move service manager

2026-04-18 16:26:38 +00:00 · 2026-02-20 01:21:05 +01:00
parent d4d885d434
commit 3af287ebab
27 changed files with 267 additions and 264 deletions
--- a/management/internals/modules/reverseproxy/service/interface.go
+++ b/management/internals/modules/reverseproxy/service/interface.go
@@ -1,6 +1,6 @@
-package reverseproxy
+package service
-//go:generate go run github.com/golang/mock/mockgen -package reverseproxy -destination=interface_mock.go -source=./interface.go -build_flags=-mod=mod
+//go:generate go run github.com/golang/mock/mockgen -package service -destination=interface_mock.go -source=./interface.go -build_flags=-mod=mod
 import (
 	"context"
@@ -13,7 +13,7 @@ type Manager interface {
 	UpdateService(ctx context.Context, accountID, userID string, service *Service) (*Service, error)
 	DeleteService(ctx context.Context, accountID, userID, serviceID string) error
 	SetCertificateIssuedAt(ctx context.Context, accountID, serviceID string) error
-	SetStatus(ctx context.Context, accountID, serviceID string, status ProxyStatus) error
+	SetStatus(ctx context.Context, accountID, serviceID string, status Status) error
 	ReloadAllServicesForAccount(ctx context.Context, accountID string) error
 	ReloadService(ctx context.Context, accountID, serviceID string) error
 	GetGlobalServices(ctx context.Context) ([]*Service, error)
--- a/management/internals/modules/reverseproxy/service/interface_mock.go
+++ b/management/internals/modules/reverseproxy/service/interface_mock.go
@@ -1,8 +1,8 @@
 // Code generated by MockGen. DO NOT EDIT.
 // Source: ./interface.go
-// Package reverseproxy is a generated GoMock package.
+// Package service is a generated GoMock package.
-package reverseproxy
+package service
 import (
 	context "context"
@@ -196,7 +196,7 @@ func (mr *MockManagerMockRecorder) SetCertificateIssuedAt(ctx, accountID, servic
 }
 // SetStatus mocks base method.
-func (m *MockManager) SetStatus(ctx context.Context, accountID, serviceID string, status ProxyStatus) error {
+func (m *MockManager) SetStatus(ctx context.Context, accountID, serviceID string, status Status) error {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "SetStatus", ctx, accountID, serviceID, status)
 	ret0, _ := ret[0].(error)
--- a/management/internals/modules/reverseproxy/service/manager/api.go
+++ b/management/internals/modules/reverseproxy/service/manager/api.go
@@ -1,4 +1,4 @@
-package service
+package manager
 import (
 	"encoding/json"
@@ -6,10 +6,10 @@ import (
 	"github.com/gorilla/mux"
 	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy"
 	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy/accesslogs"
 	accesslogsmanager "github.com/netbirdio/netbird/management/internals/modules/reverseproxy/accesslogs/manager"
 	domainmanager "github.com/netbirdio/netbird/management/internals/modules/reverseproxy/domain/manager"
 	rpservice "github.com/netbirdio/netbird/management/internals/modules/reverseproxy/service"
 	nbcontext "github.com/netbirdio/netbird/management/server/context"
 	"github.com/netbirdio/netbird/shared/management/http/api"
 	"github.com/netbirdio/netbird/shared/management/http/util"
@@ -17,11 +17,11 @@ import (
 )
 type handler struct {
-	manager reverseproxy.Manager
+	manager rpservice.Manager
 }
 // RegisterEndpoints registers all service HTTP endpoints.
-func RegisterEndpoints(manager reverseproxy.Manager, domainManager domainmanager.Manager, accessLogsManager accesslogs.Manager, router *mux.Router) {
+func RegisterEndpoints(manager rpservice.Manager, domainManager domainmanager.Manager, accessLogsManager accesslogs.Manager, router *mux.Router) {
 	h := &handler{
 		manager: manager,
 	}
@@ -72,7 +72,7 @@ func (h *handler) createService(w http.ResponseWriter, r *http.Request) {
 		return
 	}
-	service := new(reverseproxy.Service)
+	service := new(rpservice.Service)
 	service.FromAPIRequest(&req, userAuth.AccountId)
 	if err = service.Validate(); err != nil {
@@ -130,7 +130,7 @@ func (h *handler) updateService(w http.ResponseWriter, r *http.Request) {
 		return
 	}
-	service := new(reverseproxy.Service)
+	service := new(rpservice.Service)
 	service.ID = serviceID
 	service.FromAPIRequest(&req, userAuth.AccountId)
--- a/management/internals/modules/reverseproxy/service/manager/manager.go
+++ b/management/internals/modules/reverseproxy/service/manager/manager.go
@@ -1,4 +1,4 @@
-package service
+package manager
 import (
 	"context"
@@ -7,7 +7,7 @@ import (
 	log "github.com/sirupsen/logrus"
-	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy"
+	rpservice "github.com/netbirdio/netbird/management/internals/modules/reverseproxy/service"
 	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy/sessionkey"
 	nbgrpc "github.com/netbirdio/netbird/management/internals/shared/grpc"
 	"github.com/netbirdio/netbird/management/server/account"
@@ -36,7 +36,7 @@ type Manager struct {
 }
 // NewManager creates a new service manager.
-func NewManager(store store.Store, accountManager account.Manager, permissionsManager permissions.Manager, proxyGRPCServer *nbgrpc.ProxyServiceServer, clusterDeriver ClusterDeriver) reverseproxy.Manager {
+func NewManager(store store.Store, accountManager account.Manager, permissionsManager permissions.Manager, proxyGRPCServer *nbgrpc.ProxyServiceServer, clusterDeriver ClusterDeriver) rpservice.Manager {
 	return &Manager{
 		store:              store,
 		accountManager:     accountManager,
@@ -46,7 +46,7 @@ func NewManager(store store.Store, accountManager account.Manager, permissionsMa
 	}
 }
-func (m *Manager) GetAllServices(ctx context.Context, accountID, userID string) ([]*reverseproxy.Service, error) {
+func (m *Manager) GetAllServices(ctx context.Context, accountID, userID string) ([]*rpservice.Service, error) {
 	ok, err := m.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, modules.Services, operations.Read)
 	if err != nil {
 		return nil, status.NewPermissionValidationError(err)
@@ -70,10 +70,10 @@ func (m *Manager) GetAllServices(ctx context.Context, accountID, userID string)
 	return services, nil
 }
-func (m *Manager) replaceHostByLookup(ctx context.Context, accountID string, service *reverseproxy.Service) error {
+func (m *Manager) replaceHostByLookup(ctx context.Context, accountID string, service *rpservice.Service) error {
 	for _, target := range service.Targets {
 		switch target.TargetType {
-		case reverseproxy.TargetTypePeer:
+		case rpservice.TargetTypePeer:
 			peer, err := m.store.GetPeerByID(ctx, store.LockingStrengthNone, accountID, target.TargetId)
 			if err != nil {
 				log.WithContext(ctx).Warnf("failed to get peer by id %s for service %s: %v", target.TargetId, service.ID, err)
@@ -81,7 +81,7 @@ func (m *Manager) replaceHostByLookup(ctx context.Context, accountID string, ser
 				continue
 			}
 			target.Host = peer.IP.String()
-		case reverseproxy.TargetTypeHost:
+		case rpservice.TargetTypeHost:
 			resource, err := m.store.GetNetworkResourceByID(ctx, store.LockingStrengthNone, accountID, target.TargetId)
 			if err != nil {
 				log.WithContext(ctx).Warnf("failed to get resource by id %s for service %s: %v", target.TargetId, service.ID, err)
@@ -89,7 +89,7 @@ func (m *Manager) replaceHostByLookup(ctx context.Context, accountID string, ser
 				continue
 			}
 			target.Host = resource.Prefix.Addr().String()
-		case reverseproxy.TargetTypeDomain:
+		case rpservice.TargetTypeDomain:
 			resource, err := m.store.GetNetworkResourceByID(ctx, store.LockingStrengthNone, accountID, target.TargetId)
 			if err != nil {
 				log.WithContext(ctx).Warnf("failed to get resource by id %s for service %s: %v", target.TargetId, service.ID, err)
@@ -97,7 +97,7 @@ func (m *Manager) replaceHostByLookup(ctx context.Context, accountID string, ser
 				continue
 			}
 			target.Host = resource.Domain
-		case reverseproxy.TargetTypeSubnet:
+		case rpservice.TargetTypeSubnet:
 			// For subnets we do not do any lookups on the resource
 		default:
 			return fmt.Errorf("unknown target type: %s", target.TargetType)
@@ -106,7 +106,7 @@ func (m *Manager) replaceHostByLookup(ctx context.Context, accountID string, ser
 	return nil
 }
-func (m *Manager) GetService(ctx context.Context, accountID, userID, serviceID string) (*reverseproxy.Service, error) {
+func (m *Manager) GetService(ctx context.Context, accountID, userID, serviceID string) (*rpservice.Service, error) {
 	ok, err := m.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, modules.Services, operations.Read)
 	if err != nil {
 		return nil, status.NewPermissionValidationError(err)
@@ -127,7 +127,7 @@ func (m *Manager) GetService(ctx context.Context, accountID, userID, serviceID s
 	return service, nil
 }
-func (m *Manager) CreateService(ctx context.Context, accountID, userID string, service *reverseproxy.Service) (*reverseproxy.Service, error) {
+func (m *Manager) CreateService(ctx context.Context, accountID, userID string, service *rpservice.Service) (*rpservice.Service, error) {
 	ok, err := m.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, modules.Services, operations.Create)
 	if err != nil {
 		return nil, status.NewPermissionValidationError(err)
@@ -151,14 +151,14 @@ func (m *Manager) CreateService(ctx context.Context, accountID, userID string, s
 		return nil, fmt.Errorf("failed to replace host by lookup for service %s: %w", service.ID, err)
 	}
-	m.SendServiceUpdateToCluster(accountID, service.ToProtoMapping(reverseproxy.Create, "", m.proxyGRPCServer.GetOIDCValidationConfig()), service.ProxyCluster)
+	m.SendServiceUpdateToCluster(accountID, service.ToProtoMapping(rpservice.Create, "", m.proxyGRPCServer.GetOIDCValidationConfig()), service.ProxyCluster)
 	m.accountManager.UpdateAccountPeers(ctx, accountID)
 	return service, nil
 }
-func (m *Manager) initializeServiceForCreate(ctx context.Context, accountID string, service *reverseproxy.Service) error {
+func (m *Manager) initializeServiceForCreate(ctx context.Context, accountID string, service *rpservice.Service) error {
 	if m.clusterDeriver != nil {
 		proxyCluster, err := m.clusterDeriver.DeriveClusterFromDomain(ctx, accountID, service.Domain)
 		if err != nil {
@@ -185,7 +185,7 @@ func (m *Manager) initializeServiceForCreate(ctx context.Context, accountID stri
 	return nil
 }
-func (m *Manager) persistNewService(ctx context.Context, accountID string, service *reverseproxy.Service) error {
+func (m *Manager) persistNewService(ctx context.Context, accountID string, service *rpservice.Service) error {
 	return m.store.ExecuteInTransaction(ctx, func(transaction store.Store) error {
 		if err := m.checkDomainAvailable(ctx, transaction, accountID, service.Domain, ""); err != nil {
 			return err
@@ -219,7 +219,7 @@ func (m *Manager) checkDomainAvailable(ctx context.Context, transaction store.St
 	return nil
 }
-func (m *Manager) UpdateService(ctx context.Context, accountID, userID string, service *reverseproxy.Service) (*reverseproxy.Service, error) {
+func (m *Manager) UpdateService(ctx context.Context, accountID, userID string, service *rpservice.Service) (*rpservice.Service, error) {
 	ok, err := m.permissionsManager.ValidateUserPermissions(ctx, accountID, userID, modules.Services, operations.Update)
 	if err != nil {
 		return nil, status.NewPermissionValidationError(err)
@@ -255,7 +255,7 @@ type serviceUpdateInfo struct {
 	serviceEnabledChanged bool
 }
-func (m *Manager) persistServiceUpdate(ctx context.Context, accountID string, service *reverseproxy.Service) (*serviceUpdateInfo, error) {
+func (m *Manager) persistServiceUpdate(ctx context.Context, accountID string, service *rpservice.Service) (*serviceUpdateInfo, error) {
 	var updateInfo serviceUpdateInfo
 	err := m.store.ExecuteInTransaction(ctx, func(transaction store.Store) error {
@@ -293,7 +293,7 @@ func (m *Manager) persistServiceUpdate(ctx context.Context, accountID string, se
 	return &updateInfo, err
 }
-func (m *Manager) handleDomainChange(ctx context.Context, transaction store.Store, accountID string, service *reverseproxy.Service) error {
+func (m *Manager) handleDomainChange(ctx context.Context, transaction store.Store, accountID string, service *rpservice.Service) error {
 	if err := m.checkDomainAvailable(ctx, transaction, accountID, service.Domain, service.ID); err != nil {
 		return err
 	}
@@ -310,7 +310,7 @@ func (m *Manager) handleDomainChange(ctx context.Context, transaction store.Stor
 	return nil
 }
-func (m *Manager) preserveExistingAuthSecrets(service, existingService *reverseproxy.Service) {
+func (m *Manager) preserveExistingAuthSecrets(service, existingService *rpservice.Service) {
 	if service.Auth.PasswordAuth != nil && service.Auth.PasswordAuth.Enabled &&
 		existingService.Auth.PasswordAuth != nil && existingService.Auth.PasswordAuth.Enabled &&
 		service.Auth.PasswordAuth.Password == "" {
@@ -328,40 +328,40 @@ func (m *Manager) SendServiceUpdateToCluster(accountID string, update *proto.Pro
 	m.proxyGRPCServer.SendServiceUpdateToCluster(update, clusterAddr)
 }
-func (m *Manager) preserveServiceMetadata(service, existingService *reverseproxy.Service) {
+func (m *Manager) preserveServiceMetadata(service, existingService *rpservice.Service) {
 	service.Meta = existingService.Meta
 	service.SessionPrivateKey = existingService.SessionPrivateKey
 	service.SessionPublicKey = existingService.SessionPublicKey
 }
-func (m *Manager) sendServiceUpdateNotifications(accountID string, service *reverseproxy.Service, updateInfo *serviceUpdateInfo) {
+func (m *Manager) sendServiceUpdateNotifications(accountID string, service *rpservice.Service, updateInfo *serviceUpdateInfo) {
 	oidcCfg := m.proxyGRPCServer.GetOIDCValidationConfig()
 	switch {
 	case updateInfo.domainChanged && updateInfo.oldCluster != service.ProxyCluster:
-		m.SendServiceUpdateToCluster(accountID, service.ToProtoMapping(reverseproxy.Delete, "", oidcCfg), updateInfo.oldCluster)
+		m.SendServiceUpdateToCluster(accountID, service.ToProtoMapping(rpservice.Delete, "", oidcCfg), updateInfo.oldCluster)
-		m.SendServiceUpdateToCluster(accountID, service.ToProtoMapping(reverseproxy.Create, "", oidcCfg), service.ProxyCluster)
+		m.SendServiceUpdateToCluster(accountID, service.ToProtoMapping(rpservice.Create, "", oidcCfg), service.ProxyCluster)
 	case !service.Enabled && updateInfo.serviceEnabledChanged:
-		m.SendServiceUpdateToCluster(accountID, service.ToProtoMapping(reverseproxy.Delete, "", oidcCfg), service.ProxyCluster)
+		m.SendServiceUpdateToCluster(accountID, service.ToProtoMapping(rpservice.Delete, "", oidcCfg), service.ProxyCluster)
 	case service.Enabled && updateInfo.serviceEnabledChanged:
-		m.SendServiceUpdateToCluster(accountID, service.ToProtoMapping(reverseproxy.Create, "", oidcCfg), service.ProxyCluster)
+		m.SendServiceUpdateToCluster(accountID, service.ToProtoMapping(rpservice.Create, "", oidcCfg), service.ProxyCluster)
 	default:
-		m.SendServiceUpdateToCluster(accountID, service.ToProtoMapping(reverseproxy.Update, "", oidcCfg), service.ProxyCluster)
+		m.SendServiceUpdateToCluster(accountID, service.ToProtoMapping(rpservice.Update, "", oidcCfg), service.ProxyCluster)
 	}
 }
 // validateTargetReferences checks that all target IDs reference existing peers or resources in the account.
