It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Access

Access Proxy Parameters

  • Last updated on

Envoy Proxy

Environment variables to override default values:

KeyDefaultTypeDescription
COMPONENTLOGLEVELgrpc:debug,config:debugstrEnvoy’s component specific log level info
FYDE_PROXY_HOSTproxy-clientstrOrchestrator’s hostname / DNS record
FYDE_PROXY_PORT50051strOrchestrator’s service port
LOGLEVELinfostrEnvoy’s global log level info

Proxy Orchestrator

The following override mechanisms will be processed in order, the last override representing the final value:

  1. Default value
  2. Configuration pushed from CloudGen Access Enterprise Console
  3. overrides.json file on the CWD of the service process
  4. Docker provisioned secret (/run/secrets/<key>)
  5. AWS SSM (all keys prefixed with the value from the ‘prefix’ key)
  6. AWS SecretsManager (all keys prefixed with the value from the ‘prefix’ key)
  7. Environment variable, prefixed with FYDE_ and all caps
  8. Command-line arguments in long-form notation like ‘--example’, all keys underscores converted to dashes.
KeyDefaultTypeDescription
authz_pubkeyNonestrAuthorizer EC Public Key (Used to verify authorization JWTs)
authz_timeout30intCloudGen Access authorization call timeout (seconds)
enable_ipv6FalseboolEnable ipv6 usage for DNS in envoy
enrollment_tokenNonestrEnrollment token provided by CloudGen Access Enterprise Console
envoy_listener_ip‘0.0.0.0’strEnvoy Proxy listener IP
envoy_listener_port8000intEnvoy Proxy listener port
envoy_prometheusTrueboolPrometheus metrics for Envoy Proxy status
envoy_prometheus_ip‘0.0.0.0’strPrometheus metrics for Envoy Proxy listener IP
envoy_prometheus_port9000intPrometheus metrics for Envoy Proxy listener port
grpc_insecureTrueboolgRPC insecure mode for the CloudGen Access Proxy Orchestrator
grpc_listener’[::]:50051’strgRPC listener for the CloudGen Access Proxy Orchestrator
http_proxyNonestrUse HTTP proxy. Example: “http://proxy.host:1234/” or “socks5://10.0.0.1:5555”
https_proxyNonestrUse HTTPS proxy. Example: “https://proxy.host:1234/” or “socks5://10.0.0.1:5555”
prefixfyde_strDefine the prefix used for keys stored in AWS SSM and AWS SecretsManager
proxy_prometheusTrueboolPrometheus metrics for CloudGen Access Proxy Orchestrator status
proxy_prometheus_ip‘0.0.0.0’strPrometheus metrics for CloudGen Access Proxy Orchestrator listener IP
proxy_prometheus_port9010intPrometheus metrics for CloudGen Access Proxy Orchestrator listener port
redis_sslFalseboolEnable SSL support for Redis connections
redis_sentinel_sslFalseboolEnable SSL support for Redis Sentinel connections
redis_ssl_cert_reqs‘none’strSSL Certificate verification options. one of ‘none’, ‘optional’, ‘required’. More info here
redis_ssl_keyNonestr

Redis/Sentinel SSL client authentication private key

This can be a path to a file holding the key or the content of it inlined in the variable

redis_ssl_certNonestr

Redis/Sentinel SSL client authentication certificate

This can be a path to a file holding the cert or the content of it inlined in the variable

redis_ssl_ca_certsNonestr

Redis/Sentinel SSL CA trusted anchors

This can be a path to a file holding the certs or the content of it inlined in the variable

redis_authNonestrRedis auth key
redis_db0intRedis database
redis_hostNonestrUsed for HA mode only. Leave empty in CloudGen Access Proxy single mode.
redis_port6379intRedis port
redis_timeout1.0floatRedis socket_timeout in seconds
redis_sentinel_hostsNonestrRedis Sentinel comma-separated list of host:port pairs
redis_sentinel_service_nameNonestrRedis Sentinel service (cluster) name
redis_sentinel_wait_for_primary30intRedis Sentinel time in seconds to wait for primary
Last updated on