Skip to main content

Insecure Server


If true, Insecure Server mode will result in Pomerium starting and operating without any protocol encryption in transit.

This setting can be useful in a situation where you have Pomerium behind a TLS terminating ingress or proxy. However, even in that case, it is highly recommended to use TLS to protect the confidentiality and integrity of service communication even behind the ingress using self-signed certificates or an internal CA.


Pomerium should never be exposed to the internet without TLS encryption.

How to configure

Config file keysEnvironment variablesTypeUsage
insecure_serverINSECURE_SERVERbooleanrequired (if certificates unset)


insecure_server: true