It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Access

Access Proxy Parameters

  • Last updated on

Envoy Proxy

Environment variables to override default values:

KeyDefaultTypeDescription
COMPONENTLOGLEVELgrpc:debug,config:debugstrEnvoy’s component specific log level info
FYDE_PROXY_HOSTproxy-clientstrOrchestrator’s hostname / DNS record
FYDE_PROXY_PORT50051strOrchestrator’s service port
LOGLEVELinfostrEnvoy’s global log level info

Proxy Orchestrator

The following override mechanisms will be processed in order, the last override representing the final value:

  1. Default value
  2. Configuration pushed from CloudGen Access Enterprise Console
  3. overrides.json file on the CWD of the service process
  4. Docker provisioned secret (/run/secrets/<key>)
  5. AWS SSM (all keys prefixed with the value from the ‘prefix’ key; disable check with env variable DISABLE_AWS_SSM=1 )
  6. AWS SecretsManager (all keys prefixed with the value from the ‘prefix’ key; disable check with env variable DISABLE_AWS_SEC_MANAGER=1 )
  7. Environment variable, prefixed with FYDE_ and all caps
  8. Command-line arguments in long-form notation like ‘--example’, all keys underscores converted to dashes.
KeyDefaultTypeDescription
authz_pubkeyNonestrAuthorizer EC Public Key (Used to verify authorization JWTs)
authz_timeout30intCloudGen Access authorization call timeout (seconds)
enable_ipv6FalseboolEnable ipv6 usage for DNS in envoy
enrollment_tokenNonestrEnrollment token provided by CloudGen Access Enterprise Console
envoy_listener_ip‘0.0.0.0’strEnvoy Proxy listener IP
envoy_listener_port8000intEnvoy Proxy listener port
envoy_prometheusTrueboolPrometheus metrics for Envoy Proxy status
envoy_prometheus_ip‘0.0.0.0’strPrometheus metrics for Envoy Proxy listener IP
envoy_prometheus_port9000intPrometheus metrics for Envoy Proxy listener port
grpc_insecureTrueboolgRPC insecure mode for the CloudGen Access Proxy Orchestrator
grpc_listener’[::]:50051’strgRPC listener for the CloudGen Access Proxy Orchestrator
http_proxyNonestrUse HTTP proxy. Example: “http://proxy.host:1234/” or “socks5://10.0.0.1:5555”
https_proxyNonestrUse HTTPS proxy. Example: “https://proxy.host:1234/” or “socks5://10.0.0.1:5555”
prefixfyde_strDefine the prefix used for keys stored in AWS SSM and AWS SecretsManager
proxy_prometheusTrueboolPrometheus metrics for CloudGen Access Proxy Orchestrator status
proxy_prometheus_ip‘0.0.0.0’strPrometheus metrics for CloudGen Access Proxy Orchestrator listener IP
proxy_prometheus_port9010intPrometheus metrics for CloudGen Access Proxy Orchestrator listener port
redis_sslFalseboolEnable SSL support for Redis connections
redis_sentinel_sslFalseboolEnable SSL support for Redis Sentinel connections
redis_ssl_cert_reqs‘none’strSSL Certificate verification options. one of ‘none’, ‘optional’, ‘required’. More info here
redis_ssl_keyNonestr

Redis/Sentinel SSL client authentication private key

This can be a path to a file holding the key or the content of it inlined in the variable

redis_ssl_certNonestr

Redis/Sentinel SSL client authentication certificate

This can be a path to a file holding the cert or the content of it inlined in the variable

redis_ssl_ca_certsNonestr

Redis/Sentinel SSL CA trusted anchors

This can be a path to a file holding the certs or the content of it inlined in the variable

redis_authNonestrRedis auth key
redis_db0intRedis database
redis_hostNonestrUsed for HA mode only. Leave empty in CloudGen Access Proxy single mode.
redis_port6379intRedis port
redis_timeout1.0floatRedis socket_timeout in seconds
redis_sentinel_hostsNonestrRedis Sentinel comma-separated list of host:port pairs
redis_sentinel_service_nameNonestrRedis Sentinel service (cluster) name
redis_sentinel_wait_for_primary30intRedis Sentinel time in seconds to wait for primary