Adds Pomerium Zero Fundamentals courses (#1372)

* adds PZ directory

* adds PZ courses files

* moves core fundamentals directory

* adds routes guide

* adds policies guide to courses

* Adds policies video

* adds intro

* adds jwt guide

* updates advanced policies guide

* adds advanced policies guide

* adds first part of advanced routes guide

* adds most of advanced routes guide

* adds advanced routing guide

* adds TCP guide

* small changes to text

* fixes broken link

* fixes prettier and cspell errors

* fixes broken links

* updates tcp commands

* runs prettier

* adds changes to advanced routes

* updates all guides formatting and videos

* replaces screenshots

* runs prettier

* removes incompatible docs link

* fixes formatting issue

* updates routes

* renames zero fundamentals files and directories

* adds wistia videos

* updates sidebar

* fixes sidebar and broken links

* Update content/docs/courses/fundamentals/zero-build-routes.mdx

Co-authored-by: ssveta7ak <[email protected]>

* Update content/docs/courses/fundamentals/zero-single-sign-on.mdx

Co-authored-by: ssveta7ak <[email protected]>

* Update content/docs/courses/fundamentals/zero-single-sign-on.mdx

Co-authored-by: ssveta7ak <[email protected]>

* updates text

* Update content/docs/courses/fundamentals/zero-build-policies.mdx

Co-authored-by: ssveta7ak <[email protected]>

* Update content/docs/courses/fundamentals/zero-advanced-routes.mdx

Co-authored-by: ssveta7ak <[email protected]>

* adds requested changes

* fixes breaking links

---------

Co-authored-by: ssveta7ak <[email protected]>

content/docs/courses.mdx

@@ -1,62 +1,16 @@
 ---
-title: Pomerium Fundamentals
+title: Pomerium Zero Fundamentals
 id: courses
 sidebar_label: Courses
 description: Welcome to Pomerium Fundamentals, a series of courses designed to teach you the fundamentals of Pomerium so you can secure your applications with confidence.
 ---
 
-Welcome to **Pomerium Fundamentals**, a series of courses designed to teach you the basics of Pomerium so you can secure your apps with confidence.
+# Pomerium Zero Fundamentals
 
-Each course provides a structured approach to learning how Pomerium works. There are 10 courses in all.
+**Pomerium Zero Fundamentals** is a series of courses designed to help you understand how Pomerium works so you can secure your apps and services with confidence.
 
-Head to [**Get Started**](/docs/courses/fundamentals/get-started) to get a Pomerium instance up and running. From there, you'll add on to your configuration file in each tutorial.
+We'll cover routing, policies, TLS certificates, identity verification, and more.
 
-Below, we’ve included some background information about Pomerium and reverse proxies (if you're not unfamiliar).
+To get started, complete the [**Quickstart guide**](/docs/quickstart) first.
 
-## Reverse Proxies: a Primer
-
-### What is a Reverse Proxy?
-
-A reverse proxy is a server that sits between a client (like your browser) and an application’s origin server. When a client sends a request to an application behind a reverse proxy, the proxy receives the request before forwarding it to the origin server. When the origin server responds, the reverse proxy receives the request before sending it back to the client.
-
-This model affords several benefits:
-
-#### **Security**
-
-Because reverse proxies sit in front of an application’s origin server, the origin server’s IP address is hidden. If a malicious attacker attempts to overload or compromise the origin server, the reverse proxy would be targeted instead.
-
-#### **Load Balancing**
-
-You can use reverse proxies in your load balancing strategy to distribute traffic to available, healthy servers. So, if a website experiences high volumes of traffic, the reverse proxy can distribute traffic to a healthy server so that no single server is overloaded.
-
-#### **Transport Layer Security (TLS)**
-
-TLS encryption is computationally expensive for an origin server. A reverse proxy relieves the burden on the origin server because it can decrypt incoming requests and encrypt outgoing responses.
-
-Check out these posts to learn more:
-
-- [Proxy vs. Reverse Proxy](https://www.pomerium.com/blog/proxy-vs-reverse-proxy/)
-- [Zero Trust](/docs/concepts/zero-trust)
-
-## Pomerium Architecture
-
-To use Pomerium effectively, it helps to understand how Pomerium communicates with clients, identity providers, and upstream applications.
-
-### Request Lifecycle
-
-This diagram illustrates how Pomerium handles client requests to access upstream applications:
-
-![The request lifecyle](./internals/img/architecture/pomerium-request-flow.svg)
-
-Head to our [Architecture](/docs/internals/architecture) page to see these steps in detail and to learn more about how Pomerium at a system and component level.
-
-## Pomerium Terminology
-
-You’ll come across a lot of reverse proxy terminology in our documentation and guided tutorials that may not be intuitive or understandable at first.
-
-Below are are a few terms you should know:
-
-- **Resource**, **Asset**, **Application**, or **Service**: These terms all essentially represent the same thing: a sensitive destination within your private network that you want to secure behind Pomerium. We typically try not to use “resource” or “asset” because, well, they can mean different things depending on the context.
-- **Downstream** and **Upstream**: Pomerium sits between a client and a web app or service. If Pomerium is in the middle, then the client is “downstream” of Pomerium, and the protected app or service is “upstream” of Pomerium.
-
-See our [Glossary](/docs/internals/glossary) to review more terms.
+When you're finished, learn how to [**Build Routes**](/docs/courses/fundamentals/zero-build-routes.mdx) in Pomerium Zero.

