Updates routes for port mapping #1394
Conversation
✅ Deploy Preview for pomerium-docs ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
| https://www.example.com:18443 | ||
| ``` | ||
|
|
||
| If you disable this runtime flag and _do not_ specify a port in the From URL, Pomerium will only match this route if the incoming request _does not_ specify a port, _or_ the request specifies port `:443`. |
There was a problem hiding this comment.
it's the port that the server listens on, which is by default 443
ZPain8464
requested review from
cmo-pomerium and
calebdoxsey
and removed request for
a team
| The `URL` must contain a **scheme** and **hostname** and cannot contain a path. | ||
| The From URL must contain a **scheme** and **hostname**. It can't contain a path. | ||
|
|
||
| ### Port mapping behavior |
There was a problem hiding this comment.
I think we might want to stick with the phrase "port matching" here. According to wikipedia "port mapping" has a meaning in the context of NAT, which is something unrelated.
| @@ -16,21 +17,62 @@ import TabItem from '@theme/TabItem'; | |||
|
|
|||
| ## Summary | |||
|
|
|||
| **From** is the externally accessible URL for the proxied request. | |||
| The **From** route is the externally accessible URL for a proxied HTTP request. | |||
There was a problem hiding this comment.
I don't think we should use the phrase "From route." A route must have both a from URL and a to URL. There aren't "from routes" or "to routes".
There was a problem hiding this comment.
So a "route" consists of a From and To URL. I agree here. I thought it made sense to distinguish which one of these we're referring to. "From route" could be "From URL".
|
|
||
| :::note | ||
|
|
||
| You can disable this behavior with the [**Match Any Incoming Port**](/docs/reference/runtime-flags) runtime flag. |
There was a problem hiding this comment.
I'd suggest moving this to the bottom of the section, so it doesn't interrupt the explanation + examples.
|
|
||
| :::note | ||
|
|
||
| Only secure schemes (`https` and `tcp+https`) are supported. | ||
| When defining a From route, you must use `https` or `tcp+https`. Pomerium only supports secure schemes. |
There was a problem hiding this comment.
I'd suggest moving this note up, so it stays together with the sentence "The From URL must contain a scheme and hostname".
Or, it might make sense to remove the :::note callout and add this directly to that paragraph:
The From URL must contain a scheme and hostname. It can't contain a path. The scheme must be
httpsortcp+https.
|
|
||
| ::: | ||
|
|
||
| <Tabs> | ||
| <TabItem value="zero" label="Zero"> |
There was a problem hiding this comment.
I think if we keep this change in a separate PR it may make things easier when cutting the v0.26 docs site branch.
There was a problem hiding this comment.
Agreed. I'll remove and add in a separate PR.
Co-authored-by: Kenneth Jenkins <[email protected]>
Resolves #1381.
@calebdoxsey this is a WIP because I've added a Zero screenshot. For now, I'd like a review for the docs. i can remove the screenshot and tab for v0.26, and wait until we're ready to release Zero.
I also need to document the Kubernetes configuration for this.