diff --git a/docs/.vuepress/config.js b/docs/.vuepress/config.js index 13d546b7f..3bbe16cd2 100644 --- a/docs/.vuepress/config.js +++ b/docs/.vuepress/config.js @@ -45,7 +45,6 @@ module.exports = { { text: "Configuration", link: "/configuration/" }, { text: "Recipes", link: "/recipes/" }, { text: "Enterprise", link: "/enterprise/" }, - { text: "v0.8.x", // current tagged version ariaLabel: "Version menu", diff --git a/docs/configuration/examples.md b/docs/configuration/examples.md index ae6f75f76..b71fa3e88 100644 --- a/docs/configuration/examples.md +++ b/docs/configuration/examples.md @@ -5,7 +5,6 @@ sidebarDepth: 2 meta: - name: keywords content: pomerium community help bugs updates features - description: >- This document describes how you users can stay up to date with pomerium, report issues, get help, and suggest new features. @@ -86,15 +85,15 @@ Customize for your identity provider run `docker-compose up -f nginx.docker-comp - Uses Google Kubernetes Engine's built-in ingress to do [HTTPS load balancing] -<<< @/scripts/helm_gke.sh +<<< @/docs/configuration/examples/helm/helm_gke.sh ### AWS ECS - Uses Amazon Elastic Container Service -<<< @/scripts/helm_aws.sh +<<< @/docs/configuration/examples/helm/helm_aws.sh -## Kubernetes +### Kubernetes - Uses Google Kubernetes Engine's built-in ingress to do [HTTPS load balancing] - HTTPS (TLS) between client, load balancer, and services diff --git a/scripts/helm_aws.sh b/docs/configuration/examples/helm/helm_aws.sh similarity index 100% rename from scripts/helm_aws.sh rename to docs/configuration/examples/helm/helm_aws.sh diff --git a/scripts/helm_gke.sh b/docs/configuration/examples/helm/helm_gke.sh similarity index 100% rename from scripts/helm_gke.sh rename to docs/configuration/examples/helm/helm_gke.sh diff --git a/docs/configuration/readme.md b/docs/configuration/readme.md index 54a9d885b..e11345f58 100644 --- a/docs/configuration/readme.md +++ b/docs/configuration/readme.md @@ -134,7 +134,7 @@ Pomerium should _never_ be exposed to the internet without TLS encryption. - Type: `bool` - Optional -Turning on autocert allows Pomerium to automatically retrieve, manage, and renew public facing TLS certificates from [Let's Encrypt][letsencrypt] for each of your managed pomerium routes as well as for the authenticate service. This setting must be used in conjunction with `Certificate Folder` as Autocert must have a place to persist, and share certificate data between services. Provides [OCSP stapling](https://en.wikipedia.org/wiki/OCSP_stapling). +Turning on autocert allows Pomerium to automatically retrieve, manage, and renew public facing TLS certificates from [Let's Encrypt][letsencrypt] for each of your managed pomerium routes as well as for the authenticate service. This setting must be used in conjunction with [Autocert Directory](./#autocert-directory) as Autocert must have a place to persist, and share certificate data between services. Provides [OCSP stapling](https://en.wikipedia.org/wiki/OCSP_stapling). This setting can be useful in a situation where you do not have Pomerium behind a TLS terminating ingress or proxy that is already handling your public certificates on your behalf. @@ -146,7 +146,7 @@ By using autocert, you agree to the [Let's Encrypt Subscriber Agreement](https:/ :::warning -Autocert requires that port `443` be accessible from the internet in order to complete a [TLS-ALPN-01 challenge](https://letsencrypt.org/docs/challenge-types/#tls-alpn-01). +Autocert requires that ports `80`/`443` be accessible from the internet in order to complete a [TLS-ALPN-01 challenge](https://letsencrypt.org/docs/challenge-types/#tls-alpn-01). ::: @@ -155,7 +155,7 @@ Autocert requires that port `443` be accessible from the internet in order to co - Environmental Variable: either `AUTOCERT_DIR` - Config File Key: `autocert_dir` - Type: `string` pointing to the path of the directory -- Required if