# Binaries
The following quick-start guide covers how to configure and run Pomerium using the official prebuilt binaries.
# Prerequisites
- A configured identity provider
- TLS certificates
# Download
Download (opens new window) the latest release of Pomerium for your machine's operating system and architecture.
# Configure
Pomerium supports setting configuration variables using both environmental variables and using a configuration file.
# Configuration file
Create a config file (config.yaml). This file will be used to determine Pomerium's configuration settings, routes, and access-policies. Consider the following example:
# See detailed configuration settings : https://www.pomerium.io/docs/reference/reference/
# this is the domain the identity provider will callback after a user authenticates
authenticate_service_url: https://authenticate.localhost.pomerium.io
# certificate settings: https://www.pomerium.io/docs/reference/certificates.html
autocert: true
# REMOVE FOR PRODUCTION
autocert_use_staging: true
# identity provider settings : https://www.pomerium.io/docs/identity-providers.html
idp_provider: google
idp_client_id: REPLACE_ME
idp_client_secret: REPLACE_ME
# Generate 256 bit random keys e.g. `head -c32 /dev/urandom | base64`
cookie_secret: WwMtDXWaRDMBQCylle8OJ+w4kLIDIGd8W3cB4/zFFtg=
# https://www.pomerium.io/configuration/#policy
policy:
- from: https://httpbin.localhost.pomerium.io
to: https://httpbin.org
allowed_users:
- bdd@pomerium.io
# Environmental Variables
As mentioned above, Pomerium supports mixing and matching configuration. For example, we can specify our secret values and domains certificates as environmental configuration variables (opens new window), and set the rest as part of the configuration file.
#!/bin/bash
# See : https://www.pomerium.io/docs/reference/certificates
export AUTOCERT=TRUE # Use Let's Encrypt to fetch certs. Port 80/443 must be internet accessible.
# 256 bit random keys
export SHARED_SECRET="$(head -c32 /dev/urandom | base64)"
export COOKIE_SECRET="$(head -c32 /dev/urandom | base64)"
# Run
Finally, source the configuration env file and run pomerium specifying the config.yaml .
source ./env
./bin/pomerium -config config.yaml
# Navigate
Browse to external-httpbin.your.domain.example. Connections between you and httpbin (opens new window) will now be proxied and managed by Pomerium.