Insecure Server
Summary
If true, Insecure Server mode will result in Pomerium starting and operating without any protocol encryption in transit.
This setting can be useful in a situation where you have Pomerium behind a TLS terminating ingress or proxy. However, even in that case, it is highly recommended to use TLS to protect the confidentiality and integrity of service communication even behind the ingress using self-signed certificates or an internal CA.
danger
Pomerium should never be exposed to the internet without TLS encryption.
How to configure
- Core
- Enterprise
- Kubernetes
| Config file keys | Environment variables | Type | Usage |
|---|---|---|---|
insecure_server | INSECURE_SERVER | boolean | required (if certificates unset) |
insecure_server is a bootstrap configuration setting and is not configurable in the Console.
Kubernetes does not support Insecure Server
Examples
# config file key
insecure_server: true
# environment variable
INSECURE_SERVER=true