These docs are for Cribl Stream 4.12 and are no longer actively maintained.

See the latest version (4.13).

Configure SOCKS Proxy

This document outlines how to configure Cribl Stream to use a SOCKS proxy server for outbound communication.

By using a SOCKS proxy, you can enhance security, bypass network restrictions, and route specific traffic through a controlled intermediary server. This document will guide you through the necessary steps to set up a SOCKS proxy for your Cribl Stream deployment.

There are two ways to define proxy variables in Cribl Stream.

• Environment Variables: Ideal for most scenarios, especially when automating deployments or managing a large number of Worker Nodes.
• UI Configuration: Suitable for smaller deployments or when manual configuration is preferred. However, be aware of the additional steps and potential complexities involved.

Configure via Environment Variables

​

This is the most straightforward and flexible method.

CRIBL_DIST_WORKER_PROXY lets you configure a SOCKS proxy for communication between the Leader Node and Worker Nodes.

The default protocol is SOCKS5, which uses the format: socks5://<username>:<password>@<host>:<port>. Specify the SOCKS proxy host, port, and optional authentication credentials in the variable.

You can alternatively specify SOCKS4 as the protocol with the format: socks4://<proxyhost>:<port>. To authenticate on a SOCKS4 proxy with username and password, use this format: socks4://<username>:<password>@<proxyhost>:<port>. The <proxyhost> can be a hostname, IPv4, or IPv6.

Configure via the UI

​

Configuring a SOCKS proxy for Cribl Stream using the UI is more complex than using environment variables due to the multi-step process involved. It requires enabling direct access to the Leader, setting up the proxy on the Worker Nodes, and then configuring the SOCKS proxy settings. Additionally, using the UI might not be suitable for all deployment scenarios, especially those with large numbers of Worker Nodes or complex network configurations.

To configure a SOCKS proxy for Cribl Stream, follow these steps.

1. Enable direct access: Allow Worker Nodes to access the Leader Node directly.
   • Cribl Edge: Set up Leaders and Edge Nodes.
   • Cribl Stream: Set up Leaders and Worker Nodes.
   • Remember to enable UI Access (and teleport) to Workers or Edge Nodes as applicable.
2. Set up Worker Nodes and SOCKS proxy: Configure the Worker Nodes and ensure the SOCKS proxy server is running and accessible.
3. Configure proxy details: You can access the Worker Node via teleporting. To configure without teleporting, log in to each Worker Node directly using a local user account.
4. Select Worker Node Settings from the Worker Node submenu. Navigate to Distributed Settings > Leader Proxy Settings and configure the following fields:
   • Username: Enter the username for the SOCKS Proxy authentication.
   • Password
   • Proxy host: Enter the proxy server host. Can be a hostname, IPv4, or IPv6.
   • Proxy port
   • Protocol version: Version of the SOCKS protocol. Defaults to 5 for socks5.
5. Save the settings: The Worker Nodes will automatically reconnect to the Leader node using the configured SOCKS proxy.
6. Disable direct access: Verify the SOCKS proxy configuration is verified. To ensure all traffic between Worker Nodes and Leader is routed through the SOCKS proxy, disable the direct network connections between them. This includes removing any firewall rules or network configurations that allow direct communication.