3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-29 10:26:29 +02:00
Code Issues Projects Releases Packages Wiki Activity
pomerium/examples/mutual-tls
History
Alex Fornuto 5332a752d0
Enterprise Docs (#2390) 
* install VuePress Plugin Tabs

https://www.npmjs.com/package/vuepress-plugin-tabs

* init Enterprise documentation section

* replace Vuepress tab plugin

now using https://github.com/superbiger/vuepress-plugin-tabs

* init Enterprise Quickstart

* block of enterprise doc updates

* Helm Quickstart Update (#2380)

* removed/fixed redundant or incorrect config

And some small copy edits

* Update docs/docs/quick-start/helm.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* init console with helm doc

* squash me

* codeblock fix

* init about page

* updates to Enterprise section

* consolidate on Postgres

* WIP helm updates

* update and align OS and Enterprise helm docs

* Enterprise settings docs (#2397)

* init console-specific reference docs files

* remove shortdoc for name

* init Enterprise Reference doc

* expanding Enterprise Reference

* init JS script for reference subpages

When reviewing please remember that I'm not a developer, be kind

* update script and apply

* remove errant dep

* document script and expand for CLI help output

* import pomerium-console_serve.yaml

In future iterations, this file should be sourced at build time as an artifact from the pomerium-console repo

* init new output file

* update script call and output

* fix anchor links

* BROKEN - import content from settings.yaml when dupe is true

* filtering WiP

* fix dupe script, more content

* replace if dupe with if not docs

* squash me

* squash me!

* add docs about PPL (#2404)

* squash meeeeee

* Update docs/enterprise/install/quickstart.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* symlink img dir from docs/reference

* squash mee

* update install reqs

* Fixed links throughout

* Update docs/enterprise/install/quickstart.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/enterprise/install/quickstart.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* remove internal note

* - format python with black
- format js with prettier

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

* optimize images with imageOptim

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

* run prettier on config.js

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

* concepts.md

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

* update concepts

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

* copy edits

* typo

* symlink img dir from docs/reference

* modify TLS section in quick-start

* rm whitespace

* add common links postamble

* block of updates

* block of updates

* updates with @travisgroth

* turtles all the way down

* more content

* import all the things

* fill out reports

* fill out reports

* fix file extension

* fix links

* crosslink PPL ref

* document embedded prometheus

* expand example

* update reqs

* document non-directory users

* typo fix

* update metrics_address

* fix broken links in example configs

* update examples for route syntax

* replaced required with deprecated

Note that I didn't link to the route reference because I'm unsure what link formats are accepted when this file is used elsewhere. The warning block below includes a link.

* update enterprise/about

* Update docs/enterprise/console-settings.yaml

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* Update docs/enterprise/console-settings.yaml

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* Update docs/enterprise/concepts.md

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* Update docs/enterprise/concepts.md

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/enterprise/concepts.md

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* remove commented config lines

* update non-domain user section in concepts

* Update docs/enterprise/concepts.md

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* Update docs/enterprise/concepts.md

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* Update docs/enterprise/about.md

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>

* Update docs/enterprise/concepts.md

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* Update docs/enterprise/concepts.md

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

* add console route to OSS conf

* update enterprise settings copy from source file

* Update docs/enterprise/concepts.md

* Update reports reference

* merge conflict resolution

* update sourced doc content, fix whitespace

Co-authored-by: Travis Groth <travisgroth@users.noreply.github.com>
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
Co-authored-by: Bobby DeSimone <bobbydesimone@gmail.com>
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
2021-08-04 13:55:04 -05:00
..
out Move examples repo into main repo (#1102) 2020-07-17 14:23:06 -04:00
scripts Move examples repo into main repo (#1102) 2020-07-17 14:23:06 -04:00
docker-compose.yaml Move examples repo into main repo (#1102) 2020-07-17 14:23:06 -04:00
Dockerfile Move examples repo into main repo (#1102) 2020-07-17 14:23:06 -04:00
example.config.yaml Enterprise Docs (#2390) 2021-08-04 13:55:04 -05:00
main.go Move examples repo into main repo (#1102) 2020-07-17 14:23:06 -04:00
README.md Enterprise Docs (#2390) 2021-08-04 13:55:04 -05:00

README.md

Mutual Authenticated TLS Example

A tiny go http server that enforces client certificates and can be used to test mutual TLS with Pomerium.

TL;DR

Pomerium config

# See detailed configuration settings : https://www.pomerium.io/reference/
authenticate_service_url: https://authenticate.corp.domain.example
authorize_service_url: https://authorize.corp.domain.example

# identity provider settings : https://www.pomerium.com/docs/identity-providers.html
idp_provider: google
idp_client_id: REPLACE_ME
idp_client_secret: REPLACE_ME

policy:
  - from: https://mtls.corp.domain.example
    to: https://localhost:8443
    allowed_domains:
      - domain.example
    tls_custom_ca_file: "/Users/bdd/examples/mutual-tls/out/good-ca.crt"
    tls_client_cert_file: "/Users/bdd/examples/mutual-tls/out/pomerium.crt"
    tls_client_key_file: "/Users/bdd/examples/mutual-tls/out/pomerium.key"

  - from: https://verify.corp.domain.example
    to: https://verify.pomerium.com
    allow_public_unauthenticated_access: true

Docker-compose

version: "3"
services:
  pomerium:
    image: pomerium/pomerium:latest
    environment:
      - CERTIFICATE
      - CERTIFICATE_KEY
      - COOKIE_SECRET
    volumes:
      # Mount your config file : https://www.pomerium.io/reference/
      # be sure to change the default values :)
      - ./example.config.yaml:/pomerium/config.yaml:ro
    ports:
      - 443:443

  mtls:
    image: pomerium/examples:mtls
    environment:
      - TLS_CERT
      - TLS_KEY
      - CLIENT_CA
    ports:
      - 8443:8443

Generate some certificates

This can be done a myriad of ways. The easiest for testing is probably using certstrap.

See scripts/generate_certs.sh

Run the server

Certificates can be set using the following base 64 encoded environmental variables. For example,

source ./env && go run main.go

Test the server with curl

See scripts/curl.sh

Docker

Pull pomerium/examples:mtls or see Dockerfile

Configuring Pomerium

See example.config.yaml