calebdoxsey/_wildcard.localhost.pomerium.io-key.pem Secret

## _wildcard.localhost.pomerium.io-key.pem
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCd3uKr1Xr37jDm
jzB6ID5rAPkS6+7RTBbnM04QXjZsGnmNyvkyE3DVEVkamr+TW3Z6Bz2sQzEfvdFN
uhHqtAMuPGihAtmWPkIqEdEqlldy4svtdSYLA6SGBHq/LgyZ50ZGj93VB0HTspVR
+loO0rSHx/LA6vuS+s2Q7vVj+kXPSkEkIDlDqG2vGWMbJHoyrUcTlrhbvYYKqJCi
z9FRMnUG6guOSFSlGswVfFShUe045bcu1IflJXZfr4RoKENEdNQZT0RxfqwAlJmp
+4zDfRU09abs8ebmP4ViOCqu099WmJvCwDU02jLsWxUAa+tVh2m3K9tJ2zQ4Q/Zx
V7Wb3EG5AgMBAAECggEAdymR9xpAo3wLNTzH3qcP9jzZxMqJjTnd383+EqTKd3bU
YY7f4kiCVpGtrEM6b8QN/bYRe0GMhuUEY6Mbewk9jVzTrRU1oA6GarLgK0En6PP/
8dEHUjEBspcW/8+Ge3TyurhFPVMpAN4/j41lBONOmV73gV7dXegp2khEuZ5jqz61
xdEHiXJkP4t3zwTP4v6KKJtN+rS1PuYTBHUJp74ZcoZf2ke3VEZCILGuImZF4K9L
GyvOpCh56oEaB+fU98A2N0PWulqclXly/0OAgaxfNSyhx1MU1y//QKLuwTusVcEF
oq25DLav7/VR28eCPhDvmgYah+s2O2o+pHi/6K+9wQKBgQDKP9DNHU6zoABwNG6e
J6PeJTTNI3o+Oozy57V961gQInhS3KH71L80LQLDdZbiuOZkSi3YafTNF9K1k5/c
6vXBQLHYFkluBzjSBli91Q09Qhkpo6GjsnY9frXySKfBXMHfen1HR5pwTqUrubyY
1RyD0uU2MVEgTqWHY3EsMUk+NQKBgQDH07xMfH61mTC3UCIwiuPACtErVrg8uDkq
iqSs4YnSlGsAlSCIPPwHUoCnEj8bcC0icRuh7DfQFAjAdYJPNXjKkEcSfDJ+lD96
655WmEHX0QRnp6Petibv05l9lBf3tuhqqajRQ9buR6c0ZEIozZzxTYxxestgPdM1
c7+4yq/19QKBgDEhL2ekJuobg/+9vOFOX9Am2Zy7cYaMUpDvGHduJAZHWVNHpVG3
bHsQNAunFPAeWlkia+CWXJE1qEnTgpH3wZsgTBNh1pSTzIm4YPY8OusWk2Y6CZnq
UC7ACRLB835VOgM/jg8ypaGCeT0V8Wpu2m5rXKK9eCeQ80TgMy25C0HBAoGAD5rr
c5WtV4U1Fru9T8ko7BBsMVQ+Yw+H91iIb6/VUYqhqJP8zGbmz7OTtHhqUTw7ahsn
K0gFO8y0ukLzADiOzFLkGf90+gmdw32vCdguHCqIi4e99mCHPedqbzInhQLVt660
LlN773PNDPxfZkxYW0fRFfOe+k8ZtWzqpgW+JBkCgYEAoGXWEgeb3tiGzpTVJoGE
34QGjLHbt3GUtuxRiwcZ4kf4HNB0nXVumLl8k/XkknGw5yArDbolCdAV+n0uSluu
9TlmKsPrNYX4IildA/gTyHqII6dXM0KMVOSTCgP5n3g1Y8ixYWyi/Bm09uUV1RH8
E0zEr7ka5F+YTCE1I7JLDRg=
-----END PRIVATE KEY-----

