3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-29 18:36:30 +02:00
Code Issues Projects Releases Packages Wiki Activity
pomerium/examples/config/config.example.yaml
Caleb Doxsey d6221c07ce
core/config: remove debug option, always use json logs (#4857) 
* core/config: remove debug option, always use json logs

* go mod tidy
2023-12-15 11:29:05 -07:00

101 lines
3.3 KiB
YAML
Raw Permalink Blame History

# Main configuration flags : https://www.pomerium.com/docs/reference/
#
# address: ":8443" # optional, default is 443
# service: "all" # optional, default is all
# log_level: info # optional, default is debug
authenticate_service_url: https://authenticate.localhost.pomerium.io
# authorize service url will default to localhost in all-in-one mode, otherwise
# it should be set to a "behind-the-ingress" routable url
# authorize_service_url: https://pomerium-authorize-service.default.svc.cluster.local
# databroker_service_url: https://pomerium-databroker-service.default.svc.cluster.local
# Certificates can be loaded as files or base64 encoded bytes.
# certificate_file: "./cert.pem" # optional, defaults to `./cert.pem`
# certificate_key_file: "./privkey.pem" # optional, defaults to `./certprivkey.pem`
# certificate_authority_file: "./cert.pem"
# alternatively, insecure mode can be used if behind a TLS terminating ingress,
# or when using a sidecar proxy
# insecure_server: true
# base64 encoded cert, eg. `base64 -i cert.pem` / `base64 -i privkey.pem`
# certificate: |
# "xxxxxx"
# certificate_key: |
# "xxxx"
# Generate 256 bit random keys e.g. `head -c32 /dev/urandom | base64`
# shared_secret: hsJIQsx9KKx4qVlggg/T3AuLTmVu0uHhwTQgMPlVs7U=
# cookie_secret: WwMtDXWaRDMBQCylle8OJ+w4kLIDIGd8W3cB4/zFFtg=
# If set, a JWT based signature is appended to each request header `x-pomerium-jwt-assertion`
# signing_key: "Replace with base64'd private key from ./scripts/self-signed-sign-key.sh"
# Identity Provider Settings
# Auth0
# idp_provider: "auth0"
# idp_provider_url: "https://REPLACEME.us.auth0.com"
# idp_client_id: "REPLACEME" # from the application the users login to
# idp_client_secret: "REPLACEME" # from the application the users login to
# Azure
# idp_provider: "azure"
# idp_provider_url: "https://login.microsoftonline.com/REPLACEME/v2.0"
# idp_client_id: "REPLACEME
# idp_client_secret: "REPLACEME"
## GOOGLE
# idp_provider: "google"
# idp_client_id: "REPLACEME
# idp_client_secret: "REPLACEME
# OKTA
# idp_provider: "okta"
# idp_client_id: "REPLACEME"
# idp_client_secret: "replaceme"
# idp_provider_url: "https://REPLACEME.oktapreview.com/oauth2/default"
# OneLogin
# idp_provider: "onelogin"
# idp_client_id: "REPLACEME"
# idp_client_secret: "REPLACEME"
# idp_provider_url: "https://openid-connect.onelogin.com/oidc" #optional, defaults to `https://openid-connect.onelogin.com/oidc`
# Proxied routes and per-route policies are defined in a routes block
routes:
- from: https://verify.localhost.pomerium.io
to: http://localhost:8000
policy:
- allow:
or:
- domain:
is: pomerium.io
cors_allow_preflight: true
timeout: 30s
- from: https://external-verify.localhost.pomerium.io
to: https://verify.pomerium.com
policy:
- allow:
or:
- domain:
is: gmail.com
- from: https://weirdlyssl.localhost.pomerium.io
to: http://neverssl.com
policy:
- allow:
or:
- email:
is: user@example.com
- groups:
has: "admins"
- groups:
has: "developers"
- from: https://hello.localhost.pomerium.io
to: http://localhost:8080
policy:
- allow:
or:
- groups:
has: "admins@pomerium.io"
Reference in a new issue View git blame Copy permalink