3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-04 21:06:03 +02:00
Code Issues Projects Releases Packages Wiki Activity
2359 commits 159 branches 125 tags 104 MiB
Commit graph

52 commits

Author SHA1 Message Date
cfanbo
d9097b44ea
replace fmt.Sprintf with net.JoinHostPort (#3407) 2022-06-07 13:04:13 -06:00
Denis Mishin
51e716ef54
add x-request-id in responses (#3366) 2022-05-16 18:22:20 -04:00
Denis Mishin
a15106ebe2
avoid null reproxy handler (#3345) 2022-05-11 12:16:59 -04:00
Caleb Doxsey
9ae5c26f42
envoy: use typed extension protocol options for static bootstrap cluster (#3268) 2022-04-12 13:13:32 -06:00
Caleb Doxsey
b79f1e379f
config: add support for downstream TLS server name (#3243) 
* config: add support for downstream TLS server name

* fix whitespace

* fix whitespace

* add docs

* add tls_upstream_server_name and tls_downstream_server_name to config

* Update docs/reference/settings.yaml

Co-authored-by: Alex Fornuto <afornuto@pomerium.com>

* Update docs/reference/readme.md

Co-authored-by: Alex Fornuto <afornuto@pomerium.com>

* add deprecation notice

Co-authored-by: Alex Fornuto <afornuto@pomerium.com>
 2022-04-06 06:48:45 -07:00
Caleb Doxsey
b435f73e2b
authenticate: fix debug and metrics endpoints (#3212) 2022-03-30 09:37:37 -06:00
Caleb Doxsey
d6bd2d06ef
envoy: upgrade to 1.21.1 (#3186) 
* envoy: upgrade to 1.21.1

* envoy: upgrade to 1.21.1
 2022-03-24 10:16:07 -06:00
Caleb Doxsey
1342523cda
grpc: remove ptypes references (#3078) 2022-02-24 08:37:59 -07:00
Caleb Doxsey
fbdbe9c86f
config: fix TLS config when address and grpc_address are the same (#2975) 2022-01-27 09:18:07 -07:00
Caleb Doxsey
95d6d97143
authenticate: support webauthn redirects to non-pomerium domains (#2936) 
* authenticate: support webauthn redirects to non-pomerium domains

* add test

* remove dead code
 2022-01-19 15:10:57 -07:00
Caleb Doxsey
49fb00c895
envoy: check certificates for must-staple flag and drop them if they are missing the response (#2909) 
* envoy: check certificates for must-staple flag and drop them if they are missing the response

* Update config/envoyconfig/tls_test.go

Co-authored-by: Denis Mishin <dmishin@pomerium.com>

Co-authored-by: Denis Mishin <dmishin@pomerium.com>
 2022-01-10 10:51:56 -07:00
cfanbo
84dad4c612
remove deprecated ioutil usages (#2877) 
* fix: Fixed return description error

* config/options: Adjust the position of TracingJaegerAgentEndpoint option

* DOCS: Remove duplicate configuration items

Remove duplicate configuration items of route

* remove deprecated ioutil usages
 2021-12-30 10:02:12 -08:00
Denis Mishin
6b592afd3e
set default codec type to auto/http1 (#2839) 2021-12-21 13:26:07 -05:00
Caleb Doxsey
5a858f5d48
config: add internal service URLs (#2801) 
* config: add internal service URLs

* maybe fix integration tests

* add docs

* fix integration tests

* for databroker connect to external name, but listen on internal name

* Update docs/reference/readme.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/readme.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/readme.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/settings.yaml

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/settings.yaml

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/reference/settings.yaml

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
 2021-12-10 14:04:37 -05:00
Caleb Doxsey
d0890d399c
envoyconfig: fix tls_downstream_client_ca for non-standard ports (#2802) 2021-12-08 10:48:52 -07:00
Caleb Doxsey
c97dcf7e0f
envoy: add hash policy and routing key for hash-based load balancers (#2791) 
* envoy: add hash policy and routing key for hash-based load balancers

* fix integration test

* fix nginx
 2021-12-01 13:42:12 -07:00
Caleb Doxsey
bd0a5389bf
envoy: add support for bind_config bootstrap options (#2772) 
* envoy: add support for bind_config bootstrap options

* only add upstream bind config options to individual policy clusters

* update docs for new Envoy keys

Co-authored-by: alexfornuto <alex@fornuto.com>
 2021-12-01 13:02:49 -07:00
Caleb Doxsey
a8b76bd623
authorize: support X-Pomerium-Authorization in addition to Authorization (#2780) 
* authorize: support X-Pomerium-Authorization in addition to Authorization

* tangentental correction

Co-authored-by: alexfornuto <alex@fornuto.com>
 2021-11-29 12:19:14 -07:00
Caleb Doxsey
a5034aabae
authenticate: redirect / to /.pomerium/ (#2770) 2021-11-18 08:49:23 -07:00
Caleb Doxsey
ca48052551
tls: fallback to self-signed certificate (#2760) 
* tls: fallback to self-signed certificate