-func validateTargetReferences(ctx context.Context, transaction store.Store, accountID string, targets []*reverseproxy.Target) error {
+func validateTargetReferences(ctx context.Context, transaction store.Store, accountID string, targets []*rpservice.Target) error {
 	for _, target := range targets {
 		switch target.TargetType {
-		case reverseproxy.TargetTypePeer:
+		case rpservice.TargetTypePeer:
 			if _, err := transaction.GetPeerByID(ctx, store.LockingStrengthShare, accountID, target.TargetId); err != nil {
 				if sErr, ok := status.FromError(err); ok && sErr.Type() == status.NotFound {
 					return status.Errorf(status.InvalidArgument, "peer target %q not found in account", target.TargetId)
 				}
 				return fmt.Errorf("look up peer target %q: %w", target.TargetId, err)
 			}
-		case reverseproxy.TargetTypeHost, reverseproxy.TargetTypeSubnet, reverseproxy.TargetTypeDomain:
+		case rpservice.TargetTypeHost, rpservice.TargetTypeSubnet, rpservice.TargetTypeDomain:
 			if _, err := transaction.GetNetworkResourceByID(ctx, store.LockingStrengthShare, accountID, target.TargetId); err != nil {
 				if sErr, ok := status.FromError(err); ok && sErr.Type() == status.NotFound {
 					return status.Errorf(status.InvalidArgument, "resource target %q not found in account", target.TargetId)
@@ -382,7 +382,7 @@ func (m *Manager) DeleteService(ctx context.Context, accountID, userID, serviceI
 		return status.NewPermissionDeniedError()
 	}
-	var service *reverseproxy.Service
+	var service *rpservice.Service
 	err = m.store.ExecuteInTransaction(ctx, func(transaction store.Store) error {
 		var err error
 		service, err = transaction.GetServiceByID(ctx, store.LockingStrengthUpdate, accountID, serviceID)
@@ -402,7 +402,7 @@ func (m *Manager) DeleteService(ctx context.Context, accountID, userID, serviceI
 	m.accountManager.StoreEvent(ctx, userID, serviceID, accountID, activity.ServiceDeleted, service.EventMeta())
-	m.SendServiceUpdateToCluster(accountID, service.ToProtoMapping(reverseproxy.Delete, "", m.proxyGRPCServer.GetOIDCValidationConfig()), service.ProxyCluster)
+	m.SendServiceUpdateToCluster(accountID, service.ToProtoMapping(rpservice.Delete, "", m.proxyGRPCServer.GetOIDCValidationConfig()), service.ProxyCluster)
 	m.accountManager.UpdateAccountPeers(ctx, accountID)
@@ -429,7 +429,7 @@ func (m *Manager) SetCertificateIssuedAt(ctx context.Context, accountID, service
 }
 // SetStatus updates the status of the service (e.g., "active", "tunnel_not_created", etc.)
-func (m *Manager) SetStatus(ctx context.Context, accountID, serviceID string, status reverseproxy.ProxyStatus) error {
+func (m *Manager) SetStatus(ctx context.Context, accountID, serviceID string, status rpservice.Status) error {
 	return m.store.ExecuteInTransaction(ctx, func(transaction store.Store) error {
 		service, err := transaction.GetServiceByID(ctx, store.LockingStrengthUpdate, accountID, serviceID)
 		if err != nil {
@@ -457,7 +457,7 @@ func (m *Manager) ReloadService(ctx context.Context, accountID, serviceID string
 		return fmt.Errorf("failed to replace host by lookup for service %s: %w", service.ID, err)
 	}
-	m.SendServiceUpdateToCluster(accountID, service.ToProtoMapping(reverseproxy.Update, "", m.proxyGRPCServer.GetOIDCValidationConfig()), service.ProxyCluster)
+	m.SendServiceUpdateToCluster(accountID, service.ToProtoMapping(rpservice.Update, "", m.proxyGRPCServer.GetOIDCValidationConfig()), service.ProxyCluster)
 	m.accountManager.UpdateAccountPeers(ctx, accountID)
@@ -475,13 +475,13 @@ func (m *Manager) ReloadAllServicesForAccount(ctx context.Context, accountID str
 		if err != nil {
 			return fmt.Errorf("failed to replace host by lookup for service %s: %w", service.ID, err)
 		}
-		m.SendServiceUpdateToCluster(accountID, service.ToProtoMapping(reverseproxy.Update, "", m.proxyGRPCServer.GetOIDCValidationConfig()), service.ProxyCluster)
+		m.SendServiceUpdateToCluster(accountID, service.ToProtoMapping(rpservice.Update, "", m.proxyGRPCServer.GetOIDCValidationConfig()), service.ProxyCluster)
 	}
 	return nil
 }
-func (m *Manager) GetGlobalServices(ctx context.Context) ([]*reverseproxy.Service, error) {
+func (m *Manager) GetGlobalServices(ctx context.Context) ([]*rpservice.Service, error) {
 	services, err := m.store.GetServices(ctx, store.LockingStrengthNone)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get services: %w", err)
@@ -497,7 +497,7 @@ func (m *Manager) GetGlobalServices(ctx context.Context) ([]*reverseproxy.Servic
 	return services, nil
 }
-func (m *Manager) GetServiceByID(ctx context.Context, accountID, serviceID string) (*reverseproxy.Service, error) {
+func (m *Manager) GetServiceByID(ctx context.Context, accountID, serviceID string) (*rpservice.Service, error) {
 	service, err := m.store.GetServiceByID(ctx, store.LockingStrengthNone, accountID, serviceID)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get service: %w", err)
@@ -511,7 +511,7 @@ func (m *Manager) GetServiceByID(ctx context.Context, accountID, serviceID strin
 	return service, nil
 }
-func (m *Manager) GetAccountServices(ctx context.Context, accountID string) ([]*reverseproxy.Service, error) {
+func (m *Manager) GetAccountServices(ctx context.Context, accountID string) ([]*rpservice.Service, error) {
 	services, err := m.store.GetAccountServices(ctx, store.LockingStrengthNone, accountID)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get services: %w", err)
--- a/management/internals/modules/reverseproxy/service/manager/manager_test.go
+++ b/management/internals/modules/reverseproxy/service/manager/manager_test.go
@@ -1,4 +1,4 @@
-package service
+package manager
 import (
 	"context"
@@ -10,7 +10,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy"
+	rpservice "github.com/netbirdio/netbird/management/internals/modules/reverseproxy/service"
 	"github.com/netbirdio/netbird/management/server/store"
 	"github.com/netbirdio/netbird/shared/management/status"
 )
@@ -24,9 +24,9 @@ func TestInitializeServiceForCreate(t *testing.T) {
 			clusterDeriver: nil,
 		}
-		service := &reverseproxy.Service{
+		service := &rpservice.Service{
 			Domain: "example.com",
-			Auth:   reverseproxy.AuthConfig{},
+			Auth:   rpservice.AuthConfig{},
 		}
 		err := mgr.initializeServiceForCreate(ctx, accountID, service)
@@ -44,8 +44,8 @@ func TestInitializeServiceForCreate(t *testing.T) {
 			clusterDeriver: nil,
 		}
-		service1 := &reverseproxy.Service{Domain: "test1.com", Auth: reverseproxy.AuthConfig{}}
+		service1 := &rpservice.Service{Domain: "test1.com", Auth: rpservice.AuthConfig{}}
-		service2 := &reverseproxy.Service{Domain: "test2.com", Auth: reverseproxy.AuthConfig{}}
+		service2 := &rpservice.Service{Domain: "test2.com", Auth: rpservice.AuthConfig{}}
 		err1 := mgr.initializeServiceForCreate(ctx, accountID, service1)
 		err2 := mgr.initializeServiceForCreate(ctx, accountID, service2)
@@ -87,7 +87,7 @@ func TestCheckDomainAvailable(t *testing.T) {
 			setupMock: func(ms *store.MockStore) {
 				ms.EXPECT().
 					GetServiceByDomain(ctx, accountID, "exists.com").
-					Return(&reverseproxy.Service{ID: "existing-id", Domain: "exists.com"}, nil)
+					Return(&rpservice.Service{ID: "existing-id", Domain: "exists.com"}, nil)
 			},
 			expectedError: true,
 			errorType:     status.AlreadyExists,
@@ -99,7 +99,7 @@ func TestCheckDomainAvailable(t *testing.T) {
 			setupMock: func(ms *store.MockStore) {
 				ms.EXPECT().
 					GetServiceByDomain(ctx, accountID, "exists.com").
-					Return(&reverseproxy.Service{ID: "service-123", Domain: "exists.com"}, nil)
+					Return(&rpservice.Service{ID: "service-123", Domain: "exists.com"}, nil)
 			},
 			expectedError: false,
 		},
@@ -110,7 +110,7 @@ func TestCheckDomainAvailable(t *testing.T) {
 			setupMock: func(ms *store.MockStore) {
 				ms.EXPECT().
 					GetServiceByDomain(ctx, accountID, "exists.com").
-					Return(&reverseproxy.Service{ID: "service-123", Domain: "exists.com"}, nil)
+					Return(&rpservice.Service{ID: "service-123", Domain: "exists.com"}, nil)
 			},
 			expectedError: true,
 			errorType:     status.AlreadyExists,
@@ -179,7 +179,7 @@ func TestCheckDomainAvailable_EdgeCases(t *testing.T) {
 		mockStore := store.NewMockStore(ctrl)
 		mockStore.EXPECT().
 			GetServiceByDomain(ctx, accountID, "test.com").
