v0.5.0 (#375)

2025-05-18 11:37:08 +02:00 · 2019-11-14 20:02:16 -08:00 · 2019-11-14 20:02:16 -08:00 · ec9607d1d5
commit ec9607d1d5
parent 00c29f4e77
61 changed files with 894 additions and 468 deletions
--- a/docs/configuration/examples/docker/basic.docker-compose.yml
+++ b/docs/configuration/examples/docker/basic.docker-compose.yml
@ -0,0 +1,21 @@
+version: "3"
+services:
+  pomerium:
+    image: pomerium/pomerium:v0.5.0
+    environment:
+      # Generate new secret keys. e.g. `head -c32 /dev/urandom | base64`
+      - COOKIE_SECRET=V2JBZk0zWGtsL29UcFUvWjVDWWQ2UHExNXJ0b2VhcDI=
+    volumes:
+      # Mount your domain's certificates : https://www.pomerium.io/docs/reference/certificates
+      - ~/.acme.sh/*.corp.beyondperimeter.com_ecc/fullchain.cer:/pomerium/cert.pem:ro
+      - ~/.acme.sh/*.corp.beyondperimeter.com_ecc/*.corp.beyondperimeter.com.key:/pomerium/privkey.pem:ro
+      # Mount your config file : https://www.pomerium.io/docs/reference/reference/
+      - ../config/config.minimal.yaml:/pomerium/config.yaml:ro
+    ports:
+      - 443:443
+
+  # https://httpbin.corp.beyondperimeter.com --> Pomerium --> http://httpbin
+  httpbin:
+    image: kennethreitz/httpbin:latest
+    expose:
+      - 80
--- a/docs/configuration/examples/docker/nginx.docker-compose.yml
+++ b/docs/configuration/examples/docker/nginx.docker-compose.yml
@ -0,0 +1,87 @@
+version: "3"
+services:
+  nginx:
+    image: pomerium/nginx-proxy:latest
+    ports:
+      - "443:443"
+    volumes:
+      # NOTE!!! : nginx must be supplied with your wildcard certificates.
+      # see : https://github.com/jwilder/nginx-proxy#wildcard-certificates
+      - ~/.acme.sh/*.corp.beyondperimeter.com_ecc/fullchain.cer:/etc/nginx/certs/corp.beyondperimeter.com.crt:ro
+      - ~/.acme.sh/*.corp.beyondperimeter.com_ecc/*.corp.beyondperimeter.com.key:/etc/nginx/certs/corp.beyondperimeter.com.key:ro
+      - /var/run/docker.sock:/tmp/docker.sock:ro
+
+  pomerium-authenticate:
+    image: pomerium/pomerium:v0.5.0 # or `build: .` to build from source
+    restart: always
+    environment:
+      - SERVICES=authenticate
+      - INSECURE_SERVER=TRUE
+      # NOTE!: Replace with your identity provider settings https://www.pomerium.io/docs/identity-providers.html
+      # - IDP_PROVIDER=google
+      # - IDP_PROVIDER_URL=https://accounts.google.com
+      # - IDP_CLIENT_ID=REPLACE_ME
+      # - IDP_CLIENT_SECRET=REPLACE_ME
+      # - IDP_SERVICE_ACCOUNT=REPLACE_ME
+      # NOTE! Generate new secret keys! e.g. `head -c32 /dev/urandom | base64`
+      # Generated secret keys must match between services
+      - SHARED_SECRET=aDducXQzK2tPY3R4TmdqTGhaYS80eGYxcTUvWWJDb2M=
+      - COOKIE_SECRET=V2JBZk0zWGtsL29UcFUvWjVDWWQ2UHExNXJ0b2VhcDI=
+      # Tell nginx how to proxy pomerium's routes
+      - VIRTUAL_PROTO=http
+      - VIRTUAL_HOST=authenticate.corp.beyondperimeter.com
+      - VIRTUAL_PORT=443
+    volumes:
+      - ../config/config.example.yaml:/pomerium/config.yaml:ro
+
+    expose:
+      - 443
+
+  pomerium-proxy:
+    image: pomerium/pomerium:v0.5.0 # or `build: .` to build from source
+    restart: always
+    environment:
+      - SERVICES=proxy
+      - INSECURE_SERVER=TRUE
+      # IMPORTANT! If you are running pomerium behind another ingress (loadbalancer/firewall/etc)
+      # you must tell pomerium proxy how to communicate using an internal hostname for RPC
+      - AUTHORIZE_SERVICE_URL=http://pomerium-authorize:443
+      # When communicating internally, rPC is going to get a name conflict expecting an external
+      # facing certificate name (i.e. authenticate-service.local vs *.corp.example.com).
+      - SHARED_SECRET=aDducXQzK2tPY3R4TmdqTGhaYS80eGYxcTUvWWJDb2M=
+      - COOKIE_SECRET=V2JBZk0zWGtsL29UcFUvWjVDWWQ2UHExNXJ0b2VhcDI=
+      # Tell nginx how to proxy pomerium's routes
+      - VIRTUAL_PROTO=http
+      - VIRTUAL_HOST=*.corp.beyondperimeter.com
+      - VIRTUAL_PORT=443
+    volumes:
+      - ../config/config.example.yaml:/pomerium/config.yaml:ro
+    expose:
+      - 443
+
+  pomerium-authorize:
+    image: pomerium/pomerium:v0.5.0 # or `build: .` to build from source
+    restart: always
+    environment:
+      - SERVICES=authorize
+      - SHARED_SECRET=aDducXQzK2tPY3R4TmdqTGhaYS80eGYxcTUvWWJDb2M=
+      - GRPC_INSECURE=TRUE
+      - GRPC_ADDRESS=:443
+
+    volumes:
+      # Retrieve non-secret config keys from the config file : https://www.pomerium.io/docs/reference/reference/
+      # See `config.example.yaml` and modify to fit your needs.
+      - ../config/config.example.yaml:/pomerium/config.yaml:ro
+    expose:
+      - 443
+
+  # https://httpbin.corp.beyondperimeter.com
+  httpbin:
+    image: kennethreitz/httpbin:latest
+    expose:
+      - 80
+  # https://hello.corp.beyondperimeter.com
+  hello:
+    image: gcr.io/google-samples/hello-app:1.0
+    expose:
+      - 8080