Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This document is OUTDATED.

Need to updated with latest design for setting up HTTPS

Bahmni EKS clusters out of box comes with Kubernetes Ingress Controller Fake Certificate. End-to-end TLS encyprtion is required in order to ensure our channel / data transmission is encrypted and in addition its equally important for regularity requirements like PCI and HIPPA etc.

...

  • The certificate should be issues in us-east-1 (Virginia) in order to be used by CloudFront

  • Use wild card to support the same certificate by sub domains or list all your domains with sub domains e.g.*.mybahmni.in (note that single * would only support single subdomain, if you have multiple subdomains such as sub1.sub2.example.com, then you would need to add multiple wildcards *.*.example.com)

...

Once the certificate is Issued, go inside the certificate and "Create Record in Route 53" under Domains to create CNAME(s) for the issued domain(s) in Route53

...

  1. Create a new CloudFront distribution

  2. Origin domain: ingress host where the application is available e.g. lite.eks.mybahmni.in

  3. Select “HTTP only” under protocol

  4. Select “Redirect HTTP to HTTPS” under Viewer protocol policy

  5. Select “GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE” under Allowed HTTP methods

  6. Under Alternate domain name (CNAME) - add the domain Alias for this CloudFront e.g. lite.mybahmni.in (its important to add the Alternate domain name with matching alias name otherwise the CloudFront distribution would not show up while creating the A record in Route53)

  7. Under Custom SSL certificate - choose the certificate created in step #1

...