We currently are exposing internal domains through an internal endpoint, with also the Pomerium Authenticate URL set to this internal endpoint (authenticate.xxx.internal.ah.nl)
Now, we want to expose this authenticate endpoint also externally, so we added an endpoint (authenticate.xxx.external.ah.nl) that will forward traffic to authenticate.xxx.internal.ah.nl. However, the redirect URI should of course go to the external endpoint if the original host is the external endpoint (because the people accessing this will have no access to our internal hosts).
How do we configure this? Do we have to add another Pomerium configuration for the external host? Or can we configure multiple hosts on the same Pomerium config.
Our current configuration is as follows (we’re using the Kubernetes Ingress Controller):
apiVersion: ingress.pomerium.io/v1
kind: Pomerium
metadata:
name: global
spec:
authenticate:
url: https://authenticate.internal.endpoint
certificates:
- pomerium/ingress-tls
identityProvider:
provider: azure
requestParams:
prompt: ""
scopes:
- openid
- profile
- email
secret: pomerium/idp-secret
url: https://login.microsoftonline.com/tenant/v2.0
jwtClaimHeaders:
preferred_username: preferred_username
secrets: pomerium/bootstrap
storage:
postgres:
secret: pomerium/pomerium-postgresql-connection-string
