Is it possible to serve files using pomerium?

Support
1

What happened?

I want to know if its possible to serve files via pomerium like you can with Caddy or NGINX? Here are some examples:

Caddy:

example.com {
	root * /srv
	file_server
}

Here’s what I’m trying to replicate from NGINX:

    }
    location /homebrew.orcbrew {
        root /usr/share/nginx/html/homebrew;
    }

What’s your environment like?

  • Pomerium version (retrieve with pomerium --version): using pomerium latest in docker compose - i can’t get the exact version version (i don’t know how)
  • Server Operating System/Architecture/Cloud: host node is debian on proxmox

What’s your config.yaml?

log_level: debug

authenticate_service_url: https://authenticate.example.com
singing_key: REDACTED
cookie_secret: REDACTED

address: :443
http_redirect_addr: :80

idp_provider: "REDACTED"
idp_client_id: "REDACTED"
idp_client_secret: "REDACTED"

certificates:
  - cert: '/etc/letsencrypt/live/authenticate.example.com/fullchain.pem'
    key: '/etc/letsencrypt/live/authenticate.example.com/privkey.pem'
  - cert: '/etc/letsencrypt/live/example.com/fullchain.pem'
    key: '/etc/letsencrypt/live/example.com/privkey.pem'

routes:
  - from: https://verify.example.com
    to: http://verify:8000
    pass_identity_headers: true
    allow_any_authenticated_user: true

  - from: https://docker.example.com
    to: http://portainer:9000
    pass_identity_headers: true
    allow_any_authenticated_user: true

  - from: https://syncthing.example.com
    to: http://syncthing:8384
    pass_identity_headers: true
    allow_any_authenticated_user: true

  - from: https://example.com
    to: http://dashy:80
    pass_identity_headers: true
    host_rewrite_header: true
    allow_any_authenticated_user: true
    cors_allow_preflight: true

  - from: https://code.example.com
    to: http://codeserver:8080
    pass_identity_headers: true
    host_rewrite_header: true
    allow_websockets: true
    allow_any_authenticated_user: true
    cors_allow_preflight: true

  - from: https://notes.example.com
    to: http://hedgedoc:3000
    pass_identity_headers: true
    allow_websockets: true
    allow_any_authenticated_user: true
    host_rewrite_header: true
    cors_allow_preflight: true

  - from: https://books.example.com
    to: http://calibre-web:8083
    pass_identity_headers: true
    allow_any_authenticated_user: true
    cors_allow_preflight: true

  - from: https://dnd.example.com
    to: http://foundryvtt:30000
    pass_identity_headers: true
    host_rewrite_header: true
    allow_websockets: true
    allow_any_authenticated_user: true
    cors_allow_preflight: true

  - from: https://orcpub.example.com
    to: http://orcpub:8890
    pass_identity_headers: true
    host_rewrite_header: true
    allow_websockets: true
    allow_any_authenticated_user: true
    cors_allow_preflight: true

  - from: https://neko.example.com
    to: http://neko:8080
    pass_identity_headers: true
    host_rewrite_header: true
    allow_websockets: true
    allow_any_authenticated_user: true
    cors_allow_preflight: true

Additional context

Here’s the original thread discussing what I’m trying to do.

2

Hello,

Pomerium acts as a reverse proxy, primarily focusing on authenticating and authorizing requests directed to upstream servers. As it stands, integrating something like NGINX behind Pomerium is necessary to handle file serving.