docs: replace httpbin with verify (#1702)

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

.devcontainer/envs/nginx.yaml

@@ -7,14 +7,14 @@ services:
       - "80:80"
       - "443:443"
     volumes:
-      - ../../examples/nginx/httpbin.conf:/etc/nginx/conf.d/httpbin.conf
+      - ../../examples/nginx/verify.conf:/etc/nginx/conf.d/verify.conf
       - ../../examples/nginx/pomerium.conf:/etc/nginx/conf.d/pomerium.conf
       - ../../examples/nginx/proxy.conf:/etc/nginx/proxy.conf
       - ../../examples/nginx/_wildcard.localhost.pomerium.io.pem:/etc/nginx/nginx.pem
       - ../../examples/nginx/_wildcard.localhost.pomerium.io-key.pem:/etc/nginx/nginx-key.pem
 
-  httpbin:
+  verify:
-    image: kennethreitz/httpbin:latest
+    image: pomerium/verify
     expose:
       - 80
 

.devcontainer/envs/traefik.yaml

@@ -18,18 +18,18 @@ services:
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
 
-  httpbin:
+  verify:
-    image: kennethreitz/httpbin:latest
+    image: pomerium/verify:latest
     labels:
       - "traefik.http.middlewares.pomerium.forwardauth.authResponseHeaders=X-Pomerium-Claim-Email,X-Pomerium-Claim-User,X-Pomerium-Claim-Groups,X-Pomerium-Jwt-Assertion"
       - "traefik.http.middlewares.pomerium.forwardauth.address=http://pomerium/"
       - "traefik.http.middlewares.pomerium.forwardauth.trustForwardHeader=true"
-      - "traefik.http.routers.httpbin.middlewares=pomerium@docker"
+      - "traefik.http.routers.verify.middlewares=pomerium@docker"
 
       - "traefik.enable=true"
-      - "traefik.http.routers.httpbin.rule=Host(`httpbin.localhost.pomerium.io`)"
+      - "traefik.http.routers.verify.rule=Host(`verify.localhost.pomerium.io`)"
-      - "traefik.http.routers.httpbin.entrypoints=websecure"
+      - "traefik.http.routers.verify.entrypoints=websecure"
-      - "traefik.http.routers.httpbin.tls=true"
+      - "traefik.http.routers.verify.tls=true"
 
   pomerium:
     build: ../.

docs/docs/community/contributing.md

@@ -89,7 +89,7 @@ We use [Netlify](https://www.netlify.com) to build and host our docs. One of nic
 [configuration variables]: ../../reference/readme.md
 [download]: https://github.com/pomerium/pomerium/releases
 [environmental configuration variables]: https://12factor.net/config
-[httpbin]: https://httpbin.org/
+[verify]: https://verify.pomerium.com/
 [identity provider]: ../identity-providers/readme.md
 [make]: https://en.wikipedia.org/wiki/Make_(software)
 [tls certificates]: ../topics/certificates.md

docs/docs/quick-start/binary.md

@@ -39,10 +39,10 @@ Finally, source the configuration `env` file and run pomerium specifying the `co
 
 ## Navigate
 
-Browse to `external-httpbin.your.domain.example`. Connections between you and [httpbin] will now be proxied and managed by Pomerium.
+Browse to `external-verify.your.domain.example`. Connections between you and [verify] will now be proxied and managed by Pomerium.
 
 [configuration variables]: ../../reference/readme.md
 [download]: https://github.com/pomerium/pomerium/releases
-[httpbin]: https://httpbin.org/
+[verify]: https://verify.pomerium.com/
 [identity provider]: ../identity-providers/
 [tls certificates]: ../topics/certificates.md

docs/docs/quick-start/from-source.md

@@ -69,10 +69,10 @@ make && ./bin/pomerium -config config.yaml
 
 ### Navigate
 
-Browse to `httpbin.localhost.pomerium.io`. Connections between you and [httpbin] will now be proxied and managed by Pomerium.
+Browse to `verify.localhost.pomerium.io`. Connections between you and [verify] will now be proxied and managed by Pomerium.
 
 [configuration variables]: ../../reference/readme.md
-[httpbin]: https://httpbin.org/
+[verify]: https://verify.pomerium.com/
 [identity provider]: ../identity-providers/
 [make]: https://en.wikipedia.org/wiki/Make_(software)
 [tls certificates]: ../topics/certificates.md

docs/docs/quick-start/helm.md

@@ -46,9 +46,9 @@ Run [./scripts/helm_gke.sh] which will:
 
 ## Navigate
 
-Open a browser and navigate to `httpbin.your.domain.example`.
+Open a browser and navigate to `verify.your.domain.example`.
 
-You can also navigate to the special pomerium endpoint `httpbin.your.domain.example/.pomerium/` to see your current user details.
+You can also navigate to the special pomerium endpoint `verify.your.domain.example/.pomerium/` to see your current user details.
 
 ![currently logged in user](./img/logged-in-as.png)
 

docs/docs/quick-start/readme.md

@@ -58,11 +58,11 @@ Finally, simply run docker compose.
 docker-compose up
 ```
 
-Docker will automatically download the required [container images] for Pomerium and [httpbin]. Then, Pomerium will run with the configuration details set in the previous steps.
+Docker will automatically download the required [container images] for Pomerium and [verify]. Then, Pomerium will run with the configuration details set in the previous steps.
 
-You should now be able access to the routes (e.g. `https://httpbin.corp.yourdomain.example`) as specified in your policy file.
+You should now be able access to the routes (e.g. `https://verify.localhost.pomerium.io`) as specified in your policy file.
 
-You can also navigate to the special pomerium endpoint `httpbin.corp.yourdomain.example/.pomerium/` to see your current user details.
+You can also navigate to the special pomerium endpoint `verify.corp.yourdomain.example/.pomerium/` to see your current user details.
 
 ![currently logged in user](./img/logged-in-as.png)
 
@@ -70,6 +70,6 @@ You can also navigate to the special pomerium endpoint `httpbin.corp.yourdomain.
 [container images]: https://hub.docker.com/r/pomerium/pomerium
 [docker]: https://docs.docker.com/install/
 [docker-compose]: https://docs.docker.com/compose/install/
-[httpbin]: https://httpbin.org/
+[verify]: https://verify.pomerium.com/
 [identity provider]: ../identity-providers/readme.md
 [tls certificates]: ../topics/certificates.md

docs/docs/topics/programmatic-access.md

@@ -18,9 +18,9 @@ The API returns a cryptographically signed sign-in url that can be used to compl
 For example:
 
