3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-23 11:39:32 +02:00
Code Issues Projects Releases Packages Wiki Activity

Correct domain name (#3100) (#3116)

Browse source 
* Correct domain name 

hello.localhost.pomerium.com has no dns record associated with it so won't work without hacking `/etc/hosts`
The walkthrough also issues certificates to `*.localhost.pomerium.io`

* expand and clarify use of localhost.pomerium.io

Co-authored-by: alexfornuto <afornuto@pomerium.com>

Co-authored-by: George Ornbo <george@shapeshed.com>
Co-authored-by: alexfornuto <afornuto@pomerium.com>
This commit is contained in:
backport-actions-token[bot] 2022-03-08 21:39:57 +00:00 committed by GitHub
parent a83ce20105
commit 88474f7da5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

5
docs/docs/k8s/helm.md
View file

@ -21,6 +21,7 @@ This quick-start will show you how to deploy Pomerium with [Helm] on [Kubernetes
See [Organizing Cluster Access Using kubeconfig Files] for more information.
- A namespace in the cluster for Pomerium. This document assumes the namespace `pomerium`.
- A configured [identity provider].
- A domain space. The steps below use `*.localhost.pomerium.io` as a placeholder value. We have set DNS records for this domain space to point to `127.0.0.1` (localhost), so you can use this domain space when testing Pomerium locally.
- [TLS certificates]. If you don't yet have a production environment with trusted certificates, this page will cover using [mkcert] to create locally trusted certificates, and [cert-manager] to manage them in the cluster.
::: tip
@ -200,9 +201,9 @@ For development and testing, you can use `kubectl` to create a local proxy:
sudo -E kubectl --namespace pomerium port-forward service/pomerium-proxy 443:443
```
Open a browser and navigate to `hello.localhost.pomerium.com`.
Open a browser and navigate to `hello.localhost.pomerium.io`.
You can also navigate to the special pomerium endpoint `hello.localhost.pomerium.com/.pomerium/` to see your current user details.
You can also navigate to the special pomerium endpoint `hello.localhost.pomerium.io/.pomerium/` to see your current user details.
![currently logged in user](./img/logged-in-as.png)

3
docs/guides/upstream-mtls.md
View file

@ -25,7 +25,8 @@ Generally, every organization has a preferred method of managing internal certif
- This guide uses [mkcert] to provide certificates. mkcert is a development tool, and not designed for production environments. In this guide, mkcert takes the place of your trusted certificate tooling solution.
- We use `*.pomerium.localhost.io` as the placeholder for the Pomerium domain space. If you're testing on your local computer you can edit `/etc/hosts` or use dnsmasq on [macOS](https://blog.thesparktree.com/local-development-with-wildcard-dns) or [Linux](https://sixfeetup.com/blog/local-development-with-wildcard-dns-on-linux) systems to route this domain space to your local computer.
- We use `*.pomerium.localhost.io` as the placeholder for the Pomerium domain space. We have set DNS records for this domain space to point to `127.0.0.1` (localhost), so you can use this domain space when testing Pomerium locally.
If you're testing on your local computer with another domain space, you can edit `/etc/hosts` or use dnsmasq on [macOS](https://blog.thesparktree.com/local-development-with-wildcard-dns) or [Linux](https://sixfeetup.com/blog/local-development-with-wildcard-dns-on-linux) systems to route your domain space to your local computer.
## Create Certificates