Domain Configuration

Required Config

The following must be configured:

  • Environment Variables
  • Helm
  • DNS
  • CORS

Env Variables

The following URLs are required to have the Fully Qualified Domain Name.

e.g. This should include the http and ending slash, e.g. https://localhost:8085/


For example



Must set the diffgramDomain e.g.

diffgramDomain =

DNS Config

The domain name must have A records configured to point at your IP.

< enter your domain >A360< enter your IP >

For example:


TLS Ingress Config

In helm ingress.yaml, an Ingress is defined. In the spec, TLS hosts and rules are defined.

By default Diffgram uses and issuer-local which then becomes letsencrypt. In this context, so long as a diffgramDomain is defined, then it will automatically generate the certificate and no additional work should be required for default installs.

Check TLS is ready

Run kubectl get certificates -n diffgram-production (with your correct namespace)

If the TLS is not ready then check the cert-manager logs, e.g.

kubectl logs cert-manager-pod-name-replace-your-podname

(replacing the cert-manager-pod-name-replace-your-podname with the correct pod name.)

Enable additional domains (rabbitmq)

If you want to use an additional domain, such as www. or enable the UI for secondary services, like rabbitmq, then you will need to add those hosts to the hosts spec.

Note that any hosts defined here that are not set up correctly in your DNS will cause cert-manager/controller/challenges "msg"="propagation check failed" "error"="failed to perform self check. If you see solver items in the ingress view or have these errors, then check that that the host defined here aligns with your DNS, and there are no additional hosts listed that are missing from your DNS.

Example adding Rabbit UI


Add your Diffgram domain as an allowed origin in your Storage bucket.

This will prevent CORS issues when loading certain files.

See Fix: CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.