-			Return(&reverseproxy.Service{ID: "some-id", Domain: "test.com"}, nil)
+			Return(&rpservice.Service{ID: "some-id", Domain: "test.com"}, nil)
 		mgr := &Manager{}
 		err := mgr.checkDomainAvailable(ctx, mockStore, accountID, "test.com", "")
@@ -215,10 +215,10 @@ func TestPersistNewService(t *testing.T) {
 		defer ctrl.Finish()
 		mockStore := store.NewMockStore(ctrl)
-		service := &reverseproxy.Service{
+		service := &rpservice.Service{
 			ID:      "service-123",
 			Domain:  "new.com",
-			Targets: []*reverseproxy.Target{},
+			Targets: []*rpservice.Target{},
 		}
 		// Mock ExecuteInTransaction to execute the function immediately
@@ -248,10 +248,10 @@ func TestPersistNewService(t *testing.T) {
 		defer ctrl.Finish()
 		mockStore := store.NewMockStore(ctrl)
-		service := &reverseproxy.Service{
+		service := &rpservice.Service{
 			ID:      "service-123",
 			Domain:  "existing.com",
-			Targets: []*reverseproxy.Target{},
+			Targets: []*rpservice.Target{},
 		}
 		mockStore.EXPECT().
@@ -260,7 +260,7 @@ func TestPersistNewService(t *testing.T) {
 				txMock := store.NewMockStore(ctrl)
 				txMock.EXPECT().
 					GetServiceByDomain(ctx, accountID, "existing.com").
-					Return(&reverseproxy.Service{ID: "other-id", Domain: "existing.com"}, nil)
+					Return(&rpservice.Service{ID: "other-id", Domain: "existing.com"}, nil)
 				return fn(txMock)
 			})
@@ -278,18 +278,18 @@ func TestPreserveExistingAuthSecrets(t *testing.T) {
 	mgr := &Manager{}
 	t.Run("preserve password when empty", func(t *testing.T) {
-		existing := &reverseproxy.Service{
+		existing := &rpservice.Service{
-			Auth: reverseproxy.AuthConfig{
+			Auth: rpservice.AuthConfig{
-				PasswordAuth: &reverseproxy.PasswordAuthConfig{
+				PasswordAuth: &rpservice.PasswordAuthConfig{
 					Enabled:  true,
 					Password: "hashed-password",
 				},
 			},
 		}
-		updated := &reverseproxy.Service{
+		updated := &rpservice.Service{
-			Auth: reverseproxy.AuthConfig{
+			Auth: rpservice.AuthConfig{
-				PasswordAuth: &reverseproxy.PasswordAuthConfig{
+				PasswordAuth: &rpservice.PasswordAuthConfig{
 					Enabled:  true,
 					Password: "",
 				},
@@ -302,18 +302,18 @@ func TestPreserveExistingAuthSecrets(t *testing.T) {
 	})
 	t.Run("preserve pin when empty", func(t *testing.T) {
-		existing := &reverseproxy.Service{
+		existing := &rpservice.Service{
-			Auth: reverseproxy.AuthConfig{
+			Auth: rpservice.AuthConfig{
-				PinAuth: &reverseproxy.PINAuthConfig{
+				PinAuth: &rpservice.PINAuthConfig{
 					Enabled: true,
 					Pin:     "hashed-pin",
 				},
 			},
 		}
-		updated := &reverseproxy.Service{
+		updated := &rpservice.Service{
-			Auth: reverseproxy.AuthConfig{
+			Auth: rpservice.AuthConfig{
-				PinAuth: &reverseproxy.PINAuthConfig{
+				PinAuth: &rpservice.PINAuthConfig{
 					Enabled: true,
 					Pin:     "",
 				},
@@ -326,18 +326,18 @@ func TestPreserveExistingAuthSecrets(t *testing.T) {
 	})
 	t.Run("do not preserve when password is provided", func(t *testing.T) {
-		existing := &reverseproxy.Service{
+		existing := &rpservice.Service{
-			Auth: reverseproxy.AuthConfig{
+			Auth: rpservice.AuthConfig{
-				PasswordAuth: &reverseproxy.PasswordAuthConfig{
+				PasswordAuth: &rpservice.PasswordAuthConfig{
 					Enabled:  true,
 					Password: "old-password",
 				},
 			},
 		}
-		updated := &reverseproxy.Service{
+		updated := &rpservice.Service{
-			Auth: reverseproxy.AuthConfig{
+			Auth: rpservice.AuthConfig{
-				PasswordAuth: &reverseproxy.PasswordAuthConfig{
+				PasswordAuth: &rpservice.PasswordAuthConfig{
 					Enabled:  true,
 					Password: "new-password",
 				},
@@ -354,8 +354,8 @@ func TestPreserveExistingAuthSecrets(t *testing.T) {
 func TestPreserveServiceMetadata(t *testing.T) {
 	mgr := &Manager{}
-	existing := &reverseproxy.Service{
+	existing := &rpservice.Service{
-		Meta: reverseproxy.ServiceMeta{
+		Meta: rpservice.ServiceMeta{
 			CertificateIssuedAt: time.Now(),
 			Status:              "active",
 		},
@@ -363,7 +363,7 @@ func TestPreserveServiceMetadata(t *testing.T) {
 		SessionPublicKey:  "public-key",
 	}
-	updated := &reverseproxy.Service{
+	updated := &rpservice.Service{
 		Domain: "updated.com",
 	}
--- a/management/internals/modules/reverseproxy/service/service.go
+++ b/management/internals/modules/reverseproxy/service/service.go
@@ -1,4 +1,4 @@
-package reverseproxy
+package service
 import (
 	"errors"
@@ -26,15 +26,15 @@ const (
 	Delete Operation = "delete"
 )
-type ProxyStatus string
+type Status string
 const (
-	StatusPending            ProxyStatus = "pending"
+	StatusPending            Status = "pending"
-	StatusActive             ProxyStatus = "active"
+	StatusActive             Status = "active"
-	StatusTunnelNotCreated   ProxyStatus = "tunnel_not_created"
+	StatusTunnelNotCreated   Status = "tunnel_not_created"
-	StatusCertificatePending ProxyStatus = "certificate_pending"
+	StatusCertificatePending Status = "certificate_pending"
-	StatusCertificateFailed  ProxyStatus = "certificate_failed"
+	StatusCertificateFailed  Status = "certificate_failed"
-	StatusError              ProxyStatus = "error"
+	StatusError              Status = "error"
 	TargetTypePeer   = "peer"
 	TargetTypeHost   = "host"
--- a/management/internals/modules/reverseproxy/service/service_test.go
+++ b/management/internals/modules/reverseproxy/service/service_test.go
@@ -1,4 +1,4 @@
-package reverseproxy
+package service
 import (
 	"errors"
--- a/management/internals/server/boot.go
+++ b/management/internals/server/boot.go
@@ -94,7 +94,7 @@ func (s *BaseServer) EventStore() activity.Store {
 func (s *BaseServer) APIHandler() http.Handler {
 	return Create(s, func() http.Handler {
-		httpAPIHandler, err := nbhttp.NewAPIHandler(context.Background(), s.AccountManager(), s.NetworksManager(), s.ResourcesManager(), s.RoutesManager(), s.GroupsManager(), s.GeoLocationManager(), s.AuthManager(), s.Metrics(), s.IntegratedValidator(), s.ProxyController(), s.PermissionsManager(), s.PeersManager(), s.SettingsManager(), s.ZonesManager(), s.RecordsManager(), s.NetworkMapController(), s.IdpManager(), s.ReverseProxyManager(), s.ReverseProxyDomainManager(), s.AccessLogsManager(), s.ReverseProxyGRPCServer(), s.Config.ReverseProxy.TrustedHTTPProxies)
+		httpAPIHandler, err := nbhttp.NewAPIHandler(context.Background(), s.AccountManager(), s.NetworksManager(), s.ResourcesManager(), s.RoutesManager(), s.GroupsManager(), s.GeoLocationManager(), s.AuthManager(), s.Metrics(), s.IntegratedValidator(), s.ProxyController(), s.PermissionsManager(), s.PeersManager(), s.SettingsManager(), s.ZonesManager(), s.RecordsManager(), s.NetworkMapController(), s.IdpManager(), s.ServiceManager(), s.ReverseProxyDomainManager(), s.AccessLogsManager(), s.ReverseProxyGRPCServer(), s.Config.ReverseProxy.TrustedHTTPProxies)
 		if err != nil {
 			log.Fatalf("failed to create API handler: %v", err)
 		}
@@ -165,7 +165,7 @@ func (s *BaseServer) ReverseProxyGRPCServer() *nbgrpc.ProxyServiceServer {
 	return Create(s, func() *nbgrpc.ProxyServiceServer {
 		proxyService := nbgrpc.NewProxyServiceServer(s.AccessLogsManager(), s.ProxyTokenStore(), s.proxyOIDCConfig(), s.PeersManager(), s.UsersManager(), s.ProxyManager())
 		s.AfterInit(func(s *BaseServer) {
-			proxyService.SetProxyManager(s.ReverseProxyManager())
+			proxyService.SetProxyManager(s.ServiceManager())
 		})
 		return proxyService
 	})
--- a/management/internals/server/modules.go
+++ b/management/internals/server/modules.go
@@ -8,11 +8,11 @@ import (
 	"github.com/netbirdio/management-integrations/integrations"
 	"github.com/netbirdio/netbird/management/internals/modules/peers"
 	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy"
 	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy/domain/manager"
 	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy/proxy"
 	proxymanager "github.com/netbirdio/netbird/management/internals/modules/reverseproxy/proxy/manager"
-	nbreverseproxy "github.com/netbirdio/netbird/management/internals/modules/reverseproxy/service"
+	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy/service"
 	nbreverseproxy "github.com/netbirdio/netbird/management/internals/modules/reverseproxy/service/manager"
 	"github.com/netbirdio/netbird/management/internals/modules/zones"
 	zonesManager "github.com/netbirdio/netbird/management/internals/modules/zones/manager"
 	"github.com/netbirdio/netbird/management/internals/modules/zones/records"
@@ -105,7 +105,7 @@ func (s *BaseServer) AccountManager() account.Manager {
 		}
 		s.AfterInit(func(s *BaseServer) {
-			accountManager.SetServiceManager(s.ReverseProxyManager())
+			accountManager.SetServiceManager(s.ServiceManager())
 		})
 		return accountManager
@@ -164,7 +164,7 @@ func (s *BaseServer) GroupsManager() groups.Manager {
 func (s *BaseServer) ResourcesManager() resources.Manager {
 	return Create(s, func() resources.Manager {
-		return resources.NewManager(s.Store(), s.PermissionsManager(), s.GroupsManager(), s.AccountManager(), s.ReverseProxyManager())
+		return resources.NewManager(s.Store(), s.PermissionsManager(), s.GroupsManager(), s.AccountManager(), s.ServiceManager())
 	})
 }
@@ -192,8 +192,8 @@ func (s *BaseServer) RecordsManager() records.Manager {
 	})
 }
-func (s *BaseServer) ReverseProxyManager() reverseproxy.Manager {
+func (s *BaseServer) ServiceManager() service.Manager {
-	return Create(s, func() reverseproxy.Manager {
+	return Create(s, func() service.Manager {
 		return nbreverseproxy.NewManager(s.Store(), s.AccountManager(), s.PermissionsManager(), s.ReverseProxyGRPCServer(), s.ReverseProxyDomainManager())
 	})
 }
--- a/management/internals/shared/grpc/proxy.go
+++ b/management/internals/shared/grpc/proxy.go
@@ -24,9 +24,9 @@ import (
 	"github.com/netbirdio/netbird/shared/management/domain"
 	"github.com/netbirdio/netbird/management/internals/modules/peers"
 	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy"
 	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy/accesslogs"
 	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy/proxy"
 	rpservice "github.com/netbirdio/netbird/management/internals/modules/reverseproxy/service"
 	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy/sessionkey"
 	"github.com/netbirdio/netbird/management/server/types"
 	"github.com/netbirdio/netbird/management/server/users"
@@ -69,7 +69,7 @@ type ProxyServiceServer struct {
 	accessLogManager accesslogs.Manager
 	// Manager for reverse proxy operations
-	reverseProxyManager reverseproxy.Manager
+	serviceManager rpservice.Manager
 	// Manager for proxy connections
 	proxyManager proxy.Manager
@@ -169,8 +169,8 @@ func (s *ProxyServiceServer) Close() {
 	s.pkceCleanupCancel()
 }
-func (s *ProxyServiceServer) SetProxyManager(manager reverseproxy.Manager) {
+func (s *ProxyServiceServer) SetProxyManager(manager rpservice.Manager) {
-	s.reverseProxyManager = manager
+	s.serviceManager = manager
 }
 // GetMappingUpdate handles the control stream with proxy clients
@@ -268,7 +268,7 @@ func (s *ProxyServiceServer) heartbeat(ctx context.Context, proxyID string) {
 // sendSnapshot sends the initial snapshot of services to the connecting proxy.
