3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-05 13:26:03 +02:00
Code Issues Projects Releases Packages Wiki Activity
651 commits 159 branches 125 tags 104 MiB
Commit graph

204 commits

Author SHA1 Message Date
Caleb Doxsey
f03f57980c
docs: update traefik example and add note about forwarded headers (#784) 2020-05-26 18:14:11 -06:00
Caleb Doxsey
e4832cb4ed
authorize: add client mTLS support (#751) 
* authorize: add client mtls support

* authorize: better error messages for envoy

* switch from function to input

* add TrustedCa to envoy config so that users are prompted for the correct client certificate

* update documentation

* fix invalid ClientCAFile

* regenerate cache protobuf

* avoid recursion, add test

* move comment line

* use http.StatusOK

* various fixes
 2020-05-21 16:01:07 -06:00
Bobby DeSimone
3f1faf2e9e
authenticate: add jwks and .well-known endpoint (#745) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-21 11:46:29 -07:00
Travis Groth
3e17befff7
envoy: Enable zipkin tracing (#737) 
- Update envoy bootstrap config to protobufs
- Reorganize tracing config to avoid cyclic import
- Push down zipkin config to Envoy
- Update tracing options to provide sample rate
 2020-05-21 11:50:07 -04:00
Caleb Doxsey
0895515833
envoy: implement various timeouts (#732) 
* envoy: implement global and route timeouts

* envoy: use the grpc client timeout for the authz service timeout

* fix test
 2020-05-19 10:01:37 -06:00
Travis Groth
1f1e63a75b
telemetry/tracing: Add Zipkin tracing support (#723) 2020-05-18 21:57:13 -04:00
Caleb Doxsey
ef399380b7 merge master 2020-05-18 17:10:10 -04:00
Travis Groth
96a95c5aff Update jwt_claims_headers docs (#705) 2020-05-18 17:10:10 -04:00
Caleb Doxsey
352c2b851b envoy: add separate proxy log level option (#689) 2020-05-18 17:10:10 -04:00
Caleb Doxsey
02615b8b6c Merge remote-tracking branch 'origin/master' into feature/envoy 2020-05-18 17:10:10 -04:00
Travis Groth
99e788a9b4 envoy: Initial changes 2020-05-18 17:10:10 -04:00
Bjoern Weidlich
1a1a5a11f9
Documentation around Pomerium/Istio/Grafana (#675) 
* Added an example of how to protect Grafana with Pomerium inside of an Istio mesh
* Added relevant documentation links
 2020-05-17 22:26:09 -07:00
Bobby DeSimone
1cba3d50eb
docs: fixes to v0.8.0 docs (#696) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-13 12:38:01 -07:00
Bobby DeSimone
80166bcc40
deployment: release v0.8.0 (#686) 
Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
 2020-05-12 19:10:12 -07:00
Travis Groth
b9b66ec20f
deploy: autocert documentation and defaults (#658) 
* Define AUTOCERT_DIR in dockerfiles

* Add autocert example and compose file

* Update reference docs for defaults
 2020-05-05 21:13:28 -04:00
Bobby DeSimone
bf9a6f5e97
cryptutil: add automatic certificate management (#644) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-05-05 12:50:19 -07:00
Ogundele Olumide
5f0c13767b
improvement: update gitlab api scope (#630) 2020-04-23 13:26:25 -07:00
Bobby DeSimone
f4868dd4dd
docs: fix favicon (#626) 
* docs: fix favicon

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-04-21 14:40:54 -07:00
Caleb Doxsey
170f7f07d3 docs: add upgrading documentation for potentially breaking configuration changes 2020-04-20 18:24:36 -06:00
Caleb Doxsey
9e66471c07 docs: add additional path filtering configuration documentation 2020-04-20 18:24:36 -06:00
Bobby DeSimone
15972b9956
v0.7.5 (#625) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-04-20 14:10:31 -07:00
branchmispredictor
0de3c431a6
forward-auth: validate using forwarded uri header (#600) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
Co-authored-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-04-20 10:56:30 -07:00
Bobby DeSimone
7fe4c5bdaf
docs: add release announcement post (#617) 
* docs: add release announcement post

- add mailchimp newsletter form
- fix wording
- fix mobile
- fix changelog links
- fix release drafter to use our format (GH-$ISSUE)

