CloudGen Access

___________________________________________________________

sudo firewall-cmd --list-all-zones # or sudo iptables -L -xvn

Ensure Envoy Proxy is listening on the correct port.

- Ensure Envoy Proxy is listening on the correct port.

sudo ss -anp | grep envoy | grep LISTEN # or sudo netstat -anp | grep envoy | grep LISTEN

Instance logs are sent to CloudWatch by default. Check the log group named: <code>/aws/ec2/FydeAccessProxy</code>

Select the failing instance from the log stream list.

1. Select the failing instance from the log stream list.
2. Filter for <code>cloud-init:</code>
3. Search for script errors. Example:

<code>2020-09-19T22:36:07.894+01:00 Sep 19 21:36:05 ip-10-200-0-114 cloud-init: + curl -sL <a href="https://url.fyde.me/install-fyde-proxy-linux" rel="nofollow noopener noreferrer" target="_blank">https://url.fyde.me/install-fyde-proxy-linux</a></code>

<code>2020-09-19T22:36:07.894+01:00 Sep 19 21:36:06 ip-10-200-0-114 cloud-init: Invalid option: -r</code>

- <code>2020-09-19T22:36:07.894+01:00 Sep 19 21:36:05 ip-10-200-0-114 cloud-init: + curl -sL <a href="https://url.fyde.me/install-fyde-proxy-linux" rel="nofollow noopener noreferrer" target="_blank">https://url.fyde.me/install-fyde-proxy-linux</a></code>
- <code>2020-09-19T22:36:07.894+01:00 Sep 19 21:36:06 ip-10-200-0-114 cloud-init: Invalid option: -r</code>

Pod logs are sent to CloudWatch by default.

Check the log group named: <code>fyde-access-proxy-ecs-fargate</code>

Select the failing pod from the log stream list.

Check the last lines for the error cause.

- Pod logs are sent to CloudWatch by default.
- Check the log group named: <code>fyde-access-proxy-ecs-fargate</code>
- Select the failing pod from the log stream list.
- Check the last lines for the error cause.

Confirm that both envoy-proxy and fyde-orchestrator containers are running.

- Confirm that both envoy-proxy and fyde-orchestrator containers are running.

Confirm that envoy-proxy container is mapping the correct port to the host.

In the example above, and for the public port 443, the output should contain the following:

- Confirm that envoy-proxy container is mapping the correct port to the host.
- In the example above, and for the public port 443, the output should contain the following:

Check that docker network is not conflicting with a remote network. - Check the value for IPAM.Config.Subnet - For more information check <a href="https://docs.docker.com/compose/compose-file/#ipam" rel="nofollow noopener noreferrer" target="_blank">compose-file</a>

- Check that docker network is not conflicting with a remote network. - Check the value for IPAM.Config.Subnet - For more information check <a href="https://docs.docker.com/compose/compose-file/#ipam" rel="nofollow noopener noreferrer" target="_blank">compose-file</a>

- Correct the namespace if needed.
- Check all deployed resources.

kubectl get all \ --namespace fyde-access-proxy

kubectl logs \ -l app=envoy-proxy -f \ --namespace fyde-access-proxy

kubectl logs \ -l app=fyde-orchestrator -f \ --namespace fyde-access-proxy

Check that envoy service is properly configured for your environment.

- Check that envoy service is properly configured for your environment.

kubectl describe service envoy-proxy \ --namespace fyde-access-proxy

Troubleshoot Individual Platforms

Find answers and get help from Intercom Support and Community Experts

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Title

Track the progress of all tickets related to your company.

Tickets portal.

{assigneeName} needs more information from you

Bare Metal / Virtual Machine

Cloudformation ASG

Cloudformation ECS Fargate

Docker

Kubernetes