3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-28 18:06:34 +02:00
Code Issues Projects Releases Packages Wiki Activity
pomerium/env.example
Bobby 074bc0e63c
cmd/promerium : support TLS configuration from environmental variables (#12) 
* Add ability to set TLS configuration from environmental variables.
* Add support for enabling debug mode from environmental variables.
2019-01-15 15:24:05 -08:00

45 lines
2.1 KiB
Bash
Raw Blame History

#!/bin/bash
# Main configuration flags
# export ADDRESS=":8443" # optional, default is 443
# export POMERIUM_DEBUG=true # optional, default is false
# export SERVICE="all" # optional, default is all.
# Certificates can be loaded as files or base64 encoded bytes. If neither is set, a
# pomerium will attempt to locate a pair in the root directory
export CERTIFICATE="xxxxxx" # base64 encoded cert, eg. `base64 -i cert.pem`
export CERTIFICATE_KEY="xxxx" # base64 encoded key, eg. `base64 -i privkey.pem`
export CERTIFICATE_FILE="./cert.pem" # optional, defaults to `./cert.pem`
export CERTIFICATE_KEY_FILE="./privkey.pem" # optional, defaults to `./certprivkey.pem`
# The URL that the identity provider will call back after authenticating the user
export REDIRECT_URL="https://sso-auth.corp.example.com/oauth2/callback"
# Allow users with emails from the following domain post-fix (e.g. example.com)
export ALLOWED_DOMAINS=*
# Generate 256 bit random keys e.g. `head -c32 /dev/urandom | base64`
export SHARED_SECRET=9wiTZq4qvmS/plYQyvzGKWPlH/UBy0DMYMA2x/zngrM=
export COOKIE_SECRET=uPGHo1ujND/k3B9V6yr52Gweq3RRYfFho98jxDG5Br8=
# OKTA
# export IDP_PROVIDER="okta
# export IDP_CLIENT_ID="REPLACEME"
# export IDP_CLIENT_SECRET="REPLACEME"
# export IDP_PROVIDER_URL="https://REPLACEME.oktapreview.com/oauth2/default"
# Azure
# export IDP_PROVIDER="azure"
# export IDP_PROVIDER_URL="https://login.microsoftonline.com/REPLACEME/v2.0"
# export IDP_CLIENT_ID="REPLACEME
# export IDP_CLIENT_SECRET="REPLACEME"
## GOOGLE
export IDP_PROVIDER="google"
export IDP_PROVIDER_URL="https://accounts.google.com" # optional for google
export IDP_CLIENT_ID="REPLACE-ME.googleusercontent.com"
export IDP_CLIENT_SECRET="REPLACEME"
# export SCOPE="openid email" # generally, you want the default OIDC scopes
# k/v seperated list of simple routes. If no scheme is set, HTTPS will be used.
export ROUTES="example.corp.example.com=example.org"
# export ROUTES="https://weirdlyssl.corp.example.com=http://neverssl.com" #https to http!
Reference in a new issue View git blame Copy permalink