diff --git a/docs/docs/architecture.md b/docs/docs/architecture.md index 20218204e..65be97b4f 100644 --- a/docs/docs/architecture.md +++ b/docs/docs/architecture.md @@ -4,7 +4,7 @@ lang: en-US sidebarDepth: 0 meta: - name: keywords - content: pomerium architecture + content: pomerium, architecture --- # Architecture diff --git a/docs/docs/background.md b/docs/docs/background.md index 11c048733..aef306f70 100644 --- a/docs/docs/background.md +++ b/docs/docs/background.md @@ -3,7 +3,7 @@ title: Background lang: en-US meta: - name: keywords - content: pomerium identity-access-proxy beyondcorp zero-trust reverse-proxy ztn zta + content: pomerium, identity access proxy, beyondcorp, zero trust, reverse proxy, ztn, zta --- # Background @@ -41,9 +41,9 @@ In summary, perimeter based security suffers from the following shortcomings: - Even just defining what the network perimeter is is an increasingly difficult proposition in a remote-work, BYOD, multi-cloud world. Most organizations are a heterogeneous mix of clouds, servers, devices, and organizational units. - VPNs are often misused and exacerbate the issue by opening yet another door into your network organization. -### Zero-trust +### Zero Trust -[Zero-trust](https://ldapwiki.com/wiki/Zero%20Trust) instead attempts to mitigate these shortcomings by adopting the following principles: +[Zero trust](https://ldapwiki.com/wiki/Zero%20Trust) instead attempts to mitigate these shortcomings by adopting the following principles: - Trust flows from identity, device-state, and context; not network location. - Treat both internal and external networks as untrusted. @@ -51,11 +51,11 @@ In summary, perimeter based security suffers from the following shortcomings: - Every device, user, and application's communication should be authenticated, authorized, and encrypted. - Access policy should be dynamic, and built from multiple sources. -To be clear, _perimeter security is not defunct_, nor is zero-trust security a panacea or a single product. Many of the ideas and principles of perimeter security are still relevant and are part of a holistic, and wide-ranging security policy. After all, we still want our castles to have high walls. +To be clear, _perimeter security is not defunct_, nor is zero trust security a panacea or a single product. Many of the ideas and principles of perimeter security are still relevant and are part of a holistic, and wide-ranging security policy. After all, we still want our castles to have high walls. ## Further reading -The zero-trust security model was first articulated by [John Kindervag](http://www.virtualstarmedia.com/downloads/Forrester_zero_trust_DNA.pdf) in 2010, and by Google in 2011 as a result of the [Operation Aurora](https://en.wikipedia.org/wiki/Operation_Aurora) breach. What follows is a curated list of resources that covers the topic in more depth. +The zero trust security model was first articulated by [John Kindervag](http://www.virtualstarmedia.com/downloads/Forrester_zero_trust_DNA.pdf) in 2010, and by Google in 2011 as a result of the [Operation Aurora](https://en.wikipedia.org/wiki/Operation_Aurora) breach. What follows is a curated list of resources that covers the topic in more depth. ### Government Recommendations diff --git a/docs/docs/community/code-of-conduct.md b/docs/docs/community/code-of-conduct.md index 5967d9e12..85d9b219c 100644 --- a/docs/docs/community/code-of-conduct.md +++ b/docs/docs/community/code-of-conduct.md @@ -4,7 +4,7 @@ lang: en-US sidebarDepth: 0 meta: - name: keywords - content: pomerium community contributing code-of-conduct + content: pomerium, community, contributing, code of conduct --- # Contributor Covenant Code of Conduct diff --git a/docs/docs/community/contributing.md b/docs/docs/community/contributing.md index 5fd3b2236..6575b4276 100644 --- a/docs/docs/community/contributing.md +++ b/docs/docs/community/contributing.md @@ -4,7 +4,7 @@ lang: en-US sidebarDepth: 0 meta: - name: keywords - content: pomerium community contributing pr code + content: pomerium, community, contributing, pr, code description: >- This document describes how you can find issues to work on, fix/add documentation, and how setup Pomerium for local development. diff --git a/docs/docs/community/readme.md b/docs/docs/community/readme.md index 4d1503f4f..2ecc0be59 100644 --- a/docs/docs/community/readme.md +++ b/docs/docs/community/readme.md @@ -4,7 +4,7 @@ lang: en-US sidebarDepth: 0 meta: - name: keywords - content: pomerium community help bugs updates features + content: pomerium, community, help, bugs, updates, features