-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Updates routes for port mapping #1394
Conversation
✅ Deploy Preview for pomerium-docs ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
https://www.example.com:18443 | ||
``` | ||
|
||
If you disable this runtime flag and _do not_ specify a port in the From URL, Pomerium will only match this route if the incoming request _does not_ specify a port, _or_ the request specifies port `:443`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it's the port that the server listens on, which is by default 443
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
The `URL` must contain a **scheme** and **hostname** and cannot contain a path. | ||
The From URL must contain a **scheme** and **hostname**. It can't contain a path. | ||
|
||
### Port mapping behavior |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we might want to stick with the phrase "port matching" here. According to wikipedia "port mapping" has a meaning in the context of NAT, which is something unrelated.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
@@ -16,21 +17,62 @@ import TabItem from '@theme/TabItem'; | |||
|
|||
## Summary | |||
|
|||
**From** is the externally accessible URL for the proxied request. | |||
The **From** route is the externally accessible URL for a proxied HTTP request. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we should use the phrase "From route." A route must have both a from URL and a to URL. There aren't "from routes" or "to routes".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So a "route" consists of a From and To URL. I agree here. I thought it made sense to distinguish which one of these we're referring to. "From route" could be "From URL".
|
||
:::note | ||
|
||
You can disable this behavior with the [**Match Any Incoming Port**](/docs/reference/runtime-flags) runtime flag. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd suggest moving this to the bottom of the section, so it doesn't interrupt the explanation + examples.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
|
||
:::note | ||
|
||
Only secure schemes (`https` and `tcp+https`) are supported. | ||
When defining a From route, you must use `https` or `tcp+https`. Pomerium only supports secure schemes. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd suggest moving this note up, so it stays together with the sentence "The From URL must contain a scheme and hostname".
Or, it might make sense to remove the :::note
callout and add this directly to that paragraph:
The From URL must contain a scheme and hostname. It can't contain a path. The scheme must be
https
ortcp+https
.
|
||
::: | ||
|
||
<Tabs> | ||
<TabItem value="zero" label="Zero"> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think if we keep this change in a separate PR it may make things easier when cutting the v0.26 docs site branch.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed. I'll remove and add in a separate PR.
Co-authored-by: Kenneth Jenkins <[email protected]>
Resolves #1381.
@calebdoxsey this is a WIP because I've added a Zero screenshot. For now, I'd like a review for the docs. i can remove the screenshot and tab for v0.26, and wait until we're ready to release Zero.
I also need to document the Kubernetes configuration for this.