Open rorylshanks opened 2 years ago
desimone
commented
2 years ago @megalan247 -- could you tell me more about your use case and tools you are using? We have been reluctant to document more broadly because it feels like an anti-pattern to the model of having every HTTP request be validated for authN/Z and context. I understand that not every tool fits nicely into the model though (e.g. kubectl vs vault).
Related PR:
rorylshanks
commented
2 years ago Hey,
We have an on-premise git server, which has the HTTP endpoint behind pomerium to secure it. The SSH endpoint is available publically so that people can clone repos, etc.
We have a certain situation whereby some people need to clone repos using https, as they are using software which can only speak https and not ssh. This special software can also not inject any additional headers, and also needs a specific basic auth Authorization header set, so the programmatic access function would not be suitable.
Therefore we need to have proper TLS termination, and Host headers being set, so just raw TCP passthrough wouldn't work. But the proxy function works perfectly.
Also just in general accessing HTTP APIs from a local development machine, in a standardized way.
Please let me know if you have any other questions about our use case.
Is your feature request related to a problem? Please describe.
Pomerium has a somewhat undocumented mode whereby it acts as an https proxy. pomerium-cli proxy
We found this mode to me the most useful mode for us for many things, and it would be amazing if the pomerium desktop client also supported this.
Describe the solution you'd like
Describe alternatives you've considered
Explain any additional use-cases
If there are any use-cases that would help us understand the use/need/value please share them as they can help us decide on acceptance and prioritization.
Additional context
Add any other context or screenshots about the feature request here.