From 5eb2dd6a33ce0eb0ea758bfa7d4f63b602a0bb14 Mon Sep 17 00:00:00 2001
From: SonOfLope <jonathanlopez@hotmail.ca>
Date: Thu, 7 Nov 2024 11:26:34 -0500
Subject: [PATCH] Enable SSL redirection and ACME challenge support in ingress
 and Dockerfile, and update NGINX configuration for ACME challenge handling.

---
 apps/cedille-wiki/prod/ingress.yaml | 24 ++++++++++++------------
 wiki/Dockerfile                     | 12 ++++--------
 wiki/nginx.conf                     |  4 ++--
 3 files changed, 18 insertions(+), 22 deletions(-)

diff --git a/apps/cedille-wiki/prod/ingress.yaml b/apps/cedille-wiki/prod/ingress.yaml
index a73d876..c71e7af 100644
--- a/apps/cedille-wiki/prod/ingress.yaml
+++ b/apps/cedille-wiki/prod/ingress.yaml
@@ -2,10 +2,10 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: wiki-cedille-ingress
-  namespace: cedille-wiki
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt-prod
-    ingress.kubernetes.io/force-ssl-redirect: "false"
+    ingress.kubernetes.io/force-ssl-redirect: "true"
+    kubernetes.io/tls-acme: "true"
 spec:
   ingressClassName: contour
   tls:
@@ -13,13 +13,13 @@ spec:
       hosts:
         - wiki.omni.cedille.club
   rules:
-    - host: wiki.omni.cedille.club
-      http:
-        paths:
-        - path: /
-          pathType: Prefix
-          backend:
-            service:
-              name: wiki-cedille
-              port:
-                number: 80
+  - host: wiki.omni.cedille.club
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: wiki-cedille
+            port:
+              number: 80
diff --git a/wiki/Dockerfile b/wiki/Dockerfile
index 619fe5e..d6f9492 100644
--- a/wiki/Dockerfile
+++ b/wiki/Dockerfile
@@ -3,25 +3,21 @@ FROM python:3.9-slim AS builder
 WORKDIR /app
 
 ARG WIKI_DIR="wiki/"
-
 COPY ${WIKI_DIR} .
 
 RUN pip install mkdocs mkdocs-material pymdown-extensions
-
 RUN mkdocs build -f mkdocs-fr.yml -d site/fr
-
 RUN mkdocs build -f mkdocs-en.yml -d site/en
 
+RUN mkdir -p /app/site/fr/.well-known/acme-challenge
+
 FROM ghcr.io/nginxinc/nginx-unprivileged:stable-bookworm-perl
 
 COPY --from=builder /app/site/fr /usr/share/nginx/html/
 COPY --from=builder /app/site/en /usr/share/nginx/html/en/
 
-COPY --from=builder /app/docs/assets/* /usr/share/nginx/html/en/assets/
-COPY --from=builder /app/docs/assets/* /usr/share/nginx/html/assets/
-COPY --from=builder /app/docs/stylesheets/* /usr/share/nginx/html/en/stylesheets/
-COPY --from=builder /app/docs/stylesheets/* /usr/share/nginx/html/stylesheets/
-
 COPY --from=builder /app/nginx.conf /etc/nginx/nginx.conf
 
+RUN mkdir -p /tmp/client_temp /tmp/proxy_temp /tmp/fastcgi_temp /tmp/uwsgi_temp /tmp/scgi_temp
+
 EXPOSE 8080
diff --git a/wiki/nginx.conf b/wiki/nginx.conf
index 1acb74b..909ed99 100644
--- a/wiki/nginx.conf
+++ b/wiki/nginx.conf
@@ -39,9 +39,9 @@ http {
 
         absolute_redirect off;
 
-        # Exclude .well-known/acme-challenge from redirection
+        # Serve .well-known/acme-challenge without redirection
         location /.well-known/acme-challenge/ {
-            alias /usr/share/nginx/html/.well-known/acme-challenge/;
+            root /usr/share/nginx/html;
             try_files $uri =404;
         }