docs: replace httpbin with verify (pomerium#1702)

Signed-off-by: Bobby DeSimone <[email protected]>

Author: desimone

.devcontainer/envs/nginx.yaml

@@ -7,14 +7,14 @@ services:
       - "80:80"
       - "443:443"
     volumes:
-      - ../../examples/nginx/httpbin.conf:/etc/nginx/conf.d/httpbin.conf
+      - ../../examples/nginx/verify.conf:/etc/nginx/conf.d/verify.conf
       - ../../examples/nginx/pomerium.conf:/etc/nginx/conf.d/pomerium.conf
       - ../../examples/nginx/proxy.conf:/etc/nginx/proxy.conf
       - ../../examples/nginx/_wildcard.localhost.pomerium.io.pem:/etc/nginx/nginx.pem
       - ../../examples/nginx/_wildcard.localhost.pomerium.io-key.pem:/etc/nginx/nginx-key.pem
 
-  httpbin:
-    image: kennethreitz/httpbin:latest
+  verify:
+    image: pomerium/verify
     expose:
       - 80
 

.devcontainer/envs/traefik.yaml

@@ -18,18 +18,18 @@ services:
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
 
-  httpbin:
-    image: kennethreitz/httpbin:latest
+  verify:
+    image: pomerium/verify:latest
     labels:
       - "traefik.http.middlewares.pomerium.forwardauth.authResponseHeaders=X-Pomerium-Claim-Email,X-Pomerium-Claim-User,X-Pomerium-Claim-Groups,X-Pomerium-Jwt-Assertion"
       - "traefik.http.middlewares.pomerium.forwardauth.address=http://pomerium/"
       - "traefik.http.middlewares.pomerium.forwardauth.trustForwardHeader=true"
-      - "traefik.http.routers.httpbin.middlewares=pomerium@docker"
+      - "traefik.http.routers.verify.middlewares=pomerium@docker"
 
       - "traefik.enable=true"
-      - "traefik.http.routers.httpbin.rule=Host(`httpbin.localhost.pomerium.io`)"
-      - "traefik.http.routers.httpbin.entrypoints=websecure"
-      - "traefik.http.routers.httpbin.tls=true"
+      - "traefik.http.routers.verify.rule=Host(`verify.localhost.pomerium.io`)"
+      - "traefik.http.routers.verify.entrypoints=websecure"
+      - "traefik.http.routers.verify.tls=true"
 
   pomerium:
     build: ../.

docs/docs/community/contributing.md

@@ -89,7 +89,7 @@ We use [Netlify](https://www.netlify.com) to build and host our docs. One of nic
 [configuration variables]: ../../reference/readme.md
 [download]: https://github.com/pomerium/pomerium/releases
 [environmental configuration variables]: https://12factor.net/config
-[httpbin]: https://httpbin.org/
+[verify]: https://verify.pomerium.com/
 [identity provider]: ../identity-providers/readme.md
 [make]: https://en.wikipedia.org/wiki/Make_(software)
 [tls certificates]: ../topics/certificates.md

docs/docs/quick-start/binary.md

@@ -39,10 +39,10 @@ Finally, source the configuration `env` file and run pomerium specifying the `co
 
 ## Navigate
 
-Browse to `external-httpbin.your.domain.example`. Connections between you and [httpbin] will now be proxied and managed by Pomerium.
+Browse to `external-verify.your.domain.example`. Connections between you and [verify] will now be proxied and managed by Pomerium.
 
 [configuration variables]: ../../reference/readme.md
 [download]: https://github.com/pomerium/pomerium/releases
-[httpbin]: https://httpbin.org/
+[verify]: https://verify.pomerium.com/
 [identity provider]: ../identity-providers/
 [tls certificates]: ../topics/certificates.md

docs/docs/quick-start/from-source.md

@@ -69,10 +69,10 @@ make && ./bin/pomerium -config config.yaml
 
 ### Navigate
 
-Browse to `httpbin.localhost.pomerium.io`. Connections between you and [httpbin] will now be proxied and managed by Pomerium.
+Browse to `verify.localhost.pomerium.io`. Connections between you and [verify] will now be proxied and managed by Pomerium.
 
 [configuration variables]: ../../reference/readme.md
-[httpbin]: https://httpbin.org/
+[verify]: https://verify.pomerium.com/
 [identity provider]: ../identity-providers/
 [make]: https://en.wikipedia.org/wiki/Make_(software)
 [tls certificates]: ../topics/certificates.md

docs/docs/quick-start/helm.md

@@ -46,9 +46,9 @@ Run [./scripts/helm_gke.sh] which will:
 
 ## Navigate
 
-Open a browser and navigate to `httpbin.your.domain.example`.
+Open a browser and navigate to `verify.your.domain.example`.
 