 ```bash
-$ curl "https://httpbin.example.com/.pomerium/api/v1/login?redirect_uri=http://localhost:8000"
+$ curl "https://verify.example.com/.pomerium/api/v1/login?redirect_uri=http://localhost:8000"
 
-https://authenticate.example.com/.pomerium/sign_in?redirect_uri=http%3A%2F%2Flocalhost%3Fpomerium_callback_uri%3Dhttps%253A%252F%252Fhttpbin.corp.example%252F.pomerium%252Fapi%252Fv1%252Flogin%253Fredirect_uri%253Dhttp%253A%252F%252Flocalhost&sig=hsLuzJctmgsN4kbMeQL16fe_FahjDBEcX0_kPYfg8bs%3D&ts=1573262981
+https://authenticate.example.com/.pomerium/sign_in?redirect_uri=http%3A%2F%2Flocalhost%3Fpomerium_callback_uri%3Dhttps%253A%252F%verify.corp.example%252F.pomerium%252Fapi%252Fv1%252Flogin%253Fredirect_uri%253Dhttp%253A%252F%252Flocalhost&sig=hsLuzJctmgsN4kbMeQL16fe_FahjDBEcX0_kPYfg8bs%3D&ts=1573262981
 ```
 
 ### Callback handler
@@ -35,13 +35,13 @@ Your script or application should anticipate the possibility that your underlyin
 
 ## High level workflow
 
-The application interacting with Pomerium must manage the following workflow. Consider the following example where a script or program desires delegated, programmatic access to the domain `httpbin.corp.domain.example`:
+The application interacting with Pomerium must manage the following workflow. Consider the following example where a script or program desires delegated, programmatic access to the domain `verify.corp.domain.example`:
 
-1. The script or application requests a new login url from the pomerium managed endpoint (e.g. `https://httpbin.corp.domain.example/.pomerium/api/v1/login`) and takes a `redirect_uri` as an argument.
+1. The script or application requests a new login url from the pomerium managed endpoint (e.g. `https://verify.corp.domain.example/.pomerium/api/v1/login`) and takes a `redirect_uri` as an argument.
 1. The script or application opens a browser or redirects the user to the returned login page.
 1. The user completes the identity providers login flow.
 1. The identity provider makes a callback to pomerium's authenticate service (e.g. `authenticate.corp.domain.example`) .
-1. Pomerium's authenticate service creates a user session and redirect token, then redirects back to the managed endpoint (e.g. `httpbin.corp.domain.example`)
+1. Pomerium's authenticate service creates a user session and redirect token, then redirects back to the managed endpoint (e.g. `verify.corp.domain.example`)
 1. Pomerium's proxy service makes a callback request to the original `redirect_uri` with the user session and as an argument.
 1. The script or application is responsible for handling that http callback request, and securely handling the callback session (`pomerium_jwt`) queryparam.
 1. The script or application can now make any requests as normal to the upstream application by setting the `Authorization: Pomerium ${pomerium_jwt}` header.
@@ -52,7 +52,7 @@ Please consider see the following minimal but complete python example.
 
 ```bash
 python3 scripts/programmatic_access.py \
-	--dst https://httpbin.example.com/headers
+	--dst https://verify.example.com/headers
 ```
 
 <<< @/scripts/programmatic_access.py

docs/docs/upgrading.md

@@ -241,15 +241,15 @@ Previous programmatic authentication endpoints (`/api/v1/token`) has been remove
 
 ### Forward-auth route change
 
-Previously, routes were verified by taking the downstream applications hostname in the form of a path `(e.g. ${forwardauth}/.pomerium/verify/httpbin.some.example`) variable. The new method for verifying a route using forward authentication is to pass the entire requested url in the form of a query string `(e.g. ${forwardauth}/.pomerium/verify?url=https://httpbin.some.example)` where the routed domain is the value of the `uri` key.
+Previously, routes were verified by taking the downstream applications hostname in the form of a path `(e.g. ${forwardauth}/.pomerium/verify/verify.some.example`) variable. The new method for verifying a route using forward authentication is to pass the entire requested url in the form of a query string `(e.g. ${forwardauth}/.pomerium/verify?url=https://verify.some.example)` where the routed domain is the value of the `uri` key.
 
 Note that the verification URL is no longer nested under the `.pomerium` endpoint.
 
 For example, in nginx this would look like:
 
 ```diff
--    nginx.ingress.kubernetes.io/auth-url: https://forwardauth.corp.example.com/.pomerium/verify/httpbin.corp.example.com?no_redirect=true
+-    nginx.ingress.kubernetes.io/auth-url: https://forwardauth.corp.example.com/.pomerium/verify/verify.corp.example.com?no_redirect=true
--    nginx.ingress.kubernetes.io/auth-signin: https://forwardauth.corp.example.com/.pomerium/verify/httpbin.corp.example.com
+-    nginx.ingress.kubernetes.io/auth-signin: https://forwardauth.corp.example.com/.pomerium/verify/verify.corp.example.com
 +    nginx.ingress.kubernetes.io/auth-url: https://forwardauth.corp.example.com/verify?uri=$scheme://$host$request_uri
 +    nginx.ingress.kubernetes.io/auth-signin: https://forwardauth.corp.example.com?uri=$scheme://$host$request_uri
 ```
@@ -324,12 +324,12 @@ Previously, it was allowable to define a policy without a schema (e.g. `http`/`h
 
 ```yaml
 policy:
-  - from: httpbin.corp.domain.example
+  - from: verify.corp.domain.example
-    to: http://httpbin
+    to: http://verify
     allowed_domains:
       - pomerium.io
-  - from: external-httpbin.corp.domain.example
+  - from: external-verify.corp.domain.example
-    to: https://httpbin.org
+    to: https://verify.pomerium.com
     allow_public_unauthenticated_access: true
 ```
 
@@ -337,12 +337,12 @@ Should now be:
 
 ```yaml
 policy:
-  - from: https://httpbin.corp.domain.example
+  - from: https://verify.corp.domain.example
-    to: http://httpbin
+    to: http://verify
     allowed_domains:
       - pomerium.io
-  - from: https://external-httpbin.corp.domain.example
+  - from: https://external-verify.corp.domain.example
-    to: https://httpbin.org
+    to: https://verify.pomerium.com
     allow_public_unauthenticated_access: true
 ```
 
@@ -364,8 +364,8 @@ Usage of the POLICY_FILE envvar is no longer supported. Support for file based p
   Old:
 
   ```yaml
-  - from: httpbin.corp.beyondperimeter.com
+  - from: verify.localhost.pomerium.io
-    to: http://httpbin
+    to: http://verify
     allowed_domains:
       - pomerium.io
     cors_allow_preflight: true
@@ -376,8 +376,8 @@ Usage of the POLICY_FILE envvar is no longer supported. Support for file based p
 
