Skip to main content

Run Pomerium Core With Docker

Run Pomerium Core with Docker containers in under 5 minutes.

The Core quickstart uses Pomerium's Hosted Authenticate Service, but you can also configure a self-hosted authenticate service to integrate with Pomerium.

Prerequisites

Docker and Docker Compose

Configure Pomerium

Create a config.yaml file in the root of your project.

Add the configuration below to config.yaml:

# See detailed configuration settings: https://www.pomerium.com/docs/reference/

#####################################################################
# If self-hosting, use the localhost authenticate service URL below #
# and remove the hosted URL. #
#####################################################################
# authenticate_service_url: https://authenticate.localhost.pomerium.io

authenticate_service_url: https://authenticate.pomerium.app

####################################################################################
# If self-hosting, you must configure an identity provider. #
# See identity provider settings: https://www.pomerium.com/docs/identity-providers/#
####################################################################################

# https://pomerium.com/reference/#routes
routes:
- from: https://verify.localhost.pomerium.io
to: http://verify:8000
policy:
- allow:
or:
- email:
is: user@example.com
pass_identity_headers: true

Configure Docker

Create a docker-compose.yaml file in the root of your project.

Add the configuration below to docker-compose.yaml:

version: "3"
services:
pomerium:
image: cr.pomerium.com/pomerium/pomerium:latest
volumes:
## Mount your config file: https://www.pomerium.com/docs/reference/
- ./config.yaml:/pomerium/config.yaml:ro
ports:
- 443:443
## https://verify.localhost.pomerium.io --> Pomerium --> http://verify
verify:
image: cr.pomerium.com/pomerium/verify:latest
expose:
- 8000

Run Docker Compose

docker compose up

Access the verify route you built in your policy: https://verify.localhost.pomerium.io

If you get a self-signed certificate warning, see Handle Self-Signed Certificate Warning to bypass it.

You should be redirected to the verify service. You'll see a page like this:

Verify page

Although identity verification failed, you successfully integrated Pomerium with the upstream verify service.

tip

Because this guide doesn't include a signing key in the configuration, identity verification will fail.

See Identity Verification for more information on how Pomerium can use JWTs for authentication.

Next Steps

If you want to try Enterprise, check out the Enterprise with Docker quickstart.

If you want to try connecting Pomerium with other services, see some of our Guides.

Did you finish this quickstart guide? We'd love to hear what you think. Get in touch with us on our Discuss forum, message us on Twitter, LinkedIn, or check out our Community page.

caution

This is a test environment! If you followed all the steps in this doc your Pomerium environment is not using trusted certificates. Remember to use a valid certificate solution before moving this configuration to a production environment. See Certificates for more information.