config: add internal service URLs (#2801)

* config: add internal service URLs

* maybe fix integration tests

* add docs

* fix integration tests

* for databroker connect to external name, but listen on internal name

* Update docs/reference/readme.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/readme.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/readme.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/settings.yaml

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/settings.yaml

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/settings.yaml

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

integration/tpl/backends/pomerium.libsonnet

@@ -98,6 +98,7 @@ local Environment(mode, idp, dns_suffix) =
     SIGNING_KEY: std.base64(importstr '../files/signing-key.pem'),
     SIGNING_KEY_ALGORITHM: 'ES256',
   } + if mode == 'multi' then {
+    AUTHENTICATE_INTERNAL_SERVICE_URL: 'https://pomerium-authenticate',
     AUTHORIZE_SERVICE_URL: 'https://pomerium-authorize:5443',
     DATABROKER_SERVICE_URL: 'https://pomerium-databroker:5443',
     GRPC_ADDRESS: ':5443',

integration/tpl/backends/routes.libsonnet

@@ -223,7 +223,6 @@ local Routes(mode, idp, dns_suffix) =
       from: 'https://authenticate.localhost.pomerium.io',
       to: 'https://pomerium-authenticate',
       allow_public_unauthenticated_access: true,
-      host_rewrite: 'authenticate.localhost.pomerium.io',
       tls_skip_verify: true,
     },
   ] else [];