-You can also navigate to the special pomerium endpoint `httpbin.your.domain.example/.pomerium/` to see your current user details.
+You can also navigate to the special pomerium endpoint `verify.your.domain.example/.pomerium/` to see your current user details.
 
 ![currently logged in user](./img/logged-in-as.png)
 

docs/docs/quick-start/readme.md

@@ -58,18 +58,18 @@ Finally, simply run docker compose.
 docker-compose up
 ```
 
-Docker will automatically download the required [container images] for Pomerium and [httpbin]. Then, Pomerium will run with the configuration details set in the previous steps.
+Docker will automatically download the required [container images] for Pomerium and [verify]. Then, Pomerium will run with the configuration details set in the previous steps.
 
-You should now be able access to the routes (e.g. `https://httpbin.corp.yourdomain.example`) as specified in your policy file.
+You should now be able access to the routes (e.g. `https://verify.localhost.pomerium.io`) as specified in your policy file.
 
-You can also navigate to the special pomerium endpoint `httpbin.corp.yourdomain.example/.pomerium/` to see your current user details.
+You can also navigate to the special pomerium endpoint `verify.corp.yourdomain.example/.pomerium/` to see your current user details.
 
 ![currently logged in user](./img/logged-in-as.png)
 
 [configuration file]: ../../reference/readme.md
 [container images]: https://hub.docker.com/r/pomerium/pomerium
 [docker]: https://docs.docker.com/install/
 [docker-compose]: https://docs.docker.com/compose/install/
-[httpbin]: https://httpbin.org/
+[verify]: https://verify.pomerium.com/
 [identity provider]: ../identity-providers/readme.md
 [tls certificates]: ../topics/certificates.md

docs/docs/topics/programmatic-access.md

@@ -18,9 +18,9 @@ The API returns a cryptographically signed sign-in url that can be used to compl
 For example:
 
 ```bash
-$ curl "https://httpbin.example.com/.pomerium/api/v1/login?redirect_uri=http://localhost:8000"
+$ curl "https://verify.example.com/.pomerium/api/v1/login?redirect_uri=http://localhost:8000"
 
-https://authenticate.example.com/.pomerium/sign_in?redirect_uri=http%3A%2F%2Flocalhost%3Fpomerium_callback_uri%3Dhttps%253A%252F%252Fhttpbin.corp.example%252F.pomerium%252Fapi%252Fv1%252Flogin%253Fredirect_uri%253Dhttp%253A%252F%252Flocalhost&sig=hsLuzJctmgsN4kbMeQL16fe_FahjDBEcX0_kPYfg8bs%3D&ts=1573262981
+https://authenticate.example.com/.pomerium/sign_in?redirect_uri=http%3A%2F%2Flocalhost%3Fpomerium_callback_uri%3Dhttps%253A%252F%verify.corp.example%252F.pomerium%252Fapi%252Fv1%252Flogin%253Fredirect_uri%253Dhttp%253A%252F%252Flocalhost&sig=hsLuzJctmgsN4kbMeQL16fe_FahjDBEcX0_kPYfg8bs%3D&ts=1573262981
 ```
 
 ### Callback handler
@@ -35,13 +35,13 @@ Your script or application should anticipate the possibility that your underlyin
 
 ## High level workflow
 
-The application interacting with Pomerium must manage the following workflow. Consider the following example where a script or program desires delegated, programmatic access to the domain `httpbin.corp.domain.example`:
+The application interacting with Pomerium must manage the following workflow. Consider the following example where a script or program desires delegated, programmatic access to the domain `verify.corp.domain.example`:
 
-1. The script or application requests a new login url from the pomerium managed endpoint (e.g. `https://httpbin.corp.domain.example/.pomerium/api/v1/login`) and takes a `redirect_uri` as an argument.
+1. The script or application requests a new login url from the pomerium managed endpoint (e.g. `https://verify.corp.domain.example/.pomerium/api/v1/login`) and takes a `redirect_uri` as an argument.
 1. The script or application opens a browser or redirects the user to the returned login page.
 1. The user completes the identity providers login flow.
 1. The identity provider makes a callback to pomerium's authenticate service (e.g. `authenticate.corp.domain.example`) .
-1. Pomerium's authenticate service creates a user session and redirect token, then redirects back to the managed endpoint (e.g. `httpbin.corp.domain.example`)
+1. Pomerium's authenticate service creates a user session and redirect token, then redirects back to the managed endpoint (e.g. `verify.corp.domain.example`)
 1. Pomerium's proxy service makes a callback request to the original `redirect_uri` with the user session and as an argument.
 1. The script or application is responsible for handling that http callback request, and securely handling the callback session (`pomerium_jwt`) queryparam.
 1. The script or application can now make any requests as normal to the upstream application by setting the `Authorization: Pomerium ${pomerium_jwt}` header.
@@ -52,7 +52,7 @@ Please consider see the following minimal but complete python example.
 
