Link

Install in Bare Metal / Virtual Machine

Install script

  • The steps below will execute a script obtained externally, we advise to inspect the content before execution

  • The script will install and enable chrony service for time synchronization, required to ensure tokens are validated properly

  • Download and execute installation script

      sudo bash -c "$(curl -fsSL https://url.fyde.me/install-fyde-proxy-linux)"
    
  • This script can also be used for unnatended instalations

      curl -fsSLo install-fyde-proxy-linux.sh https://url.fyde.me/install-fyde-proxy-linux
      chmod +x install-fyde-proxy-linux.sh
      ./install-fyde-proxy-linux.sh -h
    
      Install Fyde Access Proxy script
    
      Available parameters:
        -h        - Show this help
        -n        - Don't start services after install
        -p int    - Specify public port (1-65535), required for unattended instalation
        -t token  - Specify Fyde Access Proxy token
        -u        - Unattended install, skip requesting input
    
      Example for unattended instalation with Fyde Access Proxy token:
        - Specify the Fyde Access Proxy token inside quotes
    
        ./install-fyde-proxy-linux.sh -p 443 -t "https://xxxxxxxxxxxx" -u
    
      Example for unattended instalation, skipping services start, without Fyde Access Proxy token:
       - The token can also be obtained automatically via AWS SSM/Secrets Manager
       - More info: https://fyde.github.io/docs/fyde-access-proxy/parameters/#fyde-proxy-orchestrator
    
        ./install-fyde-proxy-linux.sh -n -p 443 -u
    

CentOS/RHEL - Manual steps

  1. Install pre-requisites

     sudo yum -y install yum-utils chrony
    
  2. Ensure chrony daemon is enabled on system boot and started

     sudo systemctl enable chronyd
     sudo systemctl start chronyd
    
  3. Ensure time synchronization is enabled

     sudo timedatectl set-ntp on
    
  4. Add Fyde repository

     sudo yum-config-manager -y --add-repo https://downloads.fyde.com/fyde.repo
    
  5. Install Envoy Proxy

     sudo yum -y install envoy
     sudo systemctl enable envoy
    
  6. Add CAP_NET_BIND_SERVICE to Envoy using a service unit override

    If you choose to configure your proxy to run in a port below 1024, you will need to add the CAP_NET_BIND_SERVICE capability to Envoy.

     sudo mkdir -p /etc/systemd/system/envoy.service.d
    
     sudo bash -c "cat > /etc/systemd/system/envoy.service.d/10-add-cap-net-bind.conf <<EOF
     [Service]
     Capabilities=CAP_NET_BIND_SERVICE+ep
     CapabilityBoundingSet=CAP_NET_BIND_SERVICE
     AmbientCapabilities=CAP_NET_BIND_SERVICE
     SecureBits=keep-caps
     EOF"
    
     sudo chmod 600 /etc/systemd/system/envoy.service.d/10-add-cap-net-bind.conf
    
  7. Reload and start Envoy Proxy

     sudo systemctl --system daemon-reload
     sudo systemctl start envoy
    
  8. Install Fyde Proxy Orchestrator and authz system

     sudo yum -y install fydeproxy
     sudo systemctl enable fydeproxy
    
  9. Configure environment using a service unit override

     sudo mkdir -p /etc/systemd/system/fydeproxy.service.d
    
     sudo bash -c "cat > /etc/systemd/system/fydeproxy.service.d/10-environment.conf <<EOF
     [Service]
     Environment='FYDE_ENROLLMENT_TOKEN=<paste here your Fyde Access Proxy enrollment link>'
     Environment='FYDE_ENVOY_LISTENER_PORT=<replace with the corresponding Fyde Access Proxy port, as configured in Fyde Enterprise Console>'
     EOF"
    
     sudo chmod 600 /etc/systemd/system/fydeproxy.service.d/10-environment.conf
    
  10. Reload and start Fyde Proxy Orchestrator daemon

     sudo systemctl --system daemon-reload
     sudo systemctl start fydeproxy
    
  11. Configure the firewall (if enabled)

     sudo firewall-cmd --zone=public --add-port="<replace with the corresponding Fyde Access Proxy port, as configured in Fyde Enterprise Console>/tcp" --permanent
     sudo firewall-cmd --reload
    

Troubleshoot