# Binaries

The following quick-start guide covers how to configure and run Pomerium using the official prebuilt binaries.

# Prerequisites

A configured identity provider
TLS certificates

# Download

Download (opens new window) the latest release of Pomerium for your machine's operating system and architecture.

# Configure

Pomerium supports setting configuration variables using both environmental variables and using a configuration file.

# Configuration file

Create a config file (config.yaml). This file will be used to determine Pomerium's configuration settings, routes, and access-policies. Consider the following example:

# See detailed configuration settings : https://www.pomerium.io/docs/reference/reference/

# this is the domain the identity provider will callback after a user authenticates
authenticate_service_url: https://authenticate.localhost.pomerium.io

# certificate settings:  https://www.pomerium.io/docs/reference/certificates.html
autocert: true

# REMOVE FOR PRODUCTION
autocert_use_staging: true

# identity provider settings : https://www.pomerium.io/docs/identity-providers.html
idp_provider: google
idp_client_id: REPLACE_ME
idp_client_secret: REPLACE_ME

# Generate 256 bit random keys  e.g. `head -c32 /dev/urandom | base64`
cookie_secret: WwMtDXWaRDMBQCylle8OJ+w4kLIDIGd8W3cB4/zFFtg=

# https://www.pomerium.io/configuration/#policy
policy:
  - from: https://verify.localhost.pomerium.io
    to: https://verify.pomerium.com
    allowed_users:
      - bdd@pomerium.io
    pass_identity_headers: true

# Run

Finally, source the configuration env file and run pomerium specifying the config.yaml .

./bin/pomerium -config config.yaml

# Navigate

Browse to external-verify.your.domain.example. Connections between you and verify (opens new window) will now be proxied and managed by Pomerium.

← Docker Kubernetes / Helm →