using Autocert setting +- Required if using [Autocert](./#autocert) setting - Default: - `/data/autocert` in published Pomerium docker images @@ -1015,7 +1015,7 @@ If no certificate is specified, one will be generated for you and the base64'd p [base64 encoded]: https://en.wikipedia.org/wiki/Base64 [environmental variables]: https://en.wikipedia.org/wiki/Environment_variable -[identity provider]: ../docs/identity-providers.md +[identity provider]: ../docs/identity-providers/ [json]: https://en.wikipedia.org/wiki/JSON [letsencrypt]: https://letsencrypt.org/ [oidc rfc]: https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest diff --git a/docs/docs/quick-start/from-source.md b/docs/docs/quick-start/from-source.md index b5632a04d..9fbf7335f 100644 --- a/docs/docs/quick-start/from-source.md +++ b/docs/docs/quick-start/from-source.md @@ -73,6 +73,6 @@ Browse to `httpbin.localhost.pomerium.io`. Connections between you and [httpbin] [configuration variables]: ../../configuration/readme.md [httpbin]: https://httpbin.org/ -[identity provider]: ../docs/identity-providers/ +[identity provider]: ../identity-providers/ [make]: https://en.wikipedia.org/wiki/Make_(software) [tls certificates]: ../reference/certificates.md diff --git a/docs/docs/quick-start/helm.md b/docs/docs/quick-start/helm.md index e0ccc0a55..ab942613a 100644 --- a/docs/docs/quick-start/helm.md +++ b/docs/docs/quick-start/helm.md @@ -25,13 +25,12 @@ In addition to sharing many of the same features as the Kubernetes quickstart gu ## Configure -Download and modify the following [helm_gke.sh script][./scripts/helm_gke.sh] and [values file][/docs/configuration/examples/kubernetes/values.yaml] to match your [identity provider] and [TLS certificates] settings. +Download and modify the following helm_gke.sh script and values file to match your [identity provider] and [TLS certificates] settings. + +<<<@/docs/configuration/examples/helm/helm_gke.sh <<<@/docs/configuration/examples/kubernetes/values.yaml -<<<@/scripts/helm_gke.sh - - ## Run Run [./scripts/helm_gke.sh] which will: diff --git a/docs/docs/reference/certificates.md b/docs/docs/reference/certificates.md index 804cfc7b6..3b6970b6c 100644 --- a/docs/docs/reference/certificates.md +++ b/docs/docs/reference/certificates.md @@ -44,6 +44,8 @@ Pomerium itself can be used to retrieve, manage, and renew certificates certific autocert: true ``` +See the [Autocert] and [Autocert Directory] settings for more details. + ### Self-signed wildcard certificate In production, we'd use a public certificate authority such as LetsEncrypt. But for a local proof of concept or for development, we can use [mkcert](https://mkcert.dev/) to make locally trusted development certificates with any names you'd like. The easiest, is probably to use `*.localhost.pomerium.io` which we've already pre-configured to point back to localhost. @@ -98,6 +100,8 @@ Certificates, TLS, and Public Key Cryptography is a vast subject we cannot adequ - [Use TLS](https://smallstep.com/blog/use-tls.html) covers why TLS should be used everywhere; not just for securing typical internet traffic but for securing service communication in both "trusted" and adversarial situations. - [Everything you should know about certificates and PKI but are too afraid to ask](https://smallstep.com/blog/everything-pki.html) +[autocert]: ../../configuration/readme.md#autocert +[autocert directory]: ../../configuration/readme.md#autocert-directory [certificate]: ../../configuration/readme.md#certificates [certificate_authority]: ../../configuration/readme.md#certificate-authority [certificate_key]: ../../configuration/readme.md#certificates diff --git a/docs/jobs/Backend-Engineer.md b/docs/jobs/Backend-Engineer.md new file mode 100644 index 000000000..13f4c2523 --- /dev/null +++ b/docs/jobs/Backend-Engineer.md @@ -0,0 +1,40 @@ +# Backend Engineer + +Job Posted: May 12, 2020 9:59 AM Languages: Go Location: Remote