2025-10-24 19:59:20 +03:00
|
|
|
# Rproxy
|
2024-10-04 01:22:05 +03:00
|
|
|
|
2025-10-24 19:59:20 +03:00
|
|
|
## Description
|
2024-10-04 01:22:05 +03:00
|
|
|
|
2025-10-24 19:59:20 +03:00
|
|
|
This job handles Nginx 1.29 installation and includes the following components:
|
2024-10-04 01:22:05 +03:00
|
|
|
|
2025-10-24 19:59:20 +03:00
|
|
|
- **Nginx as Reverse Proxy**:
|
|
|
|
|
- Acts as a reverse proxy for secure traffic routing
|
|
|
|
|
- Supports SSL termination
|
2024-10-04 01:22:05 +03:00
|
|
|
|
2025-10-24 19:59:20 +03:00
|
|
|
- **HTTP Repository**:
|
|
|
|
|
- Provides a base for hosting and managing web content
|
2024-10-04 01:22:05 +03:00
|
|
|
|
2025-10-24 19:59:20 +03:00
|
|
|
- **Infrastructure**:
|
|
|
|
|
- ✅ Includes Podman installation
|
|
|
|
|
- ✅ Contains a management job for proxy configuration
|
|
|
|
|
- Allows seamless addition of new services (e.g., enabling SSL access to Jenkins)
|
2024-10-04 01:22:05 +03:00
|
|
|
|
2025-10-24 19:59:20 +03:00
|
|
|
### Nginx as Reverse Proxy
|
|
|
|
|
|
|
|
|
|
**Setup**:
|
|
|
|
|
- Installs Nginx container in Podman environment
|
|
|
|
|
|
|
|
|
|
**Configuration Structure**:
|
|
|
|
|
- **Root directory**: `/opt/rproxy`
|
|
|
|
|
- **Main config**: `/opt/rproxy/nginx.conf`
|
|
|
|
|
- **Site-specific configs**: `/opt/rproxy/sites/*.conf`
|
|
|
|
|
- **Certificates**: `/opt/rproxy/certs/` (stores unique certificates for each connected site)
|
|
|
|
|
|
|
|
|
|
**Operation**:
|
|
|
|
|
- Listens on `https://$hostname/`
|
|
|
|
|
- Maps incoming requests to `/opt/rproxy/sites/$hostname.conf`
|
|
|
|
|
- Forwards traffic to `https://$hostname:[port]` with SSL termination
|
|
|
|
|
|
|
|
|
|
**Entrypoint**:
|
|
|
|
|
- Proxy endpoint: `https://$hostname/`
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
### HTTP Repository
|
|
|
|
|
|
|
|
|
|
**Configuration**:
|
|
|
|
|
- A `repo.conf` file is added to the `/opt/rproxy/sites/` directory
|
|
|
|
|
- **DAVFS** functionality is enabled for file management
|
|
|
|
|
- **Data storage path**: `/opt/repodata`
|
2024-10-04 01:22:05 +03:00
|
|
|
|
2025-10-24 19:59:20 +03:00
|
|
|
**Access Point**:
|
|
|
|
|
- Proxy endpoint: `https://localhost:9000/`
|
2024-10-04 01:22:05 +03:00
|
|
|
|
2025-10-24 19:59:20 +03:00
|
|
|
#### Example Usage
|
2024-10-04 01:22:05 +03:00
|
|
|
|
2025-10-24 19:59:20 +03:00
|
|
|
Upload a file to the repository using `curl`:
|
2024-10-04 01:22:05 +03:00
|
|
|
```bash
|
2025-10-24 19:59:20 +03:00
|
|
|
# Upload example: kafka_4.1.tar to /podman/kafka/4.1/
|
|
|
|
|
curl -T kafka_4.1.tar https://rproxy.olsson.ul:9000/podman/kafka/4.1/kafka_4.1.tar
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
## Add configuration via management job
|
|
|
|
|
Import management/AddService.groovy to Jenkins
|
|
|
|
|
|
|
|
|
|
To integrate `http://jenkins-master.olsson.ul:8080` with the SSL proxy, configure these parameters:
|
|
|
|
|
|
|
|
|
|
- **target_host**: Host with rproxy installed
|
|
|
|
|
- **rproxy_service_name**: Service identifier (e.g., `jenkins`)
|
|
|
|
|
- **rproxy_service_port**: Port (e.g., `8080`)
|
|
|
|
|
- **rproxy_service_address**: Address (e.g., `jenkins-master.olsson.ul` or `10.10.10.1`)
|
|
|
|
|
|
|
|
|
|
✅ **Result**:
|
|
|
|
|
`https://jenkins.olsson.ul/` will securely route to `http://jenkins-master.olsson.ul:8080`.
|
|
|
|
|
|
|
|
|
|
CNAME configuration (`jenkins.olsson.ul → rproxy`) is automatically handled during deployment in FreeIPA.
|
|
|
|
|
|
|
|
|
|
## Software Requirements
|
|
|
|
|
* OS - AlmaLinux 10
|
|
|
|
|
* FreeIPA domain (for certificates request)
|
|
|
|
|
|
|
|
|
|
## Jenkins credentials
|
|
|
|
|
* JENKINS_DEPLOYER_PASS (domain)
|
|
|
|
|
* JENKINS_DEPLOYER_KEY (domain)
|
|
|
|
|
|
|
|
|
|
## Jenkins paramethers
|
|
|
|
|
* target_hosts - is basic inventory line for ansible
|
|
|
|
|
* images_repo_url - image registry with nginx repository
|
|
|
|
|
* update_job - download changes from git and finish job
|