* remove unknown domain because certs are no longer valid

* update multi-deployment to use service-specific certificates
 2021-11-15 14:11:53 -07:00
Denis Mishin
55fec9b51b
add host-rewrite options to config.proto (#2668) 2021-10-08 11:50:56 -04:00
bobby
45ce2027b2
config/envoyconfig: better duplicate message (#2661) 
Fixes #2655
 2021-10-04 19:37:03 -04:00
Caleb Doxsey
db43014d78
envoy: remove deprecated access_log_path (#2523) 2021-08-25 09:19:35 -06:00
Caleb Doxsey
bbec2cae9f
grpc: send client traffic through envoy (#2469) 
* wip

* wip

* handle wildcards in override name

* remove wait for ready, add comment about sync, force initial sync complete in test

* address comments
 2021-08-16 16:12:22 -06:00
Caleb Doxsey
6af0655206
protoutil: add NewAny method for deterministic serialization (#2462) 2021-08-09 17:51:57 -06:00
Caleb Doxsey
3026efb5af
envoyconfig: improvements (#2402) 
* add alpn function

* add comment

* address PR feedback
 2021-07-27 16:44:15 -06:00
Caleb Doxsey
1c627e5724
disable http/2 for websockets (#2399) 2021-07-26 20:09:18 -06:00
Caleb Doxsey
a9ba3ffff5
envoyconfig: default zipkin path to / when empty (#2359) 2021-07-13 11:11:49 -06:00
Caleb Doxsey
23552cfc1c
envoyconfig: only delete cached files, ignore noisy error (#2356) 2021-07-13 09:58:25 -06:00
Caleb Doxsey
cb09aa4199
envoyconfig: add bootstrap layered runtime configuration (#2343) 2021-07-07 15:18:02 -06:00
wasaga
3073146ff2
fix: timeout field in protobuf, add websocket tests 2021-07-07 12:06:56 -04:00
wasaga
134ca74ec9
proxy: add idle timeout (#2319) 2021-07-02 10:29:53 -04:00
Caleb Doxsey
9bce8314ba
envoy: refactor envoy embedding (#2296) 
* envoy: add full version

* remove unused import

* envoy: refactor envoy embedding

* fix lint

* commit ignored files

* maybe fix test
 2021-06-15 08:18:30 -06:00
Caleb Doxsey
02d9460765
envoy: fix usage of codec_type with alpn (#2277) 2021-06-07 14:26:20 -06:00
Caleb Doxsey
2156dbc553
envoy: always set jwt claim headers even if no value is available (#2261) 
* envoy: always set jwt claim headers even if no value is available

* add test
 2021-06-04 10:01:00 -07:00
Caleb Doxsey
c3286aa355
envoyconfig: use zipkin tracer (#2265) 2021-06-03 09:28:00 -06:00
wasaga
12c8bb2da4
authorize: preserve original context (#2247) 2021-06-01 11:10:35 -04:00
Caleb Doxsey
9b61d04dd8
envoyconfig: fallback to global custom ca when no policy ca is defined (#2235) 
* envoyconfig: fallback to global custom ca when no policy ca is defined

* update upgrading

* combine custom ca with root cas
 2021-05-28 09:36:15 -06:00
Caleb Doxsey
a1061c5c03
envoy: add global response headers to local replies (#2217) 2021-05-20 08:56:43 -06:00
wasaga
c71f7dca5b
authorize: grpc health check (#2200) 2021-05-13 15:00:10 -04:00
bobby
27c8cd9bd8
proxy / controplane: use old upstream cipher suite (#2196) 2021-05-12 15:37:20 -07:00
Caleb Doxsey
da01082797
envoy: disable timeouts for kubernetes (#2189) 2021-05-11 14:42:49 -06:00
Caleb Doxsey
69576cffe4
config: add support for set_response_headers in a policy (#2171) 
* config: add support for set_response_headers in a policy

* docs: add note about precedence
 2021-05-04 09:43:52 -06:00
Caleb Doxsey
b5b1013947
config: add client_crl (#2157) 
* config: add client_crl

* address comments

* add ignored file
 2021-04-30 14:36:32 -06:00
Caleb Doxsey
699ebf061a
config: add support for codec_type (#2156) 
* config: add support for codec_type

* add comma

* fix warning block

* fix docs
 2021-04-30 07:21:40 -06:00
Caleb Doxsey
008bda99e2
envoyconfig: fix metrics ingress listener name (#2124) 2021-04-26 07:49:48 -06:00
Caleb Doxsey
22f6a2207b
envoy: re-implement recommended defaults (#2123) 2021-04-23 14:54:13 -06:00
Caleb Doxsey
b1d62bb541
config: remove validate side effects (#2109) 
* config: default shared key

* handle additional errors

* update grpc addr and grpc insecure

* update google cloud service authentication service account

* fix set response headers

* fix qps

* fix test
 2021-04-22 15:10:50 -06:00
wasaga
e0c09a0998
log context (#2107) 2021-04-22 10:58:13 -04:00
Caleb Doxsey
116805acb3
config: rename headers to set_response_headers (#2081) 
* config: rename headers to set_response_headers

* Update config/options.go

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
 2021-04-14 11:22:21 -07:00