 // Only services matching the proxy's cluster address are sent.
 func (s *ProxyServiceServer) sendSnapshot(ctx context.Context, conn *proxyConnection) error {
-	services, err := s.reverseProxyManager.GetGlobalServices(ctx)
+	services, err := s.serviceManager.GetGlobalServices(ctx)
 	if err != nil {
 		return fmt.Errorf("get services from store: %w", err)
 	}
@@ -277,7 +277,7 @@ func (s *ProxyServiceServer) sendSnapshot(ctx context.Context, conn *proxyConnec
 		return fmt.Errorf("proxy address is invalid")
 	}
-	var filtered []*reverseproxy.Service
+	var filtered []*rpservice.Service
 	for _, service := range services {
 		if !service.Enabled {
 			continue
@@ -312,7 +312,7 @@ func (s *ProxyServiceServer) sendSnapshot(ctx context.Context, conn *proxyConnec
 		if err := conn.stream.Send(&proto.GetMappingUpdateResponse{
 			Mapping: []*proto.ProxyMapping{
 				service.ToProtoMapping(
-					reverseproxy.Create, // Initial snapshot, all records are "new" for the proxy.
+					rpservice.Create, // Initial snapshot, all records are "new" for the proxy.
 					token,
 					s.GetOIDCValidationConfig(),
 				),
@@ -540,7 +540,7 @@ func shallowCloneMapping(m *proto.ProxyMapping) *proto.ProxyMapping {
 }
 func (s *ProxyServiceServer) Authenticate(ctx context.Context, req *proto.AuthenticateRequest) (*proto.AuthenticateResponse, error) {
-	service, err := s.reverseProxyManager.GetServiceByID(ctx, req.GetAccountId(), req.GetId())
+	service, err := s.serviceManager.GetServiceByID(ctx, req.GetAccountId(), req.GetId())
 	if err != nil {
 		log.WithContext(ctx).Debugf("failed to get service from store: %v", err)
 		return nil, status.Errorf(codes.FailedPrecondition, "get service from store: %v", err)
@@ -559,7 +559,7 @@ func (s *ProxyServiceServer) Authenticate(ctx context.Context, req *proto.Authen
 	}, nil
 }
-func (s *ProxyServiceServer) authenticateRequest(ctx context.Context, req *proto.AuthenticateRequest, service *reverseproxy.Service) (bool, string, proxyauth.Method) {
+func (s *ProxyServiceServer) authenticateRequest(ctx context.Context, req *proto.AuthenticateRequest, service *rpservice.Service) (bool, string, proxyauth.Method) {
 	switch v := req.GetRequest().(type) {
 	case *proto.AuthenticateRequest_Pin:
 		return s.authenticatePIN(ctx, req.GetId(), v, service.Auth.PinAuth)
@@ -570,7 +570,7 @@ func (s *ProxyServiceServer) authenticateRequest(ctx context.Context, req *proto
 	}
 }
-func (s *ProxyServiceServer) authenticatePIN(ctx context.Context, serviceID string, req *proto.AuthenticateRequest_Pin, auth *reverseproxy.PINAuthConfig) (bool, string, proxyauth.Method) {
+func (s *ProxyServiceServer) authenticatePIN(ctx context.Context, serviceID string, req *proto.AuthenticateRequest_Pin, auth *rpservice.PINAuthConfig) (bool, string, proxyauth.Method) {
 	if auth == nil || !auth.Enabled {
 		log.WithContext(ctx).Debugf("PIN authentication attempted but not enabled for service %s", serviceID)
 		return false, "", ""
@@ -584,7 +584,7 @@ func (s *ProxyServiceServer) authenticatePIN(ctx context.Context, serviceID stri
 	return true, "pin-user", proxyauth.MethodPIN
 }
-func (s *ProxyServiceServer) authenticatePassword(ctx context.Context, serviceID string, req *proto.AuthenticateRequest_Password, auth *reverseproxy.PasswordAuthConfig) (bool, string, proxyauth.Method) {
+func (s *ProxyServiceServer) authenticatePassword(ctx context.Context, serviceID string, req *proto.AuthenticateRequest_Password, auth *rpservice.PasswordAuthConfig) (bool, string, proxyauth.Method) {
 	if auth == nil || !auth.Enabled {
 		log.WithContext(ctx).Debugf("password authentication attempted but not enabled for service %s", serviceID)
 		return false, "", ""
@@ -606,7 +606,7 @@ func (s *ProxyServiceServer) logAuthenticationError(ctx context.Context, err err
 	}
 }
-func (s *ProxyServiceServer) generateSessionToken(ctx context.Context, authenticated bool, service *reverseproxy.Service, userId string, method proxyauth.Method) (string, error) {
+func (s *ProxyServiceServer) generateSessionToken(ctx context.Context, authenticated bool, service *rpservice.Service, userId string, method proxyauth.Method) (string, error) {
 	if !authenticated || service.SessionPrivateKey == "" {
 		return "", nil
 	}
@@ -646,7 +646,7 @@ func (s *ProxyServiceServer) SendStatusUpdate(ctx context.Context, req *proto.Se
 	}
 	if certificateIssued {
-		if err := s.reverseProxyManager.SetCertificateIssuedAt(ctx, accountID, serviceID); err != nil {
+		if err := s.serviceManager.SetCertificateIssuedAt(ctx, accountID, serviceID); err != nil {
 			log.WithContext(ctx).WithError(err).Error("failed to set certificate issued timestamp")
 			return nil, status.Errorf(codes.Internal, "update certificate timestamp: %v", err)
 		}
@@ -658,7 +658,7 @@ func (s *ProxyServiceServer) SendStatusUpdate(ctx context.Context, req *proto.Se
 	internalStatus := protoStatusToInternal(protoStatus)
-	if err := s.reverseProxyManager.SetStatus(ctx, accountID, serviceID, internalStatus); err != nil {
+	if err := s.serviceManager.SetStatus(ctx, accountID, serviceID, internalStatus); err != nil {
 		log.WithContext(ctx).WithError(err).Error("failed to update service status")
 		return nil, status.Errorf(codes.Internal, "update service status: %v", err)
 	}
@@ -673,22 +673,22 @@ func (s *ProxyServiceServer) SendStatusUpdate(ctx context.Context, req *proto.Se
 }
 // protoStatusToInternal maps proto status to internal status
-func protoStatusToInternal(protoStatus proto.ProxyStatus) reverseproxy.ProxyStatus {
+func protoStatusToInternal(protoStatus proto.ProxyStatus) rpservice.Status {
 	switch protoStatus {
 	case proto.ProxyStatus_PROXY_STATUS_PENDING:
-		return reverseproxy.StatusPending
+		return rpservice.StatusPending
 	case proto.ProxyStatus_PROXY_STATUS_ACTIVE:
-		return reverseproxy.StatusActive
+		return rpservice.StatusActive
 	case proto.ProxyStatus_PROXY_STATUS_TUNNEL_NOT_CREATED:
-		return reverseproxy.StatusTunnelNotCreated
+		return rpservice.StatusTunnelNotCreated
 	case proto.ProxyStatus_PROXY_STATUS_CERTIFICATE_PENDING:
-		return reverseproxy.StatusCertificatePending
+		return rpservice.StatusCertificatePending
 	case proto.ProxyStatus_PROXY_STATUS_CERTIFICATE_FAILED:
-		return reverseproxy.StatusCertificateFailed
+		return rpservice.StatusCertificateFailed
 	case proto.ProxyStatus_PROXY_STATUS_ERROR:
-		return reverseproxy.StatusError
+		return rpservice.StatusError
 	default:
-		return reverseproxy.StatusError
+		return rpservice.StatusError
 	}
 }
@@ -753,7 +753,7 @@ func (s *ProxyServiceServer) GetOIDCURL(ctx context.Context, req *proto.GetOIDCU
 		return nil, status.Errorf(codes.InvalidArgument, "parse redirect url: %v", err)
 	}
 	// Validate redirectURL against known service endpoints to avoid abuse of OIDC redirection.
-	services, err := s.reverseProxyManager.GetAccountServices(ctx, req.GetAccountId())
+	services, err := s.serviceManager.GetAccountServices(ctx, req.GetAccountId())
 	if err != nil {
 		log.WithContext(ctx).Errorf("failed to get account services: %v", err)
 		return nil, status.Errorf(codes.FailedPrecondition, "get account services: %v", err)
@@ -816,8 +816,8 @@ func (s *ProxyServiceServer) GetOIDCConfig() ProxyOIDCConfig {
 // GetOIDCValidationConfig returns the OIDC configuration for token validation
 // in the format needed by ToProtoMapping.
-func (s *ProxyServiceServer) GetOIDCValidationConfig() reverseproxy.OIDCValidationConfig {
+func (s *ProxyServiceServer) GetOIDCValidationConfig() rpservice.OIDCValidationConfig {
-	return reverseproxy.OIDCValidationConfig{
+	return rpservice.OIDCValidationConfig{
 		Issuer:             s.oidcConfig.Issuer,
 		Audiences:          []string{s.oidcConfig.Audience},
 		KeysLocation:       s.oidcConfig.KeysLocation,
@@ -876,12 +876,12 @@ func (s *ProxyServiceServer) ValidateState(state string) (verifier, redirectURL
 // GenerateSessionToken creates a signed session JWT for the given domain and user.
