These docs are for Cribl Edge 4.11 and are no longer actively maintained.

See the latest version (4.13).

Configure SOCKS Proxy

This document outlines how to configure Cribl Edge to use a SOCKS proxy server for outbound communication.

By using a SOCKS proxy, you can enhance security, bypass network restrictions, and route specific traffic through a controlled intermediary server. This document will guide you through the necessary steps to set up a SOCKS proxy for your Cribl Edge deployment.

There are two ways to define proxy variables in Cribl Edge.

• Environment Variables: Ideal for most scenarios, especially when automating deployments or managing a large number of Edge Nodes.
• UI Configuration: Suitable for smaller deployments or when manual configuration is preferred. However, be aware of the additional steps and potential complexities involved.

Configure via Environment Variables

​

This is the most straightforward and flexible method.

CRIBL_DIST_WORKER_PROXY lets you configure a SOCKS proxy for communication between the Leader Node and Edge Nodes.

The default protocol is SOCKS5, which uses the format: socks5://<username>:<password>@<host>:<port>. Specify the SOCKS proxy host, port, and optional authentication credentials in the variable.

You can alternatively specify SOCKS4 as the protocol with the format: socks4://<proxyhost>:<port>. To authenticate on a SOCKS4 proxy with username and password, use this format: socks4://<username>:<password>@<proxyhost>:<port>. The <proxyhost> can be a hostname, IPv4, or IPv6.

Configure via the UI

​

Configuring a SOCKS proxy for Cribl Edge using the UI is more complex than using environment variables due to the multi-step process involved. It requires enabling direct access to the Leader, setting up the proxy on the Edge Nodes, and then configuring the SOCKS proxy settings. Additionally, using the UI might not be suitable for all deployment scenarios, especially those with large numbers of Edge Nodes or complex network configurations.

To configure a SOCKS proxy for Cribl Edge, follow these steps.

1. Enable direct access: Allow Edge Nodes to access the Leader Node directly.
   • Cribl Edge: Set up Leaders and Edge Nodes.
   • Cribl Stream: Set up Leaders and Worker Nodes.
   • Remember to enable UI Access (and teleport) to Workers or Edge Nodes as applicable.
2. Set up Edge Nodes and SOCKS proxy: Configure the Edge Nodes and ensure the SOCKS proxy server is running and accessible.
3. Configure proxy details: You can access the Edge Node via teleporting. To configure without teleporting, log in to each Edge Node directly using a local user account.
4. Select Edge Node Settings from the Edge Node submenu. Navigate to Distributed Settings > Leader Proxy Settings and configure the following fields:
   • Username: Enter the username for the SOCKS Proxy authentication.
   • Password
   • Proxy host: Enter the proxy server host. Can be a hostname, IPv4, or IPv6.
   • Proxy port
   • Protocol version: Version of the SOCKS protocol. Defaults to 5 for socks5.
5. Save the settings: The Edge Nodes will automatically reconnect to the Leader node using the configured SOCKS proxy.
6. Disable direct access: Verify the SOCKS proxy configuration is verified. To ensure all traffic between Edge Nodes and Leader is routed through the SOCKS proxy, disable the direct network connections between them. This includes removing any firewall rules or network configurations that allow direct communication.