This guide deploys Pomerium with Docker Compose for identity-aware reverse proxying.
- name: Deploy Pomerium on Debian family
hosts: pomerium_debian
become: true
vars:
pomerium_dir: /opt/pomerium
pomerium_shared_secret: change-me-shared-secret
pomerium_cookie_secret: change-me-cookie-secret
tasks:
- name: Install Docker packages
ansible.builtin.apt:
update_cache: true
name:
- docker.io
- docker-compose-plugin
state: present
- name: Enable and start Docker
ansible.builtin.systemd:
name: docker
enabled: true
state: started
- name: Ensure Pomerium directory exists
ansible.builtin.file:
path: "{{ pomerium_dir }}"
state: directory
mode: "0755"
- name: Write Pomerium config
ansible.builtin.copy:
dest: "{{ pomerium_dir }}/config.yaml"
mode: "0600"
content: |
shared_secret: {{ pomerium_shared_secret }}
cookie_secret: {{ pomerium_cookie_secret }}
authenticate_service_url: https://auth.example.com
authorize_service_url: https://authz.example.com
databroker_service_url: https://db.example.com
idp_provider: oidc
idp_provider_url: https://idp.example.com
idp_client_id: change-me-client-id
idp_client_secret: change-me-client-secret
- name: Write Docker Compose file
ansible.builtin.copy:
dest: "{{ pomerium_dir }}/docker-compose.yml"
mode: "0644"
content: |
services:
pomerium:
image: pomerium/pomerium:latest
restart: unless-stopped
ports:
- "443:443"
volumes:
- ./config.yaml:/pomerium/config.yaml:ro
command: ["--config=/pomerium/config.yaml"]
- name: Start Pomerium stack
ansible.builtin.command: docker compose up -d
args:
chdir: "{{ pomerium_dir }}"
- name: Deploy Pomerium on RHEL family
hosts: pomerium_rhel
become: true
vars:
pomerium_dir: /opt/pomerium
tasks:
- name: Install Docker packages
ansible.builtin.dnf:
name:
- docker
- docker-compose-plugin
state: present
- name: Enable and start Docker
ansible.builtin.systemd:
name: docker
enabled: true
state: started
ansible-playbook -i inventory.ini pomerium-install.yml
pomerium_debian.We develop tailored automation solutions for:
Let’s discuss your requirements: office@linux-server-admin.com | Contact