content/docs/courses/fundamentals/advanced-policies.md

@@ -57,7 +57,7 @@ Let’s extend the policy above to include a claim from your JWT. If a user does
 
 While running your Docker containers, access the Verify service. Under **Signed Identity Token**, you’ll see a list of claims:
 
-![JWT claims listed on a web page from the Verify service](../img/jwt-verification/01-jwt-claims.png)
+![JWT claims listed on a web page from the Verify service](./img/jwt-verification/01-jwt-claims.png)
 
 Find the **Name** claim and copy the value.
 

content/docs/courses/fundamentals/advanced-routes.md

@@ -126,7 +126,7 @@ jwt_claims_headers:
 
 This setting sends JWT claims as _unsigned_ headers to the upstream application (unlike the _signed_ JWT assertion header). If you restart the Pomerium Docker instance and send another request to HTTPBin, you’ll notice these claims are included in the request:
 
-![View JWT claims as unsigned headers in the request](../img/advanced-routes/httpbin-jwt-claims-headers.png)
+![View JWT claims as unsigned headers in the request](./img/advanced-routes/httpbin-jwt-claims-headers.png)
 
 So, this adds headers from the JWT to our request, but what if you wanted to remove them for privacy or security reasons? Or what if you wanted to add other headers to your request?
 
@@ -168,7 +168,7 @@ Similarly, you can configure responses as well:
 
 If you go HTTPBin’s **Response inspection** row and test a request, you’ll notice the test `X-Set-Response-Headers` header is included in the response.
 
-![View response headers](../img/advanced-routes/response-header.png)
+![View response headers](./img/advanced-routes/response-header.png)
 
 ### Set the Host header
 
@@ -275,11 +275,11 @@ node index.js
 
 Navigate to `localhost:5001` to see if your server serves the `Hello World!` message.
 
-![The 'Hello World' page from our Node server](../img/advanced-routes/node-hello-world.png)
+![The 'Hello World' page from our Node server](./img/advanced-routes/node-hello-world.png)
 
 Similarly, if you go to `localhost:5001/admin`, you should see `This is an admin only page`.
 
-![The 'Admin only' page from our Node server](../img/advanced-routes/node-admin-only.png)
+![The 'Admin only' page from our Node server](./img/advanced-routes/node-admin-only.png)
 
 #### Dockerize Node server
 

content/docs/courses/fundamentals/build-routes.md

@@ -131,7 +131,7 @@ docker compose up
 
 And access your route: https://grafana.localhost.pomerium.io
 
-![The Grafana login screen](../img/build-routes/grafana-login-screen.png)
+![The Grafana login screen](./img/build-routes/grafana-login-screen.png)
 
 If you reach this after the authentication step, you’ve succeeded in setting up a route to Grafana!
 

content/docs/courses/fundamentals/get-started.md

@@ -26,7 +26,7 @@ Your project will contain all the files and configurations you need to run **Pom
 
 The directory structure will look like this:
 
-![Your project's file structure](../img/get-started/pomerium-file-structure.png)
+![Your project's file structure](./img/get-started/pomerium-file-structure.png)
 
 - The `config.yaml` file configures Pomerium itself
 - The `docker-compose.yaml` file configures and runs your Docker containers
@@ -132,7 +132,7 @@ docker compose up
 
 Now, go to the [Verify service](https://verify.localhost.pomerium.io/) in your browser.
 