 ```bash
 python3 scripts/programmatic_access.py \
-	--dst https://httpbin.example.com/headers
+	--dst https://verify.example.com/headers
 ```
 
 <<< @/scripts/programmatic_access.py

docs/docs/upgrading.md

@@ -241,15 +241,15 @@ Previous programmatic authentication endpoints (`/api/v1/token`) has been remove
 
 ### Forward-auth route change
 
-Previously, routes were verified by taking the downstream applications hostname in the form of a path `(e.g. ${forwardauth}/.pomerium/verify/httpbin.some.example`) variable. The new method for verifying a route using forward authentication is to pass the entire requested url in the form of a query string `(e.g. ${forwardauth}/.pomerium/verify?url=https://httpbin.some.example)` where the routed domain is the value of the `uri` key.
+Previously, routes were verified by taking the downstream applications hostname in the form of a path `(e.g. ${forwardauth}/.pomerium/verify/verify.some.example`) variable. The new method for verifying a route using forward authentication is to pass the entire requested url in the form of a query string `(e.g. ${forwardauth}/.pomerium/verify?url=https://verify.some.example)` where the routed domain is the value of the `uri` key.
 
 Note that the verification URL is no longer nested under the `.pomerium` endpoint.
 
 For example, in nginx this would look like:
 
 ```diff
--    nginx.ingress.kubernetes.io/auth-url: https://forwardauth.corp.example.com/.pomerium/verify/httpbin.corp.example.com?no_redirect=true
--    nginx.ingress.kubernetes.io/auth-signin: https://forwardauth.corp.example.com/.pomerium/verify/httpbin.corp.example.com
+-    nginx.ingress.kubernetes.io/auth-url: https://forwardauth.corp.example.com/.pomerium/verify/verify.corp.example.com?no_redirect=true
+-    nginx.ingress.kubernetes.io/auth-signin: https://forwardauth.corp.example.com/.pomerium/verify/verify.corp.example.com
 +    nginx.ingress.kubernetes.io/auth-url: https://forwardauth.corp.example.com/verify?uri=$scheme://$host$request_uri
 +    nginx.ingress.kubernetes.io/auth-signin: https://forwardauth.corp.example.com?uri=$scheme://$host$request_uri
 ```
@@ -324,25 +324,25 @@ Previously, it was allowable to define a policy without a schema (e.g. `http`/`h
 
 ```yaml
 policy:
-  - from: httpbin.corp.domain.example
-    to: http://httpbin
+  - from: verify.corp.domain.example
+    to: http://verify
     allowed_domains:
       - pomerium.io
-  - from: external-httpbin.corp.domain.example
-    to: https://httpbin.org
+  - from: external-verify.corp.domain.example
+    to: https://verify.pomerium.com
     allow_public_unauthenticated_access: true
 ```
 
 Should now be:
 
 ```yaml
 policy:
-  - from: https://httpbin.corp.domain.example
-    to: http://httpbin
+  - from: https://verify.corp.domain.example
+    to: http://verify
     allowed_domains:
       - pomerium.io
-  - from: https://external-httpbin.corp.domain.example
-    to: https://httpbin.org
+  - from: https://external-verify.corp.domain.example
+    to: https://verify.pomerium.com
     allow_public_unauthenticated_access: true
 ```
 
@@ -364,8 +364,8 @@ Usage of the POLICY_FILE envvar is no longer supported. Support for file based p
   Old:
 
   ```yaml
-  - from: httpbin.corp.beyondperimeter.com
-    to: http://httpbin
+  - from: verify.localhost.pomerium.io
+    to: http://verify
     allowed_domains:
       - pomerium.io
     cors_allow_preflight: true
@@ -376,8 +376,8 @@ Usage of the POLICY_FILE envvar is no longer supported. Support for file based p
 