   ```yaml
   policy:
-    - from: httpbin.corp.beyondperimeter.com
+    - from: verify.localhost.pomerium.io
-      to: http://httpbin
+      to: http://verify
       allowed_domains:
         - pomerium.io
       cors_allow_preflight: true

docs/guides/cloud-run.md

@@ -108,7 +108,7 @@ And a hello page:
 
 If your target application is not running on GCP, you can also perform your own header validation.
 
-Browse to [https://httpbin.cloudrun.pomerium.io](https://httpbin.cloudrun.pomerium.io/headers)
+Browse to [https://verify.cloudrun.pomerium.io](https://verify.cloudrun.pomerium.io/headers)
 
 You should see your identity header set:
 

docs/guides/local-oidc.md

@@ -34,8 +34,8 @@ services:
     depends_on:
       - identityprovider
 
-  httpbin:
+  verify:
-    image: kennethreitz/httpbin:latest
+    image: pomerium/verify
     expose:
       - 80
 
@@ -75,8 +75,8 @@ cookie_secret: <reducted>
 
 # https://www.pomerium.io/configuration/#policy
 policy:
-  - from: https://httpbin.localhost.pomerium.io
+  - from: https://verify.localhost.pomerium.io
-    to: http://httpbin
+    to: http://verify
     allowed_domains:
       - example.org
 ```
@@ -147,7 +147,7 @@ $ : wait identityprovider up
 $ docker-compose up -d
 ```
 
-Now accessing to `https://httpbin.localhost.pomerium.io` and you will be redireted to OIDC server for authentication.
+Now accessing to `https://verify.localhost.pomerium.io` and you will be redireted to OIDC server for authentication.
 
 [identity provider]: ../docs/identity-providers/
 [qlik/simple-oidc-provider]: https://hub.docker.com/r/qlik/simple-oidc-provider/

docs/guides/mtls.md

@@ -74,8 +74,8 @@ idp_client_id: YOUR_CLIENT_ID
 idp_client_secret: YOUR_SECRET
 
 policy:
-  - from: "https://httpbin.localhost.pomerium.io:8443"
+  - from: "https://verify.localhost.pomerium.io:8443"
-    to: "https://httpbin.org"
+    to: "https://verify.org"
     allow_public_unauthenticated_access: true
 ```
 
@@ -89,7 +89,7 @@ Before visiting the page in your browser we have one final step.
 
 ## Install Client Certificate
 
-Because `https://httpbin.localhost.pomerium.io:8443` now requires a client certificate to be accessed, we first need to install that client certificate in our browser. The following instructions are for Chrome, but client certificates are supported in all major browsers.
+Because `https://verify.localhost.pomerium.io:8443` now requires a client certificate to be accessed, we first need to install that client certificate in our browser. The following instructions are for Chrome, but client certificates are supported in all major browsers.
 
 Go to <chrome://settings/certificates>:
 
@@ -109,6 +109,6 @@ You should see the `org-mkcert development certificate` in the list of your cert
 
 ## Using the Client Certificate
 
-You can now visit **<https://httpbin.localhost.pomerium.io>** and you should be prompted to choose a client certificate:
+You can now visit **<https://verify.localhost.pomerium.io>** and you should be prompted to choose a client certificate:
 
 ![choose client certificate](./img/mtls/05-select-client-certificate.png)

docs/guides/nginx.md

@@ -13,7 +13,7 @@ description: >-
 
 This recipe's sources can be found [on github](https://github.com/pomerium/pomerium/tree/master/examples/nginx)
 
-At the end, you will have a locally running install of [httpbin](https://httpbin.org/) behind nginx with policy enforced by Pomerium.
+At the end, you will have a locally running install of [verify](https://verify.pomerium.com/) behind nginx with policy enforced by Pomerium.
 
 ## Background
 
@@ -72,28 +72,28 @@ Nginx configuration for Pomerium endpoints
 
 <<< @/examples/nginx/pomerium.conf
 
-### Nginx - httpbin
+### Nginx - verify
 
 Nginx configuration for the protected endpoint
 
-<<< @/examples/nginx/httpbin.conf
+<<< @/examples/nginx/verify.conf
 
 ### Docker Compose
 
 <<< @/examples/nginx/docker-compose.yaml
 
-Run `docker-compose up`. After a few seconds, browse to [httpbin.localhost.pomerium.io](https://httpbin.localhost.pomerium.io).
+Run `docker-compose up`. After a few seconds, browse to [verify.localhost.pomerium.io](https://verify.localhost.pomerium.io).
 
-You should be prompted to log in through your IdP and then granted access to the deployed `httpbin` instance.
+You should be prompted to log in through your IdP and then granted access to the deployed `verify` instance.
 
 ## That's it!
 
-Your `httpbin` install is protected by Pomerium.
+Your `verify` install is protected by Pomerium.
 
 ## Adapting
 
 To re-use the configuration in this demo in other contexts:
 
-- Update `httpbin.conf` to reflect the correct forward auth URL in `location @error401`
+- Update `verify.conf` to reflect the correct forward auth URL in `location @error401`
 - Update `pomerium.conf` to reflect the pomerium hostname(s) or IP(s) in `upstream pomerium`
 - Update `pomerium.conf` to reflect your pomerium authenticate and forward auth hostnames in `server_name`

docs/reference/readme.md

@@ -141,8 +141,8 @@ For example, if specifying multiple certificates at once:
 certificates:
   - cert: "$HOME/.acme.sh/authenticate.example.com_ecc/fullchain.cer"
     key: "$HOME/.acme.sh/authenticate.example.com_ecc/authenticate.example.com.key"
-  - cert: "$HOME/.acme.sh/httpbin.example.com_ecc/fullchain.cer"
+  - cert: "$HOME/.acme.sh/verify.example.com_ecc/fullchain.cer"
-    key: "$HOME/.acme.sh/httpbin.example.com_ecc/httpbin.example.com.key"
+    key: "$HOME/.acme.sh/verify.example.com_ecc/verify.example.com.key"
   - cert: "$HOME/.acme.sh/prometheus.example.com_ecc/fullchain.cer"
     key: "$HOME/.acme.sh/prometheus.example.com_ecc/prometheus.example.com.key"
 ```
@@ -244,7 +244,7 @@ For example, if `true`
 