## _wildcard.localhost.pomerium.io.pem
-----BEGIN CERTIFICATE-----
MIIEUTCCArmgAwIBAgIQB3WSvOrzomaBSMmAXZGQtDANBgkqhkiG9w0BAQsFADCB
gzEeMBwGA1UEChMVbWtjZXJ0IGRldmVsb3BtZW50IENBMSwwKgYDVQQLDCNjYWxl
YkBjYWxlYi1wYy1saW51eCAoQ2FsZWIgRG94c2V5KTEzMDEGA1UEAwwqbWtjZXJ0
IGNhbGViQGNhbGViLXBjLWxpbnV4IChDYWxlYiBEb3hzZXkpMB4XDTIxMDUyODE3
MzM0OVoXDTIzMDgyODE3MzM0OVowVzEnMCUGA1UEChMebWtjZXJ0IGRldmVsb3Bt
ZW50IGNlcnRpZmljYXRlMSwwKgYDVQQLDCNjYWxlYkBjYWxlYi1wYy1saW51eCAo
Q2FsZWIgRG94c2V5KTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ3e
4qvVevfuMOaPMHogPmsA+RLr7tFMFuczThBeNmwaeY3K+TITcNURWRqav5NbdnoH
PaxDMR+90U26Eeq0Ay48aKEC2ZY+QioR0SqWV3Liy+11JgsDpIYEer8uDJnnRkaP
3dUHQdOylVH6Wg7StIfH8sDq+5L6zZDu9WP6Rc9KQSQgOUOoba8ZYxskejKtRxOW
uFu9hgqokKLP0VEydQbqC45IVKUazBV8VKFR7Tjlty7Uh+Uldl+vhGgoQ0R01BlP
RHF+rACUman7jMN9FTT1puzx5uY/hWI4Kq7T31aYm8LANTTaMuxbFQBr61WHabcr
20nbNDhD9nFXtZvcQbkCAwEAAaNsMGowDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQM
MAoGCCsGAQUFBwMBMB8GA1UdIwQYMBaAFNqyfFlLApmWAgXs/U1L5N/bUNjDMCIG
A1UdEQQbMBmCFyoubG9jYWxob3N0LnBvbWVyaXVtLmlvMA0GCSqGSIb3DQEBCwUA
A4IBgQB1V2UwIgOAawR4PwJPRxsuy93RYeEkA2OLtfuDeYJMjmcbVAYITRFFD6zI
98sa80UNuXloN2HolA/eWvV31eF04Qh64BMgYw3UaPg7aH1iN/B//6OGoI8jNH/e
46FgvrTLjopZR/6+/xkSnn8/BILhYDhfx1HPNkUoId113lwWOxxjq6nLuSAK+/bs
9n4Z1fdYVG2wQdHoBTxhhgabiQoagUZCXRSCG9j1QBNz+lUuHMgaX2fndfv1nSdh
18jQuwPy4SXk7Rl3GAguSUeXxxpO0vyzhcjF3YhL3pT7Ph5tQgrItsl8PyQeBrTt
/kSTjC6moCP6BDpR1utLrNg4iSUwrVLjF7RmYPJtmppa42VDORcVKZS1YNlV9CGc
BWO0sLJhOHi/9cneLbMS8rQMY0uKRLlAnp2TVfTDPgA9lTkeuCamoghP0yyKyYPL
GSCa1yuB7Tl9DnmzsjLfAv63Yw5IMFfF+I/rp5UmEKmcZKL3suBQWVE4mkYVWrOl
XMzqp+4=
-----END CERTIFICATE-----

