Install in Bare Metal / Virtual Machine

Install script

  • The steps below will execute a script obtained externally, we advise to inspect the content before execution

  • The script will install and enable chrony service for time synchronization, required to ensure tokens are validated properly

  • Download and execute installation script

      sudo bash -c "$(curl -fsSL"
  • This script can also be used for unnatended instalations

      curl -fsSLo
      chmod +x
      ./ -h
      Install Fyde Access Proxy script
      Available parameters:
        -h        - Show this help
        -n        - Don't start services after install
        -p int    - Specify public port (1-65535), required for unattended instalation
        -t token  - Specify Fyde Access Proxy token
        -u        - Unattended install, skip requesting input
      Example for unattended instalation with Fyde Access Proxy token:
        - Specify the Fyde Access Proxy token inside quotes
        ./ -p 443 -t "https://xxxxxxxxxxxx" -u
      Example for unattended instalation, skipping services start, without Fyde Access Proxy token:
       - The token can also be obtained automatically via AWS SSM/Secrets Manager
       - More info:
        ./ -n -p 443 -u

CentOS/RHEL - Manual steps

  1. Install pre-requisites

     sudo yum -y install yum-utils chrony
  2. Ensure chrony daemon is enabled on system boot and started

     sudo systemctl enable chronyd
     sudo systemctl start chronyd
  3. Ensure time synchronization is enabled

     sudo timedatectl set-ntp on
  4. Add Fyde repository

     sudo yum-config-manager -y --add-repo
  5. Install Envoy Proxy

     sudo yum -y install envoy
     sudo systemctl enable envoy
  6. Add CAP_NET_BIND_SERVICE to Envoy using a service unit override

    If you choose to configure your proxy to run in a port below 1024, you will need to add the CAP_NET_BIND_SERVICE capability to Envoy.

     sudo mkdir -p /etc/systemd/system/envoy.service.d
     sudo bash -c "cat > /etc/systemd/system/envoy.service.d/10-add-cap-net-bind.conf <<EOF
     sudo chmod 600 /etc/systemd/system/envoy.service.d/10-add-cap-net-bind.conf
  7. Reload and start Envoy Proxy

     sudo systemctl --system daemon-reload
     sudo systemctl start envoy
  8. Install Fyde Proxy Orchestrator and authz system

     sudo yum -y install fydeproxy
     sudo systemctl enable fydeproxy
  9. Configure environment using a service unit override

     sudo mkdir -p /etc/systemd/system/fydeproxy.service.d
     sudo bash -c "cat > /etc/systemd/system/fydeproxy.service.d/10-environment.conf <<EOF
     Environment='FYDE_ENROLLMENT_TOKEN=<paste here your Fyde Access Proxy enrollment link>'
     Environment='FYDE_ENVOY_LISTENER_PORT=<replace with the corresponding Fyde Access Proxy port, as configured in Fyde Enterprise Console>'
     sudo chmod 600 /etc/systemd/system/fydeproxy.service.d/10-environment.conf
  10. Reload and start Fyde Proxy Orchestrator daemon

     sudo systemctl --system daemon-reload
     sudo systemctl start fydeproxy
  11. Configure the firewall (if enabled)

     sudo firewall-cmd --zone=public --add-port="<replace with the corresponding Fyde Access Proxy port, as configured in Fyde Enterprise Console>/tcp" --permanent
     sudo firewall-cmd --reload