 func (s *ProxyServiceServer) GenerateSessionToken(ctx context.Context, domain, userID string, method proxyauth.Method) (string, error) {
 	// Find the service by domain to get its signing key
-	services, err := s.reverseProxyManager.GetGlobalServices(ctx)
+	services, err := s.serviceManager.GetGlobalServices(ctx)
 	if err != nil {
 		return "", fmt.Errorf("get services: %w", err)
 	}
-	var service *reverseproxy.Service
+	var service *rpservice.Service
 	for _, svc := range services {
 		if svc.Domain == domain {
 			service = svc
@@ -947,8 +947,8 @@ func (s *ProxyServiceServer) ValidateUserGroupAccess(ctx context.Context, domain
 	return fmt.Errorf("user %s not in allowed groups for domain %s", user.Id, domain)
 }
-func (s *ProxyServiceServer) getAccountServiceByDomain(ctx context.Context, accountID, domain string) (*reverseproxy.Service, error) {
+func (s *ProxyServiceServer) getAccountServiceByDomain(ctx context.Context, accountID, domain string) (*rpservice.Service, error) {
-	services, err := s.reverseProxyManager.GetAccountServices(ctx, accountID)
+	services, err := s.serviceManager.GetAccountServices(ctx, accountID)
 	if err != nil {
 		return nil, fmt.Errorf("get account services: %w", err)
 	}
@@ -1069,8 +1069,8 @@ func (s *ProxyServiceServer) ValidateSession(ctx context.Context, req *proto.Val
 	}, nil
 }
-func (s *ProxyServiceServer) getServiceByDomain(ctx context.Context, domain string) (*reverseproxy.Service, error) {
+func (s *ProxyServiceServer) getServiceByDomain(ctx context.Context, domain string) (*rpservice.Service, error) {
-	services, err := s.reverseProxyManager.GetGlobalServices(ctx)
+	services, err := s.serviceManager.GetGlobalServices(ctx)
 	if err != nil {
 		return nil, fmt.Errorf("get services: %w", err)
 	}
@@ -1084,7 +1084,7 @@ func (s *ProxyServiceServer) getServiceByDomain(ctx context.Context, domain stri
 	return nil, fmt.Errorf("service not found for domain: %s", domain)
 }
-func (s *ProxyServiceServer) checkGroupAccess(service *reverseproxy.Service, user *types.User) error {
+func (s *ProxyServiceServer) checkGroupAccess(service *rpservice.Service, user *types.User) error {
 	if service.Auth.BearerAuth == nil || !service.Auth.BearerAuth.Enabled {
 		return nil
 	}
--- a/management/internals/shared/grpc/proxy_group_access_test.go
+++ b/management/internals/shared/grpc/proxy_group_access_test.go
@@ -283,7 +283,7 @@ func TestValidateUserGroupAccess(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			server := &ProxyServiceServer{
-				reverseProxyManager: &mockReverseProxyManager{
+				serviceManager: &mockReverseProxyManager{
 					proxiesByAccount: tt.proxiesByAccount,
 					err:              tt.proxyErr,
 				},
@@ -360,7 +360,7 @@ func TestGetAccountProxyByDomain(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			server := &ProxyServiceServer{
-				reverseProxyManager: &mockReverseProxyManager{
+				serviceManager: &mockReverseProxyManager{
 					proxiesByAccount: tt.proxiesByAccount,
 					err:              tt.err,
 				},
--- a/management/server/account.go
+++ b/management/server/account.go
@@ -15,7 +15,7 @@ import (
 	"sync"
 	"time"
-	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy"
+	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy/service"
 	"github.com/netbirdio/netbird/management/server/job"
 	"github.com/netbirdio/netbird/shared/auth"
@@ -83,9 +83,9 @@ type DefaultAccountManager struct {
 	requestBuffer *AccountRequestBuffer
-	proxyController     port_forwarding.Controller
+	proxyController port_forwarding.Controller
-	settingsManager     settings.Manager
+	settingsManager settings.Manager
-	reverseProxyManager reverseproxy.Manager
+	serviceManager  service.Manager
 	// config contains the management server configuration
 	config *nbconfig.Config
@@ -115,8 +115,8 @@ type DefaultAccountManager struct {
 var _ account.Manager = (*DefaultAccountManager)(nil)
-func (am *DefaultAccountManager) SetServiceManager(serviceManager reverseproxy.Manager) {
+func (am *DefaultAccountManager) SetServiceManager(serviceManager service.Manager) {
-	am.reverseProxyManager = serviceManager
+	am.serviceManager = serviceManager
 }
 func isUniqueConstraintError(err error) bool {
@@ -394,7 +394,7 @@ func (am *DefaultAccountManager) UpdateAccountSettings(ctx context.Context, acco
 		am.StoreEvent(ctx, userID, accountID, accountID, activity.AccountNetworkRangeUpdated, eventMeta)
 	}
 	if reloadReverseProxy {
-		if err = am.reverseProxyManager.ReloadAllServicesForAccount(ctx, accountID); err != nil {
+		if err = am.serviceManager.ReloadAllServicesForAccount(ctx, accountID); err != nil {
 			log.WithContext(ctx).Warnf("failed to reload all services for account %s: %v", accountID, err)
 		}
 	}
--- a/management/server/account/manager.go
+++ b/management/server/account/manager.go
@@ -6,7 +6,7 @@ import (
 	"net/netip"
 	"time"
-	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy"
+	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy/service"
 	"github.com/netbirdio/netbird/shared/auth"
 	nbdns "github.com/netbirdio/netbird/dns"
@@ -140,5 +140,5 @@ type Manager interface {
 	CreatePeerJob(ctx context.Context, accountID, peerID, userID string, job *types.Job) error
 	GetAllPeerJobs(ctx context.Context, accountID, userID, peerID string) ([]*types.Job, error)
 	GetPeerJobByID(ctx context.Context, accountID, userID, peerID, jobID string) (*types.Job, error)
-	SetServiceManager(serviceManager reverseproxy.Manager)
+	SetServiceManager(serviceManager service.Manager)
 }
--- a/management/server/account_test.go
+++ b/management/server/account_test.go
@@ -27,7 +27,7 @@ import (
 	"github.com/netbirdio/netbird/management/internals/controllers/network_map/update_channel"
 	"github.com/netbirdio/netbird/management/internals/modules/peers"
 	ephemeral_manager "github.com/netbirdio/netbird/management/internals/modules/peers/ephemeral/manager"
-	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy"
+	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy/service"
 	reverseproxymanager "github.com/netbirdio/netbird/management/internals/modules/reverseproxy/service"
 	"github.com/netbirdio/netbird/management/internals/modules/zones"
 	"github.com/netbirdio/netbird/management/internals/server/config"
--- a/management/server/group_test.go
+++ b/management/server/group_test.go
@@ -703,7 +703,7 @@ func TestGroupAccountPeersUpdate(t *testing.T) {
 	t.Run("saving group linked to network router", func(t *testing.T) {
 		permissionsManager := permissions.NewManager(manager.Store)
 		groupsManager := groups.NewManager(manager.Store, permissionsManager, manager)
-		resourcesManager := resources.NewManager(manager.Store, permissionsManager, groupsManager, manager, manager.reverseProxyManager)
+		resourcesManager := resources.NewManager(manager.Store, permissionsManager, groupsManager, manager, manager.serviceManager)
 		routersManager := routers.NewManager(manager.Store, permissionsManager, manager)
 		networksManager := networks.NewManager(manager.Store, permissionsManager, resourcesManager, routersManager, manager)
--- a/management/server/http/handler.go
+++ b/management/server/http/handler.go
@@ -17,9 +17,9 @@ import (
 	"github.com/netbirdio/netbird/management/server/types"
 	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy"
 	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy/accesslogs"
-	reverseproxymanager "github.com/netbirdio/netbird/management/internals/modules/reverseproxy/service"
+	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy/service"
 	reverseproxymanager "github.com/netbirdio/netbird/management/internals/modules/reverseproxy/service/manager"
 	nbgrpc "github.com/netbirdio/netbird/management/internals/shared/grpc"
 	idpmanager "github.com/netbirdio/netbird/management/server/idp"
@@ -73,7 +73,7 @@ const (
 )
 // NewAPIHandler creates the Management service HTTP API handler registering all the available endpoints.
-func NewAPIHandler(ctx context.Context, accountManager account.Manager, networksManager nbnetworks.Manager, resourceManager resources.Manager, routerManager routers.Manager, groupsManager nbgroups.Manager, LocationManager geolocation.Geolocation, authManager auth.Manager, appMetrics telemetry.AppMetrics, integratedValidator integrated_validator.IntegratedValidator, proxyController port_forwarding.Controller, permissionsManager permissions.Manager, peersManager nbpeers.Manager, settingsManager settings.Manager, zManager zones.Manager, rManager records.Manager, networkMapController network_map.Controller, idpManager idpmanager.Manager, reverseProxyManager reverseproxy.Manager, reverseProxyDomainManager *manager.Manager, reverseProxyAccessLogsManager accesslogs.Manager, proxyGRPCServer *nbgrpc.ProxyServiceServer, trustedHTTPProxies []netip.Prefix) (http.Handler, error) {
+func NewAPIHandler(ctx context.Context, accountManager account.Manager, networksManager nbnetworks.Manager, resourceManager resources.Manager, routerManager routers.Manager, groupsManager nbgroups.Manager, LocationManager geolocation.Geolocation, authManager auth.Manager, appMetrics telemetry.AppMetrics, integratedValidator integrated_validator.IntegratedValidator, proxyController port_forwarding.Controller, permissionsManager permissions.Manager, peersManager nbpeers.Manager, settingsManager settings.Manager, zManager zones.Manager, rManager records.Manager, networkMapController network_map.Controller, idpManager idpmanager.Manager, serviceManager service.Manager, reverseProxyDomainManager *manager.Manager, reverseProxyAccessLogsManager accesslogs.Manager, proxyGRPCServer *nbgrpc.ProxyServiceServer, trustedHTTPProxies []netip.Prefix) (http.Handler, error) {
 	// Register bypass paths for unauthenticated endpoints
 	if err := bypass.AddBypassPath("/api/instance"); err != nil {
@@ -173,8 +173,8 @@ func NewAPIHandler(ctx context.Context, accountManager account.Manager, networks
 	idp.AddEndpoints(accountManager, router)
 	instance.AddEndpoints(instanceManager, router)
 	instance.AddVersionEndpoint(instanceManager, router)
-	if reverseProxyManager != nil && reverseProxyDomainManager != nil {
+	if serviceManager != nil && reverseProxyDomainManager != nil {
-		reverseproxymanager.RegisterEndpoints(reverseProxyManager, *reverseProxyDomainManager, reverseProxyAccessLogsManager, router)
+		reverseproxymanager.RegisterEndpoints(serviceManager, *reverseProxyDomainManager, reverseProxyAccessLogsManager, router)
 	}
 	// Register OAuth callback handler for proxy authentication
--- a/management/server/http/handlers/proxy/auth_callback_integration_test.go
+++ b/management/server/http/handlers/proxy/auth_callback_integration_test.go
@@ -18,8 +18,8 @@ import (
 	"github.com/gorilla/mux"
 	"github.com/stretchr/testify/require"
 	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy"
 	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy/accesslogs"
 	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy/service"
 	nbgrpc "github.com/netbirdio/netbird/management/internals/shared/grpc"
 	"github.com/netbirdio/netbird/management/server/store"
 	"github.com/netbirdio/netbird/management/server/types"
--- a/management/server/http/testing/testing_tools/channel/channel.go
+++ b/management/server/http/testing/testing_tools/channel/channel.go
@@ -13,7 +13,7 @@ import (
 	accesslogsmanager "github.com/netbirdio/netbird/management/internals/modules/reverseproxy/accesslogs/manager"
 	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy/domain/manager"
 	proxymanager "github.com/netbirdio/netbird/management/internals/modules/reverseproxy/proxy/manager"
-	reverseproxymanager "github.com/netbirdio/netbird/management/internals/modules/reverseproxy/service"
+	reverseproxymanager "github.com/netbirdio/netbird/management/internals/modules/reverseproxy/service/manager"
 	nbgrpc "github.com/netbirdio/netbird/management/internals/shared/grpc"
 	zonesManager "github.com/netbirdio/netbird/management/internals/modules/zones/manager"
@@ -99,9 +99,9 @@ func BuildApiBlackBoxWithDBState(t testing_tools.TB, sqlFile string, expectedPee
 	proxyMgr := proxymanager.NewManager(store)
 	proxyServiceServer := nbgrpc.NewProxyServiceServer(accessLogsManager, proxyTokenStore, nbgrpc.ProxyOIDCConfig{}, peersManager, userManager, proxyMgr)
 	domainManager := manager.NewManager(store, proxyMgr, permissionsManager)
-	reverseProxyManager := reverseproxymanager.NewManager(store, am, permissionsManager, proxyServiceServer, domainManager)
+	serviceManager := reverseproxymanager.NewManager(store, am, permissionsManager, proxyServiceServer, domainManager)
-	proxyServiceServer.SetProxyManager(reverseProxyManager)
+	proxyServiceServer.SetProxyManager(serviceManager)
-	am.SetServiceManager(reverseProxyManager)
+	am.SetServiceManager(serviceManager)
 	// @note this is required so that PAT's validate from store, but JWT's are mocked
