Updates quickstart

content/docs/quickstart.mdx

@@ -1,49 +1,76 @@
 ---
 # cSpell:ignore thisisunsafe, genkey, noout
 
-title: Run Pomerium Core With Docker
+title: Secure a Web App With Pomerium Core
 lang: en-US
 sidebar_label: Quickstart
 pagination_prev: null
 pagination_next: null
-description: Get Pomerium up and running quickly with Docker.
+description: In this quickstart guide, you'll learn how to run Pomerium Core in a Docker container and secure access to a web application.
 keywords:
   [
     pomerium,
     identity access proxy,
-    oidc,
-    docker,
     reverse proxy,
     containers,
     identity aware proxy,
-    quickstart pomerium,
+    quickstart,
     docker,
-    docker-compose,
+    docker compose,
+    core,
+    pomerium core,
   ]
 ---
 
 import ConfigDocker from '@site/content/examples/config/config.docker.yaml.md';
 import DockerCompose from '@site/content/examples/docker/basic.docker-compose.yml.md';
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
+# Secure a Web Application With Pomerium
+
+Welcome to Pomerium! This quickstart shows you how to set up Pomerium Core to proxy requests to an internal web application in a containerized Docker environment.
+
+**Steps to complete**:
+
+1. Configure [Pomerium Core](/docs/deploy/core) and the [Verify](https://verify.pomerium.com/) web app to run in Docker containers
+2. Access the Verify web app behind Pomerium
+
+**Time to complete:** 5 minutes
+
+:::note
+
+Check out [**Pomerium Fundamentals**](/docs/courses/fundamentals/get-started) for step-by-step instructions on how to configure and run Pomerium Core to protect your apps and services.
 
-# Run Pomerium Core With Docker
+:::
+
+## Before you start
 
-Run Pomerium Core with Docker containers in **under 5 minutes**.
+This quickstart requires [Docker] and [Docker Compose].
 
-The Core quickstart uses Pomerium's [**Hosted Authenticate Service**](/docs/capabilities/hosted-authenticate-service), but you can also configure a [**self-hosted authenticate service**](/docs/capabilities/self-hosted-authenticate-service) to integrate with Pomerium.
+:::info
 
-## Prerequisites
+While this guide uses Docker, Pomerium supports other [**architectures and deployment styles**](/docs/deploy), too.
 
-[Docker] and [Docker Compose]
+:::
 
-## Configure Pomerium
+## Set up Pomerium
 
 Create a `config.yaml` file in the root of your project.
 
 Add the configuration below to `config.yaml`:
 
 <ConfigDocker />
 
-## Configure Docker
+:::caution
+
+The `signing_key` above is intended to be used for testing purposes. Do not use this signing key in a production environment.
+
+See the [**Signing Key**](/docs/reference/signing-key) reference page for instructions on how to generate your own secure signing key.
+
+:::
+
+## Set up Docker Compose
 
 Create a `docker-compose.yaml` file in the root of your project.
 
