eemoore/infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add Pomerium passthrough for git HTTP protocol and Forgejo API

Browse source 
Allows git push/pull and Docker registry token exchange to bypass
Pomerium browser auth - Forgejo handles authentication natively
for these endpoints.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Infrastructure Admin 2026-04-08 18:13:21 -04:00
parent 0dee133377
commit f29a8833de
1 changed files with 18 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
pomerium-allinone.yaml
View file

@ -83,7 +83,24 @@ spec:
preserve_host_header: true preserve_host_header: true
allow_public_unauthenticated_access: true allow_public_unauthenticated_access: true
# Forgejo Git - requires authentication # Forgejo Git HTTP protocol (push/pull - Forgejo handles auth)
- from: https://git.nge6.com
to: http://forgejo-http.forgejo.svc.cluster.local:3000
regex: /.+/info/refs
preserve_host_header: true
allow_public_unauthenticated_access: true
- from: https://git.nge6.com
to: http://forgejo-http.forgejo.svc.cluster.local:3000
regex: /.+/git-upload-pack
preserve_host_header: true
allow_public_unauthenticated_access: true
- from: https://git.nge6.com
to: http://forgejo-http.forgejo.svc.cluster.local:3000
regex: /.+/git-receive-pack
preserve_host_header: true
allow_public_unauthenticated_access: true
# Forgejo Git web UI - requires authentication
- from: https://git.nge6.com - from: https://git.nge6.com
to: http://forgejo-http.forgejo.svc.cluster.local:3000 to: http://forgejo-http.forgejo.svc.cluster.local:3000
preserve_host_header: true preserve_host_header: true