 ```
 10:37AM INF cmd/pomerium version=v0.0.1-dirty+ede4124
-10:37AM INF proxy: new route from=httpbin.localhost.pomerium.io to=https://httpbin.org
+10:37AM INF proxy: new route from=verify.localhost.pomerium.io to=https://verify.org
 10:37AM INF proxy: new route from=ssl.localhost.pomerium.io to=http://neverssl.com
 10:37AM INF proxy/authenticator: grpc connection OverrideCertificateName= addr=auth.localhost.pomerium.io:443
 ```
@@ -253,7 +253,7 @@ If `false`
 
 ```
 {"level":"info","version":"v0.0.1-dirty+ede4124","time":"2019-02-18T10:41:03-08:00","message":"cmd/pomerium"}
-{"level":"info","from":"httpbin.localhost.pomerium.io","to":"https://httpbin.org","time":"2019-02-18T10:41:03-08:00","message":"proxy: new route"}
+{"level":"info","from":"verify.localhost.pomerium.io","to":"https://verify.org","time":"2019-02-18T10:41:03-08:00","message":"proxy: new route"}
 {"level":"info","from":"ssl.localhost.pomerium.io","to":"http://neverssl.com","time":"2019-02-18T10:41:03-08:00","message":"proxy: new route"}
 {"level":"info","OverrideCertificateName":"","addr":"auth.localhost.pomerium.io:443","time":"2019-02-18T10:41:03-08:00","message":"proxy/authenticator: grpc connection"}
 ```
@@ -283,7 +283,7 @@ Some reverse-proxies, such as nginx split access control flow into two parts: ve
 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
-  name: httpbin
+  name: verify
   annotations:
     kubernetes.io/ingress.class: "nginx"
     certmanager.k8s.io/issuer: "letsencrypt-prod"
@@ -292,15 +292,15 @@ metadata:
 spec:
   tls:
     - hosts:
-        - httpbin.corp.example.com
+        - verify.corp.example.com
       secretName: quickstart-example-tls
   rules:
-    - host: httpbin.corp.example.com
+    - host: verify.corp.example.com
       http:
         paths:
           - path: /
             backend:
-              serviceName: httpbin
+              serviceName: verify
               servicePort: 80
 ```
 
@@ -329,15 +329,15 @@ services:
     volumes:
       # So that Traefik can listen to the Docker events
       - /var/run/docker.sock:/var/run/docker.sock
-  httpbin:
+  verify:
     # A container that exposes an API to show its IP address
-    image: kennethreitz/httpbin:latest
+    image: pomerium/verify
     labels:
-      - "traefik.http.routers.httpbin.rule=Host(`httpbin.corp.example.com`)"
+      - "traefik.http.routers.verify.rule=Host(`verify.corp.example.com`)"
       # Create a middleware named `foo-add-prefix`
       - "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Pomerium-Authenticated-User-Email,x-pomerium-authenticated-user-id,x-pomerium-authenticated-user-groups,x-pomerium-jwt-assertion"
-      - "traefik.http.middlewares.test-auth.forwardauth.address=http://forwardauth.corp.example.com/?uri=https://httpbin.corp.example.com"
+      - "traefik.http.middlewares.test-auth.forwardauth.address=http://forwardauth.corp.example.com/?uri=https://verify.corp.example.com"
-      - "traefik.http.routers.httpbin.middlewares=test-auth@docker"
+      - "traefik.http.routers.verify.middlewares=test-auth@docker"
 ```
 
 
@@ -1044,7 +1044,7 @@ Requires setting [Google Cloud Serverless Authentication Service Account](./#goo
 - `yaml`/`json` setting: `from`
 - Type: `URL` (must contain a scheme and hostname, must not contain a path)
 - Required
-- Example: `https://httpbin.corp.example.com`
+- Example: `https://verify.corp.example.com`
 
 `From` is the externally accessible source of the proxied request.
 
@@ -1200,13 +1200,13 @@ See [ProxyPreserveHost](http://httpd.apache.org/docs/2.0/mod/mod_proxy.html#prox
 Set Request Headers allows you to set static values for given request headers. This can be useful if you want to pass along additional information to downstream applications as headers, or set authentication header to the request. For example:
 
 ```yaml
-- from: https://httpbin.corp.example.com
+- from: https://verify.corp.example.com
-  to: https://httpbin.org
+  to: https://verify.pomerium.com
   allowed_users:
     - bdd@pomerium.io
   set_request_headers:
     # works auto-magically!
-    # https://httpbin.corp.example.com/basic-auth/root/hunter42
+    # https://verify.corp.example.com/basic-auth/root/hunter42
     Authorization: Basic cm9vdDpodW50ZXI0Mg==
     X-Your-favorite-authenticating-Proxy: "Pomerium"
 ```
@@ -1220,8 +1220,8 @@ Set Request Headers allows you to set static values for given request headers. T
 Remove Request Headers allows you to remove given request headers. This can be useful if you want to prevent privacy information from being passed to downstream applications. For example:
 
 ```yaml
-- from: https://httpbin.corp.example.com
+- from: https://verify.corp.example.com
-  to: https://httpbin.org
+  to: https://verify.pomerium.com
   allowed_users:
     - bdd@pomerium.io
   remove_request_headers:
@@ -1234,7 +1234,7 @@ Remove Request Headers allows you to remove given request headers. This can be u
 - `yaml`/`json` setting: `to`
 - Type: `URL` (must contain a scheme and hostname)
 - Required
-- Example: `http://httpbin` , `https://192.1.20.12:8080`, `http://neverssl.com`, `https://httpbin.org/anything/`
+- Example: `http://verify` , `https://192.1.20.12:8080`, `http://neverssl.com`, `https://verify.org/anything/`
 
 `To` is the destination of a proxied request. It can be an internal resource, or an external resource.
 
@@ -1245,20 +1245,20 @@ Be careful with trailing slash.
 With rule:
 
 ```yaml
-- from: https://httpbin.corp.example.com
+- from: https://verify.corp.example.com
-  to: https://httpbin.org/anything
+  to: https://verify.pomerium.com/anything
 ```
 
-Requests to `https://httpbin.corp.example.com` will be forwarded to `https://httpbin.org/anything`, while requests to `https://httpbin.corp.example.com/foo` will be forwarded to `https://httpbin.org/anythingfoo`.To make the request forwarded to `https://httbin.org/anything/foo`, you can use double slashes in your request `https://httbin.corp.example.com//foo`.
+Requests to `https://verify.corp.example.com` will be forwarded to `https://verify.org/anything`, while requests to `https://verify.corp.example.com/foo` will be forwarded to `https://verify.org/anythingfoo`.To make the request forwarded to `https://httbin.org/anything/foo`, you can use double slashes in your request `https://httbin.corp.example.com//foo`.
 
