mirror of
https://github.com/pomerium/pomerium.git
synced 2025-04-29 18:36:30 +02:00
5332a752d0
* install VuePress Plugin Tabs https://www.npmjs.com/package/vuepress-plugin-tabs * init Enterprise documentation section * replace Vuepress tab plugin now using https://github.com/superbiger/vuepress-plugin-tabs * init Enterprise Quickstart * block of enterprise doc updates * Helm Quickstart Update (#2380) * removed/fixed redundant or incorrect config And some small copy edits * Update docs/docs/quick-start/helm.md Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * init console with helm doc * squash me * codeblock fix * init about page * updates to Enterprise section * consolidate on Postgres * WIP helm updates * update and align OS and Enterprise helm docs * Enterprise settings docs (#2397) * init console-specific reference docs files * remove shortdoc for name * init Enterprise Reference doc * expanding Enterprise Reference * init JS script for reference subpages When reviewing please remember that I'm not a developer, be kind * update script and apply * remove errant dep * document script and expand for CLI help output * import pomerium-console_serve.yaml In future iterations, this file should be sourced at build time as an artifact from the pomerium-console repo * init new output file * update script call and output * fix anchor links * BROKEN - import content from settings.yaml when dupe is true * filtering WiP * fix dupe script, more content * replace if dupe with if not docs * squash me * squash me! * add docs about PPL (#2404) * squash meeeeee * Update docs/enterprise/install/quickstart.md Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * symlink img dir from docs/reference * squash mee * update install reqs * Fixed links throughout * Update docs/enterprise/install/quickstart.md Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/enterprise/install/quickstart.md Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * remove internal note * - format python with black - format js with prettier Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com> * optimize images with imageOptim Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com> * run prettier on config.js Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com> * concepts.md Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com> * update concepts Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com> * copy edits * typo * symlink img dir from docs/reference * modify TLS section in quick-start * rm whitespace * add common links postamble * block of updates * block of updates * updates with @travisgroth * turtles all the way down * more content * import all the things * fill out reports * fill out reports * fix file extension * fix links * crosslink PPL ref * document embedded prometheus * expand example * update reqs * document non-directory users * typo fix * update metrics_address * fix broken links in example configs * update examples for route syntax * replaced required with deprecated Note that I didn't link to the route reference because I'm unsure what link formats are accepted when this file is used elsewhere. The warning block below includes a link. * update enterprise/about * Update docs/enterprise/console-settings.yaml Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> * Update docs/enterprise/console-settings.yaml Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> * Update docs/enterprise/concepts.md Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> * Update docs/enterprise/concepts.md Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/enterprise/concepts.md Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> * remove commented config lines * update non-domain user section in concepts * Update docs/enterprise/concepts.md Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> * Update docs/enterprise/concepts.md Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> * Update docs/enterprise/about.md Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/enterprise/concepts.md Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> * Update docs/enterprise/concepts.md Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> * add console route to OSS conf * update enterprise settings copy from source file * Update docs/enterprise/concepts.md * Update reports reference * merge conflict resolution * update sourced doc content, fix whitespace Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com> Co-authored-by: Bobby DeSimone <bobbydesimone@gmail.com> Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
71 lines
3.5 KiB
Bash
71 lines
3.5 KiB
Bash
#!/bin/bash
|
|
# Main configuration flags : https://www.pomerium.com/docs/reference/
|
|
|
|
|
|
# Main configuration flags
|
|
# export ADDRESS=":8443" # optional, default is 443
|
|
# export POMERIUM_DEBUG=true # optional, default is false
|
|
# export SERVICE="all" # optional, default is all
|
|
# export LOG_LEVEL="info" # optional, default is debug
|
|
|
|
export AUTHENTICATE_SERVICE_URL=https://authenticate.corp.beyondperimeter.com
|
|
# AUTHORIZE_SERVICE_URL service url will default to localhost in all-in-one mode,
|
|
# otherwise it should be set to a "behind-the-ingress" routable url
|
|
# export AUTHORIZE_SERVICE_URL=https://pomerium-authorize-service.default.svc.cluster.local
|
|
# export DATABROKER_SERVICE_URL=https://pomerium-databroker-service.default.svc.cluster.local
|
|
|
|
# Certificates can be loaded as files or base64 encoded bytes.
|
|
# See : https://www.pomerium.com/docs/reference/certificates
|
|
export AUTOCERT=TRUE # Use Let's Encrypt to fetch certs. Port 80/443 must be internet accessible.
