mirror of
https://github.com/pomerium/pomerium.git
synced 2025-06-05 20:32:57 +02:00
init security section
This commit is contained in:
alexfornuto
parent
1a5cfda940
commit
f51a02d613
5 changed files with 66 additions and 0 deletions
|
|
@ -131,6 +131,18 @@ module.exports = {
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
"client",
|
"client",
|
||||||
|
{
|
||||||
|
title: "Security",
|
||||||
|
collapsable: true,
|
||||||
|
path: "/docs/security/",
|
||||||
|
sidebarDepth: 1,
|
||||||
|
children: [
|
||||||
|
"security/readme",
|
||||||
|
"security/upstream-tls",
|
||||||
|
"security/sidecar",
|
||||||
|
"security/upstream-jwt",
|
||||||
|
],
|
||||||
|
},
|
||||||
{
|
{
|
||||||
title: "Topics",
|
title: "Topics",
|
||||||
collapsable: true,
|
collapsable: true,
|
||||||
|
|
|
||||||
35
docs/docs/security/readme.md
Normal file
35
docs/docs/security/readme.md
Normal file
|
|
@ -0,0 +1,35 @@
|
||||||
|
---
|
||||||
|
title: Securing Pomerium
|
||||||
|
lang: en-US
|
||||||
|
description: Increase your infrastructure security at multiple levels.
|
||||||
|
---
|
||||||
|
|
||||||
|
# Securing Pomerium
|
||||||
|
|
||||||
|
Discuss how security is important, sounds daunting, and can be achieved at multiple levels. Assure readers that steps can be implemented individually and added one at a time as needed or feasible.
|
||||||
|
|
||||||
|
Describe how Pomerium secures traffic from the proxy to the client out of the box with enforced TLS.
|
||||||
|
|
||||||
|
## Concepts
|
||||||
|
|
||||||
|
Begin by explaining the difference between securing client connections to Pomerium and Upstream connections between Pomerium and services.
|
||||||
|
|
||||||
|
### Layers
|
||||||
|
|
||||||
|
Discuss Protocol vs Application layer security
|
||||||
|
|
||||||
|
### Sidecar
|
||||||
|
|
||||||
|
Explain the concept of a sidecar versus in-application verification.
|
||||||
|
|
||||||
|
### JWT Verification
|
||||||
|
|
||||||
|
explain JWT and how to mutually verify
|
||||||
|
|
||||||
|
### TLS and mTLS
|
||||||
|
|
||||||
|
Explain the two levels of TLS security
|
||||||
|
|
||||||
|
## Next Steps
|
||||||
|
|
||||||
|
Bulleted list of next steps to take, ordered by common order of implementation.
|
||||||
5
docs/docs/security/sidecar.md
Normal file
5
docs/docs/security/sidecar.md
Normal file
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
title: Sidecar
|
||||||
|
lang: en-US
|
||||||
|
description: Create an Envoy Sidecar
|
||||||
|
---
|
||||||
9
docs/docs/security/upstream-jwt.md
Normal file
9
docs/docs/security/upstream-jwt.md
Normal file
|
|
@ -0,0 +1,9 @@
|
||||||
|
---
|
||||||
|
title: Upstream JWT Verification
|
||||||
|
lang: en-US
|
||||||
|
description: Secure connections between Pomerium and Upstream Services with JWT Verification
|
||||||
|
---
|
||||||
|
|
||||||
|
## Via Application
|
||||||
|
|
||||||
|
## Via Sidecard
|
||||||
5
docs/docs/security/upstream-tls.md
Normal file
5
docs/docs/security/upstream-tls.md
Normal file
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
title: Upstream TLS
|
||||||
|
lang: en-US
|
||||||
|
description: Secure connections between Pomerium and Upstream Services with TLS
|
||||||
|
---
|
||||||
Loading…
Add table
Add a link
Reference in a new issue