Sealights HTTPS Collector

The Sealights HTTPS Collector is deployed on-premise to support lightweight versions of other Sealights agents (e.g., browser agent) or for Lambda-based applications. Acting as middleware, it aggregates metadata or coverage data in transit, improving performance and reducing bandwidth usage when the default listener cannot communicate directly with Sealights backend services.

The on-premise agent functions solely as a proxy, facilitating communication without capturing data independently. It enhances performance, reduces latency issues, minimizes outbound connections to Sealights servers, and serves as a local cache. All agent requests are stored in memory and do not persist on disk, enabling better security auditing for customers by routing all traffic to the Sealights backend via the collector.

All communications must be encrypted via TLS v1.2/1.3 according to the latest SSL security policy to safeguard network traffic. Supported cipher suites include:

  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256

The TLS configuration involves enabling TLS, and if enabled, specifying the certificate and key data or their file paths. Additionally, CA certificates and P12 files with their passwords can be configured. The server must be accessible by Fully Qualified Domain Name (FQDN), and a TLS certificate for the FQDN must be provided.

The following pages will help you in setting up the HTTPS Collector: