Skip to main content

Routes

  • Environment Variable: ROUTES
  • Config File Key: routes
  • Type: base64 encoded string or inline policy structure in config file
  • Required - While Pomerium will start without a route configured, it will not authorize or proxy any traffic until a route is defined. If configuring Pomerium for the Enterprise Console, define a route for the Console itself in Pomerium.

A route contains specific access and control definitions for a back-end service. Each route is a list item under the routes key.

Each route defines at minimum a from and to field, and a policy key defining authorization logic. Policies are defined using Pomerium Policy Language (PPL). Additional options are listed below.

# This file contains only route and policy configuration details. Other
# configuration settings required by pomerium are excluded for clarity.
# See: https://www.pomerium.io/docs/reference/

#
# For a complete self contained configuration see : config.example.yaml.
# Or, mix and match a policy file (this) with env vars : config.example.env

routes:
- from: https://verify.localhost.pomerium.io
to: http://localhost:8000
policy:
- allow:
or:
- domain:
is: pomerium.io
cors_allow_preflight: true
timeout: 30s
- from: https://external-verify.localhost.pomerium.io
to: https://verify.pomerium.com
policy:
- allow:
or:
- domain:
is: gmail.com
- from: https://weirdlyssl.localhost.pomerium.io
to: http://neverssl.com
policy:
- allow:
or:
- email:
is: user@example.com
- groups:
has: "admins"
- groups:
has: "developers"
- from: https://hello.localhost.pomerium.io
to: http://localhost:8080
policy:
- allow:
or:
- groups:
has: "admins@pomerium.io"