## config.json
{
   "address": ":20443",
   "authenticate_service_url": "https://authenticate.localhost.pomerium.io:20443",
   "authorize_service_url": "http://127.0.0.1:25443",
   "certificate_file": "_wildcard.localhost.pomerium.io.pem",
   "certificate_key_file": "_wildcard.localhost.pomerium.io-key.pem",
   "cookie_secret": "euK3yjYSzp+QanEbxseYuI7A6P5feE/7fKqJxroXZR0=",
   "databroker_service_url": "http://127.0.0.1:25443",
   "envoy_admin_address": "0.0.0.0:29091",
   "grpc_address": ":25443",
   "grpc_insecure": true,
   "idp_client_id": "xxx",
   "idp_client_secret": "xxx",
   "idp_provider": "azure",
   "idp_provider_url": "xxx",
   "log_level": "debug",
   "policy": [
      {
         "allow_any_authenticated_user": true,
         "allow_websockets": true,
         "from": "https://ws.localhost.pomerium.io:20443",
         "tls_skip_verify": true,
         "to": "https://localhost:20001"
      },
      {
         "allow_public_unauthenticated_access": true,
         "from": "https://envoy.localhost.pomerium.io:20443",
         "to": "http://127.0.0.1:29091"
      }
   ],
   "shared_secret": "euK3yjYSzp+QanEbxseYuI7A6P5feE/7fKqJxroXZR0=",
   "signing_key": "LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUREK1NkakkzNnBzdzIxV2tQeHdtV2trREpKTnlmaU94dWNhako1TGd6ZlFvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFVnRNMndJUXprM1hJaGlaSEl5NjRBcHpKZEJHdjBXU1Y1UTJkaXZ5UldneFk3ZXVyL0JjTgpOUUdxMmFVVTU2cXJKbTU5RkxNd0k4Rlk5a3Ribk1qS1N3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo="
}

## config.jsonnet
{
  address: ':20443',
  envoy_admin_address: '0.0.0.0:29091',
  grpc_address: ':25443',
  grpc_insecure: true,

  authenticate_service_url: 'https://authenticate.localhost.pomerium.io:20443',
  authorize_service_url: 'http://127.0.0.1:25443',
  databroker_service_url: 'http://127.0.0.1:25443',

  cookie_secret: 'euK3yjYSzp+QanEbxseYuI7A6P5feE/7fKqJxroXZR0=',
  shared_secret: 'euK3yjYSzp+QanEbxseYuI7A6P5feE/7fKqJxroXZR0=',
  signing_key: 'LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUREK1NkakkzNnBzdzIxV2tQeHdtV2trREpKTnlmaU94dWNhako1TGd6ZlFvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFVnRNMndJUXprM1hJaGlaSEl5NjRBcHpKZEJHdjBXU1Y1UTJkaXZ5UldneFk3ZXVyL0JjTgpOUUdxMmFVVTU2cXJKbTU5RkxNd0k4Rlk5a3Ribk1qS1N3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=',

  certificate_file: '_wildcard.localhost.pomerium.io.pem',
  certificate_key_file: '_wildcard.localhost.pomerium.io-key.pem',

  idp_provider: 'azure',
  idp_provider_url: 'xxx',
  idp_client_id: 'xxx',
  idp_client_secret: 'xxx',

  log_level: 'debug',

  policy: [
    {
      from: 'https://ws.localhost.pomerium.io:20443',
      to: 'https://localhost:20001',
      allow_any_authenticated_user: true,
      allow_websockets: true,
      tls_skip_verify: true,
    },
    {
      from: 'https://envoy.localhost.pomerium.io:20443',
      to: 'http://127.0.0.1:29091',
      allow_public_unauthenticated_access: true,
    },
  ],
}

## go.mod
module github.com/calebdoxsey/pomerium-notes/2021/07/26/ws-test

go 1.16

require github.com/gorilla/websocket v1.4.2 // indirect

## go.sum
github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc=
github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=

## main.go
package main

import (
	"fmt"
	"io"
	"log"
	"net/http"
	"os"