US/CA + +# Backend Engineer + +Hi there! We're looking for a Backend Software Engineer to join the team! + +## Responsibilities: + +- Write robust, maintainable code +- Work with product and design to iterate on customer needs +- Review code and participate in group discussions + +## Qualifications: + +- 3+ years experience building web applications at scale +- Go (Golang) +- Experience with relational databases +- Knowledge of standard methodologies: monitoring, alerting, metrics +- Strong written communication and collaboration skills +- Experience with AWS, GCP, or Azure environments + +## Preferred Qualifications: + +- Remote work experience +- Experience with OAuth2, OIDC, SAML, and other IAM technologies +- Experience building gRPC and REST based services +- Familiarity with Kubernetes, Helm, and other Cloud Native applications + +## About Pomerium: + +Pomerium helps companies manage and secure internal access. We + +- are a fast growing, well funded, venture backed startup. +- are a fully remote team. While prior experience working remotely isn't required, we are looking for team members who perform well given a high level of independence and autonomy. +- offer competitive salaries +- are committed to building a team that represents a variety of backgrounds, perspectives, and skills. We believe the more inclusive we are, the better our company will be. + +Check out our [github](https://github.com/pomerium/pomerium) and [site](http://www.pomerium.com/) to learn more about us! diff --git a/docs/jobs/Frontend-Engineer.md b/docs/jobs/Frontend-Engineer.md new file mode 100644 index 000000000..a12ca2424 --- /dev/null +++ b/docs/jobs/Frontend-Engineer.md @@ -0,0 +1,36 @@ +# Frontend Engineer + +Job Posted: May 12, 2020 10:04 AM Languages: Javascript, React Location: Remote US/CA + +Hi there! We're looking for a Frontend Software Engineer to join the team. + +## Responsibilities: + +- Write robust, maintainable code +- Work with product and design to iterate on customer needs +- Review code and participate in group discussions + +## Qualifications: + +- 3+ years experience building web applications at scale +- 3+ years of javascript, css, typescript, or other +- React, React Native, or similar framework experience +- Experience with relational databases +- Knowledge of standard methodologies: monitoring, alerting, metrics +- Strong written communication and collaboration skills +- Experience with AWS, GCP, or Azure environments + +## Preferred Qualifications: + +- Remote work experience +- Experience with OAuth2, OIDC, SAML, and other IAM technologies +- Familiarity with Kubernetes, Helm, and other Cloud Native applications + +## About Pomerium: + +Pomerium helps companies manage and secure internal access. We + +- are a fast growing, well funded, venture backed startup. +- are a fully remote team. While prior experience working remotely isn't required, we are looking for team members who perform well given a high level of independence and autonomy. +- offer competitive salaries +- are committed to building a team that represents a variety of backgrounds, perspectives, and skills. We believe the more inclusive we are, the better our company will be diff --git a/docs/jobs/readme.md b/docs/jobs/readme.md new file mode 100644 index 000000000..4b9eedb02 --- /dev/null +++ b/docs/jobs/readme.md @@ -0,0 +1,12 @@ +# Careers at Pomerium + +## Help us build the future secure application access + +Pomerium builds identity and access management infrastructure for the internet. We're helping small startups and the world's biggest companies improve their security posture, facilitate distributed remote work, and scale their efforts globally. And we'd like your help. + +Interested in joining our all-remote team? Check out some of our open positions. + +# Open Positions + +- [Frontend Engineer](./Frontend-Engineer.md) +- [Backend Engineer](./Backend-Engineer.md)