description: >- This document describes how you users can stay up to date with pomerium, diff --git a/docs/docs/community/security.md b/docs/docs/community/security.md index 9c4cd4ac9..9b5246cc3 100644 --- a/docs/docs/community/security.md +++ b/docs/docs/community/security.md @@ -4,7 +4,7 @@ lang: en-US sidebarDepth: 0 meta: - name: keywords - content: pomerium security disclosure vulnerabilities + content: pomerium, security, disclosure, vulnerabilities --- # Security Policy diff --git a/docs/docs/identity-providers/auth0.md b/docs/docs/identity-providers/auth0.md index e5a1d20c0..e75126840 100644 --- a/docs/docs/identity-providers/auth0.md +++ b/docs/docs/identity-providers/auth0.md @@ -4,7 +4,7 @@ lang: en-US sidebarDepth: 0 meta: - name: keywords - content: auth0 + content: auth0, pomerium, identity provider, idp --- # Auth0 diff --git a/docs/docs/identity-providers/azure.md b/docs/docs/identity-providers/azure.md index 708e82f67..6691ecd3b 100644 --- a/docs/docs/identity-providers/azure.md +++ b/docs/docs/identity-providers/azure.md @@ -4,7 +4,7 @@ lang: en-US sidebarDepth: 0 meta: - name: keywords - content: azure active-directory active directory ad microsoft + content: azure, active directory, ad, microsoft, identity provider, idp --- # Azure Active Directory diff --git a/docs/docs/identity-providers/cognito.md b/docs/docs/identity-providers/cognito.md index 768248874..8e2b3b311 100644 --- a/docs/docs/identity-providers/cognito.md +++ b/docs/docs/identity-providers/cognito.md @@ -4,7 +4,7 @@ lang: en-US # sidebarDepth: 0 meta: - name: keywords - content: amazon aws cognito open-id oidc + content: amazon, aws, cognito, openid, oidc, identity provider, idp --- # Cognito diff --git a/docs/docs/identity-providers/github.md b/docs/docs/identity-providers/github.md index 56e4ec449..461b66a9c 100644 --- a/docs/docs/identity-providers/github.md +++ b/docs/docs/identity-providers/github.md @@ -4,7 +4,7 @@ lang: en-US # sidebarDepth: 0 meta: - name: keywords - content: github oauth2 provider identity-provider + content: github, oauth2, provider, identity provider, idp --- # GitHub diff --git a/docs/docs/identity-providers/gitlab.md b/docs/docs/identity-providers/gitlab.md index 2e3156940..016748263 100644 --- a/docs/docs/identity-providers/gitlab.md +++ b/docs/docs/identity-providers/gitlab.md @@ -4,7 +4,7 @@ lang: en-US sidebarDepth: 0 meta: - name: keywords - content: gitlab oidc openid-connect identity-provider + content: gitlab, oidc, openid connect, identity provider, idp --- # GitLab diff --git a/docs/docs/identity-providers/google.md b/docs/docs/identity-providers/google.md index ccaac3e98..4d4ae711b 100644 --- a/docs/docs/identity-providers/google.md +++ b/docs/docs/identity-providers/google.md @@ -4,7 +4,7 @@ lang: en-US sidebarDepth: 0 meta: - name: keywords - content: google gsuite gmail oidc openid-connect workspaces + content: google, gsuite, gmail, oidc, openid connect, workspaces, identity provider, idp --- # Google Workspace (formerly known as G Suite) diff --git a/docs/docs/identity-providers/okta.md b/docs/docs/identity-providers/okta.md index f0eb73939..134c18c7b 100644 --- a/docs/docs/identity-providers/okta.md +++ b/docs/docs/identity-providers/okta.md @@ -4,7 +4,7 @@ lang: en-US sidebarDepth: 0 meta: - name: keywords - content: okta oidc + content: okta oidc, identity provider, idp --- # Okta diff --git a/docs/docs/identity-providers/ping.md b/docs/docs/identity-providers/ping.md index 906fed677..57dfcdac9 100644 --- a/docs/docs/identity-providers/ping.md +++ b/docs/docs/identity-providers/ping.md @@ -4,7 +4,7 @@ lang: en-US sidebarDepth: 0 meta: - name: keywords - content: ping oidc + content: ping, oidc, identity provider, idp --- # Ping Identity diff --git a/docs/docs/install/binary.md b/docs/docs/install/binary.md index c2d2459d6..797af3872 100644 --- a/docs/docs/install/binary.md +++ b/docs/docs/install/binary.md @@ -3,7 +3,7 @@ title: Binaries lang: en-US meta: - name: keywords - content: pomerium identity-access-proxy oidc reverse-proxy + content: pomerium, identity access proxy, oidc, reverse proxy, identity aware proxy --- # Binaries diff --git a/docs/docs/install/from-source.md b/docs/docs/install/from-source.md index dc8836534..7ccf7332b 100644 --- a/docs/docs/install/from-source.md +++ b/docs/docs/install/from-source.md @@ -3,7 +3,7 @@ title: From Source lang: en-US meta: - name: keywords - content: pomerium identity-access-proxy oidc reverse-proxy from-source + content: pomerium, identity access proxy, oidc, reverse proxy, from source, identity aware proxy --- # From