raghu-icecraft-fullstack · October 14, 2019 20:01
diff --git a/config.yaml b/config.yaml
 authenticate_service_url: https://authenticate.company.com:9001


 idp_provider: google

 idp_client_id: Some generated id
 idp_client_secret: some secret

 policy:
  - from: https://internal.company.com:9001
    to: http://httpbin:80
    allowed_domains:
      - company.com
      - company.com:9001  
diff --git a/docker-compose.yml b/docker-compose.yml
 version: "3"
 services:
  pomerium:
    image: pomerium/pomerium:v0.4.0
    environment:
      - POMERIUM_DEBUG=true
      - COOKIE_SECRET=some secret
      #-INSECURE_SERVER=TRUE
    volumes:
      # Mount your config file : https://www.pomerium.io/docs/reference/reference/
      - /etc/letsencrypt/live/internal.company.com/fullchain.pem:/pomerium/cert.pem:ro # managed by Certbot
      - /etc/letsencrypt/live/internal.company.com/privkey.pem:/pomerium/privkey.pem:ro # managed by Certbot      
      - /root/config.yaml:/pomerium/config.yaml:ro
    links:
      - "httpbin:httpbin"
    ports:
       - 9001:443

  # https://httpbin.corp.beyondperimeter.com --> Pomerium --> http://httpbin
  httpbin:
    image: some internal Docker image
    expose:
      - 80
diff --git a/nginx.conf b/nginx.conf
 # Path and filename of this nginx conf is /etc/nginx/sites-available/internal.company.com

 
 server {

        root /var/www/html;
        index index.html index.htm index.nginx-debian.html;

        server_name *.company.com;

    ## return 301 https://internal.company.com:9001;

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/internal.company.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/internal.company.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
   
    return 301 https://$host:9001$request_uri;   # https://internal.company.com is directed to same URI with port as 9001
                                                 # for pomerium proxy to serve actual application at httpbin

 }

 server {
    if ($host = authenticate.doc.resmio.com) {
         return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = internal.doc.resmio.com) {
         return 301 https://$host$request_uri;
    } # managed by Certbot


 }
	authenticate_service_url: https://authenticate.company.com:9001


	idp_provider: google

	idp_client_id: Some generated id
	idp_client_secret: some secret

	policy:
	- from: https://internal.company.com:9001
	to: http://httpbin:80
	allowed_domains:
	- company.com
	- company.com:9001
	version: "3"
	services:
	pomerium:
	image: pomerium/pomerium:v0.4.0
	environment:
	- POMERIUM_DEBUG=true
	- COOKIE_SECRET=some secret
	#-INSECURE_SERVER=TRUE
	volumes:
	# Mount your config file : https://www.pomerium.io/docs/reference/reference/
	- /etc/letsencrypt/live/internal.company.com/fullchain.pem:/pomerium/cert.pem:ro # managed by Certbot
	- /etc/letsencrypt/live/internal.company.com/privkey.pem:/pomerium/privkey.pem:ro # managed by Certbot
	- /root/config.yaml:/pomerium/config.yaml:ro
	links:
	- "httpbin:httpbin"
	ports:
	- 9001:443

	# https://httpbin.corp.beyondperimeter.com --> Pomerium --> http://httpbin
	httpbin:
	image: some internal Docker image
	expose:
	- 80
	# Path and filename of this nginx conf is /etc/nginx/sites-available/internal.company.com


	server {

	root /var/www/html;
	index index.html index.htm index.nginx-debian.html;

	server_name *.company.com;

	## return 301 https://internal.company.com:9001;

	listen [::]:443 ssl ipv6only=on; # managed by Certbot
	listen 443 ssl; # managed by Certbot
	ssl_certificate /etc/letsencrypt/live/internal.company.com/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/internal.company.com/privkey.pem; # managed by Certbot
	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

	return 301 https://$host:9001$request_uri; # https://internal.company.com is directed to same URI with port as 9001
	# for pomerium proxy to serve actual application at httpbin

	}

	server {
	if ($host = authenticate.doc.resmio.com) {
	return 301 https://$host$request_uri;
	} # managed by Certbot


	if ($host = internal.doc.resmio.com) {
	return 301 https://$host$request_uri;
	} # managed by Certbot


	}