Skip to main content

Routes

  • Environment Variable: ROUTES
  • Config File Key: routes
  • Type: base64 encoded string or inline policy structure in config file
  • Required - While Pomerium will start without a route configured, it will not authorize or proxy any traffic until a route is defined. If configuring Pomerium for the Enterprise Console, define a route for the Console itself in Pomerium.

A route contains specific access and control definitions for a back-end service. Each route is a list item under the routes key.

Each route defines at minimum a from and to field, and a policy key defining authorization logic. Policies are defined using Pomerium Policy Language (PPL). Additional options are listed below.

# This file contains only route and policy configuration details. Other
# configuration settings required by pomerium are excluded for clarity.
# See: https://www.pomerium.io/docs/reference/

#
# For a complete self contained configuration see : config.example.yaml.
# Or, mix and match a policy file (this) with env vars : config.example.env

routes:
  - from: https://verify.localhost.pomerium.io
    to: http://localhost:8000
    policy:
      - allow:
          or:
            - domain:
                is: pomerium.io
    cors_allow_preflight: true
    timeout: 30s
  - from: https://external-verify.localhost.pomerium.io
    to: https://verify.pomerium.com
    policy:
      - allow:
          or:
            - domain:
                is: gmail.com
  - from: https://weirdlyssl.localhost.pomerium.io
    to: http://neverssl.com
    policy:
      - allow:
          or:
            - email:
                is: user@example.com
  - from: https://hello.localhost.pomerium.io
    to: http://localhost:8080
    policy:
      - allow:
          or:
            - claim/groups: "admins@pomerium.io"