From 27a0569a7e5ccfdc6a3c612f58645376e5186e58 Mon Sep 17 00:00:00 2001
From: dandds <dan-ctr@friends.dds.mil>
Date: Fri, 2 Aug 2019 15:30:37 -0400
Subject: [PATCH] HTTP -> HTTPS upgrade redirects for the staging sites.

There may be a cleaner way to configure this with Kubernetes. For now,
we expose port 80 on the load balancers and let NGINX redirect that
traffic to the HTTPS version of the site.
---
 k8s/aws/atst-nginx-configmap.yml   | 10 ++++++++++
 k8s/aws/aws.yml                    | 12 ++++++++++++
 k8s/azure/atst-nginx-configmap.yml | 10 ++++++++++
 k8s/azure/azure.yml                | 12 ++++++++++++
 4 files changed, 44 insertions(+)

diff --git a/k8s/aws/atst-nginx-configmap.yml b/k8s/aws/atst-nginx-configmap.yml
index 2818ff2d..0a423a16 100644
--- a/k8s/aws/atst-nginx-configmap.yml
+++ b/k8s/aws/atst-nginx-configmap.yml
@@ -6,6 +6,16 @@ metadata:
   namespace: atat
 data:
   nginx-config: |-
+    server {
+        listen 8342;
+        server_name aws.atat.code.mil;
+        return 301 https://$host$request_uri;
+    }
+    server {
+        listen 8343;
+        server_name auth-aws.atat.code.mil;
+        return 301 https://$host$request_uri;
+    }
     server {
         server_name aws.atat.code.mil;
         # access_log /var/log/nginx/access.log json;
diff --git a/k8s/aws/aws.yml b/k8s/aws/aws.yml
index ceaa8993..4fe84e70 100644
--- a/k8s/aws/aws.yml
+++ b/k8s/aws/aws.yml
@@ -47,8 +47,12 @@ spec:
         - name: nginx
           image: nginx:alpine
           ports:
+            - containerPort: 8342
+              name: main-upgrade
             - containerPort: 8442
               name: main
+            - containerPort: 8343
+              name: auth-upgrade
             - containerPort: 8443
               name: auth
           volumeMounts:
@@ -169,8 +173,12 @@ metadata:
     service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
 spec:
   ports:
+  - port: 80
+    targetPort: 8342
+    name: http
   - port: 443
     targetPort: 8442
+    name: https
   selector:
     role: web
   type: LoadBalancer
@@ -186,8 +194,12 @@ metadata:
     service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
 spec:
   ports:
+  - port: 80
+    targetPort: 8343
+    name: http
   - port: 443
     targetPort: 8443
+    name: https
   selector:
     role: web
   type: LoadBalancer
diff --git a/k8s/azure/atst-nginx-configmap.yml b/k8s/azure/atst-nginx-configmap.yml
index c4b55d7a..6b8e1358 100644
--- a/k8s/azure/atst-nginx-configmap.yml
+++ b/k8s/azure/atst-nginx-configmap.yml
@@ -6,6 +6,16 @@ metadata:
   namespace: atat
 data:
   nginx-config: |-
+    server {
+        listen 8342;
+        server_name azure.atat.code.mil;
+        return 301 https://$host$request_uri;
+    }
+    server {
+        listen 8343;
+        server_name auth-azure.atat.code.mil;
+        return 301 https://$host$request_uri;
+    }
     server {
         server_name azure.atat.code.mil;
         # access_log /var/log/nginx/access.log json;
diff --git a/k8s/azure/azure.yml b/k8s/azure/azure.yml
index a3854665..097b1e15 100644
--- a/k8s/azure/azure.yml
+++ b/k8s/azure/azure.yml
@@ -47,8 +47,12 @@ spec:
         - name: nginx
           image: nginx:alpine
           ports:
+            - containerPort: 8342
+              name: main-upgrade
             - containerPort: 8442
               name: main
+            - containerPort: 8343
+              name: auth-upgrade
             - containerPort: 8443
               name: auth
           volumeMounts:
@@ -168,8 +172,12 @@ metadata:
 spec:
   loadBalancerIP: 13.92.235.6
   ports:
+  - port: 80
+    targetPort: 8342
+    name: http
   - port: 443
     targetPort: 8442
+    name: https
   selector:
     role: web
   type: LoadBalancer
@@ -184,8 +192,12 @@ metadata:
 spec:
   loadBalancerIP: 23.100.24.41
   ports:
+  - port: 80
+    targetPort: 8343
+    name: http
   - port: 443
     targetPort: 8443
+    name: https
   selector:
     role: web
   type: LoadBalancer