Pomerium is an open-source, identity-aware access proxy that provides cross-domain SSO (Single Sign-On) authentication and authorization for your application. It helps to secure your applications, APIs, and services using your existing identity provider.
Clear Linux is an open-source, Linux-based operating system that provides excellent performance and security. In this tutorial, we will show you how to install Pomerium on Clear Linux and secure a sample web application.
To install Pomerium on Clear Linux, follow these steps:
Open a terminal on your Clear Linux machine and run the following command to download and extract the latest Pomerium release:
curl -L https://github.com/pomerium/pomerium/releases/latest/download/pomerium-linux-amd64.tar.gz -o pomerium.tar.gz
tar -xvzf pomerium.tar.gz
Next, navigate to the newly extracted pomerium
directory:
cd pomerium-*
Install Pomerium by running the following command:
sudo ./install -a
This command installs Pomerium as a systemd service, copies the Pomerium binary to /usr/local/bin
, and creates a sample configuration file in /etc/pomerium
.
This command also enables Pomerium to start automatically at boot time.
Start the Pomerium service by running the following command:
sudo systemctl start pomerium
Verify that Pomerium is running correctly by checking its status:
sudo systemctl status pomerium
You should see the following output if Pomerium is running correctly:
● pomerium.service - Pomerium
Loaded: loaded (/etc/systemd/system/pomerium.service; enabled; vendor preset: disabled)
Active: active (running) since ...
...
Now that Pomerium is installed, we need to configure it to secure a sample web application. In this example, we will use a web application running on port 5000.
Open the Pomerium configuration file:
sudo vim /etc/pomerium/config.yaml
Find the routes
section and add the following configuration block:
routes:
- from: https://webapp.example.com
to: http://localhost:5000
Replace https://webapp.example.com
with your hostname or domain name.
This configuration tells Pomerium to forward any requests to https://webapp.example.com
to http://localhost:5000
.
Find the authorize_service
and authenticate_service
sections and configure them according to your identity provider. For example, to use Google OAuth, configure these sections as follows:
authorize_service:
...
providers:
google:
client_id: "<your-google-oauth-client-id>"
client_secret: "<your-google-oauth-client-secret>"
authorization_url: "https://accounts.google.com/o/oauth2/auth"
token_url: "https://accounts.google.com/o/oauth2/token"
scopes: ["https://www.googleapis.com/auth/userinfo.profile", "https://www.googleapis.com/auth/userinfo.email"]
maps:
email: "email"
groups: "groups"
authenticate_service:
...
idp:
provider: "google"
client_id: "<your-google-oauth-client-id>"
client_secret: "<your-google-oauth-client-secret>"
authorization_url: "https://accounts.google.com/o/oauth2/auth"
token_url: "https://accounts.google.com/o/oauth2/token"
scopes: ["https://www.googleapis.com/auth/userinfo.profile", "https://www.googleapis.com/auth/userinfo.email"]
redirect_url: "https://webapp.example.com/_oauth2/callback"
session:
name: "_pomerium"
secret: "<your-session-secret>"
Substitute <your-google-oauth-client-id>
, <your-google-oauth-client-secret>
, and <your-session-secret>
with your own values.
Save and close the configuration file.
In this example, we will use a sample web application written in Python and Flask.
Install Python and Flask framework:
sudo swupd bundle-add python3 flask
Create a new file named app.py
with the following contents:
from flask import Flask, render_template
app = Flask(__name__)
@app.route('/')
def index():
return render_template('index.html')
if __name__ == "__main__":
app.run(debug=True, port=5000)
This code is a simple Flask web application that serves a index.html
template file.
Create a new directory named templates
and create a new file named index.html
with the following content:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Sample Web Application</title>
</head>
<body>
<h1>Welcome to the Sample Web Application</h1>
</body>
</html>
This code is a simple HTML page that displays a "Welcome" message.
Start the web application by running the following command:
python3 app.py
Open a web browser and navigate to http://localhost:5000
to view the sample web application.
To test Pomerium, follow these steps:
Open a web browser and navigate to https://webapp.example.com
.
You should see the Pomerium login screen.
Click on the Google button to log in using your Google account.
After logging in successfully, you should be redirected to the sample web application running on http://localhost:5000
.
That's it! You have successfully installed and configured Pomerium on Clear Linux and secured a sample web application. You can now secure your own applications and APIs using Pomerium.
If you want to self-host in an easy, hands free way, need an external IP address, or simply want your data in your own hands, give IPv6.rs a try!
Alternatively, for the best virtual desktop, try Shells!