Cobrowse.io Docs
  • Getting started
  • SDK Installation
    • Web
    • iOS
    • Android
    • React Native
    • Flutter
    • .NET Mobile
    • macOS
    • Windows
  • SDK Features
    • Account config
    • Identify your devices
    • Use 6-digit codes
    • Redact sensitive data
    • Viewing PDFs
    • Universal Cobrowse
    • Customize the interface
      • Active session controls
      • 6-digit code screen
      • User consent dialog
      • Remote control consent dialog
      • Full device consent dialog
      • Localization / translation
    • Initiate sessions with push
    • Listening for events
    • Full device capabilities
      • Full device screen sharing
      • Full device remote control
      • Managing full device mode
    • Advanced configuration
      • Starting and stopping the SDK
      • Declaring capabilities
      • Intercepting mobile SDK network requests
      • Web
        • IFrames support
        • IE 11 polyfills
        • Cross-domain session support
        • Ignore Views
      • iOS
        • Alternate render method
        • Custom touch handling
      • Android
        • Backporting TLS to older Android versions
  • Agent-side integrations
    • Agent-side overview
    • Platform integrations
      • Zendesk
      • Salesforce
        • Migrating from legacy to v2
        • Salesforce (Legacy)
      • Genesys
        • Genesys Cloud
        • Engage Workspace Web Edition (WWE)
        • Engage Workspace Desktop Edition (WDE)
      • Intercom
      • Freshworks
      • Talkdesk
      • NICE
    • Custom integrations
    • Agent SDK
      • API Reference
      • Sample code snippets
    • Authentication (JWTs)
      • JWT Policies
    • Authentication (SAML 2.0)
    • IFrame embeds
  • Enterprise self-hosting
    • Self-hosting overview
    • Docker Compose
    • Helm chart
      • Image Pull Secret
      • Environment Variables
      • Optional recording components
      • Pod Annotations
    • AWS terraform
      • AWS metrics configuration
    • Azure terraform
      • Azure metrics configuration
    • GCP terraform
      • GCP metrics configuration
    • Sizing guidelines
    • Running your instance
      • Adding a superuser
      • Limiting account creation
      • Limiting magic link recipients
      • Configuring SMTP
      • Managing your deployment
    • Monitoring your instance
      • Available metrics
      • Self-Hosted Prometheus
    • Advanced configuration
      • Air gap configuration
      • Pin web SDK version
      • L7 firewall configuration
      • Docker proxy configuration
    • Troubleshooting
Powered by GitBook
On this page
  • Docker images
  • Database storage

Was this helpful?

  1. Enterprise self-hosting
  2. Advanced configuration

Air gap configuration

Learn how to install Cobrowse Enterprise with an air gap configuration, isolated from public internet and untrusted local networks.

PreviousAdvanced configurationNextPin web SDK version

Last updated 1 year ago

Was this helpful?

Cobrowse Enterprise can be installed with an air gap configuration, isolated from public internet and untrusted local networks.

This document contains the extra steps you will have to take to ensure your installation works in an isolated network.

Enterprise license checking

Cobrowse Enterprise does not require an internet connection to validate your enterprise license, therefore there are no steps needed in an isolated environment.

Docker images

Cobrowse is distributed using docker container images. You will need to pull these images and make them available within the isolated network. There are some options available to accomplish this:

  • Use a and use docker push to populate its images

  • Use a

By default, the Cobrowse Enterprise helm chart references repository ghcr.io/cobrowseio to fetch images. After making your images available internally, you can override the image.repo helm value to change the repository images are pulled from. For example:

# values.yml

# Fetch containers from repo docker.internal (e.g., 
# "docker.internal/cobrowse-api-enterprise:1.2.3")
image:
  repo: "docker.internal"
  
# Or, fetch containers from host machine (e.g., "cobrowse-api-enterprise:1.2.3")
image:
  repo: ""

If your internal docker repository requires credentials, you should manage your own docker pull credentials using kubernetes' standard dockerconfigjson functionality.

kubectl create secret docker-registry cobrowse-docker-cfg --docker-server=<server url> --docker-username=<username> --docker-password=<password> --docker-email=<email>

Please consult your docker registry documentation for what values should be used for the docker server, username, password and email address.

Database storage

Cobrowse requires a MongoDB-compatible database for storing its data. You will need to install a MongoDB (or compatible, such as AWS DocumentDB) database accessible from your isolated network.

To manage your own credentials, first ensure you do not set an imageCredentials.password helm value in your deployment. Then you should create a standard kubernetes docker registry secret named cobrowse-docker-cfg (replace cobrowse with your helm release name if you've changed it) with your registry credentials. Instructions on how to do this is using kubectl are located in the . For example:

self-hosted docker registry
docker save/load strategy
kubernetes documentation