 	authManager := serverauth.NewManager(store, "", "", "", "", []string{}, false)
@@ -119,7 +119,7 @@ func BuildApiBlackBoxWithDBState(t testing_tools.TB, sqlFile string, expectedPee
 	customZonesManager := zonesManager.NewManager(store, am, permissionsManager, "")
 	zoneRecordsManager := recordsManager.NewManager(store, am, permissionsManager)
-	apiHandler, err := http2.NewAPIHandler(context.Background(), am, networksManagerMock, resourcesManagerMock, routersManagerMock, groupsManagerMock, geoMock, authManagerMock, metrics, validatorMock, proxyController, permissionsManager, peersManager, settingsManager, customZonesManager, zoneRecordsManager, networkMapController, nil, reverseProxyManager, nil, nil, nil, nil)
+	apiHandler, err := http2.NewAPIHandler(context.Background(), am, networksManagerMock, resourcesManagerMock, routersManagerMock, groupsManagerMock, geoMock, authManagerMock, metrics, validatorMock, proxyController, permissionsManager, peersManager, settingsManager, customZonesManager, zoneRecordsManager, networkMapController, nil, serviceManager, nil, nil, nil, nil)
 	if err != nil {
 		t.Fatalf("Failed to create API handler: %v", err)
 	}
--- a/management/server/mock_server/account_mock.go
+++ b/management/server/mock_server/account_mock.go
@@ -12,7 +12,7 @@ import (
 	"google.golang.org/grpc/status"
 	nbdns "github.com/netbirdio/netbird/dns"
-	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy"
+	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy/service"
 	"github.com/netbirdio/netbird/management/server/account"
 	"github.com/netbirdio/netbird/management/server/activity"
 	"github.com/netbirdio/netbird/management/server/idp"
@@ -148,7 +148,7 @@ type MockAccountManager struct {
 	DeleteUserInviteFunc       func(ctx context.Context, accountID, initiatorUserID, inviteID string) error
 }
-func (am *MockAccountManager) SetServiceManager(serviceManager reverseproxy.Manager) {
+func (am *MockAccountManager) SetServiceManager(serviceManager service.Manager) {
 	// Mock implementation - no-op
 }
--- a/management/server/networks/resources/manager.go
+++ b/management/server/networks/resources/manager.go
@@ -7,7 +7,7 @@ import (
 	log "github.com/sirupsen/logrus"
-	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy"
+	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy/service"
 	"github.com/netbirdio/netbird/management/server/account"
 	"github.com/netbirdio/netbird/management/server/activity"
 	"github.com/netbirdio/netbird/management/server/groups"
@@ -33,23 +33,23 @@ type Manager interface {
 }
 type managerImpl struct {
-	store               store.Store
+	store              store.Store
-	permissionsManager  permissions.Manager
+	permissionsManager permissions.Manager
-	groupsManager       groups.Manager
+	groupsManager      groups.Manager
-	accountManager      account.Manager
+	accountManager     account.Manager
-	reverseProxyManager reverseproxy.Manager
+	serviceManager     service.Manager
 }
 type mockManager struct {
 }
-func NewManager(store store.Store, permissionsManager permissions.Manager, groupsManager groups.Manager, accountManager account.Manager, reverseproxyManager reverseproxy.Manager) Manager {
+func NewManager(store store.Store, permissionsManager permissions.Manager, groupsManager groups.Manager, accountManager account.Manager, reverseproxyManager service.Manager) Manager {
 	return &managerImpl{
-		store:               store,
+		store:              store,
-		permissionsManager:  permissionsManager,
+		permissionsManager: permissionsManager,
-		groupsManager:       groupsManager,
+		groupsManager:      groupsManager,
-		accountManager:      accountManager,
+		accountManager:     accountManager,
-		reverseProxyManager: reverseproxyManager,
+		serviceManager:     reverseproxyManager,
 	}
 }
@@ -264,7 +264,7 @@ func (m *managerImpl) UpdateResource(ctx context.Context, userID string, resourc
 	// TODO: optimize to only reload reverse proxies that are affected by the resource update instead of all of them
 	go func() {
-		err := m.reverseProxyManager.ReloadAllServicesForAccount(ctx, resource.AccountID)
+		err := m.serviceManager.ReloadAllServicesForAccount(ctx, resource.AccountID)
 		if err != nil {
 			log.WithContext(ctx).Warnf("failed to reload all proxies for account: %v", err)
 		}
@@ -322,7 +322,7 @@ func (m *managerImpl) DeleteResource(ctx context.Context, accountID, userID, net
 		return status.NewPermissionDeniedError()
 	}
-	serviceID, err := m.reverseProxyManager.GetServiceIDByTargetID(ctx, accountID, resourceID)
+	serviceID, err := m.serviceManager.GetServiceIDByTargetID(ctx, accountID, resourceID)
 	if err != nil {
 		return fmt.Errorf("failed to check if resource is used by service: %w", err)
 	}
--- a/management/server/networks/resources/manager_test.go
+++ b/management/server/networks/resources/manager_test.go
@@ -7,7 +7,7 @@ import (
 	"github.com/golang/mock/gomock"
 	"github.com/stretchr/testify/require"
-	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy"
+	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy/service"
 	"github.com/netbirdio/netbird/management/server/groups"
 	"github.com/netbirdio/netbird/management/server/mock_server"
 	"github.com/netbirdio/netbird/management/server/networks/resources/types"
@@ -31,8 +31,8 @@ func Test_GetAllResourcesInNetworkReturnsResources(t *testing.T) {
 	am := mock_server.MockAccountManager{}
 	groupsManager := groups.NewManagerMock()
 	ctrl := gomock.NewController(t)
-	reverseProxyManager := reverseproxy.NewMockManager(ctrl)
+	serviceManager := reverseproxy.NewMockManager(ctrl)
-	manager := NewManager(store, permissionsManager, groupsManager, &am, reverseProxyManager)
+	manager := NewManager(store, permissionsManager, groupsManager, &am, serviceManager)
 	resources, err := manager.GetAllResourcesInNetwork(ctx, accountID, userID, networkID)
 	require.NoError(t, err)
@@ -54,8 +54,8 @@ func Test_GetAllResourcesInNetworkReturnsPermissionDenied(t *testing.T) {
 	am := mock_server.MockAccountManager{}
 	groupsManager := groups.NewManagerMock()
 	ctrl := gomock.NewController(t)
-	reverseProxyManager := reverseproxy.NewMockManager(ctrl)
+	serviceManager := reverseproxy.NewMockManager(ctrl)
-	manager := NewManager(store, permissionsManager, groupsManager, &am, reverseProxyManager)
+	manager := NewManager(store, permissionsManager, groupsManager, &am, serviceManager)
 	resources, err := manager.GetAllResourcesInNetwork(ctx, accountID, userID, networkID)
 	require.Error(t, err)
@@ -76,8 +76,8 @@ func Test_GetAllResourcesInAccountReturnsResources(t *testing.T) {
 	am := mock_server.MockAccountManager{}
 	groupsManager := groups.NewManagerMock()
 	ctrl := gomock.NewController(t)
-	reverseProxyManager := reverseproxy.NewMockManager(ctrl)
+	serviceManager := reverseproxy.NewMockManager(ctrl)
-	manager := NewManager(store, permissionsManager, groupsManager, &am, reverseProxyManager)
+	manager := NewManager(store, permissionsManager, groupsManager, &am, serviceManager)
 	resources, err := manager.GetAllResourcesInAccount(ctx, accountID, userID)
 	require.NoError(t, err)
@@ -98,8 +98,8 @@ func Test_GetAllResourcesInAccountReturnsPermissionDenied(t *testing.T) {
 	am := mock_server.MockAccountManager{}
 	groupsManager := groups.NewManagerMock()
 	ctrl := gomock.NewController(t)
-	reverseProxyManager := reverseproxy.NewMockManager(ctrl)
+	serviceManager := reverseproxy.NewMockManager(ctrl)
-	manager := NewManager(store, permissionsManager, groupsManager, &am, reverseProxyManager)
+	manager := NewManager(store, permissionsManager, groupsManager, &am, serviceManager)
 	resources, err := manager.GetAllResourcesInAccount(ctx, accountID, userID)
 	require.Error(t, err)
@@ -123,8 +123,8 @@ func Test_GetResourceInNetworkReturnsResources(t *testing.T) {
 	am := mock_server.MockAccountManager{}
 	groupsManager := groups.NewManagerMock()
 	ctrl := gomock.NewController(t)
-	reverseProxyManager := reverseproxy.NewMockManager(ctrl)
+	serviceManager := reverseproxy.NewMockManager(ctrl)
-	manager := NewManager(store, permissionsManager, groupsManager, &am, reverseProxyManager)
+	manager := NewManager(store, permissionsManager, groupsManager, &am, serviceManager)
 	resource, err := manager.GetResource(ctx, accountID, userID, networkID, resourceID)
 	require.NoError(t, err)
@@ -147,8 +147,8 @@ func Test_GetResourceInNetworkReturnsPermissionDenied(t *testing.T) {
 	am := mock_server.MockAccountManager{}
 	groupsManager := groups.NewManagerMock()
 	ctrl := gomock.NewController(t)
-	reverseProxyManager := reverseproxy.NewMockManager(ctrl)
+	serviceManager := reverseproxy.NewMockManager(ctrl)
-	manager := NewManager(store, permissionsManager, groupsManager, &am, reverseProxyManager)
+	manager := NewManager(store, permissionsManager, groupsManager, &am, serviceManager)
 	resources, err := manager.GetResource(ctx, accountID, userID, networkID, resourceID)
 	require.Error(t, err)
@@ -176,9 +176,9 @@ func Test_CreateResourceSuccessfully(t *testing.T) {
 	am := mock_server.MockAccountManager{}
 	groupsManager := groups.NewManagerMock()
 	ctrl := gomock.NewController(t)
-	reverseProxyManager := reverseproxy.NewMockManager(ctrl)
+	serviceManager := reverseproxy.NewMockManager(ctrl)
-	reverseProxyManager.EXPECT().ReloadAllServicesForAccount(gomock.Any(), resource.AccountID).Return(nil).AnyTimes()
+	serviceManager.EXPECT().ReloadAllServicesForAccount(gomock.Any(), resource.AccountID).Return(nil).AnyTimes()
-	manager := NewManager(store, permissionsManager, groupsManager, &am, reverseProxyManager)
+	manager := NewManager(store, permissionsManager, groupsManager, &am, serviceManager)
 	createdResource, err := manager.CreateResource(ctx, userID, resource)
 	require.NoError(t, err)
@@ -205,8 +205,8 @@ func Test_CreateResourceFailsWithPermissionDenied(t *testing.T) {
 	am := mock_server.MockAccountManager{}
 	groupsManager := groups.NewManagerMock()
 	ctrl := gomock.NewController(t)
-	reverseProxyManager := reverseproxy.NewMockManager(ctrl)
+	serviceManager := reverseproxy.NewMockManager(ctrl)
-	manager := NewManager(store, permissionsManager, groupsManager, &am, reverseProxyManager)
+	manager := NewManager(store, permissionsManager, groupsManager, &am, serviceManager)
 	createdResource, err := manager.CreateResource(ctx, userID, resource)
 	require.Error(t, err)
@@ -234,8 +234,8 @@ func Test_CreateResourceFailsWithInvalidAddress(t *testing.T) {
 	am := mock_server.MockAccountManager{}
 	groupsManager := groups.NewManagerMock()
 	ctrl := gomock.NewController(t)
-	reverseProxyManager := reverseproxy.NewMockManager(ctrl)
+	serviceManager := reverseproxy.NewMockManager(ctrl)
-	manager := NewManager(store, permissionsManager, groupsManager, &am, reverseProxyManager)
+	manager := NewManager(store, permissionsManager, groupsManager, &am, serviceManager)
 	createdResource, err := manager.CreateResource(ctx, userID, resource)
 	require.Error(t, err)
@@ -262,8 +262,8 @@ func Test_CreateResourceFailsWithUsedName(t *testing.T) {
 	am := mock_server.MockAccountManager{}
 	groupsManager := groups.NewManagerMock()
 	ctrl := gomock.NewController(t)
-	reverseProxyManager := reverseproxy.NewMockManager(ctrl)
+	serviceManager := reverseproxy.NewMockManager(ctrl)
-	manager := NewManager(store, permissionsManager, groupsManager, &am, reverseProxyManager)
+	manager := NewManager(store, permissionsManager, groupsManager, &am, serviceManager)
 	createdResource, err := manager.CreateResource(ctx, userID, resource)
 	require.Error(t, err)
@@ -294,9 +294,9 @@ func Test_UpdateResourceSuccessfully(t *testing.T) {
 	am := mock_server.MockAccountManager{}
 	groupsManager := groups.NewManagerMock()
 	ctrl := gomock.NewController(t)
-	reverseProxyManager := reverseproxy.NewMockManager(ctrl)
+	serviceManager := reverseproxy.NewMockManager(ctrl)
-	reverseProxyManager.EXPECT().ReloadAllServicesForAccount(gomock.Any(), accountID).Return(nil).AnyTimes()
+	serviceManager.EXPECT().ReloadAllServicesForAccount(gomock.Any(), accountID).Return(nil).AnyTimes()
-	manager := NewManager(store, permissionsManager, groupsManager, &am, reverseProxyManager)
+	manager := NewManager(store, permissionsManager, groupsManager, &am, serviceManager)
 	updatedResource, err := manager.UpdateResource(ctx, userID, resource)
 	require.NoError(t, err)
@@ -329,8 +329,8 @@ func Test_UpdateResourceFailsWithResourceNotFound(t *testing.T) {
 	am := mock_server.MockAccountManager{}
 	groupsManager := groups.NewManagerMock()
 	ctrl := gomock.NewController(t)
-	reverseProxyManager := reverseproxy.NewMockManager(ctrl)
+	serviceManager := reverseproxy.NewMockManager(ctrl)
-	manager := NewManager(store, permissionsManager, groupsManager, &am, reverseProxyManager)
+	manager := NewManager(store, permissionsManager, groupsManager, &am, serviceManager)
 	updatedResource, err := manager.UpdateResource(ctx, userID, resource)
