Skip to main content
Access Proxy Parameters
Barracuda Admin avatar
Written by Barracuda Admin
Updated over 3 years ago

Envoy Proxy

Environment variables to override default values:

Key

Default

Type

Description

COMPONENTLOGLEVEL

grpc:debug,config:debug

str

Envoy’s component specific log level info

FYDE_PROXY_HOST

proxy-client

str

Orchestrator’s hostname / DNS record

FYDE_PROXY_PORT

50051

str

Orchestrator’s service port

LOGLEVEL

info

str

Envoy’s global log level info


Proxy Orchestrator

The following override mechanisms will be processed in order, the last override representing the final value:

  1. Default value

  2. Configuration pushed from CloudGen Access Enterprise Console

  3. overrides.json file on the CWD of the service process

  4. Docker provisioned secret (/run/secrets/<key>)

  5. AWS SSM (all keys prefixed with ‘fyde_’)

  6. AWS SecretsManager (all keys prefixed with ‘fyde_’)

  7. Environment variable, prefixed with FYDE_ and all caps

Key

Default

Type

Description

authz_pubkey

None

str

Authorizer EC Public Key (Used to verify authorization JWTs)

authz_timeout

30

int

CloudGen Access authorization call timeout (seconds)

enable_ipv6

False

bool

Enable ipv6 usage for DNS in envoy

enrollment_token

None

str

Enrollment token provided by CloudGen Access Enterprise Console

envoy_listener_ip

‘0.0.0.0’

str

Envoy Proxy listener IP

envoy_listener_port

8000

int

Envoy Proxy listener port

envoy_prometheus

True

bool

Prometheus metrics for Envoy Proxy status

envoy_prometheus_ip

‘0.0.0.0’

str

Prometheus metrics for Envoy Proxy listener IP

envoy_prometheus_port

9000

int

Prometheus metrics for Envoy Proxy listener port

grpc_insecure

True

bool

gRPC insecure mode for the CloudGen Access Proxy Orchestrator

grpc_listener

’[::]:50051’

str

gRPC listener for the CloudGen Access Proxy Orchestrator

http_proxy

None

str

Use HTTP proxy. Example: “http://proxy.host:1234/” or “socks5://10.0.0.1:5555”

https_proxy

None

str

Use HTTPS proxy. Example: “https://proxy.host:1234/” or “socks5://10.0.0.1:5555”

proxy_prometheus

True

bool

Prometheus metrics for CloudGen Access Proxy Orchestrator status

proxy_prometheus_ip

‘0.0.0.0’

str

Prometheus metrics for CloudGen Access Proxy Orchestrator listener IP

proxy_prometheus_port

9010

int

Prometheus metrics for CloudGen Access Proxy Orchestrator listener port

redis_ssl

False

bool

Enable SSL support for Redis connections

redis_sentinel_ssl

False

bool

Enable SSL support for Redis Sentinel connections

redis_ssl_cert_reqs

‘none’

str

SSL Certificate verification options. one of ‘none’, ‘optional’, ‘required’. More info here

redis_ssl_key

None

str

Redis/Sentinel SSL client authentication private key

This can be a path to a file holding the key or the content of it inlined in the variable

redis_ssl_cert

None

str

Redis/Sentinel SSL client authentication certificate

This can be a path to a file holding the cert or the content of it inlined in the variable

redis_ssl_ca_certs

None

str

Redis/Sentinel SSL CA trusted anchors

This can be a path to a file holding the certs or the content of it inlined in the variable

redis_auth

None

str

Redis auth key

redis_db

0

int

Redis database

redis_host

None

str

Used for HA mode only. Leave empty in CloudGen Access Proxy single mode.

redis_port

6379

int

Redis port

redis_timeout

1.0

float

Redis socket_timeout in seconds

redis_sentinel_hosts

None

str

Redis Sentinel comma-separated list of host:port pairs

redis_sentinel_service_name

None

str

Redis Sentinel service (cluster) name

redis_sentinel_wait_for_primary

30

int

Redis Sentinel time in seconds to wait for primary

Did this answer your question?