	"github.com/gorilla/websocket"
)

func main() {
	mux := http.NewServeMux()
	mux.HandleFunc("/ws", func(w http.ResponseWriter, r *http.Request) {
		ws, err := (&websocket.Upgrader{}).Upgrade(w, r, nil)
		if err != nil {
			log.Println(err)
			return
		}
		defer ws.Close()
		for {
			// Write
			err := ws.WriteMessage(websocket.TextMessage, []byte("Hello, Client!"))
			if err != nil {
				return
			}

			// Read
			_, msg, err := ws.ReadMessage()
			if err != nil {
				return
			}
			fmt.Printf("%s\n", msg)
		}
	})
	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
		_, _ = io.WriteString(w, `<!doctype html>
<html lang="en">
<body>
	<p id="output"></p>

	<script>
	var loc = window.location;
	var uri = 'ws:';

	if (loc.protocol === 'https:') {
		uri = 'wss:';
	}
	uri += '//' + loc.host;
	uri += loc.pathname + 'ws';

	ws = new WebSocket(uri)

	ws.onopen = function() {
		console.log('Connected')
	}

	ws.onmessage = function(evt) {
		var out = document.getElementById('output');
		out.innerHTML += evt.data + '<br>';
	}

	setInterval(function() {
		ws.send('Hello, Server!');
	}, 1000);
	</script>
</body>

</html>
`)
	})
	err := http.ListenAndServeTLS("127.0.0.1:20001", "_wildcard.localhost.pomerium.io.pem", "_wildcard.localhost.pomerium.io-key.pem", mux)
	if err != nil {
		fmt.Fprintf(os.Stderr, "%v\n", err)
		os.Exit(1)
	}
}

