Added support for Unix Domain Sockets in Pomerium Reverse Proxy

[biru-codeastromer]

Fixes #6893

Changes Made:

• Updated documentation to include instructions for configuring Pomerium with Unix domain sockets.
• Modified config.yaml and docker-compose.yaml in the documentation of unix domain sockets part to demonstrate the new configuration.

Testing Done:

1. Initial Setup:

• Created and set up docker-compose.yaml with Jenkins and Pomerium configurations.
• Completed the Jenkins Setup Wizard by accessing http://localhost:8080.

2. Pomerium Configuration:

• Created config.yaml with placeholders for sensitive information.
• Generated a signing key using OpenSSL and added it to the config.yaml.

3. Integration and Running Services:

• Updated docker-compose.yaml to include Pomerium, linked with Jenkins using Unix domain sockets.
• Restarted services and verified access to Jenkins at https://jenkins.localhost.pomerium.io.

4. JWT Authentication:

• Installed JWT Auth and skip-certificate-check plugins in Jenkins.
• Configured JWT authentication in Manage Jenkins > Configure Global Security.

5. Verification:

• Verified JWT authentication by checking the user identity in the Jenkins dashboard.
• Inspected JWT claims at https://verify.localhost.pomerium.io.

6. Authorization Testing:

• Configured Jenkins authorization settings and verified permissions for different users.

7. Functionality Testing:

• Triggered builds in Jenkins to ensure proper communication via Unix domain sockets.

Please review and provide feedback.

Additional note -

Removed the version field from docker-compose.yaml as it is no longer required with newer versions of Docker Compose and caused errors during local testing.

[zbynek]

@biru-codeastromer Are you sure the communication goes through unix sockets and not the 8080 TCP port? I'd expect unix:///run/jenkins/jenkins.socket to come up in the config instead of http://jenkins:8080, but I have no experience with Pomerium.

@cmo-pomerium could you please review this?

[biru-codeastromer]

Thank you for your observation, @zbynek Sir!

I initially configured the route to use unix:///run/jenkins/jenkins.socket, as expected for Unix domain sockets. However, Pomerium returned the following error:

pomerium-1 -* error decoding 'routes[1]': unix:///run/jenkins/jenkins.socket: unix:///run/jenkins/jenkins.socket url does not contain a valid hostname

Due to this, I reverted to using http://jenkins:8080 as a fallback, which worked successfully for the integration. I suspect this might be a limitation or unsupported behavior in Pomerium when using Unix sockets.

If this fallback behavior is acceptable, I will document it explicitly in the PR. However, I would appreciate further input, especially from @cmo-pomerium, to confirm whether this is an expected limitation or if there's a recommended workaround to enable Unix domain socket communication.

Also Sir @kmartens27 may you please review and guide how to improve this .Thanks!
Looking forward to your feedback!

[biru-codeastromer]

Hi Sir @kmartens27 , so as of now ,I should wait for @cmo-pomerium review before proceeding any further?
Please let me know your thoughts !

[kmartens27]

We would need 100% certainty that the process is correct before adding it to the documentation. Until we get that confirmation then the PR will not be merged. In that spirit @biru-codeastromer I would hold off from proceeding further.

[biru-codeastromer]

We would need 100% certainty that the process is correct before adding it to the documentation. Until we get that confirmation then the PR will not be merged. In that spirit @biru-codeastromer I would hold off from proceeding further.

Okay @kmartens27 Sir , thanks for the confirmation !