Source diff --git a/docs/docs/install/readme.md b/docs/docs/install/readme.md index 262fe0f50..ea129ab43 100644 --- a/docs/docs/install/readme.md +++ b/docs/docs/install/readme.md @@ -4,7 +4,7 @@ lang: en-US description: Get Pomerium up and running quickly with Docker. meta: - name: keywords - content: pomerium identity-access-proxy oidc docker reverse-proxy containers + content: pomerium, identity access proxy, oidc, docker, reverse proxy, containers, identity aware proxy --- # Pomerium using Docker diff --git a/docs/docs/k8s/helm.md b/docs/docs/k8s/helm.md index dd3db7907..c93ac8dc0 100644 --- a/docs/docs/k8s/helm.md +++ b/docs/docs/k8s/helm.md @@ -3,7 +3,7 @@ title: Helm lang: en-US meta: - name: keywords - content: pomerium identity-access-proxy oidc kubernetes Helm reverse-proxy + content: pomerium, identity access proxy, oidc, kubernetes, helm, reverse proxy, ingress controller --- # Install Pomerium using Helm diff --git a/docs/docs/k8s/ingress.md b/docs/docs/k8s/ingress.md index 2f0aa8688..f2f628768 100644 --- a/docs/docs/k8s/ingress.md +++ b/docs/docs/k8s/ingress.md @@ -4,7 +4,7 @@ lang: en-US sidebarDepth: 1 meta: - name: keywords - content: pomerium identity-access-proxy oidc kubernetes Ingress reverse-proxy + content: pomerium, identity access proxy, oidc, kubernetes, ingress, ingress controller, reverse proxy --- # Kubernetes Ingress Controller diff --git a/docs/docs/readme.md b/docs/docs/readme.md index 6bf46eb5f..00bbc6196 100644 --- a/docs/docs/readme.md +++ b/docs/docs/readme.md @@ -5,8 +5,8 @@ sidebarDepth: 0 meta: - name: keywords content: >- - pomerium overview identity-access-proxy beyondcorp zero-trust - reverse-proxy ztn zero-trust-networks + pomerium, overview, identity access proxy, beyondcorp, zero trust, + reverse proxy, ztn, zero trust networks --- # What is Pomerium diff --git a/docs/docs/tcp/readme.md b/docs/docs/tcp/readme.md index 74c0ce995..fff5d2cca 100644 --- a/docs/docs/tcp/readme.md +++ b/docs/docs/tcp/readme.md @@ -4,7 +4,7 @@ description: >- This article describes how to leverage pomerium for TCP proxying meta: - name: keywords - content: pomerium pomerium-cli proxy identity-access-proxy ssh tcp postgres database redis mysql application non-http + content: pomerium, pomerium-cli, proxy, identity access proxy, ssh, tcp, postgres, database, redis, mysql, application, non http, tunnel --- # TCP Support diff --git a/docs/docs/topics/certificates.md b/docs/docs/topics/certificates.md index 2e0234421..425cd6d8c 100644 --- a/docs/docs/topics/certificates.md +++ b/docs/docs/topics/certificates.md @@ -4,12 +4,12 @@ sidebarDepth: 1 lang: en-US meta: - name: keywords - content: x509 certificates tls mtls letsencrypt lets encrypt + content: x509, certificates, tls, mtls, letsencrypt, lets encrypt --- # Certificates -[Certificates](https://en.wikipedia.org/wiki/X.509) and [TLS](https://en.wikipedia.org/wiki/Transport_Layer_Security) play a vital role in [zero-trust][principles] networks, and in Pomerium. +[Certificates](https://en.wikipedia.org/wiki/X.509) and [TLS](https://en.wikipedia.org/wiki/Transport_Layer_Security) play a vital role in [zero trust][principles] networks, and in Pomerium. This document covers a few options in how to generate and set up TLS certificates suitable for working with pomerium. @@ -124,4 +124,4 @@ Certificates, TLS, and Public Key Cryptography is a vast subject we cannot adequ [certificate_key]: ../../reference/readme.md#certificates [override_certificate_name]: ../../reference/readme.md#override-certificate-name [principles]: ../background.md#history -[zero-trust]: ../background.md#zero-trust +[zero trust]: ../background.md#zero-trust diff --git a/docs/docs/topics/device-identity.md b/docs/docs/topics/device-identity.md index 05a472477..e57e8e9a8 100644 --- a/docs/docs/topics/device-identity.md +++ b/docs/docs/topics/device-identity.md @@ -7,7 +7,7 @@ sidebarDepth: 1 # Device Identity -One of the core components of the zero-trust security model is **device identity**, which is the ability for a device to have a unique, unclonable identity string that can be authenticated and factored into access control decisions. This topic page covers the concept of device identity, and how it applies to the zero-trust model. +One of the core components of the zero trust security model is **device identity**, which is the ability for a device to have a unique, unclonable identity string that can be authenticated and factored into access control decisions. This topic page covers the concept of device identity, and how it applies to the zero trust model. ## Why Device