 While the rule:
 
 ```yaml
-- from: https://httpbin.corp.example.com
+- from: https://verify.corp.example.com
-  to: https://httpbin.org/anything/
+  to: https://verify.pomerium.com/anything/
 ```
 
-All requests to `https://httpbin.corp.example.com/*` will be forwarded to `https://httpbin.org/anything/*`. That means accessing to `https://httpbin.corp.example.com` will be forwarded to `https://httpbin.org/anything/`. That said, if your application does not handle trailing slash, the request will end up with 404 not found.
+All requests to `https://verify.corp.example.com/*` will be forwarded to `https://verify.org/anything/*`. That means accessing to `https://verify.corp.example.com` will be forwarded to `https://verify.org/anything/`. That said, if your application does not handle trailing slash, the request will end up with 404 not found.
 
 :::
 

docs/reference/settings.yaml

@@ -175,8 +175,8 @@ settings:
           certificates:
             - cert: "$HOME/.acme.sh/authenticate.example.com_ecc/fullchain.cer"
               key: "$HOME/.acme.sh/authenticate.example.com_ecc/authenticate.example.com.key"
-            - cert: "$HOME/.acme.sh/httpbin.example.com_ecc/fullchain.cer"
+            - cert: "$HOME/.acme.sh/verify.example.com_ecc/fullchain.cer"
-              key: "$HOME/.acme.sh/httpbin.example.com_ecc/httpbin.example.com.key"
+              key: "$HOME/.acme.sh/verify.example.com_ecc/verify.example.com.key"
             - cert: "$HOME/.acme.sh/prometheus.example.com_ecc/fullchain.cer"
               key: "$HOME/.acme.sh/prometheus.example.com_ecc/prometheus.example.com.key"
           ```
@@ -290,7 +290,7 @@ settings:
 
           ```
           10:37AM INF cmd/pomerium version=v0.0.1-dirty+ede4124
-          10:37AM INF proxy: new route from=httpbin.localhost.pomerium.io to=https://httpbin.org
+          10:37AM INF proxy: new route from=verify.localhost.pomerium.io to=https://verify.pomerium.com
           10:37AM INF proxy: new route from=ssl.localhost.pomerium.io to=http://neverssl.com
           10:37AM INF proxy/authenticator: grpc connection OverrideCertificateName= addr=auth.localhost.pomerium.io:443
           ```
@@ -299,7 +299,7 @@ settings:
 
           ```
           {"level":"info","version":"v0.0.1-dirty+ede4124","time":"2019-02-18T10:41:03-08:00","message":"cmd/pomerium"}
-          {"level":"info","from":"httpbin.localhost.pomerium.io","to":"https://httpbin.org","time":"2019-02-18T10:41:03-08:00","message":"proxy: new route"}
+          {"level":"info","from":"verify.localhost.pomerium.io","to":"https://verify.pomerium.com","time":"2019-02-18T10:41:03-08:00","message":"proxy: new route"}
           {"level":"info","from":"ssl.localhost.pomerium.io","to":"http://neverssl.com","time":"2019-02-18T10:41:03-08:00","message":"proxy: new route"}
           {"level":"info","OverrideCertificateName":"","addr":"auth.localhost.pomerium.io:443","time":"2019-02-18T10:41:03-08:00","message":"proxy/authenticator: grpc connection"}
           ```
@@ -331,7 +331,7 @@ settings:
           apiVersion: extensions/v1beta1
           kind: Ingress
           metadata:
-            name: httpbin
+            name: verify
             annotations:
               kubernetes.io/ingress.class: "nginx"
               certmanager.k8s.io/issuer: "letsencrypt-prod"
@@ -340,15 +340,15 @@ settings:
           spec:
             tls:
               - hosts:
-                  - httpbin.corp.example.com
+                  - verify.corp.example.com
                 secretName: quickstart-example-tls
             rules:
-              - host: httpbin.corp.example.com
+              - host: verify.corp.example.com
                 http:
                   paths:
                     - path: /
                       backend:
-                        serviceName: httpbin
+                        serviceName: verify
                         servicePort: 80
           ```
 
@@ -377,15 +377,15 @@ settings:
               volumes:
                 # So that Traefik can listen to the Docker events
                 - /var/run/docker.sock:/var/run/docker.sock
-            httpbin:
+            verify:
               # A container that exposes an API to show its IP address
-              image: kennethreitz/httpbin:latest
+              image: pomerium/verify:latest
               labels:
-                - "traefik.http.routers.httpbin.rule=Host(`httpbin.corp.example.com`)"
+                - "traefik.http.routers.verify.rule=Host(`verify.corp.example.com`)"
                 # Create a middleware named `foo-add-prefix`
                 - "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Pomerium-Authenticated-User-Email,x-pomerium-authenticated-user-id,x-pomerium-authenticated-user-groups,x-pomerium-jwt-assertion"
-                - "traefik.http.middlewares.test-auth.forwardauth.address=http://forwardauth.corp.example.com/?uri=https://httpbin.corp.example.com"
+                - "traefik.http.middlewares.test-auth.forwardauth.address=http://forwardauth.corp.example.com/?uri=https://verify.corp.example.com"
-                - "traefik.http.routers.httpbin.middlewares=test-auth@docker"
+                - "traefik.http.routers.verify.middlewares=test-auth@docker"
           ```
         shortdoc: |
           Forward authentication creates an endpoint that can be used with third-party proxies.
@@ -1160,7 +1160,7 @@ settings:
           - `yaml`/`json` setting: `from`
           - Type: `URL` (must contain a scheme and hostname, must not contain a path)
           - Required
-          - Example: `https://httpbin.corp.example.com`
+          - Example: `https://verify.corp.example.com`
         doc: |
           `From` is the externally accessible source of the proxied request.
       - name: "Kubernetes Service Account Token"
@@ -1326,13 +1326,13 @@ settings:
           Set Request Headers allows you to set static values for given request headers. This can be useful if you want to pass along additional information to downstream applications as headers, or set authentication header to the request. For example:
 
