Pomerium is an open-source identity-aware proxy which can be easily installed on Arch Linux. In this tutorial, we will go through step-by-step instructions to install and configure Pomerium on Arch Linux.
Before proceeding with the installation, make sure that you have the following prerequisites:
First, we need to install the dependencies required by Pomerium. Open the terminal and enter the following command to update the package list:
sudo pacman -Syy
Then, install the required dependencies:
sudo pacman -S go git
Next, let's download Pomerium from the official website. Open the terminal and enter the following command:
go get github.com/pomerium/pomerium/cmd/pomerium
After downloading Pomerium, we need to install the necessary packages. To do this, navigate to the Pomerium installation directory by entering the following command:
cd ~/go/src/github.com/pomerium/pomerium
Then, install the packages by running:
go mod download
Now, we need to configure Pomerium according to our requirements. Pomerium uses a configuration file called config.yaml. Create this file in the same directory ~/go/src/github.com/pomerium/pomerium as follows:
nano ~/go/src/github.com/pomerium/pomerium/config.yaml
Then, copy the following configuration into the file and adjust the values as needed:
# Pomerium Configuration File
grpc:
  # gRPC bind address
  addr: ":8443"
authenticate_service_url: https://auth.yourdomain.com
authorize_service_url: https://authz.yourdomain.com
# internal pomerium address used by proxies to reach the service internally
internal_service_url: http://192.168.100.100:8080 (_change with your app address_)
# external pomerium address used by clients to reach the service externally
external_service_url: https://app.yourdomain.com (_change with your app address_)
cookie_name: "_change cookie name_"
cookie_secret: "_change cookie secret_"
cookie_secure: true
cookie_http_only: true
client_id: "_change client ID_"
client_secret: "_change client secret_"
upstream:
  - id: "my-application" (_change with your app id_)
    # your internal service url
    url: "http://192.168.100.100:8080" (_change with your app address_)
    # required header to forward from pomerium to upstream
    headers:
      X-Forwarded-User: "{{.Session.Email}}"
Finally, we can run Pomerium using the following command:
pomerium -config ~/go/src/github.com/pomerium/pomerium/config.yaml
If everything is configured correctly, Pomerium will start running and display the following output:
INFO[0000] version: v0.0.1-dev.7bde5b5 (built on: 2022-02-08T12:59:46Z)  level=info
INFO[0000] configuration loaded                           config-path=/home/user/go/src/github.com/pomerium/pomerium/config.yaml level=info
INFO[0000] authenticator provider: oidc                    provider=oidc level=info
INFO[0000] identity provider: oidc                         provider=oidc level=info
INFO[0000] server listening on: :8443                      addr=:8443 level=info
Congratulations! You have successfully installed and configured Pomerium on Arch Linux.
Pomerium is a powerful identity-aware proxy that can be used to secure your applications. By following this tutorial, you have learned how to install and configure Pomerium on Arch Linux. You can now use Pomerium to secure your applications and services to provide secure access to your users.
If you want to self-host in an easy, hands free way, need an external IP address, or simply want your data in your own hands, give IPv6.rs a try!
Alternatively, for the best virtual desktop, try Shells!