## pomerium.bash
#!/bin/bash
set -euo pipefail

jsonnet config.jsonnet -o config.json
(cd ~/src/github.com/pomerium/pomerium && make clean && make build)
exec ~/src/github.com/pomerium/pomerium/bin/pomerium -config=config.json
	-----BEGIN PRIVATE KEY-----
	MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCd3uKr1Xr37jDm
	jzB6ID5rAPkS6+7RTBbnM04QXjZsGnmNyvkyE3DVEVkamr+TW3Z6Bz2sQzEfvdFN
	uhHqtAMuPGihAtmWPkIqEdEqlldy4svtdSYLA6SGBHq/LgyZ50ZGj93VB0HTspVR
	+loO0rSHx/LA6vuS+s2Q7vVj+kXPSkEkIDlDqG2vGWMbJHoyrUcTlrhbvYYKqJCi
	z9FRMnUG6guOSFSlGswVfFShUe045bcu1IflJXZfr4RoKENEdNQZT0RxfqwAlJmp
	+4zDfRU09abs8ebmP4ViOCqu099WmJvCwDU02jLsWxUAa+tVh2m3K9tJ2zQ4Q/Zx
	V7Wb3EG5AgMBAAECggEAdymR9xpAo3wLNTzH3qcP9jzZxMqJjTnd383+EqTKd3bU
	YY7f4kiCVpGtrEM6b8QN/bYRe0GMhuUEY6Mbewk9jVzTrRU1oA6GarLgK0En6PP/
	8dEHUjEBspcW/8+Ge3TyurhFPVMpAN4/j41lBONOmV73gV7dXegp2khEuZ5jqz61
	xdEHiXJkP4t3zwTP4v6KKJtN+rS1PuYTBHUJp74ZcoZf2ke3VEZCILGuImZF4K9L
	GyvOpCh56oEaB+fU98A2N0PWulqclXly/0OAgaxfNSyhx1MU1y//QKLuwTusVcEF
	oq25DLav7/VR28eCPhDvmgYah+s2O2o+pHi/6K+9wQKBgQDKP9DNHU6zoABwNG6e
	J6PeJTTNI3o+Oozy57V961gQInhS3KH71L80LQLDdZbiuOZkSi3YafTNF9K1k5/c
	6vXBQLHYFkluBzjSBli91Q09Qhkpo6GjsnY9frXySKfBXMHfen1HR5pwTqUrubyY
	1RyD0uU2MVEgTqWHY3EsMUk+NQKBgQDH07xMfH61mTC3UCIwiuPACtErVrg8uDkq
	iqSs4YnSlGsAlSCIPPwHUoCnEj8bcC0icRuh7DfQFAjAdYJPNXjKkEcSfDJ+lD96
	655WmEHX0QRnp6Petibv05l9lBf3tuhqqajRQ9buR6c0ZEIozZzxTYxxestgPdM1
	c7+4yq/19QKBgDEhL2ekJuobg/+9vOFOX9Am2Zy7cYaMUpDvGHduJAZHWVNHpVG3
	bHsQNAunFPAeWlkia+CWXJE1qEnTgpH3wZsgTBNh1pSTzIm4YPY8OusWk2Y6CZnq
	UC7ACRLB835VOgM/jg8ypaGCeT0V8Wpu2m5rXKK9eCeQ80TgMy25C0HBAoGAD5rr
	c5WtV4U1Fru9T8ko7BBsMVQ+Yw+H91iIb6/VUYqhqJP8zGbmz7OTtHhqUTw7ahsn
	K0gFO8y0ukLzADiOzFLkGf90+gmdw32vCdguHCqIi4e99mCHPedqbzInhQLVt660
	LlN773PNDPxfZkxYW0fRFfOe+k8ZtWzqpgW+JBkCgYEAoGXWEgeb3tiGzpTVJoGE
	34QGjLHbt3GUtuxRiwcZ4kf4HNB0nXVumLl8k/XkknGw5yArDbolCdAV+n0uSluu
	9TlmKsPrNYX4IildA/gTyHqII6dXM0KMVOSTCgP5n3g1Y8ixYWyi/Bm09uUV1RH8
	E0zEr7ka5F+YTCE1I7JLDRg=
	-----END PRIVATE KEY-----
	-----BEGIN CERTIFICATE-----
	MIIEUTCCArmgAwIBAgIQB3WSvOrzomaBSMmAXZGQtDANBgkqhkiG9w0BAQsFADCB
	gzEeMBwGA1UEChMVbWtjZXJ0IGRldmVsb3BtZW50IENBMSwwKgYDVQQLDCNjYWxl
	YkBjYWxlYi1wYy1saW51eCAoQ2FsZWIgRG94c2V5KTEzMDEGA1UEAwwqbWtjZXJ0
	IGNhbGViQGNhbGViLXBjLWxpbnV4IChDYWxlYiBEb3hzZXkpMB4XDTIxMDUyODE3
	MzM0OVoXDTIzMDgyODE3MzM0OVowVzEnMCUGA1UEChMebWtjZXJ0IGRldmVsb3Bt
	ZW50IGNlcnRpZmljYXRlMSwwKgYDVQQLDCNjYWxlYkBjYWxlYi1wYy1saW51eCAo
	Q2FsZWIgRG94c2V5KTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ3e
	4qvVevfuMOaPMHogPmsA+RLr7tFMFuczThBeNmwaeY3K+TITcNURWRqav5NbdnoH
