All apps · 0 apps
Pomerium
OfficialDocker app from Florian Dambrine's Repository
Overview
Install Pomerium on Unraid in a few clicks.
Find Pomerium in Community Apps on your Unraid server, review the template, and click Install. Unraid handles the Docker app or plugin setup from the published template.
Categories
Download Statistics
Total Downloads Over Time
Related apps
Explore more like this
Explore allDetails
pomerium/pomeriumRuntime arguments
- Web UI
http://[IP]:[PORT:80]- Network
bridge- Privileged
- false
Template configuration
Port of Pomerium
- Target
- 80
- Default
- 8801
Debug enables colored, human-readable logs to be streamed to standard out (opens new window). In production, it is recommended to be set to false.
- Target
- POMERIUM_DEBUG
- Default
- false
- Value
- false
Address specifies the host and port to serve HTTP requests from.
- Target
- ADDRESS
- Default
- :80
- Value
- :80
Turning on insecure server mode will result in pomerium starting, and operating without any protocol encryption in transit. This setting can be useful in a situation where you have Pomerium behind a TLS terminating ingress or proxy. However, even in that case, it is highly recommended to use TLS to protect the confidentiality and integrity of service communication even behind the ingress using self-signed certificates or an internal CA. Please see our helm-chart for an example of just that.
- Target
- INSECURE_SERVER
- Default
- true
- Value
- true
Forward authentication creates an endpoint that can be used with third-party proxies that do not have rich access control capabilities. Forward authentication allows you to delegate authentication and authorization for each request to Pomerium.
- Target
- FORWARD_AUTH_URL
- Default
- http://fwdauth.domain.duckdns.org
- Value
- http://fwdauth.[domain].duckdns.org
Authenticate Service URL is the externally accessible URL for the authenticate service.
- Target
- AUTHENTICATE_SERVICE_URL
- Default
- https://authenticate.domain.duckdns.org
- Value
- https://authenticate.[domain].duckdns.org
Secret used to encrypt and sign session cookies. You can generate a random key with head -c32 /dev/urandom | base64.
- Target
- COOKIE_SECRET
- Default
- OWTV2fONR7expoexvhzYBnkdVtrwTh0XhJsQqFMzJuk=
- Value
- OWTV2fONR7expoexvhzYBnkdVtrwTh0XhJsQqFMzJuk=
Shared Secret is the base64 encoded 256-bit key used to mutually authenticate requests between services. It's critical that secret keys are random, and stored safely. Use a key management system or /dev/urandom to generate a key. Example head -c32 /dev/urandom | base64
- Target
- SHARED_SECRET
- Default
- wB/J+7Fgc+XdCufhjnn/LVZhxjGmgsTaBr7VcjMBHTA=
- Value
- wB/J+7Fgc+XdCufhjnn/LVZhxjGmgsTaBr7VcjMBHTA=
Provider is the short-hand name of a built-in OpenID Connect (oidc) identity provider to be used for authentication. To use a generic provider,set to oidc.
- Target
- IDP_PROVIDER
- Default
- Value
Client ID is the OAuth 2.0 Client Identifier retrieved from your identity provider. See your identity provider's documentation, and our identity provider docs for details.
- Target
- IDP_CLIENT_ID
Client Secret is the OAuth 2.0 Secret Identifier retrieved from your identity provider. See your identity provider's documentation, and our identity provider docs for details.
- Target
- IDP_CLIENT_SECRET
Pomerium config.yaml file. Mostly defines routes and authorizations but also anything else not available through this template
- Target
- /pomerium/config.yaml
- Default
- /mnt/user/appdata/Pomerium/config.yaml