Skip to main content

Insecure Server

  • Environmental Variable: INSECURE_SERVER
  • Config File Key: insecure_server
  • Kubernetes: not supported
  • Type: bool
  • Required if certificates unset

Turning on insecure server mode will result in pomerium starting, and operating without any protocol encryption in transit.

This setting can be useful in a situation where you have Pomerium behind a TLS terminating ingress or proxy. However, even in that case, it is highly recommended to use TLS to protect the confidentiality and integrity of service communication even behind the ingress using self-signed certificates or an internal CA. Please see our helm-chart for an example of just that.


Pomerium should never be exposed to the internet without TLS encryption.