From
Summary
From is the externally accessible URL for the proxied request.
Specifying tcp+https
for the scheme enables TCP proxying support for the route. You may map more than one port through the same hostname by specifying a different :port
in the URL.
How to configure
The URL
must contain a scheme and hostname and cannot contain a path.
Only secure schemes (https
and tcp+https
) are supported.
- Core
- Enterprise
- Kubernetes
YAML/JSON setting | Type | Schemes | Usage |
---|---|---|---|
from | URL | https , tcp+https | required |
Define a From route under General route settings in the Console:
See Kubernetes Ingress for more information.
Examples
routes:
- from: https://verify.corp.example.com
- to: https://example.com
# TCP
routes:
- from: tcp+https://ssh.corp.example.com:22
- to: tcp://example.com:22
Wildcard From Routes
Kubernetes: Wildcard From Routes in Kubernetes are unofficially supported because Pomerium's implementation behaves differently than what Kubernetes defines in their documentation. See Wildcard Hostnames for more information.
Wildcard From Routes supports the use of a wildcard asterisk (*
) placed anywhere within the domain name portion of a from
URL.
Defining a from
route with *
will point any matching routes to the defined To route. This eliminates the need to define multiple near-identical routes in your configuration. (Autocert will be disabled for hosts that use Wildcard From Routes.)
For example:
# Before:
routes:
- from: https://a.example.com
to: https://example.com
- from: https://b.example.com
to: https://example.com
- from: https://c.example.com
to: https://example.com
- from: https://d.example.com
to: https://example.com
- from: https://e.example.com
to: https://example.com
# After
routes:
- from: https://*.example.com
to: https://example.com
# Or
routes:
- from: tcp+https://*.example.com:22
to: tcp://example.com:22
Wildcard From Routes (*
) may take precedence over non-wildcard routes regardless of their ordering, and more specific wildcard routes will take precedence over less specific wildcard routes.
In the example below, Route C will take priority over routes A or B:
# Route A
https://*.localhost.pomerium.io
# Route B
https://a*.localhost.pomerium.io
# Route C
https://a*a.localhost.pomerium.io