Mobb Broker

Mobb supports source code repositories (GitLab/GitHub/ADO) that are hosted in an on-premise environment by using the Mobb broker. The Mobb broker provides organizations with the following benefits:

  • Mobb broker allows you to connect to your hosted/on-premise source code repositories to Mobb to perform the fix analysis.

  • Mobb broker allows you to easily commit fixes back into your source code repositories by automatically creating a Pull Request for your team to review.

Architecture

  • Step 1 - Mobb Broker Client initiates a secure HTTPS tunnel connection to the Mobb Broker Server.

  • Step 2 - The optional HTTPS Proxy completes the tunnel creation. The tunnel is now ready to be used.

  • Step 3 - During a fix analysis, Mobb requests access to your GitLab/GitHub/ADO Repository to access source code to produce fixes. The bi-directional communication is facilitated by the tunnel created in Step 1 and Step 2.

  • Step 4 - Fixes are pushed to GitLab/GitHub/ADO as Pull Requests through the HTTPS tunnel.

Additional Notes:

  • For Steps 3 and 4, Mobb can only connect to designed servers (i.e. GitLab) as specified during the Broker client setup process.

  • End-users control the initiation of the tunnel creation process.

Mobb Broker Installation Guide

Sample Docker command

Mobb docker can be deployed on any machine with a docker host. Here is a sample docker command:

docker run --rm --pull=always --platform linux/amd64 --network="host" -d \
-e FRP_BROKER_SERVER_HOST='broker-app.mobb.ai' \
-e FRP_BROKER_AUTH_TOKEN='<YOUR_AUTH_TOKEN_HERE>' \
-e FRP_BROKERED_DOMAIN='<YOUR_BROKERED_DOMAIN_UUID_HERE>' \
-e TARGET_SERVER_URL='https://<YOUR_SCM_ADDRESS>' \
-e TARGET_DISABLE_CERT_VALIDATION='true' \
-e HOST_HEADER_OVERWRITE='<YOUR_SCM_ADDRESS>' \
--name frpc_multi-tenant_main mobbai/broker-frpc

Explanation of the Environment Variables

FRP_BROKER_SERVER_HOST

  • For the production server, set this to broker-app.mobb.ai

  • For single tenants, this is usually https://<SINGLE_TENANT_ID>.mobb.ai . If you are unclear, please consult your Mobb representative or reach out to us at [email protected].

FRP_BROKER_AUTH_TOKEN

  • Please consult your Mobb representative on the token value or reach out to us at [email protected]

FRP_BROKERED_DOMAIN

  • Please consult your Mobb representative for the Brokered Domain UUID or reach out to us at [email protected]i

TARGET_SERVER_URL

  • Your target server URL, for example: https://your_internal_scm_server_address

HOST_HEADER_OVERWRITE

  • The same value as TARGET_SERRVER_URL with the https://, for example: your_internal_scm_server_address

(Optional) TARGET_DISABLE_CERT_VALIDATION

  • If you have a good public SSL certificate on the on-premise SCM server, then you can ignore this. If not, you can set this to "true" to disable certificate validation.

Specific set-up instructions for AWS ECS

  1. Navigate to ECS Task Definitions in the AWS Console.

  2. Create a new task definition and select AWS Fargate as the launch type.

  3. Set the following configurations for the task definition:

    1. Container Name: Choose a suitable name for your container.

    2. Image URI: Use the following Docker image URI: docker.io/mobbai/broker-frpc:latest.

    3. For the ECS task execution IAM role configuration, here is a list of required permissions:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ecr:GetAuthorizationToken",
                "ecr:BatchCheckLayerAvailability",
                "ecr:GetDownloadUrlForLayer",
                "ecr:BatchGetImage",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ],
            "Resource": "*"
        }
    ]
}

4. Configure the required Environment Variables as described in the section above.

  • FRP_BROKER_SERVER_HOST

  • FRP_BROKER_AUTH_TOKEN

  • FRP_BROKERED_DOMAIN

  • TARGET_SERVER_URL=https://YOUR_SCM_SERVER_ADDRESS

  • HOST_HEADER_OVERWRITE=YOUR_SCM_SERVER_ADDRESS

  • Optional settings:

    • You can also define the following proxy settings (FRP_PROXY_URL, TARGET_PROXY_URL) depending on your specific requirements

    • You can also set the environment variable TARGET_DISABLE_CERT_VALIDATION to true - if the SCM server doesn’t provide a trusted certificate

  1. After completing the task definition setup, go to ECS Clusters.

  2. Create a new cluster and select the task definition you just created.

Last updated

Was this helpful?