Enable SSL redirection and ACME challenge support in ingress and Dock…

…erfile, and update NGINX configuration for ACME challenge handling.
ClubCedille · Nov 7, 2024 · 5eb2dd6 · 5eb2dd6
1 parent aa3af4d
commit 5eb2dd6
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 22 deletions.
diff --git a/apps/cedille-wiki/prod/ingress.yaml b/apps/cedille-wiki/prod/ingress.yaml
@@ -2,24 +2,24 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: wiki-cedille-ingress
-  namespace: cedille-wiki
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt-prod
-    ingress.kubernetes.io/force-ssl-redirect: "false"
+    ingress.kubernetes.io/force-ssl-redirect: "true"
+    kubernetes.io/tls-acme: "true"
 spec:
   ingressClassName: contour
   tls:
     - secretName: wiki-tls
       hosts:
         - wiki.omni.cedille.club
   rules:
-    - host: wiki.omni.cedille.club
-      http:
-        paths:
-        - path: /
-          pathType: Prefix
-          backend:
-            service:
-              name: wiki-cedille
-              port:
-                number: 80
+  - host: wiki.omni.cedille.club
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: wiki-cedille
+            port:
+              number: 80
diff --git a/wiki/Dockerfile b/wiki/Dockerfile
@@ -3,25 +3,21 @@ FROM python:3.9-slim AS builder
 WORKDIR /app
 
 ARG WIKI_DIR="wiki/"
-
 COPY ${WIKI_DIR} .
 
 RUN pip install mkdocs mkdocs-material pymdown-extensions
-
 RUN mkdocs build -f mkdocs-fr.yml -d site/fr
-
 RUN mkdocs build -f mkdocs-en.yml -d site/en
 
+RUN mkdir -p /app/site/fr/.well-known/acme-challenge
+
 FROM ghcr.io/nginxinc/nginx-unprivileged:stable-bookworm-perl
 
 COPY --from=builder /app/site/fr /usr/share/nginx/html/
 COPY --from=builder /app/site/en /usr/share/nginx/html/en/
 
-COPY --from=builder /app/docs/assets/* /usr/share/nginx/html/en/assets/
-COPY --from=builder /app/docs/assets/* /usr/share/nginx/html/assets/
-COPY --from=builder /app/docs/stylesheets/* /usr/share/nginx/html/en/stylesheets/
-COPY --from=builder /app/docs/stylesheets/* /usr/share/nginx/html/stylesheets/
-
 COPY --from=builder /app/nginx.conf /etc/nginx/nginx.conf
 
+RUN mkdir -p /tmp/client_temp /tmp/proxy_temp /tmp/fastcgi_temp /tmp/uwsgi_temp /tmp/scgi_temp
+
 EXPOSE 8080
diff --git a/wiki/nginx.conf b/wiki/nginx.conf
@@ -39,9 +39,9 @@ http {
 
         absolute_redirect off;
 
-        # Exclude .well-known/acme-challenge from redirection
+        # Serve .well-known/acme-challenge without redirection
         location /.well-known/acme-challenge/ {
-            alias /usr/share/nginx/html/.well-known/acme-challenge/;
+            root /usr/share/nginx/html;
             try_files $uri =404;
         }