iac/rproxy
3
0
Fork 0
Code Issues Pull Requests Packages Releases 9 Activity
Files
v4.0
rproxy/README.md
Pavlov Makar 0527945668 Improved README
2025-10-24 19:59:20 +03:00

2.6 KiB
Raw Permalink Blame History

Rproxy

Description

This job handles Nginx 1.29 installation and includes the following components:

  • Nginx as Reverse Proxy:

    • Acts as a reverse proxy for secure traffic routing
    • Supports SSL termination

  • HTTP Repository:

    • Provides a base for hosting and managing web content

  • Infrastructure:

    • Includes Podman installation
    • Contains a management job for proxy configuration
      • Allows seamless addition of new services (e.g., enabling SSL access to Jenkins)

Nginx as Reverse Proxy

Setup:

  • Installs Nginx container in Podman environment

Configuration Structure:

  • Root directory: /opt/rproxy
    • Main config: /opt/rproxy/nginx.conf
    • Site-specific configs: /opt/rproxy/sites/*.conf
    • Certificates: /opt/rproxy/certs/ (stores unique certificates for each connected site)

Operation:

  • Listens on https://$hostname/
  • Maps incoming requests to /opt/rproxy/sites/$hostname.conf
  • Forwards traffic to https://$hostname:[port] with SSL termination

Entrypoint:

  • Proxy endpoint: https://$hostname/

HTTP Repository

Configuration:

  • A repo.conf file is added to the /opt/rproxy/sites/ directory
  • DAVFS functionality is enabled for file management
  • Data storage path: /opt/repodata

Access Point:

  • Proxy endpoint: https://localhost:9000/

Example Usage

Upload a file to the repository using curl:

# Upload example: kafka_4.1.tar to /podman/kafka/4.1/
curl -T kafka_4.1.tar https://rproxy.olsson.ul:9000/podman/kafka/4.1/kafka_4.1.tar

Add configuration via management job

Import management/AddService.groovy to Jenkins

To integrate http://jenkins-master.olsson.ul:8080 with the SSL proxy, configure these parameters:

  • target_host: Host with rproxy installed
  • rproxy_service_name: Service identifier (e.g., jenkins)
  • rproxy_service_port: Port (e.g., 8080)
  • rproxy_service_address: Address (e.g., jenkins-master.olsson.ul or 10.10.10.1)

Result:
https://jenkins.olsson.ul/ will securely route to http://jenkins-master.olsson.ul:8080.

CNAME configuration (jenkins.olsson.ul → rproxy) is automatically handled during deployment in FreeIPA.

Software Requirements

  • OS - AlmaLinux 10
  • FreeIPA domain (for certificates request)

Jenkins credentials

  • JENKINS_DEPLOYER_PASS (domain)
  • JENKINS_DEPLOYER_KEY (domain)

Jenkins paramethers

  • target_hosts - is basic inventory line for ansible
  • images_repo_url - image registry with nginx repository
  • update_job - download changes from git and finish job