# Rproxy

## Description

This job handles Nginx 1.29 installation and includes the following components:

- **Nginx as Reverse Proxy**:  
  - Acts as a reverse proxy for secure traffic routing  
  - Supports SSL termination  

- **HTTP Repository**:  
  - Provides a base for hosting and managing web content  

- **Infrastructure**:  
  - ✅ Includes Podman installation  
  - ✅ Contains a management job for proxy configuration  
    - Allows seamless addition of new services (e.g., enabling SSL access to Jenkins)  

### Nginx as Reverse Proxy

**Setup**:  
- Installs Nginx container in Podman environment  

**Configuration Structure**:  
- **Root directory**: `/opt/rproxy`  
  - **Main config**: `/opt/rproxy/nginx.conf`  
  - **Site-specific configs**: `/opt/rproxy/sites/*.conf`  
  - **Certificates**: `/opt/rproxy/certs/` (stores unique certificates for each connected site)  

**Operation**:  
- Listens on `https://$hostname/`  
- Maps incoming requests to `/opt/rproxy/sites/$hostname.conf`  
- Forwards traffic to `https://$hostname:[port]` with SSL termination  

**Entrypoint**:  
- Proxy endpoint: `https://$hostname/`  


### HTTP Repository

**Configuration**:  
- A `repo.conf` file is added to the `/opt/rproxy/sites/` directory  
- **DAVFS** functionality is enabled for file management  
- **Data storage path**: `/opt/repodata`  

**Access Point**:  
- Proxy endpoint: `https://localhost:9000/`  

#### Example Usage

Upload a file to the repository using `curl`:
```bash
# Upload example: kafka_4.1.tar to /podman/kafka/4.1/
curl -T kafka_4.1.tar https://rproxy.olsson.ul:9000/podman/kafka/4.1/kafka_4.1.tar
```

## Add configuration via management job
Import management/AddService.groovy to Jenkins

To integrate `http://jenkins-master.olsson.ul:8080` with the SSL proxy, configure these parameters:

- **target_host**: Host with rproxy installed  
- **rproxy_service_name**: Service identifier (e.g., `jenkins`)  
- **rproxy_service_port**: Port (e.g., `8080`)  
- **rproxy_service_address**: Address (e.g., `jenkins-master.olsson.ul` or `10.10.10.1`)  

✅ **Result**:  
`https://jenkins.olsson.ul/` will securely route to `http://jenkins-master.olsson.ul:8080`.  
 
CNAME configuration (`jenkins.olsson.ul → rproxy`) is automatically handled during deployment in FreeIPA.

## Software Requirements
* OS - AlmaLinux 10
* FreeIPA domain (for certificates request)

## Jenkins credentials
* JENKINS_DEPLOYER_PASS (domain)
* JENKINS_DEPLOYER_KEY (domain)

## Jenkins paramethers
* target_hosts - is basic inventory line for ansible
* images_repo_url - image registry with nginx repository
* update_job - download changes from git and finish job