	PaxDMR+90U26Eeq0Ay48aKEC2ZY+QioR0SqWV3Liy+11JgsDpIYEer8uDJnnRkaP
	3dUHQdOylVH6Wg7StIfH8sDq+5L6zZDu9WP6Rc9KQSQgOUOoba8ZYxskejKtRxOW
	uFu9hgqokKLP0VEydQbqC45IVKUazBV8VKFR7Tjlty7Uh+Uldl+vhGgoQ0R01BlP
	RHF+rACUman7jMN9FTT1puzx5uY/hWI4Kq7T31aYm8LANTTaMuxbFQBr61WHabcr
	20nbNDhD9nFXtZvcQbkCAwEAAaNsMGowDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQM
	MAoGCCsGAQUFBwMBMB8GA1UdIwQYMBaAFNqyfFlLApmWAgXs/U1L5N/bUNjDMCIG
	A1UdEQQbMBmCFyoubG9jYWxob3N0LnBvbWVyaXVtLmlvMA0GCSqGSIb3DQEBCwUA
	A4IBgQB1V2UwIgOAawR4PwJPRxsuy93RYeEkA2OLtfuDeYJMjmcbVAYITRFFD6zI
	98sa80UNuXloN2HolA/eWvV31eF04Qh64BMgYw3UaPg7aH1iN/B//6OGoI8jNH/e
	46FgvrTLjopZR/6+/xkSnn8/BILhYDhfx1HPNkUoId113lwWOxxjq6nLuSAK+/bs
	9n4Z1fdYVG2wQdHoBTxhhgabiQoagUZCXRSCG9j1QBNz+lUuHMgaX2fndfv1nSdh
	18jQuwPy4SXk7Rl3GAguSUeXxxpO0vyzhcjF3YhL3pT7Ph5tQgrItsl8PyQeBrTt
	/kSTjC6moCP6BDpR1utLrNg4iSUwrVLjF7RmYPJtmppa42VDORcVKZS1YNlV9CGc
	BWO0sLJhOHi/9cneLbMS8rQMY0uKRLlAnp2TVfTDPgA9lTkeuCamoghP0yyKyYPL
	GSCa1yuB7Tl9DnmzsjLfAv63Yw5IMFfF+I/rp5UmEKmcZKL3suBQWVE4mkYVWrOl
	XMzqp+4=
	-----END CERTIFICATE-----
	{
	"address": ":20443",
	"authenticate_service_url": "https://authenticate.localhost.pomerium.io:20443",
	"authorize_service_url": "http://127.0.0.1:25443",
	"certificate_file": "_wildcard.localhost.pomerium.io.pem",
	"certificate_key_file": "_wildcard.localhost.pomerium.io-key.pem",
	"cookie_secret": "euK3yjYSzp+QanEbxseYuI7A6P5feE/7fKqJxroXZR0=",
	"databroker_service_url": "http://127.0.0.1:25443",
	"envoy_admin_address": "0.0.0.0:29091",
	"grpc_address": ":25443",
	"grpc_insecure": true,
	"idp_client_id": "xxx",
	"idp_client_secret": "xxx",
	"idp_provider": "azure",
	"idp_provider_url": "xxx",
	"log_level": "debug",
	"policy": [
	{
	"allow_any_authenticated_user": true,
	"allow_websockets": true,
	"from": "https://ws.localhost.pomerium.io:20443",
	"tls_skip_verify": true,
	"to": "https://localhost:20001"
	},
	{
	"allow_public_unauthenticated_access": true,
	"from": "https://envoy.localhost.pomerium.io:20443",
	"to": "http://127.0.0.1:29091"
	}
	],
	"shared_secret": "euK3yjYSzp+QanEbxseYuI7A6P5feE/7fKqJxroXZR0=",
	"signing_key": "LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUREK1NkakkzNnBzdzIxV2tQeHdtV2trREpKTnlmaU94dWNhako1TGd6ZlFvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFVnRNMndJUXprM1hJaGlaSEl5NjRBcHpKZEJHdjBXU1Y1UTJkaXZ5UldneFk3ZXVyL0JjTgpOUUdxMmFVVTU2cXJKbTU5RkxNd0k4Rlk5a3Ribk1qS1N3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo="
	}
	{
	address: ':20443',
	envoy_admin_address: '0.0.0.0:29091',
	grpc_address: ':25443',
	grpc_insecure: true,

