mirror of
https://github.com/pomerium/pomerium.git
synced 2025-05-01 03:16:31 +02:00
5332a752d0
* install VuePress Plugin Tabs https://www.npmjs.com/package/vuepress-plugin-tabs * init Enterprise documentation section * replace Vuepress tab plugin now using https://github.com/superbiger/vuepress-plugin-tabs * init Enterprise Quickstart * block of enterprise doc updates * Helm Quickstart Update (#2380) * removed/fixed redundant or incorrect config And some small copy edits * Update docs/docs/quick-start/helm.md Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * init console with helm doc * squash me * codeblock fix * init about page * updates to Enterprise section * consolidate on Postgres * WIP helm updates * update and align OS and Enterprise helm docs * Enterprise settings docs (#2397) * init console-specific reference docs files * remove shortdoc for name * init Enterprise Reference doc * expanding Enterprise Reference * init JS script for reference subpages When reviewing please remember that I'm not a developer, be kind * update script and apply * remove errant dep * document script and expand for CLI help output * import pomerium-console_serve.yaml In future iterations, this file should be sourced at build time as an artifact from the pomerium-console repo * init new output file * update script call and output * fix anchor links * BROKEN - import content from settings.yaml when dupe is true * filtering WiP * fix dupe script, more content * replace if dupe with if not docs * squash me * squash me! * add docs about PPL (#2404) * squash meeeeee * Update docs/enterprise/install/quickstart.md Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * symlink img dir from docs/reference * squash mee * update install reqs * Fixed links throughout * Update docs/enterprise/install/quickstart.md Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/enterprise/install/quickstart.md Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * remove internal note * - format python with black - format js with prettier Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com> * optimize images with imageOptim Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com> * run prettier on config.js Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com> * concepts.md Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com> * update concepts Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com> * copy edits * typo * symlink img dir from docs/reference * modify TLS section in quick-start * rm whitespace * add common links postamble * block of updates * block of updates * updates with @travisgroth * turtles all the way down * more content * import all the things * fill out reports * fill out reports * fix file extension * fix links * crosslink PPL ref * document embedded prometheus * expand example * update reqs * document non-directory users * typo fix * update metrics_address * fix broken links in example configs * update examples for route syntax * replaced required with deprecated Note that I didn't link to the route reference because I'm unsure what link formats are accepted when this file is used elsewhere. The warning block below includes a link. * update enterprise/about * Update docs/enterprise/console-settings.yaml Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> * Update docs/enterprise/console-settings.yaml Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> * Update docs/enterprise/concepts.md Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> * Update docs/enterprise/concepts.md Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/enterprise/concepts.md Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> * remove commented config lines * update non-domain user section in concepts * Update docs/enterprise/concepts.md Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> * Update docs/enterprise/concepts.md Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> * Update docs/enterprise/about.md Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> * Update docs/enterprise/concepts.md Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> * Update docs/enterprise/concepts.md Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> * add console route to OSS conf * update enterprise settings copy from source file * Update docs/enterprise/concepts.md * Update reports reference * merge conflict resolution * update sourced doc content, fix whitespace Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com> Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com> Co-authored-by: Bobby DeSimone <bobbydesimone@gmail.com> Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
105 lines
3.9 KiB
YAML
105 lines
3.9 KiB
YAML
version: "3"
|
|
services:
|
|
nginx:
|
|
image: pomerium/nginx-proxy:latest
|
|
ports:
|
|
- "443:443"
|
|
volumes:
