Pomerium

Official

Docker app from Florian Dambrine's Repository

Overview

Pomerium - Secure, identity-aware access from anywhere.

Runtime arguments

Web UI: http://[IP]:[PORT:80]
Network: bridge
Privileged: false

Template configuration

Web UI PortPorttcp

Port of Pomerium

Target: 80
Default: 8801

DebugVariable

Debug enables colored, human-readable logs to be streamed to standard out (opens new window). In production, it is recommended to be set to false.

Target: POMERIUM_DEBUG
Default: false
Value: false

AddressVariable

Address specifies the host and port to serve HTTP requests from.

Target: ADDRESS
Default: :80
Value: :80

InsecureVariable

Turning on insecure server mode will result in pomerium starting, and operating without any protocol encryption in transit. This setting can be useful in a situation where you have Pomerium behind a TLS terminating ingress or proxy. However, even in that case, it is highly recommended to use TLS to protect the confidentiality and integrity of service communication even behind the ingress using self-signed certificates or an internal CA. Please see our helm-chart for an example of just that.

Target: INSECURE_SERVER
Default: true
Value: true

Forward Auth URLVariable

Forward authentication creates an endpoint that can be used with third-party proxies that do not have rich access control capabilities. Forward authentication allows you to delegate authentication and authorization for each request to Pomerium.

Target: FORWARD_AUTH_URL
Default: http://fwdauth.domain.duckdns.org
Value: http://fwdauth.[domain].duckdns.org

Authenticate Service URLVariable

Authenticate Service URL is the externally accessible URL for the authenticate service.

Target: AUTHENTICATE_SERVICE_URL
Default: https://authenticate.domain.duckdns.org
Value: https://authenticate.[domain].duckdns.org

Cookie SecretVariable

Secret used to encrypt and sign session cookies. You can generate a random key with head -c32 /dev/urandom | base64.

Target: COOKIE_SECRET
Default: OWTV2fONR7expoexvhzYBnkdVtrwTh0XhJsQqFMzJuk=
Value: OWTV2fONR7expoexvhzYBnkdVtrwTh0XhJsQqFMzJuk=

Shared SecretVariable

Shared Secret is the base64 encoded 256-bit key used to mutually authenticate requests between services. It's critical that secret keys are random, and stored safely. Use a key management system or /dev/urandom to generate a key. Example head -c32 /dev/urandom | base64

Target: SHARED_SECRET
Default: wB/J+7Fgc+XdCufhjnn/LVZhxjGmgsTaBr7VcjMBHTA=
Value: wB/J+7Fgc+XdCufhjnn/LVZhxjGmgsTaBr7VcjMBHTA=

IDP ProviderVariable

Provider is the short-hand name of a built-in OpenID Connect (oidc) identity provider to be used for authentication. To use a generic provider,set to oidc.

Target: IDP_PROVIDER
Default: google
Value: google

Google Client IdVariable

Client ID is the OAuth 2.0 Client Identifier retrieved from your identity provider. See your identity provider's documentation, and our identity provider docs for details.

Target: IDP_CLIENT_ID

Google Client SecretVariable

Client Secret is the OAuth 2.0 Secret Identifier retrieved from your identity provider. See your identity provider's documentation, and our identity provider docs for details.

Target: IDP_CLIENT_SECRET

Pomerium configPathro

Pomerium config.yaml file. Mostly defines routes and authorizations but also anything else not available through this template

Target: /pomerium/config.yaml
Default: /mnt/user/appdata/Pomerium/config.yaml

Links

Template Docker Hub Project

Details

Repository

pomerium/pomerium

Registry

https://hub.docker.com/r/pomerium/pomerium/

Last Updated2026-05-28

First Seen2021-02-07

Run Pomerium on Unraid.

Pomerium is listed in Community Apps for Unraid OS. Explore Unraid to build a flexible home server, NAS, or homelab.

Explore Unraid OS