Install in Bare Metal / Virtual Machine

Install script

  • Please note that the steps below will execute scripts obtained externally

  • We advise to inspect the content before execution

  1. Download and execute installation script

     sudo bash -c "$(curl -fsSL https://url.fyde.me/install-fyde-proxy-centos)"
    

Manual steps

  1. Install yum repository manager and update cURL (necessary in old CentOS 7.0 versions)

     sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
     sudo yum -y install yum-utils
     sudo yum -y update curl
    
  2. Add Fyde repository

     sudo yum-config-manager -y --add-repo https://downloads.fyde.com/stable.repo
    
  3. Install Envoy Proxy

     sudo yum -y install envoy
     sudo systemctl enable envoy
    
  4. Add CAP_NET_BIND_SERVICE to Envoy using a service unit override

    If you choose to configure your proxy to run in a port below 1024, you will need to add the CAP_NET_BIND_SERVICE capability to Envoy.

     sudo mkdir -p /etc/systemd/system/envoy.service.d
    
     sudo bash -c "cat > /etc/systemd/system/envoy.service.d/10-add-cap-net-bind.conf <<EOF
     [Service]
     Capabilities=CAP_NET_BIND_SERVICE+ep
     CapabilityBoundingSet=CAP_NET_BIND_SERVICE
     AmbientCapabilities=CAP_NET_BIND_SERVICE
     SecureBits=keep-caps
     EOF"
    
     sudo chmod 600 /etc/systemd/system/envoy.service.d/10-add-cap-net-bind.conf
    
  5. Reload and start Envoy Proxy
     sudo systemctl --system daemon-reload
     sudo systemctl start envoy
    
  6. Install Fyde Proxy Orchestrator and authz system

     sudo yum -y install fydeproxy
     sudo systemctl enable fydeproxy
    
  7. Configure environment using a service unit override

     sudo mkdir -p /etc/systemd/system/fydeproxy.service.d
    
     sudo bash -c "cat > /etc/systemd/system/fydeproxy.service.d/10-environment.conf <<EOF
     [Service]
     Environment='FYDE_ENROLLMENT_TOKEN=<paste here your Fyde Access Proxy enrollment link>'
     Environment='FYDE_ENVOY_LISTENER_PORT=<replace with the Fyde Access Proxy port, as configured in Fyde Enterprise Console>'
     EOF"
    
     sudo chmod 600 /etc/systemd/system/fydeproxy.service.d/10-environment.conf
    
  8. Reload and start Fyde Proxy Orchestrator daemon

     sudo systemctl --system daemon-reload
     sudo systemctl start fydeproxy
    
  9. Configure the firewall (enabled by default in CentOS)

     sudo firewall-cmd --zone=public --add-port="<Fyde Access Proxy port, as configured in Fyde Enterprise Console>/tcp" --permanent
     sudo firewall-cmd --reload
    

Troubleshoot