           ```yaml
-          - from: https://httpbin.corp.example.com
+          - from: https://verify.corp.example.com
-            to: https://httpbin.org
+            to: https://verify.pomerium.com
             allowed_users:
               - bdd@pomerium.io
             set_request_headers:
               # works auto-magically!
-              # https://httpbin.corp.example.com/basic-auth/root/hunter42
+              # https://verify.corp.example.com/basic-auth/root/hunter42
               Authorization: Basic cm9vdDpodW50ZXI0Mg==
               X-Your-favorite-authenticating-Proxy: "Pomerium"
           ```
@@ -1346,8 +1346,8 @@ settings:
           Remove Request Headers allows you to remove given request headers. This can be useful if you want to prevent privacy information from being passed to downstream applications. For example:
 
           ```yaml
-          - from: https://httpbin.corp.example.com
+          - from: https://verify.corp.example.com
-            to: https://httpbin.org
+            to: https://verify.pomerium.com
             allowed_users:
               - bdd@pomerium.io
             remove_request_headers:
@@ -1360,7 +1360,7 @@ settings:
           - `yaml`/`json` setting: `to`
           - Type: `URL` (must contain a scheme and hostname)
           - Required
-          - Example: `http://httpbin` , `https://192.1.20.12:8080`, `http://neverssl.com`, `https://httpbin.org/anything/`
+          - Example: `http://verify` , `https://192.1.20.12:8080`, `http://neverssl.com`, `https://verify.pomerium.com/anything/`
         doc: |
           `To` is the destination of a proxied request. It can be an internal resource, or an external resource.
 
@@ -1371,20 +1371,20 @@ settings:
           With rule:
 
           ```yaml
-          - from: https://httpbin.corp.example.com
+          - from: https://verify.corp.example.com
-            to: https://httpbin.org/anything
+            to: https://verify.pomerium.com/anything
           ```
 
-          Requests to `https://httpbin.corp.example.com` will be forwarded to `https://httpbin.org/anything`, while requests to `https://httpbin.corp.example.com/foo` will be forwarded to `https://httpbin.org/anythingfoo`.To make the request forwarded to `https://httbin.org/anything/foo`, you can use double slashes in your request `https://httbin.corp.example.com//foo`.
+          Requests to `https://verify.corp.example.com` will be forwarded to `https://verify.pomerium.com/anything`, while requests to `https://verify.corp.example.com/foo` will be forwarded to `https://verify.pomerium.com/anythingfoo`.To make the request forwarded to `https://httbin.org/anything/foo`, you can use double slashes in your request `https://httbin.corp.example.com//foo`.
 
           While the rule:
 
           ```yaml
-          - from: https://httpbin.corp.example.com
+          - from: https://verify.corp.example.com
-            to: https://httpbin.org/anything/
+            to: https://verify.pomerium.com/anything/
           ```
 
-          All requests to `https://httpbin.corp.example.com/*` will be forwarded to `https://httpbin.org/anything/*`. That means accessing to `https://httpbin.corp.example.com` will be forwarded to `https://httpbin.org/anything/`. That said, if your application does not handle trailing slash, the request will end up with 404 not found.
+          All requests to `https://verify.corp.example.com/*` will be forwarded to `https://verify.pomerium.com/anything/*`. That means accessing to `https://verify.corp.example.com` will be forwarded to `https://verify.pomerium.com/anything/`. That said, if your application does not handle trailing slash, the request will end up with 404 not found.
 
           :::
       - name: "TLS Skip Verification"

examples/cloudrun/README.md

@@ -1,7 +1,7 @@
 # Pomerium on Cloud Run
 
-Run this demo with gcloud command line configured for your project.  The commands assume 
+Run this demo with gcloud command line configured for your project.  The commands assume
-all resources (Cloud Run, Cloud DNS, and Secret Manager) are in a single project.  
+all resources (Cloud Run, Cloud DNS, and Secret Manager) are in a single project.
 
 We recommend a dedicated project that is easy to clean up.
 
@@ -28,6 +28,6 @@ This demo includes a Cloud Run target configured to only accept requests from th
 - Deploy config.yaml to Secret Manager
 - Deploy the demo hello world app
 - Deploy pomerium with policy
-- Navigate to `https://httpbin.cloudrun.pomerium.io`
+- Navigate to `https://verify.cloudrun.pomerium.io`
 - Navigate to `https://hello-direct.cloudrun.pomerium.io`
-- Navigate to `https://hello.cloudrun.pomerium.io`
+- Navigate to `https://hello.cloudrun.pomerium.io`

examples/cloudrun/policy.template.yaml

@@ -4,8 +4,8 @@
   allowed_domains:
     - gmail.com
   enable_google_cloud_serverless_authentication: true
-- from: https://httpbin.cloudrun.pomerium.io
+- from: https://verify.cloudrun.pomerium.io
-  to: https://httpbin.org
+  to: https://verify.pomerium.com
   pass_identity_headers: true
   allowed_domains:
     - gmail.com

examples/config/config.example.yaml

@@ -75,7 +75,7 @@ authenticate_service_url: https://authenticate.localhost.pomerium.io
 
 # Proxied routes and per-route policies are defined in a policy block
 policy:
-  - from: https://httpbin.localhost.pomerium.io
+  - from: https://verify.localhost.pomerium.io
     to: http://httpbin
     allowed_domains:
       - pomerium.io
@@ -83,8 +83,8 @@ policy:
     timeout: 30s
     pass_identity_headers: true
 
-  - from: https://external-httpbin.localhost.pomerium.io
+  - from: https://external-verify.localhost.pomerium.io
-    to: https://httpbin.org
+    to: https://verify.pomerium.com
     allowed_domains:
       - gmail.com
     pass_identity_headers: true

examples/config/config.minimal.yaml

@@ -19,8 +19,8 @@ cookie_secret: WwMtDXWaRDMBQCylle8OJ+w4kLIDIGd8W3cB4/zFFtg=
 
 # https://www.pomerium.io/configuration/#policy
 policy:
-  - from: https://httpbin.localhost.pomerium.io
+  - from: https://verify.localhost.pomerium.io
-    to: https://httpbin.org
+    to: https://verify.pomerium.com
     allowed_users:
       - bdd@pomerium.io
     pass_identity_headers: true

examples/config/policy.example.yaml

@@ -8,14 +8,14 @@
 # Proxied routes and per-route policies are defined in a policy block
 # NOTA BENE: You must uncomment the below 'policy' key if you are loading policy as a file.
 # policy:
-- from: https://httpbin.localhost.pomerium.io
+- from: https://verify.localhost.pomerium.io
   to: http://localhost:8000
   allowed_domains:
     - pomerium.io
   cors_allow_preflight: true
   timeout: 30s
-- from: https://external-httpbin.localhost.pomerium.io
+- from: https://external-verify.localhost.pomerium.io
-  to: https://httpbin.org
+  to: https://verify.pomerium.com
   allowed_domains:
     - gmail.com
 - from: https://weirdlyssl.localhost.pomerium.io

