizes cert-manager which in turn uses Let’s Encrypt to generate valid certificates for the provided domain. If users already possess valid certificates, a Kubernetes (k8s) secret must be created and configured for the ingress generated by the Lightbeam cluster.
Lightbeam App has been deployed on an EC2 instance and is accessible via its public IP address.
An FQDN has been acquired following the addition of DNS records in Route53.
Lightbeam App can be accessed via its FQDN over HTTP.
Let's encrypt performs HTTP-01 challenge which can only be done on port 80. Ref
Access the Kubernetes cluster.
Add the cert-manager helm repository using the command:
Install cert-manager using the command:
Create the cluster issuer. Generate the cluster-issuer.yaml spec as follows:
Apply the spec with:
Modify the Lightbeam Common ConfigMap named lightbeam-common-configmap using the command below
Update the AUTH_BASE_URL field with the appropriate URL in the format https://FQDN
Edit the deployed Lightbeam ingress. The ingress name is lightbeam-ingress-auth-svc. Use the command:
Add the following annotations:
cert-manager.io/cluster-issuer: lb-letsencrypt-prod
kubernetes.io/tls-acme: "true"
konghq.com/protocols: "https"
konghq.com/https-redirect-status-code: "301"
acme.cert-manager.io/http01-edit-in-place: "true"
Add the host to the rules:
Update the spec section:
Add the tls section:
The complete Ingress spec will resemble:
Update lightbeam service file if applicable:
Add the port 443 to be port-forwarded in the /usr/local/bin/lightbeam.sh file.
Restart lightbeam service
Restart lightbeam api gateway pod
Subsequently, the ingress address must be configured in the DNS settings of the domain's registrar, such as GoDaddy or Route53.
Now, the Lightbeam GUI is accessible at the endpoint: https://sub-domain.domain-name
LightBeam automates Privacy, Security, and AI Governance, so businesses can accelerate their growth in new markets. Leveraging generative AI, LightBeam has rapidly gained customers’ trust by pioneering a unique privacy-centric and automation-first approach to security. Unlike siloed solutions, LightBeam ties together sensitive data cataloging, control, and compliance across structured and unstructured data applications providing 360-visibility, redaction, self-service DSRs, and automated ROPA reporting ensuring ultimate protection against ransomware and accidental exposures while meeting data privacy obligations efficiently. LightBeam is on a mission to create a secure privacy-first world helping customers automate compliance against a patchwork of existing and emerging regulations.
For any questions or suggestions, please get in touch with us at: .