Pomerium

Self-Hosted

Open-source identity-aware access proxy for secure zero-trust app access

Visit Website

Overview

Pomerium is an open-source identity-aware reverse proxy enforcing zero-trust principles for web applications. It integrates with leading identity providers (Okta, Google Workspace, Azure AD) to enable single sign-on (SSO) and multi-factor authentication (MFA). Features include granular policy controls, TLS encryption, and certificate management. Deployable via Docker, Kubernetes, or standalone binary, it eliminates VPN dependency by verifying every user and request before access. Ideal for securing internal tools, APIs, and cloud resources while adhering to compliance standards like GDPR or HIPAA.

Self-Hosting Resources

Find Official Image on Docker Hub View Source & Docs

Below is a reference structure for docker-compose.yml. ⚠️ Do NOT run blindly. Replace placeholders with official values.

docker-compose.template.yml TEMPLATE 

version: '3'
services:
  pomerium:
    image: <OFFICIAL_IMAGE_NAME>:latest
    container_name: pomerium
    ports:
      - "8080:<APP_INTERNAL_PORT>"
    volumes:
      - ./data:/app/data
    restart: unless-stopped

Key Features

  • Identity-aware access control
  • Zero-trust enforcement
  • SSO/MFA integration with major IdPs
  • Granular policy management
  • Kubernetes/Docker deployable

Frequently Asked Questions

? Is Pomerium hard to install?

Installation difficulty varies—Docker or Kubernetes manifests simplify setup with official step-by-step docs. Standalone binary is also available for smaller environments. Basic deployment can be done in minutes, though advanced configurations (like Kubernetes) may need more expertise.

? Is Pomerium a good alternative to Cloudflare Access?

Yes—Pomerium is open-source and self-hosted, offering zero-trust features similar to Cloudflare Access but with full control over your infrastructure. It’s ideal for teams avoiding vendor lock-in or recurring enterprise costs.

? Is Pomerium completely free to use?

Pomerium’s community edition is fully free and open-source (MIT license). A paid Enterprise tier exists with additional features like centralized management and audit logs, but the self-hosted core remains no-cost.

Top Alternatives

Cloudflare Access Search Google
Okta Access Gateway Search Google
Zscaler Private Access (ZPA) Search Google

People Also Ask about Pomerium

Pomerium vs Cloudflare AccessPomerium vs Okta Access GatewayPomerium vs Zscaler Private Access (ZPA) Pomerium 2025 review Pomerium docker-compose example

Tool Info

Pricing Free/Open Source (with paid Enterprise tier)
Category Web Servers
Platform Self-Hosted

Pros

  • Privacy-focused self-hosted solution
  • No subscription fees for core features
  • Eliminates VPN dependency
  • Supports TLS and automatic certificate management
  • Open-source with transparent codebase

Cons

  • Requires technical setup (especially for Kubernetes)
  • Steeper learning curve for policy configuration
  • Limited built-in analytics compared to paid tools
  • Enterprise features (centralized management) require paid tier

More Web Servers Tools

Pangolin

Lightweight, high-performance open-source web server

Varnish

High-performance HTTP reverse proxy and caching server

Static Web Server

Lightweight, cross-platform static file server for self-hosting