Identity Is Important @@ -25,7 +25,7 @@ Device identity is similar but unique to MFA. Where MFA is an additional layer o ## What Is Device Identity -> When you remove "[the perimeter]" as the source of trust to your infrastructure, you must replace it with a level of trust for every person, **device**, and hop in the communication path. Where the other, more commonly implemented facets of zero-trust validates the user and traffic, device identity (through WebAuthn) validates the end user's device. +> When you remove "[the perimeter]" as the source of trust to your infrastructure, you must replace it with a level of trust for every person, **device**, and hop in the communication path. Where the other, more commonly implemented facets of zero trust validates the user and traffic, device identity (through WebAuthn) validates the end user's device. Device ID is a unique identifying key that can only be created by the specific combination of hardware and software present on a specific device. How this is accomplished is largely dependent on the tools available on the user hardware, which we've detailed below. diff --git a/docs/docs/topics/mutual-auth.md b/docs/docs/topics/mutual-auth.md index ffe2789c1..eb5374cb4 100644 --- a/docs/docs/topics/mutual-auth.md +++ b/docs/docs/topics/mutual-auth.md @@ -4,14 +4,14 @@ lang: en-US sidebarDepth: 1 meta: - name: keywords - content: pomerium identity-access-proxy mutual authentication jwt jwks mtls + content: pomerium, identity access proxy, mutual authentication, jwt, jwks, mtls description: >- This page describes the concept of mutual authentication and why it's important. --- -# Mutual Authentication: A Component of Zero-Trust +# Mutual Authentication: A Component of Zero Trust -Pomerium provides a good layer of security out of the box, but it's not (and can't be) configured for complete [zero trust] right out of the box. This page explains several methods of achieving mutual authentication — a big part of the zero-trust model — with practical examples. +Pomerium provides a good layer of security out of the box, but it's not (and can't be) configured for complete [zero trust] right out of the box. This page explains several methods of achieving mutual authentication — a big part of the zero trust model — with practical examples. This is a nuanced topic that dives into several specific security practices that provide mutual authentication. You can use the table of contents below to narrow down to the specific tools you're interested in or read the entire doc for a deeper understanding of how these tools work together to support strong infrastructure security. @@ -122,7 +122,7 @@ C-.-A E[/Hacker/] --x B ``` -In this way, we've applied a zero-trust security model to the application layer of our infrastructure's network model. You can see JWT verification in practice with our [Grafana] integration guide. +In this way, we've applied a zero trust security model to the application layer of our infrastructure's network model. You can see JWT verification in practice with our [Grafana] integration guide. ## mTLS: Protocol-based Mutual Authentication @@ -191,7 +191,7 @@ flowchart LR B---xD ``` -In this way, we've applied a zero-trust security model to the protocol layer of our infrastructure's network model. +In this way, we've applied a zero trust security model to the protocol layer of our infrastructure's network model. ## Mutual Authentication With a Sidecar diff --git a/docs/docs/troubleshooting.md b/docs/docs/troubleshooting.md index 04ccfeabc..bd3da018e 100644 --- a/docs/docs/troubleshooting.md +++ b/docs/docs/troubleshooting.md @@ -6,7 +6,7 @@ sidebarDepth: 0 lang: en-US meta: - name: keywords - content: pomerium troubleshooting faq frequently asked questions + content: pomerium, troubleshooting, faq, frequently asked questions --- # Troubleshooting diff --git a/docs/enterprise/api.md b/docs/enterprise/api.md index b7b45447e..4dc31c817 100644 --- a/docs/enterprise/api.md +++ b/docs/enterprise/api.md @@ -3,7 +3,7 @@ title: API lang: en-US meta: - name: keywords - content: pomerium identity-access-proxy oidc reverse-proxy enterprise console api python go + content: pomerium, identity access proxy, oidc, reverse proxy, enterprise, console, api, python, go --- # Enterprise Console API diff --git a/docs/enterprise/concepts.md b/docs/enterprise/concepts.md index 69eaf1f3d..44c38e067 100644 --- a/docs/enterprise/concepts.md +++ b/docs/enterprise/concepts.md @@ -140,7 +140,7 @@ Pomerium provides authentication via your existing identity provider (Pomerium s Authorization