	authenticate_service_url: 'https://authenticate.localhost.pomerium.io:20443',
	authorize_service_url: 'http://127.0.0.1:25443',
	databroker_service_url: 'http://127.0.0.1:25443',

	cookie_secret: 'euK3yjYSzp+QanEbxseYuI7A6P5feE/7fKqJxroXZR0=',
	shared_secret: 'euK3yjYSzp+QanEbxseYuI7A6P5feE/7fKqJxroXZR0=',
	signing_key: 'LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUREK1NkakkzNnBzdzIxV2tQeHdtV2trREpKTnlmaU94dWNhako1TGd6ZlFvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFVnRNMndJUXprM1hJaGlaSEl5NjRBcHpKZEJHdjBXU1Y1UTJkaXZ5UldneFk3ZXVyL0JjTgpOUUdxMmFVVTU2cXJKbTU5RkxNd0k4Rlk5a3Ribk1qS1N3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=',

	certificate_file: '_wildcard.localhost.pomerium.io.pem',
	certificate_key_file: '_wildcard.localhost.pomerium.io-key.pem',

	idp_provider: 'azure',
	idp_provider_url: 'xxx',
	idp_client_id: 'xxx',
	idp_client_secret: 'xxx',

	log_level: 'debug',

	policy: [
	{
	from: 'https://ws.localhost.pomerium.io:20443',
	to: 'https://localhost:20001',
	allow_any_authenticated_user: true,
	allow_websockets: true,
	tls_skip_verify: true,
	},
	{
	from: 'https://envoy.localhost.pomerium.io:20443',
	to: 'http://127.0.0.1:29091',
	allow_public_unauthenticated_access: true,
	},
	],
	}
	module github.com/calebdoxsey/pomerium-notes/2021/07/26/ws-test

	go 1.16

	require github.com/gorilla/websocket v1.4.2 // indirect
	github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc=
	github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
	package main

	import (
	"fmt"
	"io"
	"log"
	"net/http"
	"os"

	"github.com/gorilla/websocket"
	)

	func main() {
	mux := http.NewServeMux()
	mux.HandleFunc("/ws", func(w http.ResponseWriter, r *http.Request) {
	ws, err := (&websocket.Upgrader{}).Upgrade(w, r, nil)
	if err != nil {
	log.Println(err)
	return
	}
	defer ws.Close()
	for {
	// Write
	err := ws.WriteMessage(websocket.TextMessage, []byte("Hello, Client!"))
	if err != nil {
	return
	}

	// Read
	_, msg, err := ws.ReadMessage()
	if err != nil {
	return
	}
	fmt.Printf("%s\n", msg)
	}
	})
	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
	_, _ = io.WriteString(w, `<!doctype html>
	<html lang="en">
	<body>
	<p id="output"></p>

	<script>
	var loc = window.location;
	var uri = 'ws:';

	if (loc.protocol === 'https:') {
	uri = 'wss:';
	}
	uri += '//' + loc.host;
	uri += loc.pathname + 'ws';

	ws = new WebSocket(uri)

	ws.onopen = function() {
	console.log('Connected')
	}

	ws.onmessage = function(evt) {
	var out = document.getElementById('output');
	out.innerHTML += evt.data + '<br>';
	}

	setInterval(function() {
	ws.send('Hello, Server!');
	}, 1000);
	</script>
	</body>

	</html>
	`)
	})
	err := http.ListenAndServeTLS("127.0.0.1:20001", "_wildcard.localhost.pomerium.io.pem", "_wildcard.localhost.pomerium.io-key.pem", mux)
	if err != nil {
	fmt.Fprintf(os.Stderr, "%v\n", err)
	os.Exit(1)
	}
	}
	#!/bin/bash
	set -euo pipefail

	jsonnet config.jsonnet -o config.json
	(cd ~/src/github.com/pomerium/pomerium && make clean && make build)
	exec ~/src/github.com/pomerium/pomerium/bin/pomerium -config=config.json