github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 18:18:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
cecca3707345ce9991bf415a8644b63175308a93
firezone/rust/gateway
History
Thomas Eizinger cecca37073 feat(gateway): allow exporting metrics to an OTEL collector (#9838) 
As a first step in preparation for sending OTEL metrics from Clients and
Gateways to a cloud-hosted OTEL collector, we extend the CLI of the
Gateway with configuration options to provide a gRPC endpoint to an OTEL
collector.

If `FIREZONE_METRICS` is set to `otel-collector` and an endpoint is
configured via `OTLP_GRPC_ENDPOINT`, we will report our metrics to that
collector.

The future plan for extending this is such that if `FIREZONE_METRICS` is
set to `otel-collector` (which will likely be the default) and no
`OTLP_GRPC_ENDPOINT` is set, then we will use our own, hosted OTEL
collector and report metrics IF the `export-metrics` feature-flag is set
to `true`.

This is a similar integration as we have done it with streaming logs to
Sentry. We can therefore enable it on a similar granularity as we do
with the logs and e.g. only enable it for the `firezone` account to
start with.

In meantime, customers can already make use of those metrics if they'd
like by using the current integration.

Resolves: #1550
Related: #7419

---------

Co-authored-by: Antoine Labarussias <antoinelabarussias@gmail.com>
2025-07-14 03:54:38 +00:00
..
src
feat(gateway): allow exporting metrics to an OTEL collector (#9838)
2025-07-14 03:54:38 +00:00
Cargo.toml
feat(gateway): allow exporting metrics to an OTEL collector (#9838)
2025-07-14 03:54:38 +00:00
README.md
fix(docs): use sha256sum over sha256 (#9690)
2025-06-27 20:08:41 +00:00

README.md

gateway

This crate houses the Firezone gateway.

Building

You can build the gateway using: cargo build --release --bin firezone-gateway

You should then find a binary in target/release/firezone-gateway.

Running

The Firezone Gateway supports Linux only. To run the Gateway binary on your Linux host:

  1. Generate a new Gateway token from the "Gateways" section of the admin portal and save it in your secrets manager.
  2. Ensure the FIREZONE_TOKEN=<gateway_token> environment variable is set securely in your Gateway's shell environment. The Gateway requires this variable at startup.
  3. Set FIREZONE_ID to a unique string to identify this gateway in the portal, e.g. export FIREZONE_ID=$(head -c 32 /dev/urandom | sha256sum | cut -d' ' -f1). The Gateway requires this variable at startup. We recommend this to be a 64 character hex string.
  4. Now, you can start the Gateway with:
firezone-gateway

If you're running as a non-root user, you'll need the CAP_NET_ADMIN capability to open /dev/net/tun. You can add this to the gateway binary with:

sudo setcap 'cap_net_admin+eip' /path/to/firezone-gateway

Ports

The gateway requires no open ports. Connections automatically traverse NAT with STUN/TURN via the relay.

Reference in New Issue View Git Blame Copy Permalink