# Mobb Broker

Mobb supports source code repositories (GitLab/GitHub/ADO) that are hosted in an on-premise environment by using the Mobb broker. The Mobb broker provides organizations with the following benefits:

* Mobb broker allows you to connect to your hosted/on-premise source code repositories to Mobb to perform the fix analysis.
* Mobb broker allows you to easily commit fixes back into your source code repositories by automatically creating a Pull Request for your team to review.

## Architecture

<figure><img src="/files/jni3MjCyr3XTfhp9LmhO" alt=""><figcaption></figcaption></figure>

* **Step 1** - Mobb Broker Client initiates a secure HTTPS tunnel connection to the Mobb Broker Server.
* **Step 2** - The optional HTTPS Proxy completes the tunnel creation. The tunnel is now ready to be used.
* **Step 3** - During a fix analysis, Mobb requests access to your GitLab/GitHub/ADO Repository to access source code to produce fixes. The bi-directional communication is facilitated by the tunnel created in Step 1 and Step 2.
* **Step 4** - Fixes are pushed to GitLab/GitHub/ADO as Pull Requests through the HTTPS tunnel.

Additional Notes:

* For Steps 3 and 4, Mobb can only connect to designed servers (i.e. GitLab) as specified during the Broker client setup process.
* End-users control the initiation of the tunnel creation process.

## Mobb Broker Installation Guide

### Sample Docker command

Mobb docker can be deployed on any machine with a docker host. Here is a sample docker command:

```
docker run --rm --pull=always --platform linux/amd64 --network="host" -d \
-e FRP_BROKER_SERVER_HOST='broker-app.mobb.ai' \
-e FRP_BROKER_AUTH_TOKEN='<YOUR_AUTH_TOKEN_HERE>' \
-e FRP_BROKERED_DOMAIN='<YOUR_BROKERED_DOMAIN_UUID_HERE>' \
-e TARGET_SERVER_URL='https://<YOUR_SCM_ADDRESS>' \
-e TARGET_DISABLE_CERT_VALIDATION='true' \
-e HOST_HEADER_OVERWRITE='<YOUR_SCM_ADDRESS>' \
--name frpc_multi-tenant_main mobbai/broker-frpc
```

### Explanation of the Environment Variables

**FRP\_BROKER\_SERVER\_HOST**

* For the production server, set this to `broker-app.mobb.ai`
* For single tenants, this is usually `https://<SINGLE_TENANT_ID>.mobb.ai` . If you are unclear, please consult your Mobb representative or reach out to us at <support@mobb.ai>.

**FRP\_BROKER\_AUTH\_TOKEN**

* Please consult your Mobb representative on the token value or reach out to us at <support@mobb.ai>

**FRP\_BROKERED\_DOMAIN**

* Please consult your Mobb representative for the Brokered Domain UUID or reach out to us at [support@mobb.a](mailto:support@mobb.ai)[i](mailto:support@mobb.ai)

**TARGET\_SERVER\_URL**

* Your target server URL, for example: `https://your_internal_scm_server_address`

**HOST\_HEADER\_OVERWRITE**

* The same value as TARGET\_SERRVER\_URL with the `https://`, for example: `your_internal_scm_server_address`

(Optional) **TARGET\_DISABLE\_CERT\_VALIDATION**

* If you have a good public SSL certificate on the on-premise SCM server, then you can ignore this. If not, you can set this to "true" to disable certificate validation.

### Specific set-up instructions for AWS ECS

1. Navigate to ECS Task Definitions in the AWS Console.
2. Create a new task definition and select AWS Fargate as the launch type.
3. Set the following configurations for the task definition:
   1. Container Name: Choose a suitable name for your container.
   2. Image URI: Use the following Docker image URI: [docker.io/mobbai/broker-frpc:latest](http://docker.io/mobbai/broker-frpc:latest).
   3. For the ECS task execution IAM role configuration, here is a list of required permissions:

```json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ecr:GetAuthorizationToken",
                "ecr:BatchCheckLayerAvailability",
                "ecr:GetDownloadUrlForLayer",
                "ecr:BatchGetImage",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ],
            "Resource": "*"
        }
    ]
}
```

4\. Configure the required Environment Variables as described in the section [above](#explanation-of-the-environment-variables).

* `FRP_BROKER_SERVER_HOST`
* `FRP_BROKER_AUTH_TOKEN`
* `FRP_BROKERED_DOMAIN`
* `TARGET_SERVER_URL=https://YOUR_SCM_SERVER_ADDRESS`
* `HOST_HEADER_OVERWRITE=YOUR_SCM_SERVER_ADDRESS`
* Optional settings:
  * You can also define the following proxy settings (`FRP_PROXY_URL`, `TARGET_PROXY_URL`) depending on your specific requirements
  * You can also set the environment variable `TARGET_DISABLE_CERT_VALIDATION` to `true` - if the SCM server doesn’t provide a trusted certificate

5. After completing the task definition setup, go to ECS Clusters.
6. Create a new cluster and select the task definition you just created.\\


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.mobb.ai/mobb-user-docs/more-info/mobb-broker.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.