Networking#

Warning

Setting up networking for OSMO requires cloud networking experience, including:

  • Creating and managing SSL/TLS certificates

  • Configuring DNS records and CNAMEs

  • Associating certificates with load balancers

Please work with IT admins and DevOps team or refer to the cloud provider guides below.

Requirements#

OSMO Gateway

The OSMO Gateway (Envoy) is deployed automatically as part of the service chart. It handles traffic routing, authentication, and load balancing.

Required for: External access to OSMO services

Domain and Certificate

Requirements:

  • Fully Qualified Domain Name (FQDN) for your OSMO instance

  • Valid SSL/TLS certificate for your domain

Example: osmo.example.com

DNS Configuration

Configure DNS CNAME record pointing your FQDN to the OSMO Gateway’s LoadBalancer external IP.

Required for: Domain name resolution

Identity provider (optional)

If using an external IdP for browser SSO (e.g. Microsoft Entra ID, Google), ensure the OSMO service hostname has a dedicated FQDN and certificate. The IdP redirect URI will point to this host.

Example: https://<your-domain>/api/auth/getAToken

Port Forwarding (Optional)

FQDN and certificate for wildcard subdomain for UI port forwarding.

Example: *.osmo.example.com

../../_images/network_components.svg

See also

CSP (Cloud Service Provider) Networking Guides:

CSP

DNS Management

Certificate Management

Load Balancer

AWS

Route 53 for DNS

AWS Certificate Manager

ELB Certificate Management

Azure

Azure DNS

Azure Certificates

Application Gateway SSL

GCP

Cloud DNS

Certificate Manager

Load Balancer SSL

On this page