Skip to main content
Version: v42

Extender Configuration

Configuring Extender Log Location

By default PrivX Extender logs info and errors to /var/log/privx/privx-extender.log

If you want to enable logging to syslog, specify the rsyslog address and protocol in /opt/privx/etc/extender-config.toml, similar to the following:

syslog_protocol="tcp"
syslog_address="localhost:514"

Restart PrivX Extender to apply the changes. In addition make sure rsyslog is enabled on the extender host:

systemctl restart privx-extender
systemctl restart rsyslog

Custom Load-Balancer Support

info

The following information only applies to PrivX Extender v1. For more information about Extender v2 , see PrivX Extender v2 advanced configuration or Example Load Balancer Configuration: HAProxy .

If you are using a custom load balancer, ensure that its session-affinity cookie (also known as a sticky-session cookie) is accepted by all your PrivX Extenders:

  1. Add the name of the session-affinity cookie to the known_lb_cookies setting. The setting is in the Extender at /opt/privx/etc/extender-config.toml.

  2. Restart the Extender with:

    systemctl restart privx-extender

See PrivX high availability deployment for more information.

info

If your PrivX HA deployment also includes PrivX Carriers and PrivX Web Proxies, configure those to accept your session-affinity cookie as well.

Allow Repeated Registration

Extender v1 allows repeated registration if the analogous flag is enabled when configuring the Extender in the PrivX GUI. This allows an already registered Extender to register again. This can be useful when Extenders are deployed to an autoscaling, ephemeral setup.

When enabled, if the Extender configuration field certificate_subject_alt_names is empty and the extender host name is different, or if the field isn't empty but different than at any of the previous registrations, a new certificate will be issued by PrivX, while the previous one is kept valid as per its initial settings. Otherwise, when the field or host name value matches the previous registration, the previous certificate is revoked and a new one will be issued. Allowing repeated registrations means unregistering the Extender is no longer necessary.

You should only use this when your setup needs autoscaling Extenders from the same configuration and treating them as a single Extender.