From e9c281a240f3105483364089e3949463f8dbab8b Mon Sep 17 00:00:00 2001 From: zachary painter <60552605+ZPain8464@users.noreply.github.com> Date: Thu, 18 Jul 2024 15:00:49 -0400 Subject: [PATCH 01/12] moves config page --- content/docs/{internals => core}/configuration.md | 8 ++++---- sidebars.js | 11 ++++++++++- 2 files changed, 14 insertions(+), 5 deletions(-) rename content/docs/{internals => core}/configuration.md (92%) diff --git a/content/docs/internals/configuration.md b/content/docs/core/configuration.md similarity index 92% rename from content/docs/internals/configuration.md rename to content/docs/core/configuration.md index e6713ba96..1fcd80101 100644 --- a/content/docs/internals/configuration.md +++ b/content/docs/core/configuration.md @@ -1,9 +1,11 @@ --- -title: Configuration & Settings +title: Configuration +description: This page discusses configuration settings for Pomerium Core. +keywords: [core configuration] sidebar_label: Configuration --- -# Configuration & Settings +# Configuration Pomerium can be configured using a configuration file ([YAML]/[JSON]/[TOML]) or [environmental variables]. In general, environmental variable keys are identical to config file keys but are uppercase. Enterprise users will be able to set these settings in the GUI, or using the API. @@ -15,8 +17,6 @@ Pomerium can hot-reload route configuration details, authorization policy, certi ::: -## Reference table of settings - See the [reference](/docs/reference) page for a complete list of available options. ## All-In-One vs Split Service mode diff --git a/sidebars.js b/sidebars.js index bf90c1d3f..1acf6ab77 100644 --- a/sidebars.js +++ b/sidebars.js @@ -45,7 +45,16 @@ const sidebars = { type: 'category', label: 'Pomerium Core', link: {type: 'doc', id: 'docs/core'}, - items: [{type: 'autogenerated', dirName: 'docs/core'}], + items: [ + 'docs/core/quickstart', + 'docs/core/configuration', + 'docs/core/changelog', + 'docs/core/upgrading', + 'docs/core/from-source', + 'docs/core/binary', + + ] + // items: [{type: 'autogenerated', dirName: 'docs/core'}], }, { type: 'category', From ecb37ef06fa12814e7e4abd6a590b46f50a2c301 Mon Sep 17 00:00:00 2001 From: zachary painter <60552605+ZPain8464@users.noreply.github.com> Date: Fri, 19 Jul 2024 09:13:17 -0400 Subject: [PATCH 02/12] updates content --- content/docs/core/configuration.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/content/docs/core/configuration.md b/content/docs/core/configuration.md index 1fcd80101..10a65bb27 100644 --- a/content/docs/core/configuration.md +++ b/content/docs/core/configuration.md @@ -7,7 +7,13 @@ sidebar_label: Configuration # Configuration -Pomerium can be configured using a configuration file ([YAML]/[JSON]/[TOML]) or [environmental variables]. In general, environmental variable keys are identical to config file keys but are uppercase. Enterprise users will be able to set these settings in the GUI, or using the API. +You can configure Pomerium using a configuration file or [environmental variables]. If using a configuration file, the following languages are supported: + +- [YAML] +- [JSON] +- [TOML] + +Environmental variable keys are identical to configuration file keys, but they must be uppercase. Enterprise users will be able to set these settings in the GUI, or using the API. Using both [environmental variables] and config file keys is allowed and encouraged (for instance, secret keys are probably best set as environmental variables). However, if duplicate configuration keys are found, environment variables take precedence. From ab2c3c6d8d9e520c5d0a2ad92dbfc7cc348a823d Mon Sep 17 00:00:00 2001 From: zachary painter <60552605+ZPain8464@users.noreply.github.com> Date: Fri, 19 Jul 2024 16:31:54 -0400 Subject: [PATCH 03/12] updates configuration page --- content/docs/core/configuration.md | 48 +++++++++++++++++++----------- 1 file changed, 31 insertions(+), 17 deletions(-) diff --git a/content/docs/core/configuration.md b/content/docs/core/configuration.md index 10a65bb27..9e0eb4115 100644 --- a/content/docs/core/configuration.md +++ b/content/docs/core/configuration.md @@ -7,15 +7,13 @@ sidebar_label: Configuration # Configuration -You can configure Pomerium using a configuration file or [environmental variables]. If using a configuration file, the following languages are supported: +You can configure Pomerium using either a configuration file or [environmental variables](https://en.wikipedia.org/wiki/Environment_variable). If using a configuration file, the following languages are supported: -- [YAML] -- [JSON] -- [TOML] +- [YAML](https://yaml.org/) +- [JSON](https://www.json.org/json-en.html) +- [TOML](https://toml.io/en/) -Environmental variable keys are identical to configuration file keys, but they must be uppercase. Enterprise users will be able to set these settings in the GUI, or using the API. - -Using both [environmental variables] and config file keys is allowed and encouraged (for instance, secret keys are probably best set as environmental variables). However, if duplicate configuration keys are found, environment variables take precedence. +Using both environmental variables and configuration file keys is allowed and encouraged (for instance, secret keys are probably best set as environmental variables). However, if duplicate configuration keys are found, environment variables take precedence. :::tip @@ -23,19 +21,35 @@ Pomerium can hot-reload route configuration details, authorization policy, certi ::: -See the [reference](/docs/reference) page for a complete list of available options. +### Configuration syntax + +Both configuration file keys and environment variables are case sensitive. Configuration file keys are always lowercase and use hyphens (`-`). + +Environmental variables are identical to configuration file keys, but they are always uppercase and use underscores (`_`). + +See the [Reference](/docs/reference) page for a comprehensive list of Pomerium's configuration settings. + +## All In One and Split Service modes + +You can configure Pomerium using either All In One mode or Split Service mode. + +### All In One mode + +All In One mode means all of Pomerium's configuration settings are set in a single configuration file. You can use All In One mode when running Pomerium: + +- As a single system service or container, or +- In a distributed environment where there are multiple processes that each handle separate [components](/docs/internals/architecture#component-level). -## All-In-One vs Split Service mode +### Split Service mode -When running Pomerium as a single system service or container, all the options on this page can be set in a single `config.yaml` file, or passed to the single instance as environment variables. +Alternately, you can create individual configuration files (or sets of environment variables) for each Pomerium service. When doing so, each file or set defines which component a process will run by using the [service mode](/docs/reference/service-mode) key. -When running Pomerium in a distributed environment where there are multiple processes, each handling separate [components](/docs/internals/architecture#component-level), all services can still share a single config file or set of environment variables. +:::tip Our recommendation -Alternately, you can create individual config files or sets of environment variables for each service. When doing so, each file or set can define which component a process will run as using the [service mode](/docs/reference/service-mode) key. +We recommend All In One mode to configure Pomerium for the following reasons: -The table contains all config options for Pomerium Core. You can also browse each key using the index on the left. +- **Reduce complexity**: All In One mode reduces the complexity of managing configuration. A single configuration file means there is one source of truth. +- **Secure communication**: Pomerium services communicate internally. Splitting up services requires securing these endpoints and configuring DNS records for each service. +- **Scaling**: All In One instances scale for better performance. All URLs point at the same Pomerium service instance. -[environmental variables]: https://en.wikipedia.org/wiki/Environment_variable -[json]: https://en.wikipedia.org/wiki/JSON -[toml]: https://en.wikipedia.org/wiki/TOML -[yaml]: https://en.wikipedia.org/wiki/YAML +::: \ No newline at end of file From 858b3cc408c855de52cdb76e6c6f46297c7e9e29 Mon Sep 17 00:00:00 2001 From: zachary painter <60552605+ZPain8464@users.noreply.github.com> Date: Mon, 22 Jul 2024 13:35:22 -0400 Subject: [PATCH 04/12] updates modes section --- content/docs/core/configuration.md | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/content/docs/core/configuration.md b/content/docs/core/configuration.md index 9e0eb4115..e3d287f59 100644 --- a/content/docs/core/configuration.md +++ b/content/docs/core/configuration.md @@ -13,7 +13,7 @@ You can configure Pomerium using either a configuration file or [environmental v - [JSON](https://www.json.org/json-en.html) - [TOML](https://toml.io/en/) -Using both environmental variables and configuration file keys is allowed and encouraged (for instance, secret keys are probably best set as environmental variables). However, if duplicate configuration keys are found, environment variables take precedence. +Using both environmental variables and configuration file keys is allowed and encouraged (for example, secret keys are probably best set as environmental variables). However, if duplicate configuration keys are found, environment variables take precedence. :::tip @@ -23,26 +23,28 @@ Pomerium can hot-reload route configuration details, authorization policy, certi ### Configuration syntax -Both configuration file keys and environment variables are case sensitive. Configuration file keys are always lowercase and use hyphens (`-`). +Both configuration file keys and environment variables are case sensitive. -Environmental variables are identical to configuration file keys, but they are always uppercase and use underscores (`_`). +Configuration file keys are always lowercase and use dashes (`-`). Environmental variables are identical to configuration file keys, except they are always uppercase and use underscores (`_`). See the [Reference](/docs/reference) page for a comprehensive list of Pomerium's configuration settings. ## All In One and Split Service modes -You can configure Pomerium using either All In One mode or Split Service mode. +Pomerium relies on four [distinct services](/docs/internals/architecture) to securely process requests between clients and upstream applications. You can configure these services using either All In One mode or Split Service mode. ### All In One mode All In One mode means all of Pomerium's configuration settings are set in a single configuration file. You can use All In One mode when running Pomerium: - As a single system service or container, or -- In a distributed environment where there are multiple processes that each handle separate [components](/docs/internals/architecture#component-level). +- In a distributed environment where there are multiple processes that each handle separate [Pomerium services](/docs/internals/architecture#component-level). + +All In One mode is the default configuration mode, and the easiest way to configure Pomerium. ### Split Service mode -Alternately, you can create individual configuration files (or sets of environment variables) for each Pomerium service. When doing so, each file or set defines which component a process will run by using the [service mode](/docs/reference/service-mode) key. +Alternately, you can create individual configuration files (or sets of environment variables) for each Pomerium service. In Split Service mode, each configuration file (or set of environment variables) defines which service a process will run by using the [service mode](/docs/reference/service-mode) key. :::tip Our recommendation @@ -50,6 +52,6 @@ We recommend All In One mode to configure Pomerium for the following reasons: - **Reduce complexity**: All In One mode reduces the complexity of managing configuration. A single configuration file means there is one source of truth. - **Secure communication**: Pomerium services communicate internally. Splitting up services requires securing these endpoints and configuring DNS records for each service. -- **Scaling**: All In One instances scale for better performance. All URLs point at the same Pomerium service instance. +- **Scaling**: All In One deployments scale for better performance. All URLs point at the same Pomerium service instance. ::: \ No newline at end of file From 1316379242bf701a209b54fc4026337b8c4f23e4 Mon Sep 17 00:00:00 2001 From: zachary painter <60552605+ZPain8464@users.noreply.github.com> Date: Mon, 22 Jul 2024 15:42:36 -0400 Subject: [PATCH 05/12] updates text --- content/docs/core/configuration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/docs/core/configuration.md b/content/docs/core/configuration.md index e3d287f59..b60e3c4d4 100644 --- a/content/docs/core/configuration.md +++ b/content/docs/core/configuration.md @@ -31,7 +31,7 @@ See the [Reference](/docs/reference) page for a comprehensive list of Pomerium's ## All In One and Split Service modes -Pomerium relies on four [distinct services](/docs/internals/architecture) to securely process requests between clients and upstream applications. You can configure these services using either All In One mode or Split Service mode. +You can configure Pomerium using either All In One mode or Split Service mode. ### All In One mode From 8bba5e79d7898ac9a4365d8cce29e70f0e29e20e Mon Sep 17 00:00:00 2001 From: zachary painter <60552605+ZPain8464@users.noreply.github.com> Date: Mon, 22 Jul 2024 15:52:51 -0400 Subject: [PATCH 06/12] adds redirect --- content/docs/core/configuration.md | 16 ++++++++-------- sidebars.js | 4 +--- static/_redirects | 3 ++- 3 files changed, 11 insertions(+), 12 deletions(-) diff --git a/content/docs/core/configuration.md b/content/docs/core/configuration.md index b60e3c4d4..640c7b78d 100644 --- a/content/docs/core/configuration.md +++ b/content/docs/core/configuration.md @@ -23,24 +23,24 @@ Pomerium can hot-reload