examples/docker/autocert.docker-compose.yml

@@ -11,8 +11,8 @@ services:
     ports:
       - 443:443
 
-  # https://httpbin.corp.beyondperimeter.com --> Pomerium --> http://httpbin
+  # https://verify.corp.beyondperimeter.com --> Pomerium --> http://verify
-  httpbin:
+  verify:
-    image: kennethreitz/httpbin:latest
+    image: pomerium/verify:latest
     expose:
       - 80

examples/docker/basic.docker-compose.yml

@@ -14,8 +14,8 @@ services:
     ports:
       - 443:443
 
-  # https://httpbin.corp.beyondperimeter.com --> Pomerium --> http://httpbin
+  # https://verify.corp.beyondperimeter.com --> Pomerium --> http://verify
-  httpbin:
+  verify:
-    image: kennethreitz/httpbin:latest
+    image: pomerium/verify:latest
     expose:
       - 80

examples/docker/nginx.docker-compose.yml

@@ -91,9 +91,9 @@ services:
     expose:
       - 443
 
-  # https://httpbin.corp.beyondperimeter.com
+  # https://verify.corp.beyondperimeter.com
-  httpbin:
+  verify:
-    image: kennethreitz/httpbin:latest
+    image: pomerium/verify:latest
     expose:
       - 80
   # https://hello.corp.beyondperimeter.com

examples/kubernetes/kubernetes-config.yaml

@@ -18,7 +18,7 @@ idp_client_secret: "REPLACE_ME"
 idp_service_account: YOUR_SERVICE_ACCOUNT
 
 policy:
-  - from: https://httpbin.localhost.pomerium.io
+  - from: https://verify.localhost.pomerium.io
     to: http://httpbin.default.svc.cluster.local:8000
     allowed_domains:
       - gmail.com

examples/mutual-tls/README.md

@@ -25,8 +25,8 @@ policy:
     tls_client_cert_file: "/Users/bdd/examples/mutual-tls/out/pomerium.crt"
     tls_client_key_file: "/Users/bdd/examples/mutual-tls/out/pomerium.key"
 