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-04-18 11:35:14 -07:00
Bobby DeSimone
d7daf274c0
pomerium-cli: add service account docs (#613) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-04-16 13:28:42 -07:00
Ogundele Olumide
53fd215148
fix retrieve group error: (#614) 
- remove hardcoded gitlab provider url
 - update the gitlab identity provider documentation
 2020-04-16 11:51:03 -07:00
Bobby DeSimone
47f9765a47
docs: update changelog for v0.7.3 (#610) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-04-14 08:49:08 -07:00
Bobby DeSimone
b423b234e9
docs: update upgrading / changelog to v0.7.2 (#601) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-04-13 16:20:29 -07:00
Ogundele Olumide
e0dd6734d3
an attempt to improve the identity provider docs (#608) 2020-04-13 11:30:29 -07:00
Ogundele Olumide
ae4204d42b
internal/identity: implement github provider support (#582) 
Co-authored-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-04-10 10:48:14 -07:00
Travis Groth
789068e27a
Add configurable JWT claim headers (#596) 2020-04-09 23:41:55 -04:00
Bobby DeSimone
ad56322c7e
site: fix site on mobile (#597) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-04-09 10:56:39 -07:00
Bobby DeSimone
d780281fc0
v0.7.0 
See (#576)
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-04-04 20:45:48 -07:00
Ogundele Olumide
3c6431e5bc
change gitlab group unique identifier from name to ID (#571) 2020-03-28 12:45:24 -07:00
İlker Göktuğ Öztürk
297b0fd6c7
docs: fix typo (#566) 2020-03-26 11:55:55 -07:00
Travis Groth
cc504362e4
Add storage metrics (#554) 
* Add cache storage metrics

- autocache client metrics
- autocache server metrics
- boltdb metrics
- redis client metrics
- refactor metrics registry to be general purpose
 2020-03-23 22:07:48 -04:00
Ogundele Olumide
3dd9188004
feat: gitlab oidc/ oauth provider (#518) 
- implement gitlab oauth support
 - add documentation for the gitlab support
 2020-03-16 19:58:49 -07:00
Bobby DeSimone
8d1732582e
authorize: use jwt insead of state struct (#514) 
authenticate: unmarshal and verify state from jwt, instead of middleware
authorize: embed opa policy using statik
authorize: have IsAuthorized handle authorization for all routes
authorize: if no signing key is provided, one is generated
authorize: remove IsAdmin grpc endpoint
authorize/client: return authorize decision struct
cmd/pomerium: main logger no longer contains email and group
cryptutil: add ECDSA signing methods
dashboard: have impersonate form show up for all users, but have api gated by authz
docs: fix typo in signed jwt header
encoding/jws: remove unused es256 signer
frontend: namespace static web assets
internal/sessions: remove leeway to match authz policy
proxy:  move signing functionality to authz
proxy: remove jwt attestation from proxy (authZ does now)
proxy: remove non-signed headers from headers
proxy: remove special handling of x-forwarded-host
sessions: do not verify state in middleware
sessions: remove leeway from state to match authz
sessions/{all}: store jwt directly instead of state

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-03-10 11:19:26 -07:00
Bobby DeSimone
27909f22ce
docs: make from source quickstart (#519) 
- move building from so
- remove dnsmasq instructions

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-03-05 18:07:43 -08:00
Travis Groth
3654f44384
config: Expose and set default GRPC Server Keepalive Parameters (#509) 2020-02-19 21:21:28 -05:00
Bobby DeSimone
8f6f686bbe
docs: fix tpos in dashboard recipe (#504) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-02-16 09:58:24 -08:00
Bobby DeSimone
8c7fdf4b80
docs: update background (#505) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-02-15 12:17:10 -08:00
Bobby DeSimone
5716113c2a
authenticate: make callback path configurable (#493) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-02-08 09:06:23 -08:00
Bobby DeSimone
50754bed31
docs: various fixes (#478) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-02-02 11:08:34 -08:00
nitper
6a10112ebe docs: fix cookie_domain (#472) 2020-01-28 09:35:07 -08:00
Bobby DeSimone
dd54ce4481
v0.6.0 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-01-24 16:09:47 -08:00
Bobby DeSimone
8956bf4411
proxy: add preserve host header (#463) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-01-22 21:03:22 -08:00
Bobby DeSimone
f0d811f2bb
proxy: fix unauthorized redirect loop (fwdauth) (#448) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-01-11 10:23:50 -08:00
Bobby DeSimone
8b7f344e01
docs: s/fwdauth/forwardauth/ (#447) 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
 2020-01-07 13:54:36 -08:00
Travis Groth
e20e1f08c5
Fix typo in forward auth nginx docs (#445) 2020-01-01 12:52:18 -05:00
Dave Anderson
86b48a2aaf Add documentation for cookie settings. (#429) 2019-12-21 14:40:31 -08:00