Link Search Menu Expand Document

Platform

Table of contents

Bare Metal / Virtual Machine

  • Check Envoy Proxy logs

    sudo tail /var/log/envoy/envoy.log -f
    
  • Check Fyde Access Proxy logs

    sudo journalctl -u fydeproxy -f
    
  • Check firewall rules

    sudo firewall-cmd --list-all-zones
    # or
    sudo iptables -L -xvn
    
  • Ensure Envoy Proxy is running

    sudo ps axuww | grep envoy
    
  • Ensure Envoy Proxy is listening on the correct port

    sudo ss -anp | grep envoy | grep LISTEN
    # or
    sudo netstat -anp | grep envoy | grep LISTEN
    

Cloudformation ASG

  • Instance logs are sent to CloudWatch by default

  • Check the log group named: /aws/ec2/FydeAccessProxy

    1. Select the failing instance from the log stream list
    2. Filter for cloud-init:
    3. Search for script errors. Example:
      2020-09-19T22:36:07.894+01:00	Sep 19 21:36:05 ip-10-200-0-114 cloud-init: + curl -sL https://url.fyde.me/install-fyde-proxy-linux
      2020-09-19T22:36:07.894+01:00	Sep 19 21:36:06 ip-10-200-0-114 cloud-init: Invalid option: -r
    

Cloudformation ECS Fargate

  • Pod logs are sent to CloudWatch by default

  • Check the log group named: fyde-access-proxy-ecs-fargate

    1. Select the failing pod from the log stream list
    2. Check the last lines for the error cause

Docker

  • Confirm that both envoy-proxy and fyde-orchestrator containers are running

    sudo docker ps
    
  • Confirm that envoy-proxy container is mapping the correct port to the host

    • In the example above, and for the public port 443 the output should contain the following
    0.0.0.0:443->443/tcp
    
  • Check Envoy Proxy logs

    sudo docker logs envoy-proxy -f
    
  • Check Fyde Access Proxy logs

    sudo docker logs fyde-orchestrator -f
    
  • Check that docker network is not conflicting with a remote network

    • Check the value for IPAM.Config.Subnet

    • For more information check compose-file

    sudo docker network inspect fyde
    

Kubernetes

  • Correct the namespace if needed

  • Check all deployed resources

    kubectl get all \
      --namespace fyde-access-proxy
    
  • Check envoy logs

    kubectl logs \
      -l app=envoy-proxy -f \
      --namespace fyde-access-proxy
    
  • Check proxy logs

    kubectl logs \
      -l app=fyde-orchestrator -f \
      --namespace fyde-access-proxy
    
  • Check that envoy service is properly configured for your environment

    kubectl describe service envoy-proxy \
      --namespace fyde-access-proxy