-![Image of the Verify service web page](../img/get-started/verify-state.png)
+![Image of the Verify service web page](./img/get-started/verify-state.png)
 
 You may have some questions, like:
 

content/docs/courses/fundamentals/jwt-verification.md

@@ -88,7 +88,7 @@ Here’s how the JWT authentication flow looks at a high level:
 
 4. The upstream service receives the request, fetches the public key from the JWKS endpoint, verifies and validates the signature, and grants the user access
 
-![Diagram of JWT flow in Pomerium](../img/jwt-verification/jwt-verification-diagram.svg)
+![Diagram of JWT flow in Pomerium](./img/jwt-verification/jwt-verification-diagram.svg)
 
 If that’s a lot to take in, don’t worry, Pomerium handles a lot of it for you! This is just for those that are interested in what’s happening behind the scenes.
 
@@ -172,7 +172,7 @@ openssl ec -in ec_private.pem -pubout -out ec_public.pem
 
 This command generates a public/private key pair in your project:
 
-![Public and private keys in the root project directory](../img/jwt-verification/00-root-project-files.png)
+![Public and private keys in the root project directory](./img/jwt-verification/00-root-project-files.png)
 
 2. Next, convert the signing key to a Base64-encoded format:
 
@@ -231,7 +231,7 @@ Run Docker Compose and access the [Verify](https://verify.localhost.pomerium.io/
 
 Under **Signed Identity Token**, you should see a list claims:
 
-![The claims as defined in the JWT displayed in the Verify app](../img/jwt-verification/01-jwt-claims.png)
+![The claims as defined in the JWT displayed in the Verify app](./img/jwt-verification/01-jwt-claims.png)
 
 Pomerium sources these claims from the ID token it gets from your identity provider and uses them to generate a new “Pomerium” JWT. This ensures the original ID token is never leaked.
 
@@ -254,13 +254,13 @@ With your containers still running, enter `https://verify.localhost.pomerium.io/
 
 This web page shows you the contents of the HTTP request to the Verify service. Search for a header labeled `X-Pomerium-Jwt-Assertion`:
 
-![The JWT payload](../img/jwt-verification/02-jwt-payload.png)
+![The JWT payload](./img/jwt-verification/02-jwt-payload.png)
 
 The value of the header is the JWT.
 
 Copy and paste the JWT. Then, head to JWT.io to decode it:
 
-![Decoding the JWT](../img/jwt-verification/03-jwt-decoded.png)
+![Decoding the JWT](./img/jwt-verification/03-jwt-decoded.png)
 
 You can see the Payload with the claims listed on the Verify page.
 
@@ -284,7 +284,7 @@ HHucN19M9rqGNOxJSFdwTx/hauY/qQRYdtaZgTJDQfRaT6CZObwRa9vMsg==
 
 In JWT.io under **VERIFY SIGNATURE**, enter the public key. The “Invalid Signature” message should change to “Signature Verified” if done correctly:
 
-![JWT signature verification](../img/jwt-verification/04-jwt-signature-verified.png)
+![JWT signature verification](./img/jwt-verification/04-jwt-signature-verified.png)
 
 Great! With these steps, you can manually verify the JWT’s signature and that the request was handled by Pomerium.
 

content/docs/courses/fundamentals/production-certificates.md

@@ -103,7 +103,7 @@ Select the Verify route. Now, click the **padlock** icon and view the certificat
 
 You should see your domain in the **Issued To > Common Name (CN)** field (the UI will vary depending on your browser, but you get the idea):
 
-![Viewing the certificate provided by Autocert](../img/production-certificates/autocert-certificate.png)
+![Viewing the certificate provided by Autocert](./img/production-certificates/autocert-certificate.png)
 
 That’s it! You configured Pomerium to manage certificates for your upstream applications.
 

content/docs/courses/fundamentals/self-hosted-pomerium.md

@@ -245,7 +245,7 @@ If you access your authenticate service URL, Pomerium will redirect you to your
 
 After signing in, Pomerium will redirect you to the **User Details** page:
 
-![The User Details page](../img/self-hosted-pomerium/user-details-page.png)
+![The User Details page](./img/self-hosted-pomerium/user-details-page.png)
 
 Awesome! You’ve successfully configured Pomerium to run in a Compute Engine VM instance running Debian.