-  - from: https://httpbin.corp.domain.example
+  - from: https://verify.corp.domain.example
-    to: https://httpbin.org
+    to: https://verify.pomerium.com
     allow_public_unauthenticated_access: true
 ```
 

examples/mutual-tls/example.config.yaml

@@ -19,6 +19,6 @@ policy:
     # pomerium.key
     tls_client_key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcGdJQkFBS0NBUUVBNjdLanFtUVlHcTBNVnRBQ1ZwZUNtWG1pbmxRYkRQR0xtc1pBVUV3dWVIUW5ydDNXCnR2cERPbTZBbGFKTVVuVytIdTU1ampva2FsS2VWalRLbWdZR2JxVXpWRG9NYlBEYUhla2x0ZEJUTUdsT1VGc1AKNFVKU0RyTzR6ZE4rem80MjhUWDJQbkcyRkNkVktHeTRQRThpbEhiV0xjcjg3MVlqVjUxZnc4Q0xEWDlQWkpOdQo4NjFDRjdWOWlFSm02c1NmUWxtbmhOOGozK1d6VmJQUU55MVdzUjdpOWU5ajYzRXFLdDIyUTlPWEwrV0FjS3NrCm9JU21DTlZSVUFqVThZUlZjZ1FKQit6UTM0QVFQbHowT3A1Ty9RTi9NZWRqYUY4d0xTK2l2L3p2aVM4Y3FQYngKbzZzTHE2Rk5UbHRrL1FreGVDZUtLVFFlLzNrUFl2UUFkbmw2NVFJREFRQUJBb0lCQVFEQVQ0eXN2V2pSY3pxcgpKcU9SeGFPQTJEY3dXazJML1JXOFhtQWhaRmRTWHV2MkNQbGxhTU1yelBmTG41WUlmaHQzSDNzODZnSEdZc3pnClo4aWJiYWtYNUdFQ0t5N3lRSDZuZ3hFS3pRVGpiampBNWR3S0h0UFhQUnJmamQ1Y2FMczVpcDcxaWxCWEYxU3IKWERIaXUycnFtaC9kVTArWGRMLzNmK2VnVDl6bFQ5YzRyUm84dnZueWNYejFyMnVhRVZ2VExsWHVsb2NpeEVrcgoySjlTMmxveWFUb2tFTnNlMDNpSVdaWnpNNElZcVowOGJOeG9IWCszQXVlWExIUStzRkRKMlhaVVdLSkZHMHUyClp3R2w3YlZpRTFQNXdiQUdtZzJDeDVCN1MrdGQyUEpSV3Frb2VxY3F2RVdCc3RFL1FEcDFpVThCOHpiQXd0Y3IKZHc5TXZ6Q2hBb0dCQVBObzRWMjF6MGp6MWdEb2tlTVN5d3JnL2E4RkJSM2R2Y0xZbWV5VXkybmd3eHVucnFsdwo2U2IrOWdrOGovcXEvc3VQSDhVdzNqSHNKYXdGSnNvTkVqNCt2b1ZSM3UrbE5sTEw5b21rMXBoU0dNdVp0b3huCm5nbUxVbkJUMGI1M3BURkJ5WGsveE5CbElreWdBNlg5T2MreW5na3RqNlRyVnMxUERTdnVJY0s1QW9HQkFQZmoKcEUzR2F6cVFSemx6TjRvTHZmQWJBdktCZ1lPaFNnemxsK0ZLZkhzYWJGNkdudFd1dWVhY1FIWFpYZTA1c2tLcApXN2xYQ3dqQU1iUXI3QmdlazcrOSszZElwL1RnYmZCYnN3Syt6Vng3Z2doeWMrdytXRWExaHByWTZ6YXdxdkFaCkhRU2lMUEd1UGp5WXBQa1E2ZFdEczNmWHJGZ1dlTmd4SkhTZkdaT05Bb0dCQUt5WTF3MUM2U3Y2c3VuTC8vNTcKQ2Z5NTAwaXlqNUZBOWRqZkRDNWt4K1JZMnlDV0ExVGsybjZyVmJ6dzg4czBTeDMrYS9IQW1CM2dMRXBSRU5NKwo5NHVwcENFWEQ3VHdlcGUxUnlrTStKbmp4TzlDSE41c2J2U25sUnBQWlMvZzJRTVhlZ3grK2trbkhXNG1ITkFyCndqMlRrMXBBczFXbkJ0TG9WaGVyY01jSkFvR0JBSTYwSGdJb0Y5SysvRUcyY21LbUg5SDV1dGlnZFU2eHEwK0IKWE0zMWMzUHE0amdJaDZlN3pvbFRxa2d0dWtTMjBraE45dC9ibkI2TmhnK1N1WGVwSXFWZldVUnlMejVwZE9ESgo2V1BMTTYzcDdCR3cwY3RPbU1NYi9VRm5Yd0U4OHlzRlNnOUF6VjdVVUQvU0lDYkI5ZHRVMWh4SHJJK0pZRWdWCkFrZWd6N2lCQW9HQkFJRncrQVFJZUIwM01UL0lCbGswNENQTDJEak0rNDhoVGRRdjgwMDBIQU9mUWJrMEVZUDEKQ2FLR3RDbTg2MXpBZjBzcS81REtZQ0l6OS9HUzNYRk00Qm1rRk9nY1NXVENPNmZmTGdLM3FmQzN4WDJudlpIOQpYZGNKTDQrZndhY0x4c2JJKzhhUWNOVHRtb3pkUjEzQnNmUmIrSGpUL2o3dkdrYlFnSkhCT0syegotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
 
-  - from: https://httpbin.corp.domain.example
+  - from: https://verify.corp.domain.example
-    to: https://httpbin.org
+    to: https://verify.pomerium.com
     allow_public_unauthenticated_access: true

examples/nginx/README.md

@@ -12,6 +12,6 @@ Run this demo locally on your docker-compose capable workstation, or replace `lo
 - Update `config.yaml` for your e-mail address, if not using gmail/google.
 - Replace secrets in `config.yaml`.
 - Run `docker-compose up` from this directory.
-- Navigate to `https://httpbin.localhost.pomerium.io`
+- Navigate to `https://verify.localhost.pomerium.io`
 - ???
 - Profit

examples/nginx/config.yaml

@@ -14,7 +14,7 @@ forward_auth_url: http://fwdauth.localhost.pomerium.io
 authenticate_service_url: https://authenticate.localhost.pomerium.io
 
 policy:
-  - from: https://httpbin.localhost.pomerium.io
+  - from: https://verify.localhost.pomerium.io
     to: https://httpbin
     allowed_domains:
       - pomerium.com

examples/nginx/docker-compose.yaml

@@ -11,14 +11,14 @@ services:
       - "80:80"
       - "443:443"
     volumes:
-      - ./httpbin.conf:/etc/nginx/conf.d/httpbin.conf
+      - ./verify.conf:/etc/nginx/conf.d/verify.conf
       - ./pomerium.conf:/etc/nginx/conf.d/pomerium.conf
       - ./_wildcard.localhost.pomerium.io.pem:/etc/nginx/nginx.pem
       - ./_wildcard.localhost.pomerium.io-key.pem:/etc/nginx/nginx-key.pem
       - ./proxy.conf:/etc/nginx/proxy.conf
 
-  httpbin:
+  verify:
-    image: kennethreitz/httpbin:latest
+    image: pomerium/verify
     expose:
       - 80
   pomerium:

examples/nginx/verify.conf

@@ -3,7 +3,7 @@ server {
   listen 80;
   listen 443 ssl http2;
 
-  server_name httpbin.localhost.pomerium.io;
+  server_name verify.localhost.pomerium.io;
   ssl_certificate /etc/nginx/nginx.pem;
   ssl_certificate_key /etc/nginx/nginx-key.pem;
 
@@ -57,7 +57,7 @@ server {
   }
 
   location / {
-    proxy_pass http://httpbin;
+    proxy_pass http://verify;
 
     include /etc/nginx/proxy.conf;
     # If we get a 401, respond with a named location

examples/traefik/README.md

@@ -12,6 +12,6 @@ Run this demo locally on your docker-compose capable workstation, or replace `lo
 - Update `config.yaml` for your e-mail address, if not using gmail/google.
 - Replace secrets in `config.yaml`.
 - Run `docker-compose up` from this directory.
-- Navigate to `https://httpbin.localhost.pomerium.io`
+- Navigate to `https://verify.localhost.pomerium.io`
 - ???
 - Profit

examples/traefik/config.yaml

@@ -15,7 +15,7 @@ authenticate_service_url: https://authenticate.localhost.pomerium.io
 jwt_claims_headers: email,groups,user
 
 policy:
-  - from: https://httpbin.localhost.pomerium.io
+  - from: https://verify.localhost.pomerium.io
     to: https://httpbin
     allowed_domains:
       - pomerium.io

examples/traefik/docker-compose.yaml

@@ -18,18 +18,18 @@ services:
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
 
-  httpbin:
+  verify:
-    image: kennethreitz/httpbin:latest
+    image: pomerium/verify:latest
     labels:
       - "traefik.http.middlewares.pomerium.forwardauth.authResponseHeaders=X-Pomerium-Claim-Email,X-Pomerium-Claim-User,X-Pomerium-Claim-Groups,X-Pomerium-Jwt-Assertion"
       - "traefik.http.middlewares.pomerium.forwardauth.address=http://pomerium/"
       - "traefik.http.middlewares.pomerium.forwardauth.trustForwardHeader=true"
 
-      - "traefik.http.routers.httpbin.middlewares=pomerium@docker"
+      - "traefik.http.routers.verify.middlewares=pomerium@docker"
       - "traefik.enable=true"
-      - "traefik.http.routers.httpbin.rule=Host(`httpbin.localhost.pomerium.io`)"
+      - "traefik.http.routers.verify.rule=Host(`verify.localhost.pomerium.io`)"
-      - "traefik.http.routers.httpbin.entrypoints=websecure"
+      - "traefik.http.routers.verify.entrypoints=websecure"
-      - "traefik.http.routers.httpbin.tls=true"
+      - "traefik.http.routers.verify.tls=true"
 
   pomerium:
     image: pomerium/pomerium:latest

scripts/programmatic_access.py

@@ -14,7 +14,7 @@ done = False
 parser = argparse.ArgumentParser()
 parser.add_argument("--login", action="store_true")
 parser.add_argument(
-    "--dst", default="https://httpbin.example.com/headers",
+    "--dst", default="https://verify.example.com/json",
 )
 parser.add_argument("--server", default="localhost", type=str)
 parser.add_argument("--port", default=8000, type=int)