Merge remote-tracking branch 'origin/master' into feature/envoy

2025-05-18 19:47:22 +02:00 · 2020-05-08 11:17:30 -06:00 · 2020-05-08 11:17:30 -06:00 · 02615b8b6c
commit 02615b8b6c
parent 99e788a9b4
48 changed files with 1283 additions and 561 deletions
--- a/docs/configuration/examples/config/config.example.env
+++ b/docs/configuration/examples/config/config.example.env
@ -15,10 +15,12 @@ export AUTHENTICATE_SERVICE_URL=https://authenticate.corp.beyondperimeter.com

 # Certificates can be loaded as files or base64 encoded bytes.
 # See : https://www.pomerium.io/docs/reference/certificates
-export CERTIFICATE_FILE="$HOME/.acme.sh/*.corp.beyondperimeter.com_ecc/fullchain.cer"                      # optional, defaults to `./cert.pem`
-export CERTIFICATE_KEY_FILE="$HOME/.acme.sh/*.corp.beyondperimeter.com_ecc/*.corp.beyondperimeter.com.key" # optional, defaults to `./certprivkey.pem`
-# export CERTIFICATE="xxxxxx"                 # base64 encoded cert, eg. `base64 -i cert.pem`
-# export CERTIFICATE_KEY="xxxx"               # base64 encoded key, eg. `base64 -i privkey.pem`
+export AUTOCERT=TRUE # Use Let's Encrypt to fetch certs. Port 80/443 must be internet accessible.
+# export AUTOCERT_DIR="./certs" # The path where you want to place your certificates
+# export CERTIFICATE_FILE="xxxx"      # optional, defaults to `./cert.pem`
+# export CERTIFICATE_KEY_FILE="xxx" # optional, defaults to `./certprivkey.pem`
+# export CERTIFICATE="xxx"          # base64 encoded cert, eg. `base64 -i cert.pem`
+# export CERTIFICATE_KEY="xxx"      # base64 encoded key, eg. `base64 -i privkey.pem`

 # Generate 256 bit random keys  e.g. `head -c32 /dev/urandom | base64`
 export SHARED_SECRET="$(head -c32 /dev/urandom | base64)"