|
|
# export AUTOCERT_DIR="./certs" # The path where you want to place your certificates
|
|
# export CERTIFICATE_FILE="xxxx" # optional, defaults to `./cert.pem`
|
|
# export CERTIFICATE_KEY_FILE="xxx" # optional, defaults to `./certprivkey.pem`
|
|
# export CERTIFICATE="xxx" # base64 encoded cert, eg. `base64 -i cert.pem`
|
|
# export CERTIFICATE_KEY="xxx" # base64 encoded key, eg. `base64 -i privkey.pem`
|
|
|
|
# Generate 256 bit random keys e.g. `head -c32 /dev/urandom | base64`
|
|
export SHARED_SECRET="$(head -c32 /dev/urandom | base64)"
|
|
export COOKIE_SECRET="$(head -c32 /dev/urandom | base64)"
|
|
# If set, a JWT based signature is appended to each request header `x-pomerium-jwt-assertion`
|
|
# export SIGNING_KEY="Replace with base64'd private key from ./scripts/self-signed-sign-key.sh"
|
|
|
|
# Identity Provider Settings
|
|
|
|
# Auth0
|
|
# export IDP_PROVIDER="auth0"
|
|
# export IDP_PROVIDER_URL="https://REPLACEME.us.auth0.com"
|
|
# export IDP_CLIENT_ID="REPLACEME" # from the application the users login to
|
|
# export IDP_CLIENT_SECRET="REPLACEME" # from the application the users login to
|
|
# the following is optional and only needed if you want role (Auth0 calls groups roles) data
|
|
# export IDP_SERVICE_ACCOUNT="REPLACEME" # built from the machine-to-machine application which talks to the Auth0 Management API
|
|
|
|
# Azure
|
|
# export IDP_PROVIDER="azure"
|
|
# export IDP_PROVIDER_URL="https://login.microsoftonline.com/REPLACEME/v2.0"
|
|
# export IDP_CLIENT_ID="REPLACEME
|
|
# export IDP_CLIENT_SECRET="REPLACEME"
|
|
|
|
## GOOGLE
|
|
export IDP_PROVIDER="google"
|
|
export IDP_PROVIDER_URL="https://accounts.google.com" # optional for google
|
|
|
|
# OKTA
|
|
# export IDP_PROVIDER="okta"
|
|
# export IDP_CLIENT_ID="REPLACEME"
|
|
# export IDP_CLIENT_SECRET="REPLACEME"
|
|
# export IDP_PROVIDER_URL="https://REPLACEME.oktapreview.com/oauth2/default"
|
|
|
|
# OneLogin
|
|
# export IDP_PROVIDER="onelogin"
|
|
# export IDP_CLIENT_ID="REPLACEME"
|
|
# export IDP_CLIENT_SECRET="REPLACEME"
|
|
# export IDP_PROVIDER_URL="https://openid-connect.onelogin.com/oidc" #optional, defaults to `https://openid-connect.onelogin.com/oidc`
|
|
|
|
# Proxied routes and per-route policies are defined in a policy provided either
|
|
# directly as a base64 encoded yaml/json file, or as the policy key in the configuration
|
|
# file
|
|
export POLICY="$(base64 ./docs/configuration/examples/config/policy.example.yaml)"
|
|
|
|
# For Group data you must set an IDP_SERVICE_ACCOUNT
|
|
# https://www.pomerium.com/configuration/#identity-provider-service-account
|
|
# export IDP_SERVICE_ACCOUNT=$( echo YOUR_SERVICE_ACCOUNT | base64)
|