 	require.Error(t, err)
@@ -361,8 +361,8 @@ func Test_UpdateResourceFailsWithNameInUse(t *testing.T) {
 	am := mock_server.MockAccountManager{}
 	groupsManager := groups.NewManagerMock()
 	ctrl := gomock.NewController(t)
-	reverseProxyManager := reverseproxy.NewMockManager(ctrl)
+	serviceManager := reverseproxy.NewMockManager(ctrl)
-	manager := NewManager(store, permissionsManager, groupsManager, &am, reverseProxyManager)
+	manager := NewManager(store, permissionsManager, groupsManager, &am, serviceManager)
 	updatedResource, err := manager.UpdateResource(ctx, userID, resource)
 	require.Error(t, err)
@@ -392,8 +392,8 @@ func Test_UpdateResourceFailsWithPermissionDenied(t *testing.T) {
 	am := mock_server.MockAccountManager{}
 	groupsManager := groups.NewManagerMock()
 	ctrl := gomock.NewController(t)
-	reverseProxyManager := reverseproxy.NewMockManager(ctrl)
+	serviceManager := reverseproxy.NewMockManager(ctrl)
-	manager := NewManager(store, permissionsManager, groupsManager, &am, reverseProxyManager)
+	manager := NewManager(store, permissionsManager, groupsManager, &am, serviceManager)
 	updatedResource, err := manager.UpdateResource(ctx, userID, resource)
 	require.Error(t, err)
@@ -416,9 +416,9 @@ func Test_DeleteResourceSuccessfully(t *testing.T) {
 	am := mock_server.MockAccountManager{}
 	groupsManager := groups.NewManagerMock()
 	ctrl := gomock.NewController(t)
-	reverseProxyManager := reverseproxy.NewMockManager(ctrl)
+	serviceManager := reverseproxy.NewMockManager(ctrl)
-	reverseProxyManager.EXPECT().GetServiceIDByTargetID(gomock.Any(), accountID, resourceID).Return("", nil).AnyTimes()
+	serviceManager.EXPECT().GetServiceIDByTargetID(gomock.Any(), accountID, resourceID).Return("", nil).AnyTimes()
-	manager := NewManager(store, permissionsManager, groupsManager, &am, reverseProxyManager)
+	manager := NewManager(store, permissionsManager, groupsManager, &am, serviceManager)
 	err = manager.DeleteResource(ctx, accountID, userID, networkID, resourceID)
 	require.NoError(t, err)
@@ -440,8 +440,8 @@ func Test_DeleteResourceFailsWithPermissionDenied(t *testing.T) {
 	am := mock_server.MockAccountManager{}
 	groupsManager := groups.NewManagerMock()
 	ctrl := gomock.NewController(t)
-	reverseProxyManager := reverseproxy.NewMockManager(ctrl)
+	serviceManager := reverseproxy.NewMockManager(ctrl)
-	manager := NewManager(store, permissionsManager, groupsManager, &am, reverseProxyManager)
+	manager := NewManager(store, permissionsManager, groupsManager, &am, serviceManager)
 	err = manager.DeleteResource(ctx, accountID, userID, networkID, resourceID)
 	require.Error(t, err)
--- a/management/server/peer.go
+++ b/management/server/peer.go
@@ -493,7 +493,7 @@ func (am *DefaultAccountManager) DeletePeer(ctx context.Context, accountID, peer
 	var settings *types.Settings
 	var eventsToStore []func()
-	serviceID, err := am.reverseProxyManager.GetServiceIDByTargetID(ctx, accountID, peerID)
+	serviceID, err := am.serviceManager.GetServiceIDByTargetID(ctx, accountID, peerID)
 	if err != nil {
 		return fmt.Errorf("failed to check if resource is used by service: %w", err)
 	}
--- a/management/server/store/sql_store.go
+++ b/management/server/store/sql_store.go
@@ -28,10 +28,10 @@ import (
 	"gorm.io/gorm/logger"
 	nbdns "github.com/netbirdio/netbird/dns"
 	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy"
 	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy/accesslogs"
 	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy/domain"
 	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy/proxy"
 	rpservice "github.com/netbirdio/netbird/management/internals/modules/reverseproxy/service"
 	"github.com/netbirdio/netbird/management/internals/modules/zones"
 	"github.com/netbirdio/netbird/management/internals/modules/zones/records"
 	resourceTypes "github.com/netbirdio/netbird/management/server/networks/resources/types"
@@ -132,7 +132,7 @@ func NewSqlStore(ctx context.Context, db *gorm.DB, storeEngine types.Engine, met
 		&types.Account{}, &types.Policy{}, &types.PolicyRule{}, &route.Route{}, &nbdns.NameServerGroup{},
 		&installation{}, &types.ExtraSettings{}, &posture.Checks{}, &nbpeer.NetworkAddress{},
 		&networkTypes.Network{}, &routerTypes.NetworkRouter{}, &resourceTypes.NetworkResource{}, &types.AccountOnboarding{},
-		&types.Job{}, &zones.Zone{}, &records.Record{}, &types.UserInviteRecord{}, &reverseproxy.Service{}, &reverseproxy.Target{}, &domain.Domain{},
+		&types.Job{}, &zones.Zone{}, &records.Record{}, &types.UserInviteRecord{}, &rpservice.Service{}, &rpservice.Target{}, &domain.Domain{},
 		&accesslogs.AccessLogEntry{}, &proxy.Proxy{},
 	)
 	if err != nil {
@@ -2064,7 +2064,7 @@ func (s *SqlStore) getPostureChecks(ctx context.Context, accountID string) ([]*p
 	return checks, nil
 }
-func (s *SqlStore) getServices(ctx context.Context, accountID string) ([]*reverseproxy.Service, error) {
+func (s *SqlStore) getServices(ctx context.Context, accountID string) ([]*rpservice.Service, error) {
 	const serviceQuery = `SELECT id, account_id, name, domain, enabled, auth,
 		meta_created_at, meta_certificate_issued_at, meta_status, proxy_cluster,
 		pass_host_header, rewrite_redirects, session_private_key, session_public_key
@@ -2079,8 +2079,8 @@ func (s *SqlStore) getServices(ctx context.Context, accountID string) ([]*revers
 		return nil, err
 	}
-	services, err := pgx.CollectRows(serviceRows, func(row pgx.CollectableRow) (*reverseproxy.Service, error) {
+	services, err := pgx.CollectRows(serviceRows, func(row pgx.CollectableRow) (*rpservice.Service, error) {
-		var s reverseproxy.Service
+		var s rpservice.Service
 		var auth []byte
 		var createdAt, certIssuedAt sql.NullTime
 		var status, proxyCluster, sessionPrivateKey, sessionPublicKey sql.NullString
@@ -2110,7 +2110,7 @@ func (s *SqlStore) getServices(ctx context.Context, accountID string) ([]*revers
 			}
 		}
-		s.Meta = reverseproxy.ServiceMeta{}
+		s.Meta = rpservice.ServiceMeta{}
 		if createdAt.Valid {
 			s.Meta.CreatedAt = createdAt.Time
 		}
@@ -2130,7 +2130,7 @@ func (s *SqlStore) getServices(ctx context.Context, accountID string) ([]*revers
 			s.SessionPublicKey = sessionPublicKey.String
 		}
-		s.Targets = []*reverseproxy.Target{}
+		s.Targets = []*rpservice.Target{}
 		return &s, nil
 	})
 	if err != nil {
@@ -2142,7 +2142,7 @@ func (s *SqlStore) getServices(ctx context.Context, accountID string) ([]*revers
 	}
 	serviceIDs := make([]string, len(services))
-	serviceMap := make(map[string]*reverseproxy.Service)
+	serviceMap := make(map[string]*rpservice.Service)
 	for i, s := range services {
 		serviceIDs[i] = s.ID
 		serviceMap[s.ID] = s
@@ -2153,8 +2153,8 @@ func (s *SqlStore) getServices(ctx context.Context, accountID string) ([]*revers
 		return nil, err
 	}
-	targets, err := pgx.CollectRows(targetRows, func(row pgx.CollectableRow) (*reverseproxy.Target, error) {
+	targets, err := pgx.CollectRows(targetRows, func(row pgx.CollectableRow) (*rpservice.Target, error) {
-		var t reverseproxy.Target
+		var t rpservice.Target
 		var path sql.NullString
 		err := row.Scan(
 			&t.ID,
@@ -4826,7 +4826,7 @@ func (s *SqlStore) GetPeerIDByKey(ctx context.Context, lockStrength LockingStren
 	return peerID, nil
 }
-func (s *SqlStore) CreateService(ctx context.Context, service *reverseproxy.Service) error {
+func (s *SqlStore) CreateService(ctx context.Context, service *rpservice.Service) error {
 	serviceCopy := service.Copy()
 	if err := serviceCopy.EncryptSensitiveData(s.fieldEncrypt); err != nil {
 		return fmt.Errorf("encrypt service data: %w", err)
@@ -4840,16 +4840,19 @@ func (s *SqlStore) CreateService(ctx context.Context, service *reverseproxy.Serv
 	return nil
 }
-func (s *SqlStore) UpdateService(ctx context.Context, service *reverseproxy.Service) error {
+func (s *SqlStore) UpdateService(ctx context.Context, service *rpservice.Service) error {
 	serviceCopy := service.Copy()
 	if err := serviceCopy.EncryptSensitiveData(s.fieldEncrypt); err != nil {
 		return fmt.Errorf("encrypt service data: %w", err)
 	}
 	// Create target type instance outside transaction to avoid variable shadowing
 	targetType := &rpservice.Target{}
 	// Use a transaction to ensure atomic updates of the service and its targets
 	err := s.db.Transaction(func(tx *gorm.DB) error {
 		// Delete existing targets
-		if err := tx.Where("service_id = ?", serviceCopy.ID).Delete(&reverseproxy.Target{}).Error; err != nil {
+		if err := tx.Where("service_id = ?", serviceCopy.ID).Delete(targetType).Error; err != nil {
 			return err
 		}
@@ -4870,7 +4873,7 @@ func (s *SqlStore) UpdateService(ctx context.Context, service *reverseproxy.Serv
 }
 func (s *SqlStore) DeleteService(ctx context.Context, accountID, serviceID string) error {
-	result := s.db.Delete(&reverseproxy.Service{}, accountAndIDQueryCondition, accountID, serviceID)
+	result := s.db.Delete(&rpservice.Service{}, accountAndIDQueryCondition, accountID, serviceID)
 	if result.Error != nil {
 		log.WithContext(ctx).Errorf("failed to delete service from store: %v", result.Error)
 		return status.Errorf(status.Internal, "failed to delete service from store")
@@ -4883,13 +4886,13 @@ func (s *SqlStore) DeleteService(ctx context.Context, accountID, serviceID strin
 	return nil
 }
-func (s *SqlStore) GetServiceByID(ctx context.Context, lockStrength LockingStrength, accountID, serviceID string) (*reverseproxy.Service, error) {
+func (s *SqlStore) GetServiceByID(ctx context.Context, lockStrength LockingStrength, accountID, serviceID string) (*rpservice.Service, error) {
 	tx := s.db.Preload("Targets")
 	if lockStrength != LockingStrengthNone {
 		tx = tx.Clauses(clause.Locking{Strength: string(lockStrength)})
 	}
-	var service *reverseproxy.Service
+	var service *rpservice.Service
 	result := tx.Take(&service, accountAndIDQueryCondition, accountID, serviceID)
 	if result.Error != nil {
 		if errors.Is(result.Error, gorm.ErrRecordNotFound) {
@@ -4907,8 +4910,8 @@ func (s *SqlStore) GetServiceByID(ctx context.Context, lockStrength LockingStren
 	return service, nil
 }
-func (s *SqlStore) GetServiceByDomain(ctx context.Context, accountID, domain string) (*reverseproxy.Service, error) {
+func (s *SqlStore) GetServiceByDomain(ctx context.Context, accountID, domain string) (*rpservice.Service, error) {
-	var service *reverseproxy.Service
+	var service *rpservice.Service
 	result := s.db.Preload("Targets").Where("account_id = ? AND domain = ?", accountID, domain).First(&service)
 	if result.Error != nil {
 		if errors.Is(result.Error, gorm.ErrRecordNotFound) {
@@ -4926,13 +4929,13 @@ func (s *SqlStore) GetServiceByDomain(ctx context.Context, accountID, domain str
 	return service, nil
 }
-func (s *SqlStore) GetServices(ctx context.Context, lockStrength LockingStrength) ([]*reverseproxy.Service, error) {
+func (s *SqlStore) GetServices(ctx context.Context, lockStrength LockingStrength) ([]*rpservice.Service, error) {
 	tx := s.db.Preload("Targets")
 	if lockStrength != LockingStrengthNone {
 		tx = tx.Clauses(clause.Locking{Strength: string(lockStrength)})
 	}
-	var serviceList []*reverseproxy.Service
+	var serviceList []*rpservice.Service
 	result := tx.Find(&serviceList)
 	if result.Error != nil {
 		log.WithContext(ctx).Errorf("failed to get services from the store: %s", result.Error)
@@ -4948,13 +4951,13 @@ func (s *SqlStore) GetServices(ctx context.Context, lockStrength LockingStrength
 	return serviceList, nil
 }
-func (s *SqlStore) GetAccountServices(ctx context.Context, lockStrength LockingStrength, accountID string) ([]*reverseproxy.Service, error) {
+func (s *SqlStore) GetAccountServices(ctx context.Context, lockStrength LockingStrength, accountID string) ([]*rpservice.Service, error) {
 	tx := s.db.Preload("Targets")
 	if lockStrength != LockingStrengthNone {
 		tx = tx.Clauses(clause.Locking{Strength: string(lockStrength)})
 	}
-	var serviceList []*reverseproxy.Service
+	var serviceList []*rpservice.Service
 	result := tx.Find(&serviceList, accountIDCondition, accountID)
 	if result.Error != nil {
 		log.WithContext(ctx).Errorf("failed to get services from the store: %s", result.Error)
@@ -5182,13 +5185,13 @@ func (s *SqlStore) applyAccessLogFilters(query *gorm.DB, filter accesslogs.Acces
 	return query
 }
-func (s *SqlStore) GetServiceTargetByTargetID(ctx context.Context, lockStrength LockingStrength, accountID string, targetID string) (*reverseproxy.Target, error) {
+func (s *SqlStore) GetServiceTargetByTargetID(ctx context.Context, lockStrength LockingStrength, accountID string, targetID string) (*rpservice.Target, error) {
 	tx := s.db
 	if lockStrength != LockingStrengthNone {
 		tx = tx.Clauses(clause.Locking{Strength: string(lockStrength)})
 	}
-	var target *reverseproxy.Target
+	var target *rpservice.Target
 	result := tx.Take(&target, "account_id = ? AND target_id = ?", accountID, targetID)
