Skip to main content

Insecure Server

Summary

If true, Insecure Server mode will result in Pomerium starting and operating without any protocol encryption in transit.

This setting can be useful in a situation where you have Pomerium behind a TLS terminating ingress or proxy. However, even in that case, it is highly recommended to use TLS to protect the confidentiality and integrity of service communication even behind the ingress using self-signed certificates or an internal CA.

warning

Pomerium should never be exposed to the internet without TLS encryption.

How to configure

Config file keysEnvironment variablesTypeUsage
insecure_serverINSECURE_SERVERbooleanrequired (if certificates unset)

Examples

insecure_server: true
INSECURE_SERVER=true