route configuration details, authorization policy, certi ### Configuration syntax -Both configuration file keys and environment variables are case sensitive. +Both configuration file keys and environment variables are case sensitive. -Configuration file keys are always lowercase and use dashes (`-`). Environmental variables are identical to configuration file keys, except they are always uppercase and use underscores (`_`). +Configuration file keys are always lowercase and use dashes (`-`). Environmental variables are identical to configuration file keys, except they are always uppercase and use underscores (`_`). See the [Reference](/docs/reference) page for a comprehensive list of Pomerium's configuration settings. ## All In One and Split Service modes -You can configure Pomerium using either All In One mode or Split Service mode. +You can configure Pomerium using either All In One mode or Split Service mode. ### All In One mode -All In One mode means all of Pomerium's configuration settings are set in a single configuration file. You can use All In One mode when running Pomerium: +All In One mode means all of Pomerium's configuration settings are set in a single configuration file. You can use All In One mode when running Pomerium: - As a single system service or container, or -- In a distributed environment where there are multiple processes that each handle separate [Pomerium services](/docs/internals/architecture#component-level). +- In a distributed environment where there are multiple processes that each handle separate [Pomerium services](/docs/internals/architecture#component-level). -All In One mode is the default configuration mode, and the easiest way to configure Pomerium. +All In One mode is the default configuration mode, and the easiest way to configure Pomerium. ### Split Service mode @@ -48,10 +48,10 @@ Alternately, you can create individual configuration files (or sets of environme :::tip Our recommendation -We recommend All In One mode to configure Pomerium for the following reasons: +We recommend All In One mode to configure Pomerium for the following reasons: - **Reduce complexity**: All In One mode reduces the complexity of managing configuration. A single configuration file means there is one source of truth. - **Secure communication**: Pomerium services communicate internally. Splitting up services requires securing these endpoints and configuring DNS records for each service. - **Scaling**: All In One deployments scale for better performance. All URLs point at the same Pomerium service instance. -::: \ No newline at end of file +::: diff --git a/sidebars.js b/sidebars.js index 1acf6ab77..b8897c30b 100644 --- a/sidebars.js +++ b/sidebars.js @@ -52,9 +52,7 @@ const sidebars = { 'docs/core/upgrading', 'docs/core/from-source', 'docs/core/binary', - - ] - // items: [{type: 'autogenerated', dirName: 'docs/core'}], + ], }, { type: 'category', diff --git a/static/_redirects b/static/_redirects index 6f8af396c..940de90c5 100644 --- a/static/_redirects +++ b/static/_redirects @@ -5,7 +5,7 @@ /docs/releases /docs/deploy/releases /docs/deploy/releases /docs/community/contributing -# Configuration & Settings Reference (reference links redirect correctly) +# Configuration & Settings Reference /docs/reference/reference /docs/reference /docs/reference/reference.html /docs/reference /docs/configuration/ /docs/reference @@ -25,6 +25,7 @@ /docs/security /docs/internals/security /docs/security.html /docs/internals/security /docs/community/security.html /docs/internals/security +/docs/internals/configuration /docs/core/configuration # Guide and examples links /guide/ /docs/quick-start/ From 9945d627127e43457e99801b136b65f029054863 Mon Sep 17 00:00:00 2001 From: zachary painter <60552605+ZPain8464@users.noreply.github.com> Date: Mon, 22 Jul 2024 16:18:07 -0400 Subject: [PATCH 07/12] fixes breaking links to pass build --- content/docs/capabilities/high-availability.mdx | 2 +- content/docs/capabilities/mtls-services.mdx | 2 +- content/docs/concepts/mutual-auth.md | 2 +- content/docs/internals/architecture.md | 2 +- content/docs/k8s/ingress.md | 2 +- content/docs/reference.mdx | 2 +- .../docs/reference/authenticate-internal-service-url.mdx | 4 ++-- content/docs/reference/authenticate-service-url.mdx | 2 +- content/docs/reference/authorize-internal-service-url.mdx | 2 +- content/docs/reference/grpc.mdx | 6 +++--- content/docs/reference/metrics.mdx | 2 +- content/docs/reference/service-mode.mdx | 2 +- 12 files changed, 15 insertions(+), 15 deletions(-) diff --git a/content/docs/capabilities/high-availability.mdx b/content/docs/capabilities/high-availability.mdx index 78e3ea0b3..9f0b48844 100644 --- a/content/docs/capabilities/high-availability.mdx +++ b/content/docs/capabilities/high-availability.mdx @@ -10,7 +10,7 @@ import InstallMkcert from '@site/content/_install-mkcert.md'; Pomerium is designed to be run in two modes: All-In-One or Split Service. These modes are not mutually exclusive, meaning you can run one or multiple instances of Pomerium in all-in-one mode, and spin up additional instances for specific components as needed. -Each instance of Pomerium runs in all-in-one mode unless specified to run as a specific component by the `services` key. See [All-In-One vs. Split Service mode](/docs/internals/configuration#all-in-one-vs-split-service-mode) for more details. +Each instance of Pomerium runs in all-in-one mode unless specified to run as a specific component by the `services` key. See [All-In-One vs. Split Service mode](/docs/core/configuration#all-in-one-and-split-service-modes-split-service-mode) for more details. :::caution diff --git a/content/docs/capabilities/mtls-services.mdx b/content/docs/capabilities/mtls-services.mdx index c2c1e443a..3f821dcd6 100644 --- a/content/docs/capabilities/mtls-services.mdx +++ b/content/docs/capabilities/mtls-services.mdx @@ -43,7 +43,7 @@ To provide a general explanation, in this guide you will use [mkcert](https://gi To complete this proof-of-concept guide: -- Run Pomerium in [all-in-one mode](/docs/internals/configuration#all-in-one-vs-split-service-mode) as a system service with a configuration file in the [standard location](/docs/core/from-source#configure) +- Run Pomerium in [all-in-one mode](/docs/core/configuration#all-in-one-and-split-service-modes-split-service-mode) as a system service with a configuration file in the [standard location](/docs/core/from-source#configure) - Configure an [identity provider](/docs/identity-providers) (IdP) to communicate with your Pomerium instance - Run all commands on the same host (You may have to move files or adjust paths and commands to match a different configuration) - Install [`mkcert`](https://github.com/FiloSottile/mkcert) to generate self-signed certificates and a root Certificate Authority (CA) (`mkcert` will take the place of your trusted certificate tooling solution) diff --git a/content/docs/concepts/mutual-auth.md b/content/docs/concepts/mutual-auth.md index f0fafec8c..f4d1a9126 100644 --- a/content/docs/concepts/mutual-auth.md +++ b/content/docs/concepts/mutual-auth.md @@ -28,7 +28,7 @@ This guide covers the following mutual authentication methods with Pomerium: This section provides examples of mutual authentication methods you can implement with Pomerium. -Each example diagrams Pomerium as a single service, as it is in [all-in-one mode](/docs/internals/configuration#all-in-one-vs-split-service-mode). This is the version provided by our [binaries] and in our Docker-based [Quickstart]. +Each example diagrams Pomerium as a single service, as it is in [all-in-one mode](/docs/core/configuration#all-in-one-and-split-service-modes-split-service-mode). This is the version provided by our [binaries] and in our Docker-based [Quickstart]. ### Basic Pomerium installation diff --git a/content/docs/internals/architecture.md b/content/docs/internals/architecture.md index 2a06e1cbe..b692eeaa7 100644 --- a/content/docs/internals/architecture.md +++ b/content/docs/internals/architecture.md @@ -60,7 +60,7 @@ The points below outline the Databroker’s role in the request and session life In production deployments, it is recommended that you deploy each component [separately](/docs/reference/service-mode). This allows you to limit external attack surface, as well as scale and manage the services independently. -In test deployments, all four components may run from a [single binary and configuration](/docs/internals/configuration#all-in-one-vs-split-service-mode). +In test deployments, all four components may run from a [single binary and configuration](/docs/core/configuration#all-in-one-and-split-service-modes-split-service-mode). ![pomerium architecture diagram](./img/architecture/pomerium-container-context-stateless-authn.svg) diff --git a/content/docs/k8s/ingress.md b/content/docs/k8s/ingress.md index 0c871ff65..aa6feb2a8 100644 --- a/content/docs/k8s/ingress.md +++ b/content/docs/k8s/ingress.md @@ -23,7 +23,7 @@ The [Pomerium Kubernetes Ingress Controller](https://github.com/pomerium/ingress Pomerium’s Ingress Controller for Kubernetes enables you to dynamically provision routes from Ingress resources and set authorization policy on those routes with Ingress annotations. By defining routes as Ingress resources in the Kubernetes API, you can easily create and remove those routes from your Pomerium configuration. -If you've tested Pomerium using the [all-in-one binary](/docs/core), you're probably familiar with configuring routes in Pomerium's [`config.yaml`](/docs/internals/configuration) file. When using the Pomerium Ingress Controller, each route is defined as an Ingress resource in the Kubernetes API. +If you've tested Pomerium using the [all-in-one binary](/docs/core), you're probably familiar with configuring routes in Pomerium's [`config.yaml`](/docs/core/configuration) file. When using the Pomerium Ingress Controller, each route is defined as an Ingress resource in the Kubernetes API. This document shows you how to configure an Ingress resource that’s compatible with the Pomerium Ingress Controller. diff --git a/content/docs/reference.mdx b/content/docs/reference.mdx index b98b11675..3533d490c 100644 --- a/content/docs/reference.mdx +++ b/content/docs/reference.mdx @@ -8,6 +8,6 @@ pagination_next: null import ReferenceTable from '../../src/components/ReferenceTable'; -For details on how to set configuration settings see the [configuration internals](/docs/internals/configuration) page. +For details on how to set configuration settings see the [configuration](/docs/core/configuration) page. diff --git a/content/docs/reference/authenticate-internal-service-url.mdx b/content/docs/reference/authenticate-internal-service-url.mdx index 1dcddb720..d8639fc72 100644 --- a/content/docs/reference/authenticate-internal-service-url.mdx +++ b/content/docs/reference/authenticate-internal-service-url.mdx @@ -16,7 +16,7 @@ import TabItem from '@theme/TabItem'; ## Summary -**Authenticate Internal Service URL** is only required for [split-service mode](/docs/internals/configuration#all-in-one-vs-split-service-mode) deployments where Pomerium can’t access the public [**Authenticate Service URL**](/docs/reference/authenticate-service-url). +**Authenticate Internal Service URL** is only required for [split-service mode](/docs/core/configuration#all-in-one-and-split-service-modes-split-service-mode) deployments where Pomerium can’t access the public [**Authenticate Service URL**](/docs/reference/authenticate-service-url). If included, **Authenticate Internal Service URL** will override Authenticate Service URL. @@ -37,7 +37,7 @@ See [**Self-Hosted Authenticate Service**](/docs/capabilities/self-hosted-authen | **Config file keys** | **Environment variables** | **Type** | **Usage** | | :-- | :-- | :-- | :-- | -| `authenticate_internal_service_url` | `AUTHENTICATE_INTERNAL_SERVICE_URL` | `URL` | **required** (In [split-service mode](/docs/internals/configuration#all-in-one-vs-split-service-mode) only) | +| `authenticate_internal_service_url` | `AUTHENTICATE_INTERNAL_SERVICE_URL` | `URL` | **required** (In [split-service mode](/docs/core/configuration#all-in-one-and-split-service-modes-split-service-mode) only) | ### Examples diff --git a/content/docs/reference/authenticate-service-url.mdx b/content/docs/reference/authenticate-service-url.mdx index 205762a99..cf465bd10 100644 --- a/content/docs/reference/authenticate-service-url.mdx +++ b/content/docs/reference/authenticate-service-url.mdx @@ -18,7 +18,7 @@ import TabItem from '@theme/TabItem'; ## Summary -**Authenticate Service URL** is the externally accessible URL for the Authenticate Service. In [split-service mode](/docs/internals/configuration#all-in-one-vs-split-service-mode), this key is required by all services other than Databroker. +**Authenticate Service URL** is the externally accessible URL for the Authenticate Service. In [split-service mode](/docs/core/configuration#all-in-one-and-split-service-modes-split-service-mode), this key is required by all services other than Databroker. :::tip **Note:** diff --git a/content/docs/reference/authorize-internal-service-url.mdx b/content/docs/reference/authorize-internal-service-url.mdx index 13d00f885..61699b1c1 100644 --- a/content/docs/reference/authorize-internal-service-url.mdx +++ b/content/docs/reference/authorize-internal-service-url.mdx @@ -16,7 +16,7 @@ import TabItem from '@theme/TabItem'; ## Summary -**Authorize Internal Service URL** is only required for [split-service mode](/docs/internals/configuration#all-in-one-vs-split-service-mode) deployments where Pomerium can’t access the public [**Authorize Service URL**](/docs/reference/authorize-service-url). +**Authorize Internal Service URL** is only required for [split-service mode](/docs/core/configuration#all-in-one-and-split-service-modes-split-service-mode) deployments where Pomerium can’t access the public [**Authorize Service URL**](/docs/reference/authorize-service-url). If included, **Authorize Internal Service URL** will override Authorize Service URL. diff --git a/content/docs/reference/grpc.mdx b/content/docs/reference/grpc.mdx index 03ccdd315..9e5554534 100644 --- a/content/docs/reference/grpc.mdx +++ b/content/docs/reference/grpc.mdx @@ -31,7 +31,7 @@ This reference covers all of Pomerium's **gRPC Settings**: | **Config file keys** | **Environment variables** | **Type** | **Default** | | :-- | :-- | :-- | :-- | -| `grpc_address` | `GRPC_ADDRESS` | `string` | `:443` (`:5443` if in [all-in-one](/docs/internals/configuration#all-in-one-vs-split-service-mode) mode) | +| `grpc_address` | `GRPC_ADDRESS` | `string` | `:443` (`:5443` if in [all-in-one](/docs/core/configuration#all-in-one-and-split-service-modes-split-service-mode) mode) | ### Examples {#examples-grpc-address} @@ -130,7 +130,7 @@ Kubernetes does not support **gRPC Client Timeout** ## gRPC Insecure {#grpc-insecure} -**gRPC Insecure** disables transport security for gRPC communication. If running in [all-in-one](/docs/internals/configuration#all-in-one-vs-split-service-mode) mode, defaults to true as communication will run over localhost's own socket. +**gRPC Insecure** disables transport security for gRPC communication. If running in [all-in-one](/docs/core/configuration#all-in-one-and-split-service-modes-split-service-mode) mode, defaults to true as communication will run over localhost's own socket. ### How to configure {#how-to-configure-grpc-insecure} @@ -139,7 +139,7 @@ Kubernetes does not support **gRPC Client Timeout** | **Config file keys** | **Environment variables** | **Type** | **Default** | | :-- | :-- | :-- | :-- | -| `grpc_insecure` | `GRPC_INSECURE` | `boolean` | `true` (If in [all-in-one](/docs/internals/configuration#all-in-one-vs-split-service-mode) mode) | +| `grpc_insecure` | `GRPC_INSECURE` | `boolean` | `true` (If in [all-in-one](/docs/core/configuration#all-in-one-and-split-service-modes-split-service-mode) mode) | ### Examples {#examples-grpc-insecure} diff --git a/content/docs/reference/metrics.mdx b/content/docs/reference/metrics.mdx index 35fe60410..f7706c3f8 100644 --- a/content/docs/reference/metrics.mdx +++ b/content/docs/reference/metrics.mdx @@ -115,7 +115,7 @@ As of `v0.9`, Pomerium uses [Envoy](https://www.envoyproxy.io/) for the data pla All metrics coming from Envoy will be labeled with `service="pomerium"` or `service="pomerium-proxy"`, depending if you're running all-in-one or distributed service mode and have `pomerium` prefix added to the standard envoy metric name. -See [Configuration & Settings](/docs/internals/configuration#all-in-one-vs-split-service-mode) for more information configuration environments. +See [Configuration & Settings](/docs/core/configuration#all-in-one-and-split-service-modes-split-service-mode) for more information configuration environments. ## Metrics Basic Authentication {#metrics-basic-authentication} diff --git a/content/docs/reference/service-mode.mdx b/content/docs/reference/service-mode.mdx index 9a619288d..89ebdd920 100644 --- a/content/docs/reference/service-mode.mdx +++ b/content/docs/reference/service-mode.mdx @@ -18,7 +18,7 @@ import TabItem from '@theme/TabItem'; ## Summary -**Service Mode** sets which service(s) to run. If testing, you may want to set to `all` and run Pomerium in [all-in-one mode](/docs/internals/configuration#all-in-one-vs-split-service-mode). In production, you'll likely want to spin up several instances of each service mode for [high availability](/docs/capabilities/high-availability). +**Service Mode** sets which service(s) to run. If testing, you may want to set to `all` and run Pomerium in [all-in-one mode](/docs/core/configuration#all-in-one-and-split-service-modes-split-service-mode). In production, you'll likely want to spin up several instances of each service mode for [high availability](/docs/capabilities/high-availability). ## How to configure From 61c45f135ef1f083eefafce19b268e59adf95596 Mon Sep 17 00:00:00 2001 From: zachary painter <60552605+ZPain8464@users.noreply.github.com> Date: Fri, 26 Jul 2024 11:34:40 -0400 Subject: [PATCH 08/12] Update content/docs/core/configuration.md Co-authored-by: Kenneth Jenkins <51246568+kenjenkins@users.noreply.github.com> --- content/docs/core/configuration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/docs/core/configuration.md b/content/docs/core/configuration.md index 640c7b78d..0ce88f634 100644 --- a/content/docs/core/configuration.md +++ b/content/docs/core/configuration.md @@ -13,7 +13,7 @@ You can configure Pomerium using either a configuration file or [environmental v - [JSON](https://www.json.org/json-en.html) - [TOML](https://toml.io/en/) -Using both environmental variables and configuration file keys is allowed and encouraged (for example, secret keys are probably best set as environmental variables). However, if duplicate configuration keys are found, environment variables take precedence. +You can use both environment variables and a configuration file. If a particular option is set using both an environment variable and a config file key, the environment variable will take precedence. :::tip From 3ba9a2a39050744749e32f8988f512841d2a57c8 Mon Sep 17 00:00:00 2001 From: zachary painter <60552605+ZPain8464@users.noreply.github.com> Date: Fri, 26 Jul 2024 12:32:13 -0400 Subject: [PATCH 09/12] adds feedback --- content/docs/core/configuration.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/content/docs/core/configuration.md b/content/docs/core/configuration.md index 0ce88f634..3f771f801 100644 --- a/content/docs/core/configuration.md +++ b/content/docs/core/configuration.md @@ -7,12 +7,14 @@ sidebar_label: Configuration # Configuration -You can configure Pomerium using either a configuration file or [environmental variables](https://en.wikipedia.org/wiki/Environment_variable). If using a configuration file, the following languages are supported: +You can configure Pomerium using either a configuration file or [environment variables](https://en.wikipedia.org/wiki/Environment_variable). If using a configuration file, the following languages are supported: - [YAML](https://yaml.org/) - [JSON](https://www.json.org/json-en.html) - [TOML](https://toml.io/en/) +(Our documentation always assumes a YAML configuration file.) + You can use both environment variables and a configuration file. If a particular option is set using both an environment variable and a config file key, the environment variable will take precedence. :::tip @@ -25,7 +27,7 @@ Pomerium can hot-reload route configuration details, authorization policy, certi Both configuration file keys and environment variables are case sensitive. -Configuration file keys are always lowercase and use dashes (`-`). Environmental variables are identical to configuration file keys, except they are always uppercase and use underscores (`_`). +Configuration file keys are always lowercase. Environmental variables are identical to configuration file keys, except they are always uppercase. See the [Reference](/docs/reference) page for a comprehensive list of Pomerium's configuration settings. From ff27ba524ac457347df382cbe8b51a1600dfbd38 Mon Sep 17 00:00:00 2001 From: zachary painter <60552605+ZPain8464@users.noreply.github.com> Date: Tue, 27 Aug 2024 10:19:36 -0400 Subject: [PATCH 10/12] fixes broken links --- content/docs/core/configuration.md | 20 ++++++++++---------- content/docs/reference/service-urls.md | 6 +++--- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/content/docs/core/configuration.md b/content/docs/core/configuration.md index 3f771f801..1753b833f 100644 --- a/content/docs/core/configuration.md +++ b/content/docs/core/configuration.md @@ -31,29 +31,29 @@ Configuration file keys are always lowercase. Environmental variables are identi See the [Reference](/docs/reference) page for a comprehensive list of Pomerium's configuration settings. -## All In One and Split Service modes +## All-In-One and Split-Service modes -You can configure Pomerium using either All In One mode or Split Service mode. +You can configure Pomerium using either All-In-One mode or Split Service mode. -### All In One mode +### All-In-One mode -All In One mode means all of Pomerium's configuration settings are set in a single configuration file. You can use All In One mode when running Pomerium: +All-In-One mode means all of Pomerium's configuration settings are set in a single configuration file. You can use All-In-One mode when running Pomerium: - As a single system service or container, or - In a distributed environment where there are multiple processes that each handle separate [Pomerium services](/docs/internals/architecture#component-level). -All In One mode is the default configuration mode, and the easiest way to configure Pomerium. +All-In-One mode is the default configuration mode, and the easiest way to configure Pomerium. -### Split Service mode +### Split-Service mode -Alternately, you can create individual configuration files (or sets of environment variables) for each Pomerium service. In Split Service mode, each configuration file (or set of environment variables) defines which service a process will run by using the [service mode](/docs/reference/service-mode) key. +Alternately, you can create individual configuration files (or sets of environment variables) for each Pomerium service. In Split-Service mode, each configuration file (or set of environment variables) defines which service a process will run by using the [service mode](/docs/reference/service-mode) key. :::tip Our recommendation -We recommend All In One mode to configure Pomerium for the following reasons: +We recommend All-In-One mode to configure Pomerium for the following reasons: -- **Reduce complexity**: All In One mode reduces the complexity of managing configuration. A single configuration file means there is one source of truth. +- **Reduce complexity**: All-In-One mode reduces the complexity of managing configuration. A single configuration file means there is one source of truth. - **Secure communication**: Pomerium services communicate internally. Splitting up services requires securing these endpoints and configuring DNS records for each service. -- **Scaling**: All In One deployments scale for better performance. All URLs point at the same Pomerium service instance. +- **Scaling**: All-In-One deployments scale for better performance. All URLs point at the same Pomerium service instance. ::: diff --git a/content/docs/reference/service-urls.md b/content/docs/reference/service-urls.md index 06236966d..84fc549f5 100644 --- a/content/docs/reference/service-urls.md +++ b/content/docs/reference/service-urls.md @@ -44,7 +44,7 @@ If not set, Pomerium will use the [Hosted Authenticate Service](/docs/capabiliti If you prefer to use your own [identity provider](/docs/identity-providers), you'll need to set an authenticate service URL, and you will need this URL when configuring your identity provider client's OAuth callback URL. -If Pomerium is running in [split-service mode](/docs/internals/configuration#all-in-one-vs-split-service-mode), each Pomerium service requires the authenticate service URL in its configuration. +If Pomerium is running in [split-service mode](/docs/core/configuration#all-in-one-and-split-service-mode), each Pomerium service requires the authenticate service URL in its configuration. :::info @@ -233,8 +233,8 @@ The **Databroker Service URL** settings points to a databroker which is responsi | **Config file keys** | **Environment variables** | **Type** | **Default** | | :-- | :-- | :-- | :-- | -| `databroker_service_url` | `DATABROKER_SERVICE_URL` | `URL` | `http://localhost:5443` (In [all-in-one mode](/docs/internals/configuration#all-in-one-vs-split-service-mode)) | -| `databroker_service_urls` | `DATABROKER_SERVICE_URLS` | `URL` | `http://localhost:5443` (In [all-in-one mode](/docs/internals/configuration#all-in-one-vs-split-service-mode)) | +| `databroker_service_url` | `DATABROKER_SERVICE_URL` | `URL` | `http://localhost:5443` (In [all-in-one mode](/docs/core/configuration#all-in-one-and-split-service-mode)) | +| `databroker_service_urls` | `DATABROKER_SERVICE_URLS` | `URL` | `http://localhost:5443` (In [all-in-one mode](/docs/core/configuration#all-in-one-and-split-service-mode)) | #### Examples {#databroker-service-url-examples} From b9790e1681492caaa3fb677d4a64c0c1c5bc1411 Mon Sep 17 00:00:00 2001 From: zachary painter <60552605+ZPain8464@users.noreply.github.com> Date: Tue, 27 Aug 2024 16:46:51 -0400 Subject: [PATCH 11/12] updates links --- content/docs/capabilities/high-availability.mdx | 2 +- content/docs/capabilities/mtls-services.mdx | 2 +- content/docs/concepts/mutual-auth.md | 2 +- content/docs/core/configuration.md | 16 ++++++++-------- content/docs/internals/architecture.md | 2 +- content/docs/reference/grpc.mdx | 6 +++--- content/docs/reference/metrics.mdx | 4 ++-- content/docs/reference/service-mode.mdx | 2 +- content/docs/reference/service-urls.md | 10 +++++----- 9 files changed, 23 insertions(+), 23 deletions(-) diff --git a/content/docs/capabilities/high-availability.mdx b/content/docs/capabilities/high-availability.mdx index b2c378cbb..6d5b4f5a3 100644 --- a/content/docs/capabilities/high-availability.mdx +++ b/content/docs/capabilities/high-availability.mdx @@ -10,7 +10,7 @@ import InstallMkcert from '@site/content/_install-mkcert.md'; Pomerium is designed to be run in two modes: All-In-One or Split Service. These modes are not mutually exclusive, meaning you can run one or multiple instances of Pomerium in all-in-one mode, and spin up additional instances for specific components as needed. -Each instance of Pomerium runs in all-in-one mode unless specified to run as a specific component by the `services` key. See [All-In-One vs. Split Service mode](/docs/core/configuration#all-in-one-and-split-service-modes-split-service-mode) for more details. +Each instance of Pomerium runs in all-in-one mode unless specified to run as a specific component by the `services` key. See [All-in-One vs. Split Service mode](/docs/core/configuration#all-in-one-and-split-service-modes) for more details. :::caution diff --git a/content/docs/capabilities/mtls-services.mdx b/content/docs/capabilities/mtls-services.mdx index d17749d2d..2388486e5 100644 --- a/content/docs/capabilities/mtls-services.mdx +++ b/content/docs/capabilities/mtls-services.mdx @@ -43,7 +43,7 @@ To provide a general explanation, in this guide you will use [mkcert](https://gi To complete this proof-of-concept guide: -- Run Pomerium in [all-in-one mode](/docs/core/configuration#all-in-one-and-split-service-modes-split-service-mode) as a system service with a configuration file in the [standard location](/docs/core/from-source#configure) +- Run Pomerium in [all-in-one mode](/docs/core/configuration#all-in-one-and-split-service-modes) as a system service with a configuration file in the [standard location](/docs/core/from-source#configure) - Configure an [identity provider](/docs/identity-providers) (IdP) to communicate with your Pomerium instance - Run all commands on the same host (You may have to move files or adjust paths and commands to match a different configuration) - Install [`mkcert`](https://github.com/FiloSottile/mkcert) to generate self-signed certificates and a root Certificate Authority (CA) (`mkcert` will take the place of your trusted certificate tooling solution) diff --git a/content/docs/concepts/mutual-auth.md b/content/docs/concepts/mutual-auth.md index 7c1a63ed5..b0282451f 100644 --- a/content/docs/concepts/mutual-auth.md +++ b/content/docs/concepts/mutual-auth.md @@ -28,7 +28,7 @@ This guide covers the following mutual authentication methods with Pomerium: This section provides examples of mutual authentication methods you can implement with Pomerium. -Each example diagrams Pomerium as a single service, as it is in [all-in-one mode](/docs/core/configuration#all-in-one-and-split-service-modes-split-service-mode). This is the version provided by our [binaries] and in our Docker-based [Quickstart]. +Each example diagrams Pomerium as a single service, as it is in [all-in-one mode](/docs/core/configuration#all-in-one-and-split-service-modes). This is the version provided by our [binaries] and in our Docker-based [Quickstart]. ### Basic Pomerium installation diff --git a/content/docs/core/configuration.md b/content/docs/core/configuration.md index 1753b833f..6592496c4 100644 --- a/content/docs/core/configuration.md +++ b/content/docs/core/configuration.md @@ -31,18 +31,18 @@ Configuration file keys are always lowercase. Environmental variables are identi See the [Reference](/docs/reference) page for a comprehensive list of Pomerium's configuration settings. -## All-In-One and Split-Service modes +## All-in-One and Split-Service modes -You can configure Pomerium using either All-In-One mode or Split Service mode. +You can configure Pomerium using either All-in-One mode or Split Service mode. -### All-In-One mode +### All-in-One mode -All-In-One mode means all of Pomerium's configuration settings are set in a single configuration file. You can use All-In-One mode when running Pomerium: +All-in-One mode means all of Pomerium's configuration settings are set in a single configuration file. You can use All-in-One mode when running Pomerium: - As a single system service or container, or - In a distributed environment where there are multiple processes that each handle separate [Pomerium services](/docs/internals/architecture#component-level). -All-In-One mode is the default configuration mode, and the easiest way to configure Pomerium. +All-in-One mode is the default configuration mode, and the easiest way to configure Pomerium. ### Split-Service mode @@ -50,10 +50,10 @@ Alternately, you can create individual configuration files (or sets of environme :::tip Our recommendation -We recommend All-In-One mode to configure Pomerium for the following reasons: +We recommend All-in-One mode to configure Pomerium for the following reasons: -- **Reduce complexity**: All-In-One mode reduces the complexity of managing configuration. A single configuration file means there is one source of truth. +- **Reduce complexity**: All-in-One mode reduces the complexity of managing configuration. A single configuration file means there is one source of truth. - **Secure communication**: Pomerium services communicate internally. Splitting up services requires securing these endpoints and configuring DNS records for each service. -- **Scaling**: All-In-One deployments scale for better performance. All URLs point at the same Pomerium service instance. +- **Scaling**: All-in-One deployments scale for better performance. All URLs point at the same Pomerium service instance. ::: diff --git a/content/docs/internals/architecture.md b/content/docs/internals/architecture.md index b692eeaa7..b9068835f 100644 --- a/content/docs/internals/architecture.md +++ b/content/docs/internals/architecture.md @@ -60,7 +60,7 @@ The points below outline the Databroker’s role in the request and session life In production deployments, it is recommended that you deploy each component [separately](/docs/reference/service-mode). This allows you to limit external attack surface, as well as scale and manage the services independently. -In test deployments, all four components may run from a [single binary and configuration](/docs/core/configuration#all-in-one-and-split-service-modes-split-service-mode). +In test deployments, all four components may run from a [single binary and configuration](/docs/core/configuration#all-in-one-and-split-service-modes). ![pomerium architecture diagram](./img/architecture/pomerium-container-context-stateless-authn.svg) diff --git a/content/docs/reference/grpc.mdx b/content/docs/reference/grpc.mdx index 9e5554534..215df2602 100644 --- a/content/docs/reference/grpc.mdx +++ b/content/docs/reference/grpc.mdx @@ -31,7 +31,7 @@ This reference covers all of Pomerium's **gRPC Settings**: | **Config file keys** | **Environment variables** | **Type** | **Default** | | :-- | :-- | :-- | :-- | -| `grpc_address` | `GRPC_ADDRESS` | `string` | `:443` (`:5443` if in [all-in-one](/docs/core/configuration#all-in-one-and-split-service-modes-split-service-mode) mode) | +| `grpc_address` | `GRPC_ADDRESS` | `string` | `:443` (`:5443` if in [all-in-one mode](/docs/core/configuration#all-in-one-and-split-service-modes)) | ### Examples {#examples-grpc-address} @@ -130,7 +130,7 @@ Kubernetes does not support **gRPC Client Timeout** ## gRPC Insecure {#grpc-insecure} -**gRPC Insecure** disables transport security for gRPC communication. If running in [all-in-one](/docs/core/configuration#all-in-one-and-split-service-modes-split-service-mode) mode, defaults to true as communication will run over localhost's own socket. +**gRPC Insecure** disables transport security for gRPC communication. If running in [all-in-one mode](/docs/core/configuration#all-in-one-and-split-service-modes), defaults to true as communication will run over localhost's own socket. ### How to configure {#how-to-configure-grpc-insecure} @@ -139,7 +139,7 @@ Kubernetes does not support **gRPC Client Timeout** | **Config file keys** | **Environment variables** | **Type** | **Default** | | :-- | :-- | :-- | :-- | -| `grpc_insecure` | `GRPC_INSECURE` | `boolean` | `true` (If in [all-in-one](/docs/core/configuration#all-in-one-and-split-service-modes-split-service-mode) mode) | +| `grpc_insecure` | `GRPC_INSECURE` | `boolean` | `true` (If in [all-in-one mode](/docs/core/configuration#all-in-one-and-split-service-modes)) | ### Examples {#examples-grpc-insecure} diff --git a/content/docs/reference/metrics.mdx b/content/docs/reference/metrics.mdx index f7706c3f8..4289e18bc 100644 --- a/content/docs/reference/metrics.mdx +++ b/content/docs/reference/metrics.mdx @@ -113,9 +113,9 @@ Identity manager metrics have a `pomerium_identity_manager` prefix. As of `v0.9`, Pomerium uses [Envoy](https://www.envoyproxy.io/) for the data plane. As such, proxy related metrics are sourced from Envoy, and use Envoy's internal [stats data model](https://www.envoyproxy.io/docs/envoy/latest/operations/stats_overview). Please see Envoy's documentation for information about specific metrics. -All metrics coming from Envoy will be labeled with `service="pomerium"` or `service="pomerium-proxy"`, depending if you're running all-in-one or distributed service mode and have `pomerium` prefix added to the standard envoy metric name. +All metrics coming from Envoy will be labeled with `service="pomerium"` or `service="pomerium-proxy"`, depending if you're running all-in-one or split-service mode and have `pomerium` prefix added to the standard envoy metric name. -See [Configuration & Settings](/docs/core/configuration#all-in-one-and-split-service-modes-split-service-mode) for more information configuration environments. +See [All-in-One and Split-Service modes](/docs/core/configuration#all-in-one-and-split-service-modes) for more information about configuration environments. ## Metrics Basic Authentication {#metrics-basic-authentication} diff --git a/content/docs/reference/service-mode.mdx b/content/docs/reference/service-mode.mdx index 89ebdd920..d35be74dd 100644 --- a/content/docs/reference/service-mode.mdx +++ b/content/docs/reference/service-mode.mdx @@ -18,7 +18,7 @@ import TabItem from '@theme/TabItem'; ## Summary -**Service Mode** sets which service(s) to run. If testing, you may want to set to `all` and run Pomerium in [all-in-one mode](/docs/core/configuration#all-in-one-and-split-service-modes-split-service-mode). In production, you'll likely want to spin up several instances of each service mode for [high availability](/docs/capabilities/high-availability). +**Service Mode** sets which service(s) to run. If testing, you may want to set to `all` and run Pomerium in [all-in-one mode](/docs/core/configuration#all-in-one-and-split-service-modes). In production, you'll likely want to spin up several instances of each service mode for [high availability](/docs/capabilities/high-availability). ## How to configure diff --git a/content/docs/reference/service-urls.md b/content/docs/reference/service-urls.md index 84fc549f5..2c3b8b5e7 100644 --- a/content/docs/reference/service-urls.md +++ b/content/docs/reference/service-urls.md @@ -44,7 +44,7 @@ If not set, Pomerium will use the [Hosted Authenticate Service](/docs/capabiliti If you prefer to use your own [identity provider](/docs/identity-providers), you'll need to set an authenticate service URL, and you will need this URL when configuring your identity provider client's OAuth callback URL. -If Pomerium is running in [split-service mode](/docs/core/configuration#all-in-one-and-split-service-mode), each Pomerium service requires the authenticate service URL in its configuration. +If Pomerium is running in [split-service mode](/docs/core/configuration#all-in-one-and-split-service-modes), each Pomerium service requires the authenticate service URL in its configuration. :::info @@ -233,8 +233,8 @@ The **Databroker Service URL** settings points to a databroker which is responsi | **Config file keys** | **Environment variables** | **Type** | **Default** | | :-- | :-- | :-- | :-- | -| `databroker_service_url` | `DATABROKER_SERVICE_URL` | `URL` | `http://localhost:5443` (In [all-in-one mode](/docs/core/configuration#all-in-one-and-split-service-mode)) | -| `databroker_service_urls` | `DATABROKER_SERVICE_URLS` | `URL` | `http://localhost:5443` (In [all-in-one mode](/docs/core/configuration#all-in-one-and-split-service-mode)) | +| `databroker_service_url` | `DATABROKER_SERVICE_URL` | `URL` | `http://localhost:5443` (In [all-in-one mode](/docs/core/configuration#all-in-one-and-split-service-modes)) | +| `databroker_service_urls` | `DATABROKER_SERVICE_URLS` | `URL` | `http://localhost:5443` (In [all-in-one mode](/docs/core/configuration#all-in-one-and-split-service-modes)) | #### Examples {#databroker-service-url-examples} @@ -272,8 +272,8 @@ The **Databroker Internal Service URL** overrides [`databroker_service_url`](/do | **Config file keys** | **Environment variables** | **Type** | **Default** | | :-- | :-- | :-- | :-- | -| `databroker_internal_service_url` | `DATABROKER_INTERNAL_SERVICE_URL` | `URL` | `http://localhost:5443` (In all-in-one mode) | -| `databroker_internal_service_urls` | `DATABROKER_INTERNAL_SERVICE_URLS` | `URL` | `http://localhost:5443` (In all-in-one mode) | +| `databroker_internal_service_url` | `DATABROKER_INTERNAL_SERVICE_URL` | `URL` | `http://localhost:5443` (In [all-in-one mode](/docs/core/configuration#all-in-one-and-split-service-modes)) | +| `databroker_internal_service_urls` | `DATABROKER_INTERNAL_SERVICE_URLS` | `URL` | `http://localhost:5443` (In [all-in-one mode](/docs/core/configuration#all-in-one-and-split-service-modes)) | #### Examples {#databroker-internal-service-url-examples} From 35ccd639cf6f56584a65a2c9f31365e435726eed Mon Sep 17 00:00:00 2001 From: zachary painter <60552605+ZPain8464@users.noreply.github.com> Date: Tue, 27 Aug 2024 16:55:00 -0400 Subject: [PATCH 12/12] text updates --- content/docs/core/configuration.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/docs/core/configuration.md b/content/docs/core/configuration.md index 6592496c4..31323ba39 100644 --- a/content/docs/core/configuration.md +++ b/content/docs/core/configuration.md @@ -27,17 +27,17 @@ Pomerium can hot-reload route configuration details, authorization policy, certi Both configuration file keys and environment variables are case sensitive. -Configuration file keys are always lowercase. Environmental variables are identical to configuration file keys, except they are always uppercase. +Configuration file keys are always lowercase. Environment variables are identical to configuration file keys, except they are always uppercase. See the [Reference](/docs/reference) page for a comprehensive list of Pomerium's configuration settings. ## All-in-One and Split-Service modes -You can configure Pomerium using either All-in-One mode or Split Service mode. +You can configure Pomerium using either All-in-One mode or Split-Service mode. ### All-in-One mode -All-in-One mode means all of Pomerium's configuration settings are set in a single configuration file. You can use All-in-One mode when running Pomerium: +All-in-One mode means a single Pomerium process runs all of the [four logical services](/docs/internals/architecture#component-level). You can use All-in-One mode when running Pomerium: - As a single system service or container, or - In a distributed environment where there are multiple processes that each handle separate [Pomerium services](/docs/internals/architecture#component-level).