HTTP -> HTTPS upgrade redirects for the staging sites.

There may be a cleaner way to configure this with Kubernetes. For now,
we expose port 80 on the load balancers and let NGINX redirect that
traffic to the HTTPS version of the site.
This commit is contained in:
dandds 2019-08-02 15:30:37 -04:00
parent e5c360452c
commit 27a0569a7e
4 changed files with 44 additions and 0 deletions

View File

@ -6,6 +6,16 @@ metadata:
namespace: atat
data:
nginx-config: |-
server {
listen 8342;
server_name aws.atat.code.mil;
return 301 https://$host$request_uri;
}
server {
listen 8343;
server_name auth-aws.atat.code.mil;
return 301 https://$host$request_uri;
}
server {
server_name aws.atat.code.mil;
# access_log /var/log/nginx/access.log json;

View File

@ -47,8 +47,12 @@ spec:
- name: nginx
image: nginx:alpine
ports:
- containerPort: 8342
name: main-upgrade
- containerPort: 8442
name: main
- containerPort: 8343
name: auth-upgrade
- containerPort: 8443
name: auth
volumeMounts:
@ -169,8 +173,12 @@ metadata:
service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
spec:
ports:
- port: 80
targetPort: 8342
name: http
- port: 443
targetPort: 8442
name: https
selector:
role: web
type: LoadBalancer
@ -186,8 +194,12 @@ metadata:
service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
spec:
ports:
- port: 80
targetPort: 8343
name: http
- port: 443
targetPort: 8443
name: https
selector:
role: web
type: LoadBalancer

View File

@ -6,6 +6,16 @@ metadata:
namespace: atat
data:
nginx-config: |-
server {
listen 8342;
server_name azure.atat.code.mil;
return 301 https://$host$request_uri;
}
server {
listen 8343;
server_name auth-azure.atat.code.mil;
return 301 https://$host$request_uri;
}
server {
server_name azure.atat.code.mil;
# access_log /var/log/nginx/access.log json;

View File

@ -47,8 +47,12 @@ spec:
- name: nginx
image: nginx:alpine
ports:
- containerPort: 8342
name: main-upgrade
- containerPort: 8442
name: main
- containerPort: 8343
name: auth-upgrade
- containerPort: 8443
name: auth
volumeMounts:
@ -168,8 +172,12 @@ metadata:
spec:
loadBalancerIP: 13.92.235.6
ports:
- port: 80
targetPort: 8342
name: http
- port: 443
targetPort: 8442
name: https
selector:
role: web
type: LoadBalancer
@ -184,8 +192,12 @@ metadata:
spec:
loadBalancerIP: 23.100.24.41
ports:
- port: 80
targetPort: 8343
name: http
- port: 443
targetPort: 8443
name: https
selector:
role: web
type: LoadBalancer