policy can be expressed in a high-level, [declarative language](/enterprise/reference/manage.md#pomerium-policy-language) or [as code](/enterprise/reference/manage.md#rego) that can be used to enforce ABAC, RBAC, or any other governance policy controls. Pomerium can make holistic policy and authorization decisions using external data and request context factors such as user groups, roles, time, day, location and vulnerability status. -Pomerium enables zero-trust based access in which trust flows from identity, device-state, and context, not network location. Every device, user, and application's communication should be authenticated, authorized, and encrypted. +Pomerium enables zero trust based access in which trust flows from identity, device-state, and context, not network location. Every device, user, and application's communication should be authenticated, authorized, and encrypted. With Pomerium: diff --git a/docs/enterprise/install/readme.md b/docs/enterprise/install/readme.md index d51e0389a..2635d28fb 100644 --- a/docs/enterprise/install/readme.md +++ b/docs/enterprise/install/readme.md @@ -3,7 +3,7 @@ title: Install lang: en-US meta: - name: keywords - content: pomerium identity-access-proxy oidc docker reverse-proxy containers install enterprise console + content: pomerium, identity access proxy, oidc, docker, reverse proxy, containers, install, enterprise, console --- There are several ways to install Pomerium Enterprise, to suite your organization's needs. We provide open-source Pomerium and Pomerium Enterprise as deb and rpm packages from an upstream repository, and as Docker images, and Helm charts. You can also build Pomerium from source. diff --git a/docs/enterprise/reference/config.md b/docs/enterprise/reference/config.md index 23a9f470b..fda89f07f 100644 --- a/docs/enterprise/reference/config.md +++ b/docs/enterprise/reference/config.md @@ -3,7 +3,7 @@ title: Environment Variables lang: en-US meta: - name: keywords - content: configuration options settings Pomerium Enterprise + content: configuration, options, settings, pomerium, enterprise, reference --- # Pomerium Console Environment Variables diff --git a/docs/enterprise/reference/configure.md b/docs/enterprise/reference/configure.md index c106c7bdd..1a9bec329 100644 --- a/docs/enterprise/reference/configure.md +++ b/docs/enterprise/reference/configure.md @@ -4,7 +4,7 @@ lang: en-US sidebarDepth: 2 meta: - name: keywords - content: configuration options settings Pomerium Enterprise + content: configuration, options, settings, pomerium, enterprise, reference --- # Configure diff --git a/docs/enterprise/reference/manage.md b/docs/enterprise/reference/manage.md index b21597176..30f7fc4f7 100644 --- a/docs/enterprise/reference/manage.md +++ b/docs/enterprise/reference/manage.md @@ -4,7 +4,7 @@ lang: en-US sidebarDepth: 2 meta: - name: keywords - content: configuration options settings Pomerium Enterprise + content: configuration, options, settings, pomerium, enterprise, reference --- # Manage @@ -366,6 +366,8 @@ A policy can only support PPL or Rego. Once one is set, the other tab is disable Certificates are the x509 _public-key_ and _private-key_ used to establish secure HTTP and gRPC connections. Any combination of the above can be used together, and are additive. You can also use any of these settings in conjunction with `Autocert` to get OCSP stapling. +Certificates loaded into Pomerium from these config values are used to attempt secure connections between end users and services, between Pomerium services, and to upstream endpoints. + For example, if specifying multiple certificates at once: ```yaml @@ -378,6 +380,15 @@ certificates: key: "$HOME/.acme.sh/prometheus.example.com_ecc/prometheus.example.com.key" ``` +Or to set a single certificate and key covering multiple domains and/or a wildcard subdomain: + +```yaml +certificate_file: "$HOME/.acme.sh/*.example.com/fullchain.crt" +certificate_key: "$HOME/.acme.sh/*.example.com/*.example.com.key" +``` + +**Note:** Pomerium will check your system's trust/key store for valid certificates first. If your certificate solution imports into the system store, you don't need to also specify them with these configuration keys. + [route-concept]: /enterprise/concepts.md#routes [route-reference]: /enterprise/reference/manage.md#routes [namespace-concept]: /enterprise/concepts.md#namespaces diff --git a/docs/enterprise/reference/reports.md b/docs/enterprise/reference/reports.md index feb0c081d..0913a4533 100644 --- a/docs/enterprise/reference/reports.md +++ b/docs/enterprise/reference/reports.md @@ -4,7 +4,7 @@ lang: en-US sidebarDepth: 2 meta: - name: keywords - content: configuration options settings Pomerium Enterprise + content: configuration, options, settings, pomerium, enterprise, reference --- # Reports diff --git a/docs/guides/ad-guard.md b/docs/guides/ad-guard.md index 65eeda0c8..cc28c5e4b 100644 --- a/docs/guides/ad-guard.md +++ b/docs/guides/ad-guard.md @@ -3,10 +3,10 @@ title: AdGuard lang: en-US meta: - name: keywords - content: pomerium identity-access-proxy adguard ad-guard pi-hole piehole + content: pomerium, identity access proxy, adguard, ad guard, pi hole, piehole description: >- This guide covers how to add authentication and authorization to a hosted, - fully, online instance of adguard. + fully, online instance of Adguard. --- # Securing AdGuard Home diff --git a/docs/guides/argo.md b/docs/guides/argo.md index 91c112fe0..775de10ae 100644 --- a/docs/guides/argo.md +++ b/docs/guides/argo.md @@ -3,7 +3,7 @@ title: Argo lang: en-US meta: - name: keywords - content: pomerium identity-access-proxy argo argo-cd + content: pomerium, identity access proxy, argo, cd, continuous deployment description: >- This guide covers how to add authentication and authorization to an instance of argo. diff --git a/docs/guides/cloud-run.md b/docs/guides/cloud-run.md index c8668c630..c902b8960 100644 --- a/docs/guides/cloud-run.md +++ b/docs/guides/cloud-run.md @@ -3,7 +3,7 @@ title: Cloud Run lang: en-US meta: - name: keywords - content: pomerium identity-access-proxy gcp google iap serverless cloudrun + content: pomerium, identity access proxy, gcp, google, iap, serverless, cloudrun description: >- This guide covers how to deploy Pomerium to Cloud Run and use it to protect other endpoints via Authorization Headers. diff --git a/docs/guides/code-server.md b/docs/guides/code-server.md index 3d75b3d87..1debccf50 100644 --- a/docs/guides/code-server.md +++ b/docs/guides/code-server.md @@ -4,8 +4,8 @@ lang: en-US meta: - name: keywords content: >- - pomerium identity-access-proxy visual-studio-code visual studio code - authentication authorization + pomerium, identity access proxy, visual studio code, + authentication, authorization description: >- This guide covers how to add authentication and authorization to a hosted, fully, online instance of visual studio code. diff --git a/docs/guides/enroll-device.md b/docs/guides/enroll-device.md index 101f82be1..1757236d7 100644 --- a/docs/guides/enroll-device.md +++ b/docs/guides/enroll-device.md @@ -4,8 +4,8 @@ lang: en-US meta: - name: keywords content: >- - pomerium identity-access-proxy webauthn device id enroll - authentication authorization + pomerium, identity access proxy, webauthn, device id, enroll, enrollment, + authentication, authorization description: >- This guide covers how to enroll a trusted execution environment device as a Pomerium end-user. --- diff --git a/docs/guides/gitlab.md b/docs/guides/gitlab.md index f781c6000..ee13231ac 100644 --- a/docs/guides/gitlab.md +++ b/docs/guides/gitlab.md @@ -4,8 +4,8 @@ lang: en-US meta: - name: keywords content: >- - pomerium identity-access-proxy gitlab gitlab-ee docker - authentication authorization + pomerium, identity access proxy, gitlab, gitlab-ee, docker, + authentication, authorization, self-hosted description: >- This guide covers how to secure self-hosted GitLab behind Pomerium, providing authentication and authorization through your IdP. --- diff --git a/docs/guides/grafana.md b/docs/guides/grafana.md index 1474615b5..b25dc31cc 100644 --- a/docs/guides/grafana.md +++ b/docs/guides/grafana.md @@ -4,8 +4,8 @@ lang: en-US meta: - name: keywords content: >- - pomerium identity-access-proxy data logging graphing grafana - authentication authorization + pomerium, identity access proxy, data, logging, graphing, grafana, + authentication, authorization description: >- This guide covers how to use Pomerium to authenticate and authorize users of Grafana. --- diff --git a/docs/guides/jwt-verification.md b/docs/guides/jwt-verification.md index c48a3cc4e..355a6a9f7 100644 --- a/docs/guides/jwt-verification.md +++ b/docs/guides/jwt-verification.md @@ -3,7 +3,7 @@ title: JWT Verification lang: en-US meta: - name: keywords - content: pomerium identity-access-proxy envoy jwt + content: pomerium, identity access proxy, envoy, jwt, description: >- This example demonstrates how to verify the Pomerium JWT assertion header using Envoy. --- @@ -11,7 +11,7 @@ description: >- # JWT Verification This example demonstrates how to verify the [Pomerium JWT assertion header](https://www.pomerium.io/reference/#pass-identity-headers) using [Envoy](https://www.envoyproxy.io/). This is useful for legacy or 3rd party applications which can't be modified to perform verification themselves. -This guide is a practical demonstration of some of the topics discussed in [Mutual Authentication: A Component of Zero-Trust]. +This guide is a practical demonstration of some of the topics discussed in [Mutual Authentication: A Component of Zero Trust]. ## Requirements - [Docker](https://www.docker.com/) @@ -239,6 +239,6 @@ You should now be able to run the example with: [httpbin.localhost.pomerium.io]: https://verify.localhost.pomerium.io [Local Development with Wildcard DNS on Linux]: https://sixfeetup.com/blog/local-development-with-wildcard-dns-on-linux [Local Development with Wildcard DNS]: https://blog.thesparktree.com/local-development-with-wildcard-dns -[Mutual Authentication: A Component of Zero-Trust]: /docs/topics/mutual-auth.md +[Mutual Authentication: A Component of Zero Trust]: /docs/topics/mutual-auth.md [Mutual Authentication With a Sidecar]: /docs/topics/mutual-auth.md#mutual-authentication-with-a-sidecar [verify.localhost.pomerium.io]: https://verify.localhost.pomerium.io \ No newline at end of file diff --git a/docs/guides/kubernetes-dashboard.md b/docs/guides/kubernetes-dashboard.md index ef05b776c..4c8929139 100644 --- a/docs/guides/kubernetes-dashboard.md +++ b/docs/guides/kubernetes-dashboard.md @@ -3,7 +3,7 @@ title: Kubernetes Dashboard lang: en-US meta: - name: keywords - content: pomerium identity-access-proxy kubernetes helm k8s oauth dashboard + content: pomerium, identity access proxy, kubernetes, helm, k8s, oauth, dashboard, description: >- This guide covers how to add authentication and authorization to kubernetes dashboard using single-sing-on, pomerium, helm, and letsencrypt certificates. --- diff --git a/docs/guides/kubernetes.md b/docs/guides/kubernetes.md index 08c9032ec..3afd79c09 100644 --- a/docs/guides/kubernetes.md +++ b/docs/guides/kubernetes.md @@ -3,7 +3,7 @@ title: Kubernetes API / Kubectl lang: en-US meta: - name: keywords - content: pomerium identity-access-proxy kubernetes helm k8s oauth + content: pomerium, identity access proxy, kubernetes, helm, k8s, oauth description: >- This guide covers how to add authentication and authorization to kubernetes apiserver using single-sing-on and pomerium. --- diff --git a/docs/guides/local-oidc.md b/docs/guides/local-oidc.md index ce905560b..b61f8f551 100644 --- a/docs/guides/local-oidc.md +++ b/docs/guides/local-oidc.md @@ -3,7 +3,7 @@ title: Local OIDC Provider lang: en-US meta: - name: keywords - content: pomerium identity-access-proxy oidc + content: pomerium, identity access proxy, oidc, identity provider, idp description: >- This guide covers how to use Pomerium with a local OIDC provider using [qlik/simple-oidc-provider]. --- diff --git a/docs/guides/mtls.md b/docs/guides/mtls.md index 8e1299e79..4f3bff274 100644 --- a/docs/guides/mtls.md +++ b/docs/guides/mtls.md @@ -3,7 +3,7 @@ title: Client-Side mTLS lang: en-US meta: - name: keywords - content: pomerium identity-access-proxy mtls client-certificate + content: pomerium, identity access proxy, mtls, client certificate, mutual authentication description: >- This guide covers how to use Pomerium to implement mutual authentication (mTLS) for end-users, using client certificates with a custom certificate authority. diff --git a/docs/guides/nginx.md b/docs/guides/nginx.md index e37d32004..74e1a1b02 100644 --- a/docs/guides/nginx.md +++ b/docs/guides/nginx.md @@ -3,7 +3,7 @@ title: Nginx lang: en-US meta: - name: keywords - content: pomerium identity-access-proxy nginx + content: pomerium, identity access proxy, nginx description: >- This guide covers how to use Pomerium to protect services behind an nginx proxy. diff --git a/docs/guides/synology.md b/docs/guides/synology.md index c526512af..77ce04e5e 100644 --- a/docs/guides/synology.md +++ b/docs/guides/synology.md @@ -3,7 +3,7 @@ title: Synology lang: en-US meta: - name: keywords - content: pomerium identity-access-proxy synology docker + content: pomerium, identity access proxy, synology, docker, dsm, nas --- # Synology diff --git a/docs/guides/tcp.md b/docs/guides/tcp.md index 613c8d2a8..125b5d11a 100644 --- a/docs/guides/tcp.md +++ b/docs/guides/tcp.md @@ -3,7 +3,7 @@ title: TCP Services lang: en-US meta: - name: keywords - content: pomerium identity-access-proxy ssh tcp postgres database redis mysql + content: pomerium, identity access proxy, ssh, tcp, postgres, database, redis, mysql description: >- This guide covers how to use Pomerium to