|
|
# NOTE!!! : nginx must be supplied with your wildcard certificates.
|
|
# see : https://github.com/jwilder/nginx-proxy#wildcard-certificates
|
|
- ~/.acme.sh/*.corp.beyondperimeter.com_ecc/fullchain.cer:/etc/nginx/certs/corp.beyondperimeter.com.crt:ro
|
|
- ~/.acme.sh/*.corp.beyondperimeter.com_ecc/*.corp.beyondperimeter.com.key:/etc/nginx/certs/corp.beyondperimeter.com.key:ro
|
|
- /var/run/docker.sock:/tmp/docker.sock:ro
|
|
|
|
pomerium-authenticate:
|
|
image: pomerium/pomerium:latest # or `build: .` to build from source
|
|
restart: always
|
|
environment:
|
|
- SERVICES=authenticate
|
|
- INSECURE_SERVER=TRUE
|
|
# NOTE!: Replace with your identity provider settings https://www.pomerium.com/docs/identity-providers.html
|
|
# - IDP_PROVIDER=google
|
|
# - IDP_PROVIDER_URL=https://accounts.google.com
|
|
# - IDP_CLIENT_ID=REPLACE_ME
|
|
# - IDP_CLIENT_SECRET=REPLACE_ME
|
|
# - IDP_SERVICE_ACCOUNT=REPLACE_ME
|
|
# NOTE! Generate new secret keys! e.g. `head -c32 /dev/urandom | base64`
|
|
# Generated secret keys must match between services
|
|
- SHARED_SECRET=aDducXQzK2tPY3R4TmdqTGhaYS80eGYxcTUvWWJDb2M=
|
|
- COOKIE_SECRET=V2JBZk0zWGtsL29UcFUvWjVDWWQ2UHExNXJ0b2VhcDI=
|
|
# Tell nginx how to proxy pomerium's routes
|
|
- VIRTUAL_PROTO=http
|
|
- VIRTUAL_HOST=authenticate.corp.beyondperimeter.com
|
|
- VIRTUAL_PORT=443
|
|
- DATABROKER_SERVICE_URL=http://pomerium-databroker:443
|
|
volumes:
|
|
- ../config/config.example.yaml:/pomerium/config.yaml:ro
|
|
|
|
expose:
|
|
- 443
|
|
|
|
pomerium-proxy:
|
|
image: pomerium/pomerium:latest # or `build: .` to build from source
|
|
restart: always
|
|
environment:
|
|
- SERVICES=proxy
|
|
- INSECURE_SERVER=TRUE
|
|
# IMPORTANT! If you are running pomerium behind another ingress (loadbalancer/firewall/etc)
|
|
# you must tell pomerium proxy how to communicate using an internal hostname for RPC
|
|
- AUTHORIZE_SERVICE_URL=http://pomerium-authorize:443
|
|
# When communicating internally, rPC is going to get a name conflict expecting an external
|
|
# facing certificate name (i.e. authenticate-service.local vs *.corp.example.com).
|
|
- SHARED_SECRET=aDducXQzK2tPY3R4TmdqTGhaYS80eGYxcTUvWWJDb2M=
|
|
- COOKIE_SECRET=V2JBZk0zWGtsL29UcFUvWjVDWWQ2UHExNXJ0b2VhcDI=
|
|
# Tell nginx how to proxy pomerium's routes
|
|
- VIRTUAL_PROTO=http
|
|
- VIRTUAL_HOST=*.corp.beyondperimeter.com
|
|
- VIRTUAL_PORT=443
|
|
volumes:
|
|
- ../config/config.example.yaml:/pomerium/config.yaml:ro
|
|
expose:
|
|
- 443
|
|
|
|
pomerium-authorize:
|
|
image: pomerium/pomerium:latest # or `build: .` to build from source
|
|
restart: always
|
|
environment:
|
|
- SERVICES=authorize
|
|
- SHARED_SECRET=aDducXQzK2tPY3R4TmdqTGhaYS80eGYxcTUvWWJDb2M=
|
|
- GRPC_INSECURE=TRUE
|
|
- GRPC_ADDRESS=:443
|
|
|
|
volumes:
|
|
# Retrieve non-secret config keys from the config file : https://www.pomerium.com/docs/reference/
|
|
|
|
# See `config.example.yaml` and modify to fit your needs.
|
|
- ../config/config.example.yaml:/pomerium/config.yaml:ro
|
|
expose:
|
|
- 443
|
|
|
|
pomerium-databroker:
|
|
image: pomerium/pomerium:latest # or `build: .` to build from source
|
|
restart: always
|
|
environment:
|
|
- SERVICES=databroker
|
|
- SHARED_SECRET=aDducXQzK2tPY3R4TmdqTGhaYS80eGYxcTUvWWJDb2M=
|
|
- GRPC_INSECURE=TRUE
|
|
- GRPC_ADDRESS=:443
|
|
volumes:
|
|
# Retrieve non-secret config keys from the config file : https://www.pomerium.com/docs/reference/
|
|
|
|
# See `config.example.yaml` and modify to fit your needs.
|
|
- ../config/config.example.yaml:/pomerium/config.yaml:ro
|
|
expose:
|
|
- 443
|
|
|
|
# https://verify.corp.beyondperimeter.com
|
|
verify:
|
|
image: pomerium/verify:latest
|
|
expose:
|
|
- 80
|
|
# https://hello.corp.beyondperimeter.com
|
|
hello:
|
|
image: gcr.io/google-samples/hello-app:1.0
|
|
expose:
|
|
- 8080
|