   ```yaml
   policy:
-    - from: httpbin.corp.beyondperimeter.com
-      to: http://httpbin
+    - from: verify.localhost.pomerium.io
+      to: http://verify
       allowed_domains:
         - pomerium.io
       cors_allow_preflight: true

docs/guides/cloud-run.md

@@ -108,7 +108,7 @@ And a hello page:
 
 If your target application is not running on GCP, you can also perform your own header validation.
 
-Browse to [https://httpbin.cloudrun.pomerium.io](https://httpbin.cloudrun.pomerium.io/headers)
+Browse to [https://verify.cloudrun.pomerium.io](https://verify.cloudrun.pomerium.io/headers)
 
 You should see your identity header set:
 

docs/guides/local-oidc.md

@@ -34,8 +34,8 @@ services:
     depends_on:
       - identityprovider
 
-  httpbin:
-    image: kennethreitz/httpbin:latest
+  verify:
+    image: pomerium/verify
     expose:
       - 80
 
@@ -75,8 +75,8 @@ cookie_secret: <reducted>
 
 # https://www.pomerium.io/configuration/#policy
 policy:
-  - from: https://httpbin.localhost.pomerium.io
-    to: http://httpbin
+  - from: https://verify.localhost.pomerium.io
+    to: http://verify
     allowed_domains:
       - example.org
 ```
@@ -147,7 +147,7 @@ $ : wait identityprovider up
 $ docker-compose up -d
 ```
 
-Now accessing to `https://httpbin.localhost.pomerium.io` and you will be redireted to OIDC server for authentication.
+Now accessing to `https://verify.localhost.pomerium.io` and you will be redireted to OIDC server for authentication.
 
 [identity provider]: ../docs/identity-providers/
 [qlik/simple-oidc-provider]: https://hub.docker.com/r/qlik/simple-oidc-provider/

docs/guides/mtls.md

@@ -74,8 +74,8 @@ idp_client_id: YOUR_CLIENT_ID
 idp_client_secret: YOUR_SECRET
 
 policy:
-  - from: "https://httpbin.localhost.pomerium.io:8443"
-    to: "https://httpbin.org"
+  - from: "https://verify.localhost.pomerium.io:8443"
+    to: "https://verify.org"
     allow_public_unauthenticated_access: true
 ```
 
@@ -89,7 +89,7 @@ Before visiting the page in your browser we have one final step.
 
 ## Install Client Certificate
 
-Because `https://httpbin.localhost.pomerium.io:8443` now requires a client certificate to be accessed, we first need to install that client certificate in our browser. The following instructions are for Chrome, but client certificates are supported in all major browsers.
+Because `https://verify.localhost.pomerium.io:8443` now requires a client certificate to be accessed, we first need to install that client certificate in our browser. The following instructions are for Chrome, but client certificates are supported in all major browsers.
 
 Go to <chrome://settings/certificates>:
 
@@ -109,6 +109,6 @@ You should see the `org-mkcert development certificate` in the list of your cert
 
 ## Using the Client Certificate
 
-You can now visit **<https://httpbin.localhost.pomerium.io>** and you should be prompted to choose a client certificate:
+You can now visit **<https://verify.localhost.pomerium.io>** and you should be prompted to choose a client certificate:
 
 ![choose client certificate](./img/mtls/05-select-client-certificate.png)

docs/guides/nginx.md

@@ -13,7 +13,7 @@ description: >-
 
 This recipe's sources can be found [on github](https://github.com/pomerium/pomerium/tree/master/examples/nginx)
 
-At the end, you will have a locally running install of [httpbin](https://httpbin.org/) behind nginx with policy enforced by Pomerium.
+At the end, you will have a locally running install of [verify](https://verify.pomerium.com/) behind nginx with policy enforced by Pomerium.
 
 ## Background
 
@@ -72,28 +72,28 @@ Nginx configuration for Pomerium endpoints
 
 <<< @/examples/nginx/pomerium.conf
 
-### Nginx - httpbin
+### Nginx - verify
 
 Nginx configuration for the protected endpoint
 
-<<< @/examples/nginx/httpbin.conf
+<<< @/examples/nginx/verify.conf
 
 ### Docker Compose
 
 <<< @/examples/nginx/docker-compose.yaml
 
-Run `docker-compose up`. After a few seconds, browse to [httpbin.localhost.pomerium.io](https://httpbin.localhost.pomerium.io).
+Run `docker-compose up`. After a few seconds, browse to [verify.localhost.pomerium.io](https://verify.localhost.pomerium.io).
 
-You should be prompted to log in through your IdP and then granted access to the deployed `httpbin` instance.
+You should be prompted to log in through your IdP and then granted access to the deployed `verify` instance.
 
 ## That's it!
 
-Your `httpbin` install is protected by Pomerium.
+Your `verify` install is protected by Pomerium.
 
 ## Adapting
 
 To re-use the configuration in this demo in other contexts:
 
-- Update `httpbin.conf` to reflect the correct forward auth URL in `location @error401`
+- Update `verify.conf` to reflect the correct forward auth URL in `location @error401`
 - Update `pomerium.conf` to reflect the pomerium hostname(s) or IP(s) in `upstream pomerium`
 - Update `pomerium.conf` to reflect your pomerium authenticate and forward auth hostnames in `server_name`