Mobb Broker
Last updated
Last updated
Mobb supports source code repositories (GitLab/GitHub/ADO) that are hosted in an on-premise environment by using the Mobb broker. The Mobb broker provides organizations with the following benefits:
Mobb broker allows you to connect to your hosted/on-premise source code repositories to Mobb to perform the fix analysis.
Mobb broker allows you to easily commit fixes back into your source code repositories by automatically creating a Pull Request for your team to review.
Step 1 - Mobb Broker Client initiates a secure HTTPS tunnel connection to the Mobb Broker Server.
Step 2 - The optional HTTPS Proxy completes the tunnel creation. The tunnel is now ready to be used.
Step 3 - During a fix analysis, Mobb requests access to your GitLab/GitHub/ADO Repository to access source code to produce fixes. The bi-directional communication is facilitated by the tunnel created in Step 1 and Step 2.
Step 4 - Fixes are pushed to GitLab/GitHub/ADO as Pull Requests through the HTTPS tunnel.
Additional Notes:
For Steps 3 and 4, Mobb can only connect to designed servers (i.e. GitLab) as specified during the Broker client setup process.
End-users control the initiation of the tunnel creation process.
Mobb docker can be deployed on any machine with a docker host. Here is a sample docker command:
FRP_BROKER_SERVER_HOST
For the production server, set this to broker-app.mobb.ai
For single tenants, this is usually https://<SINGLE_TENANT_ID>.mobb.ai . If you are unclear, please consult your Mobb representative or reach out to us at support@mobb.ai.
FRP_BROKER_AUTH_TOKEN
Please consult your Mobb representative on the token value or reach out to us at support@mobb.ai
FRP_BROKERED_DOMAIN
Please consult your Mobb representative for the Brokered Domain UUID or reach out to us at support@mobb.ai
TARGET_SERVER_URL
Your target server URL, for example: https://your_internal_scm_server_address
HOST_HEADER_OVERWRITE
The same value as TARGET_SERRVER_URL with the https://, for example: your_internal_scm_server_address
(Optional) TARGET_DISABLE_CERT_VALIDATION
If you have a good public SSL certificate on the on-premise SCM server, then you can ignore this. If not, you can set this to "true" to disable certificate validation.
Navigate to ECS Task Definitions in the AWS Console.
Create a new task definition and select AWS Fargate as the launch type.
Set the following configurations for the task definition:
Container Name: Choose a suitable name for your container.
Image URI: Use the following Docker image URI: docker.io/mobbai/broker-frpc:latest.
For the ECS task execution IAM role configuration, here is a list of required permissions:
4. Configure the required Environment Variables as described in the section above.
FRP_BROKER_SERVER_HOST
FRP_BROKER_AUTH_TOKEN
FRP_BROKERED_DOMAIN
TARGET_SERVER_URL=https://YOUR_SCM_SERVER_ADDRESS
HOST_HEADER_OVERWRITE=YOUR_SCM_SERVER_ADDRESS
Optional settings:
You can also define the following proxy settings (FRP_PROXY_URL, TARGET_PROXY_URL) depending on your specific requirements
You can also set the environment variable TARGET_DISABLE_CERT_VALIDATION to true - if the SCM server doesn’t provide a trusted certificate
After completing the task definition setup, go to ECS Clusters.
Create a new cluster and select the task definition you just created.
