| title | lang | keywords | sidebar_label | sidebar_position | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
From Source |
en-US |
|
From Source |
4 |
import ConfigMinimal from '@site/content/examples/config/config.minimal.yaml.md';
This document covers how to retrieve and build Pomerium from its source code as well as how to run Pomerium using a minimal but complete configuration.
- git
- go programming language
- A configured identity provider
Retrieve the latest copy of Pomerium's source code by cloning the repository.
git clone https://github.com/pomerium/pomerium.git $HOME/pomeriumIn production, we'd use a public certificate authority such as LetsEncrypt. For local development, we can use mkcert to make locally trusted development certificates with any names you'd like.
# Install mkcert.
go install filippo.io/mkcert@latest
# Bootstrap mkcert's root certificate into your operating system's trust store.
mkcert -install
# Create your wildcard domain.
# *.localhost.pomerium.io is helper domain we've hard-coded to route to localhost
mkcert "*.localhost.pomerium.io"Build Pomerium from source in a single step using make.
cd $HOME/pomerium
makeMake will run all the tests, some code linters, then build the binary. If all is good, you should now have a freshly built Pomerium binary for your architecture and operating system in the pomerium/bin directory.
If you don't have the prerequisites for the tests (Docker, Redis, etc) locally, you can instead run make build to just create the binary.
Pomerium supports setting configuration variables using both environmental variables and using a configuration file. Here, we'll use a file.
Create a config file (config.yaml). This file will be use to determine Pomerium's configuration settings, routes, and access-policies. Consider the following example:
Finally, run Pomerium specifying the configuration file config.yaml.
./bin/pomerium -config config.yamlBrowse to verify.localhost.pomerium.io. Connections between you and verify will now be proxied and managed by Pomerium.