 	if result.Error != nil {
 		if errors.Is(result.Error, gorm.ErrRecordNotFound) {
--- a/management/server/store/sqlstore_bench_test.go
+++ b/management/server/store/sqlstore_bench_test.go
@@ -20,7 +20,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	nbdns "github.com/netbirdio/netbird/dns"
-	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy"
+	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy/service"
 	resourceTypes "github.com/netbirdio/netbird/management/server/networks/resources/types"
 	routerTypes "github.com/netbirdio/netbird/management/server/networks/routers/types"
 	networkTypes "github.com/netbirdio/netbird/management/server/networks/types"
@@ -264,7 +264,7 @@ func setupBenchmarkDB(b testing.TB) (*SqlStore, func(), string) {
 		&types.Policy{}, &types.PolicyRule{}, &route.Route{},
 		&nbdns.NameServerGroup{}, &posture.Checks{}, &networkTypes.Network{},
 		&routerTypes.NetworkRouter{}, &resourceTypes.NetworkResource{},
-		&types.AccountOnboarding{}, &reverseproxy.Service{}, &reverseproxy.Target{},
+		&types.AccountOnboarding{}, &service.Service{}, &service.Target{},
 	}
 	for i := len(models) - 1; i >= 0; i-- {
--- a/management/server/store/store.go
+++ b/management/server/store/store.go
@@ -25,10 +25,10 @@ import (
 	"gorm.io/gorm"
 	"github.com/netbirdio/netbird/dns"
 	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy"
 	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy/accesslogs"
 	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy/domain"
 	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy/proxy"
 	rpservice "github.com/netbirdio/netbird/management/internals/modules/reverseproxy/service"
 	"github.com/netbirdio/netbird/management/internals/modules/zones"
 	"github.com/netbirdio/netbird/management/internals/modules/zones/records"
 	"github.com/netbirdio/netbird/management/server/telemetry"
@@ -253,13 +253,13 @@ type Store interface {
 	MarkAllPendingJobsAsFailed(ctx context.Context, accountID, peerID, reason string) error
 	GetPeerIDByKey(ctx context.Context, lockStrength LockingStrength, key string) (string, error)
-	CreateService(ctx context.Context, service *reverseproxy.Service) error
+	CreateService(ctx context.Context, service *rpservice.Service) error
-	UpdateService(ctx context.Context, service *reverseproxy.Service) error
+	UpdateService(ctx context.Context, service *rpservice.Service) error
 	DeleteService(ctx context.Context, accountID, serviceID string) error
-	GetServiceByID(ctx context.Context, lockStrength LockingStrength, accountID, serviceID string) (*reverseproxy.Service, error)
+	GetServiceByID(ctx context.Context, lockStrength LockingStrength, accountID, serviceID string) (*rpservice.Service, error)
-	GetServiceByDomain(ctx context.Context, accountID, domain string) (*reverseproxy.Service, error)
+	GetServiceByDomain(ctx context.Context, accountID, domain string) (*rpservice.Service, error)
-	GetServices(ctx context.Context, lockStrength LockingStrength) ([]*reverseproxy.Service, error)
+	GetServices(ctx context.Context, lockStrength LockingStrength) ([]*rpservice.Service, error)
-	GetAccountServices(ctx context.Context, lockStrength LockingStrength, accountID string) ([]*reverseproxy.Service, error)
+	GetAccountServices(ctx context.Context, lockStrength LockingStrength, accountID string) ([]*rpservice.Service, error)
 	GetCustomDomain(ctx context.Context, accountID string, domainID string) (*domain.Domain, error)
 	ListFreeDomains(ctx context.Context, accountID string) ([]string, error)
@@ -271,7 +271,7 @@ type Store interface {
 	CreateAccessLog(ctx context.Context, log *accesslogs.AccessLogEntry) error
 	GetAccountAccessLogs(ctx context.Context, lockStrength LockingStrength, accountID string, filter accesslogs.AccessLogFilter) ([]*accesslogs.AccessLogEntry, int64, error)
 	DeleteOldAccessLogs(ctx context.Context, olderThan time.Time) (int64, error)
-	GetServiceTargetByTargetID(ctx context.Context, lockStrength LockingStrength, accountID string, targetID string) (*reverseproxy.Target, error)
+	GetServiceTargetByTargetID(ctx context.Context, lockStrength LockingStrength, accountID string, targetID string) (*rpservice.Target, error)
 	SaveProxy(ctx context.Context, proxy *proxy.Proxy) error
 	UpdateProxyHeartbeat(ctx context.Context, proxyID string) error
--- a/management/server/store/store_mock.go
+++ b/management/server/store/store_mock.go
@@ -12,10 +12,10 @@ import (
 	gomock "github.com/golang/mock/gomock"
 	dns "github.com/netbirdio/netbird/dns"
 	reverseproxy "github.com/netbirdio/netbird/management/internals/modules/reverseproxy"
 	accesslogs "github.com/netbirdio/netbird/management/internals/modules/reverseproxy/accesslogs"
 	domain "github.com/netbirdio/netbird/management/internals/modules/reverseproxy/domain"
 	proxy "github.com/netbirdio/netbird/management/internals/modules/reverseproxy/proxy"
 	service "github.com/netbirdio/netbird/management/internals/modules/reverseproxy/service"
 	zones "github.com/netbirdio/netbird/management/internals/modules/zones"
 	records "github.com/netbirdio/netbird/management/internals/modules/zones/records"
 	types "github.com/netbirdio/netbird/management/server/networks/resources/types"
@@ -308,7 +308,7 @@ func (mr *MockStoreMockRecorder) CreatePolicy(ctx, policy interface{}) *gomock.C
 }
 // CreateService mocks base method.
-func (m *MockStore) CreateService(ctx context.Context, service *reverseproxy.Service) error {
+func (m *MockStore) CreateService(ctx context.Context, service *service.Service) error {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "CreateService", ctx, service)
 	ret0, _ := ret[0].(error)
@@ -1110,10 +1110,10 @@ func (mr *MockStoreMockRecorder) GetAccountRoutes(ctx, lockStrength, accountID i
 }
 // GetAccountServices mocks base method.
-func (m *MockStore) GetAccountServices(ctx context.Context, lockStrength LockingStrength, accountID string) ([]*reverseproxy.Service, error) {
+func (m *MockStore) GetAccountServices(ctx context.Context, lockStrength LockingStrength, accountID string) ([]*service.Service, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetAccountServices", ctx, lockStrength, accountID)
-	ret0, _ := ret[0].([]*reverseproxy.Service)
+	ret0, _ := ret[0].([]*service.Service)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -1843,10 +1843,10 @@ func (mr *MockStoreMockRecorder) GetRouteByID(ctx, lockStrength, accountID, rout
 }
 // GetServiceByDomain mocks base method.
-func (m *MockStore) GetServiceByDomain(ctx context.Context, accountID, domain string) (*reverseproxy.Service, error) {
+func (m *MockStore) GetServiceByDomain(ctx context.Context, accountID, domain string) (*service.Service, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetServiceByDomain", ctx, accountID, domain)
-	ret0, _ := ret[0].(*reverseproxy.Service)
+	ret0, _ := ret[0].(*service.Service)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -1858,10 +1858,10 @@ func (mr *MockStoreMockRecorder) GetServiceByDomain(ctx, accountID, domain inter
 }
 // GetServiceByID mocks base method.
-func (m *MockStore) GetServiceByID(ctx context.Context, lockStrength LockingStrength, accountID, serviceID string) (*reverseproxy.Service, error) {
+func (m *MockStore) GetServiceByID(ctx context.Context, lockStrength LockingStrength, accountID, serviceID string) (*service.Service, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetServiceByID", ctx, lockStrength, accountID, serviceID)
-	ret0, _ := ret[0].(*reverseproxy.Service)
+	ret0, _ := ret[0].(*service.Service)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -1873,10 +1873,10 @@ func (mr *MockStoreMockRecorder) GetServiceByID(ctx, lockStrength, accountID, se
 }
 // GetServiceTargetByTargetID mocks base method.
-func (m *MockStore) GetServiceTargetByTargetID(ctx context.Context, lockStrength LockingStrength, accountID, targetID string) (*reverseproxy.Target, error) {
+func (m *MockStore) GetServiceTargetByTargetID(ctx context.Context, lockStrength LockingStrength, accountID, targetID string) (*service.Target, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetServiceTargetByTargetID", ctx, lockStrength, accountID, targetID)
-	ret0, _ := ret[0].(*reverseproxy.Target)
+	ret0, _ := ret[0].(*service.Target)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -1888,10 +1888,10 @@ func (mr *MockStoreMockRecorder) GetServiceTargetByTargetID(ctx, lockStrength, a
 }
 // GetServices mocks base method.
-func (m *MockStore) GetServices(ctx context.Context, lockStrength LockingStrength) ([]*reverseproxy.Service, error) {
+func (m *MockStore) GetServices(ctx context.Context, lockStrength LockingStrength) ([]*service.Service, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetServices", ctx, lockStrength)
-	ret0, _ := ret[0].([]*reverseproxy.Service)
+	ret0, _ := ret[0].([]*service.Service)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -2790,7 +2790,7 @@ func (mr *MockStoreMockRecorder) UpdateProxyHeartbeat(ctx, proxyID interface{})
 }
 // UpdateService mocks base method.
-func (m *MockStore) UpdateService(ctx context.Context, service *reverseproxy.Service) error {
+func (m *MockStore) UpdateService(ctx context.Context, service *service.Service) error {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "UpdateService", ctx, service)
 	ret0, _ := ret[0].(error)
--- a/management/server/types/account.go
+++ b/management/server/types/account.go
@@ -18,7 +18,7 @@ import (
 	"github.com/netbirdio/netbird/client/ssh/auth"
 	nbdns "github.com/netbirdio/netbird/dns"
-	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy"
+	"github.com/netbirdio/netbird/management/internals/modules/reverseproxy/service"
 	"github.com/netbirdio/netbird/management/internals/modules/zones"
 	"github.com/netbirdio/netbird/management/internals/modules/zones/records"
 	resourceTypes "github.com/netbirdio/netbird/management/server/networks/resources/types"
@@ -100,7 +100,7 @@ type Account struct {
 	NameServerGroupsG      []nbdns.NameServerGroup           `json:"-" gorm:"foreignKey:AccountID;references:id"`
 	DNSSettings            DNSSettings                       `gorm:"embedded;embeddedPrefix:dns_settings_"`
 	PostureChecks          []*posture.Checks                 `gorm:"foreignKey:AccountID;references:id"`
-	Services               []*reverseproxy.Service           `gorm:"foreignKey:AccountID;references:id"`
+	Services               []*service.Service                `gorm:"foreignKey:AccountID;references:id"`
 	// Settings is a dictionary of Account settings
 	Settings         *Settings                        `gorm:"embedded;embeddedPrefix:settings_"`
 	Networks         []*networkTypes.Network          `gorm:"foreignKey:AccountID;references:id"`
@@ -906,7 +906,7 @@ func (a *Account) Copy() *Account {
 		networkResources = append(networkResources, resource.Copy())
 	}
-	services := []*reverseproxy.Service{}
+	services := []*service.Service{}
 	for _, service := range a.Services {
 		services = append(services, service.Copy())
 	}
@@ -1814,7 +1814,7 @@ func (a *Account) InjectProxyPolicies(ctx context.Context) {
 	}
 }
-func (a *Account) injectServiceProxyPolicies(ctx context.Context, service *reverseproxy.Service, proxyPeersByCluster map[string][]*nbpeer.Peer) {
+func (a *Account) injectServiceProxyPolicies(ctx context.Context, service *service.Service, proxyPeersByCluster map[string][]*nbpeer.Peer) {
 	for _, target := range service.Targets {
 		if !target.Enabled {
 			continue
@@ -1823,7 +1823,7 @@ func (a *Account) injectServiceProxyPolicies(ctx context.Context, service *rever
 	}
 }
-func (a *Account) injectTargetProxyPolicies(ctx context.Context, service *reverseproxy.Service, target *reverseproxy.Target, proxyPeers []*nbpeer.Peer) {
+func (a *Account) injectTargetProxyPolicies(ctx context.Context, service *service.Service, target *service.Target, proxyPeers []*nbpeer.Peer) {
 	port, ok := a.resolveTargetPort(ctx, target)
 	if !ok {
 		return
@@ -1840,7 +1840,7 @@ func (a *Account) injectTargetProxyPolicies(ctx context.Context, service *revers
 	}
 }
-func (a *Account) resolveTargetPort(ctx context.Context, target *reverseproxy.Target) (int, bool) {
+func (a *Account) resolveTargetPort(ctx context.Context, target *service.Target) (int, bool) {
 	if target.Port != 0 {
 		return target.Port, true
 	}
@@ -1856,7 +1856,7 @@ func (a *Account) resolveTargetPort(ctx context.Context, target *reverseproxy.Ta
 	}
 }
-func (a *Account) createProxyPolicy(service *reverseproxy.Service, target *reverseproxy.Target, proxyPeer *nbpeer.Peer, port int, path string) *Policy {
+func (a *Account) createProxyPolicy(service *service.Service, target *service.Target, proxyPeer *nbpeer.Peer, port int, path string) *Policy {
 	policyID := fmt.Sprintf("proxy-access-%s-%s-%s", service.ID, proxyPeer.ID, path)
 	return &Policy{
 		ID:      policyID,