How to Install Pomerium on Linux Mint

Pomerium is an open-source tool for secure and flexible access to internal web applications. In this tutorial, we will learn how to install Pomerium on Linux Mint.

Prerequisites

Before starting, make sure your system meets the following requirements:

• Linux Mint Latest version
• A non-root user with sudo privileges
• Java 8 or higher
• A registered domain name pointed to your server's public IP address (For SSL certificates)

Step 1: Install NGINX

NGINX is a web server that can be used to forward traffic to the Pomerium proxy server. Install NGINX by running the following command:

sudo apt-get update && sudo apt-get install nginx

Step 2: Install and Configure Pomerium

1. Download the latest release of Pomerium from the official website using the following command:

   wget https://github.com/pomerium/pomerium/releases/download/vX.X.X/pomerium-linux-amd64-X.X.X
   

   Replace X.X.X with the version you want to install.

2. Change the file permission of the downloaded Pomerium binary to make it executable:

   chmod +x pomerium-linux-amd64-X.X.X
   

3. Create a configuration file by running the following command:

   sudo nano /etc/pomerium/config.yaml
   

4. Paste the following YAML code in the configuration file:

   proxies:
   - from_url: https://<DOMAIN>/
     to_url: http://localhost:8080/
   cookie_name: _pomerium_myapp_session
   shared_secret: <SECRET>
   

   • Replace <DOMAIN> with your registered domain name.
   • Replace <SECRET> with a randomly generated secret.

5. Save and close the configuration file.

6. Start Pomerium by running the following command:

   sudo ./pomerium-linux-amd64-X.X.X serve --config /etc/pomerium/config.yaml
   

   Replace X.X.X with the version you downloaded.

7. At this point, Pomerium should be running and listening on port 443.

Step 3: Configure NGINX

1. Create a new NGINX configuration file:

   sudo nano /etc/nginx/sites-available/pomerium
   

2. Paste the following code in the configuration file:

   server {
       listen 80;
       server_name <DOMAIN>;
       return 301 https://$server_name$request_uri;
   }
   server {
       listen 443 ssl;
       server_name <DOMAIN>;
   
       ssl_certificate /etc/letsencrypt/live/<DOMAIN>/fullchain.pem;
       ssl_certificate_key /etc/letsencrypt/live/<DOMAIN>/privkey.pem;
   
       location / {
           proxy_pass http://localhost:443;
           proxy_set_header Host $host;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_set_header X-Forwarded-Proto $scheme;
       }
   }
   

   • Replace <DOMAIN> with your registered domain name.

3. Save and close the configuration file.

4. Activate the configuration file by creating a symbolic link in the sites-enabled directory:

   sudo ln -s /etc/nginx/sites-available/pomerium /etc/nginx/sites-enabled/pomerium
   

5. Test the NGINX configuration:

   sudo nginx -t
   

6. Restart NGINX to apply the changes:

   sudo systemctl restart nginx
   

Conclusion

In this tutorial, we learned how to install Pomerium on Linux Mint and configure it with NGINX. With this setup, you can securely access your internal web applications from anywhere with just a web browser.