protect TCP services such as SSH, Postgres and Redis. --- diff --git a/docs/guides/tiddlywiki.md b/docs/guides/tiddlywiki.md index 225952e55..e1e441388 100644 --- a/docs/guides/tiddlywiki.md +++ b/docs/guides/tiddlywiki.md @@ -3,7 +3,7 @@ title: TiddlyWiki lang: en-US meta: - name: keywords - content: pomerium identity-access-proxy wiki tiddlywiki + content: pomerium, identity access proxy, wiki, tiddlywiki description: >- This guide covers how to add authentication and authorization to a hosted, fully, online instance of TiddlyWiki. --- diff --git a/docs/guides/traefik-ingress.md b/docs/guides/traefik-ingress.md index 9293ad391..9e7c844ad 100644 --- a/docs/guides/traefik-ingress.md +++ b/docs/guides/traefik-ingress.md @@ -3,7 +3,7 @@ title: Traefik Ingress lang: en-US meta: - name: keywords - content: pomerium identity-access-proxy traefik kubernetes forwardauth forward-auth external helm k8s ingress + content: pomerium, identity access proxy, traefik, kubernetes, forwardauth, forward auth, external, helm, k8s, ingress description: >- This guide covers how to use Pomerium to secure Traefik when used as a Kubernetes Ingress Controller --- diff --git a/docs/guides/transmission.md b/docs/guides/transmission.md index 26debac6e..140aea281 100644 --- a/docs/guides/transmission.md +++ b/docs/guides/transmission.md @@ -4,7 +4,7 @@ lang: en-US meta: - name: keywords content: >- - pomerium bittorrent torrent pomerium identity-access-proxy transmission-daemon transmission authentication authorization + pomerium, bittorrent, torrent, identity access proxy, transmission-daemon, transmission, authentication, authorization description: >- Learn how to use Pomerium as an authentication and authorization proxy for a Transmission torrent daemon. --- diff --git a/docs/guides/upstream-mtls.md b/docs/guides/upstream-mtls.md index 2e3c8e919..28a22b36a 100644 --- a/docs/guides/upstream-mtls.md +++ b/docs/guides/upstream-mtls.md @@ -3,7 +3,7 @@ title: Upstream mTLS lang: en-US meta: - name: keywords - content: pomerium identity-access-proxy mtls client-certificate + content: pomerium, identity access proxy, mtls, client certificate, mutual authentication description: >- This guide covers how to configure Pomerium to provide mutual authentication (mTLS) to an upstream service, using client certificates with a custom certificate authority. @@ -11,7 +11,7 @@ description: >- # Upstream mTLS With Pomerium -Part of a complete zero-trust security model is secure communication between your identity-aware access proxy (Pomerium) and the upstream service it provides access to. This means both Pomerium *and* the upstream service will authenticate each other. +Part of a complete zero trust security model is secure communication between your identity-aware access proxy (Pomerium) and the upstream service it provides access to. This means both Pomerium *and* the upstream service will authenticate each other. Pomerium confirms the identity of an upstream service by the TLS certificate it serves. See [`tls_custom_ca_file`] and [`tls_server_name`] for more information on configuring Pomerium to accept an upstream's TLS certificate. diff --git a/docs/reference/readme.md b/docs/reference/readme.md index e42c7e57e..7e0ebf058 100644 --- a/docs/reference/readme.md +++ b/docs/reference/readme.md @@ -4,7 +4,7 @@ lang: en-US sidebarDepth: 2 meta: - name: keywords - content: configuration options settings pomerium + content: configuration, options, settings, pomerium, reference --- # Configuration Settings diff --git a/docs/reference/settings.yaml b/docs/reference/settings.yaml index f38e0a248..c824e8851 100644 --- a/docs/reference/settings.yaml +++ b/docs/reference/settings.yaml @@ -5,7 +5,7 @@ preamble: | sidebarDepth: 2 meta: - name: keywords - content: configuration options settings pomerium + content: configuration, options, settings, pomerium, reference --- # Configuration Settings diff --git a/scripts/generate-console-pages.js b/scripts/generate-console-pages.js index b9c6df066..51893d09e 100755 --- a/scripts/generate-console-pages.js +++ b/scripts/generate-console-pages.js @@ -62,7 +62,7 @@ title: Environment Variables lang: en-US meta: - name: keywords - content: configuration options settings Pomerium Enterprise + content: configuration, options, settings, pomerium, enterprise, reference --- # Pomerium Console Environment Variables @@ -102,7 +102,7 @@ lang: en-US sidebarDepth: 2 meta: - name: keywords - content: configuration options settings Pomerium Enterprise + content: configuration, options, settings, pomerium, enterprise, reference --- `;