Routes
- Environment Variable:
ROUTES
- Config File Key:
routes
- Type: base64 encoded
string
or inline policy structure in config file - Required - While Pomerium will start without a route configured, it will not authorize or proxy any traffic until a route is defined. If configuring Pomerium for the Enterprise Console, define a route for the Console itself in Pomerium.
A route contains specific access and control definitions for a back-end service. Each route is a list item under the routes
key.
Each route defines at minimum a from
and to
field, and a policy
key defining authorization logic. Policies are defined using Pomerium Policy Language (PPL). Additional options are listed below.
# This file contains only route and policy configuration details. Other
# configuration settings required by pomerium are excluded for clarity.
# See: https://www.pomerium.io/docs/reference/
#
# For a complete self contained configuration see : config.example.yaml.
# Or, mix and match a policy file (this) with env vars : config.example.env
routes:
- from: https://verify.localhost.pomerium.io
to: http://localhost:8000
policy:
- allow:
or:
- domain:
is: pomerium.io
cors_allow_preflight: true
timeout: 30s
- from: https://external-verify.localhost.pomerium.io
to: https://verify.pomerium.com
policy:
- allow:
or:
- domain:
is: gmail.com
- from: https://weirdlyssl.localhost.pomerium.io
to: http://neverssl.com
policy:
- allow:
or:
- email:
is: user@example.com
- from: https://hello.localhost.pomerium.io
to: http://localhost:8080
policy:
- allow:
or:
- claim/groups: "admins@pomerium.io"