@@ -57,39 +84,72 @@ Add the configuration below to `docker-compose.yaml`:
 docker compose up
 ```
 
-Access the **verify route** you built in your policy: `https://verify.localhost.pomerium.io`
+## Access the protected web app
 
-If you get a self-signed certificate warning, see [Handle Self-Signed Certificate Warning](/docs/internals/troubleshooting#handle-self-signed-certificate-warning) to bypass it.
+Go to the [Verify URL](https://verify.localhost.pomerium.io) you defined in `config.yaml`.
 
-You should be redirected to the **verify** service. You'll see a page like this:
+### Self-signed certificate warning
 
-![Verify page](./img/quickstart/verify-service.png)
+Because you don't have a valid certificate, Pomerium generates a self-signed one for you. This will prompt your browser to throw a self-signed certificate warning.
 
-Although identity verification failed, you successfully integrated Pomerium with the upstream verify service.
+To bypass the warning:
 
-:::tip
+<Tabs>
+<TabItem value="Chrome" label="Chrome">
 
-Because this guide doesn't include a [signing key](/docs/reference/signing-key) in the configuration, identity verification will fail.
+1. Select **Advanced**
+1. Select **Proceed to verify.localhost.pomerium.io (unsafe)**
 
-See [Identity Verification](/docs/capabilities/getting-users-identity) for more information on how Pomerium can use JWTs for authentication.
+If you don't see an **Advanced** option:
 
-:::
+1. Click anywhere in the window
+1. Type "thisisunsafe" (no spaces)
+1. Make sure **Reload** is selected
+1. Select **Enter**
 
-## Next Steps
+</TabItem>
+<TabItem value="Safari" label="Safari">
+
+1. Select **Show Details**
+1. Select **visit this website**
+1. In the confirmation popup, select **Visit Website**
+
+</TabItem>
+<TabItem value="Firefox" label="Firefox">
+
+1. Select **Advanced**
+1. Select **Accept the Risk and Continue**
+
+</TabItem>
+</Tabs>
+
+Pomerium will redirect you to our hosted identity provider to authenticate.
 
-If you want to [try Enterprise](https://www.pomerium.com/enterprise-sales/), check out the [Enterprise with Docker quickstart](/docs/deploy/enterprise/quickstart).
+Then, it will redirect you to the **Verify** service. You'll see a page like this:
 
-If you want to try connecting Pomerium with other services, see some of our [Guides](/docs/guides).
+![Accessing the Verify web app behind Pomerium](./img/quickstart/identity-verified.png)
 
-**Did you finish this quickstart guide?** We'd love to hear what you think. Get in touch with us on our [Discuss forum](https://discuss.pomerium.com/), message us on [Twitter](https://twitter.com/pomerium_io), [LinkedIn](https://www.linkedin.com/company/pomerium-inc), or check out our [Community](https://www.pomerium.com/docs/community) page.
+Congratulations! You successfully installed Pomerium and accessed your protected web app.
 
 :::caution
 
-This is a test environment! If you followed all the steps in this doc your Pomerium environment is not using trusted certificates. Remember to use a valid certificate solution before moving this configuration to a production environment. See [Certificates](/docs/concepts/certificates) for more information.
+This is a test environment! If you followed all the steps in this guide, then your Pomerium environment is not using trusted certificates. Remember to use a valid certificate solution before moving this configuration to a production environment. See [**TLS Certificates and Encryption**](/docs/concepts/certificates) for more information.
+
+:::
+
+## Next Steps
+
+- [**Build Routes**](/docs/courses/fundamentals/build-routes) to access your services
+- [**Build Policies**](/docs/courses/fundamentals/build-policies) to protect your services
+
+:::info
+
+For more information on routes and policies in Pomerium, see the following pages:
+
+- [**Routing, Proxying, and Load Balancing**](/docs/capabilities/routing)
+- [**Pomerium Policy Language**](/docs/capabilities/ppl) **(PPL)**
 
 :::
 
-[configuration file]: /docs/reference
-[container images]: https://hub.docker.com/r/pomerium/pomerium
 [docker]: https://docs.docker.com/install/
 [docker compose]: https://docs.docker.com/compose/install/

content/examples/config/config.docker.yaml.md

@@ -1,27 +1,14 @@
-```yaml
-# See detailed configuration settings: https://www.pomerium.com/docs/reference/
+```yaml title="config.yaml"
+signing_key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSURMV3Q3ZkczV2ZkYjk5elFHQTJObEJXcCt3d0c1aGJoR3MzY29JUlo2SjRvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFcGtRRktLUUdqcVdzbDlYYkUwWmZLL2ZhbHJ2NENWSWtqSTlydXlCbHdOeDYzNmhZRnBtKwpNM0llTXNUKzRreExidVlZSGZDeUtjQzFnZ1BjSWpCYktRPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
 
-#####################################################################
-# If self-hosting, use the localhost authenticate service URL below #
-# and remove the hosted URL.                                        #
-#####################################################################
-# authenticate_service_url: https://authenticate.localhost.pomerium.io
-
-authenticate_service_url: https://authenticate.pomerium.app
-
-####################################################################################
-# If self-hosting, you must configure an identity provider.                        #
-# See identity provider settings: https://www.pomerium.com/docs/identity-providers/#
-####################################################################################
-
-# https://pomerium.com/reference/#routes
 routes:
   - from: https://verify.localhost.pomerium.io
     to: http://verify:8000
     policy:
       - allow:
           or:
             - email:
+                # Replace [email protected] with your email address
                 is: [email protected]
     pass_identity_headers: true
 ```

content/examples/docker/basic.docker-compose.yml.md

@@ -1,4 +1,4 @@
-```yaml
+```yaml title="docker-compose.yaml"
 version: "3"
 services:
   pomerium:
@@ -11,6 +11,6 @@ services:
   ## https://verify.localhost.pomerium.io --> Pomerium --> http://verify
   verify:
     image: pomerium/verify:latest
-    expose:
-      - 8000
+    environment:
+      - JWKS_ENDPOINT=https://pomerium/.well-known/pomerium/jwks.json
 ```