Platform

Table of contents

• Bare Metal / Virtual Machine
• Cloudformation ASG
• Cloudformation ECS Fargate
• Docker
• Kubernetes

Bare Metal / Virtual Machine

• Check Envoy Proxy logs

  sudo tail /var/log/envoy/envoy.log -f
  

• Check Fyde Access Proxy logs

  sudo journalctl -u fydeproxy -f
  

• Check firewall rules

  sudo firewall-cmd --list-all-zones
  # or
  sudo iptables -L -xvn
  

• Ensure Envoy Proxy is running

  sudo ps axuww | grep envoy
  

• Ensure Envoy Proxy is listening on the correct port

  sudo ss -anp | grep envoy | grep LISTEN
  # or
  sudo netstat -anp | grep envoy | grep LISTEN
  

Cloudformation ASG

• Instance logs are sent to CloudWatch by default

• Check the log group named: /aws/ec2/FydeAccessProxy

  1. Select the failing instance from the log stream list
  2. Filter for cloud-init:
  3. Search for script errors. Example:

    2020-09-19T22:36:07.894+01:00	Sep 19 21:36:05 ip-10-200-0-114 cloud-init: + curl -sL https://url.fyde.me/install-fyde-proxy-linux
    2020-09-19T22:36:07.894+01:00	Sep 19 21:36:06 ip-10-200-0-114 cloud-init: Invalid option: -r
  

Cloudformation ECS Fargate

• Pod logs are sent to CloudWatch by default

• Check the log group named: fyde-access-proxy-ecs-fargate

  1. Select the failing pod from the log stream list
  2. Check the last lines for the error cause

Docker

• Confirm that both envoy-proxy and fyde-orchestrator containers are running

  sudo docker ps
  

• Confirm that envoy-proxy container is mapping the correct port to the host

  • In the example above, and for the public port 443 the output should contain the following

  0.0.0.0:443->443/tcp
  

• Check Envoy Proxy logs

  sudo docker logs envoy-proxy -f
  

• Check Fyde Access Proxy logs

  sudo docker logs fyde-orchestrator -f
  

• Check that docker network is not conflicting with a remote network

  • Check the value for IPAM.Config.Subnet

  • For more information check compose-file

  sudo docker network inspect fyde
  

Kubernetes

• Correct the namespace if needed

• Check all deployed resources

  kubectl get all \
    --namespace fyde-access-proxy
  

• Check envoy logs

  kubectl logs \
    -l app=envoy-proxy -f \
    --namespace fyde-access-proxy
  

• Check proxy logs

  kubectl logs \
    -l app=fyde-orchestrator -f \
    --namespace fyde-access-proxy
  

• Check that envoy service is properly configured for your environment

  kubectl describe service envoy-proxy \
    --namespace fyde-access-proxy