From ab0183846fb8c5a3aeeb9aba38916f0b454ce0af Mon Sep 17 00:00:00 2001 From: Robbie Blaine Date: Tue, 9 Apr 2024 13:39:01 +0200 Subject: [PATCH] Collapse Yoma Web Domain * Legacy redirects are being handled by Cloudflare * Move Yoma Web from `app.yoma.world` -> `yoma.world` --- helm/keycloak/conf/prod/values.yaml | 6 ++-- helm/yoma-api/conf/prod/secrets.yaml | 8 ++--- helm/yoma-api/conf/prod/values.yaml | 4 +-- helm/yoma-web/conf/prod/secrets.yaml | 6 ++-- helm/yoma-web/conf/prod/values.yaml | 45 ++++------------------------ 5 files changed, 17 insertions(+), 52 deletions(-) diff --git a/helm/keycloak/conf/prod/values.yaml b/helm/keycloak/conf/prod/values.yaml index c57d16a78..72fcbe2f1 100644 --- a/helm/keycloak/conf/prod/values.yaml +++ b/helm/keycloak/conf/prod/values.yaml @@ -4,7 +4,7 @@ ingress: annotations: nginx.ingress.kubernetes.io/configuration-snippet: |- more_clear_headers "Content-Security-Policy"; - add_header Content-Security-Policy "frame-ancestors 'self' https://app.yoma.world; frame-src 'self'; object-src 'none';" always; + add_header Content-Security-Policy "frame-ancestors 'self' https://yoma.world; frame-src 'self'; object-src 'none';" always; rules: - host: auth.yoma.world external: @@ -12,7 +12,7 @@ ingress: annotations: nginx.ingress.kubernetes.io/configuration-snippet: |- more_clear_headers "Content-Security-Policy"; - add_header Content-Security-Policy "frame-ancestors 'self' https://app.yoma.world; frame-src 'self'; object-src 'none';" always; + add_header Content-Security-Policy "frame-ancestors 'self' https://yoma.world; frame-src 'self'; object-src 'none';" always; rules: - host: auth.yoma.world paths: @@ -90,7 +90,7 @@ config-cli: # REALM_YOMA_ADMIN_CLI_SECRET: xxx # SMTP_PASSWORD: SG.xxx CLIENT_YOMA_API_URL: https://api.yoma.world - CLIENT_YOMA_WEB_URL: https://app.yoma.world + CLIENT_YOMA_WEB_URL: https://yoma.world CLIENT_ATINGI_URL: https://online.atingi.org CLIENT_ATINGI_URL_REDIRECT: https://keycloak.atingi.org/realms/master/broker/yoma-prod/endpoint CLIENT_ATINGI_URL_POST_LOGOUT_REDIRECT: https://keycloak.atingi.org/realms/master/broker/yoma-prod/endpoint diff --git a/helm/yoma-api/conf/prod/secrets.yaml b/helm/yoma-api/conf/prod/secrets.yaml index 388364f71..f6c5b9023 100644 --- a/helm/yoma-api/conf/prod/secrets.yaml +++ b/helm/yoma-api/conf/prod/secrets.yaml @@ -1,8 +1,8 @@ appSettings: AppSettings: - AppBaseURL: ENC[AES256_GCM,data:xftWvThOt/XT5O5TlvlxNn8YcuM24g==,iv:9EybiYUwdZb4B1oLcwxLR1Eqtm+AwzVGyBKXc0Jy0mg=,tag:Y46euxmFesYIiFpj/aSFjg==,type:str] + AppBaseURL: ENC[AES256_GCM,data:mXnX/NTKkLG5qUuyL8BZYPjC,iv:PJjNHfoOw7gxz88gEjIQtibUcQNds+zwCIX3Zl+Xcqc=,tag:KtYEV+Dm00YjIkY2h7DNYw==,type:str] AllowedHosts: ENC[AES256_GCM,data:UA==,iv:b2jTfAVIg5m5UXsDMxO7Vb0aaOXVzUfrjKW3jWW9sQI=,tag:mdAAfC6OWEp5ETVb/FDGXA==,type:str] - AllowedOrigins: ENC[AES256_GCM,data:nc4bnLO45HtVHjs8S/MxMJH8jN1meN61gp8vEZgONHkkfe9LQD/8cz+lMpnYIwv/PN4PGXjioUOy4AhHEkhAY8vN,iv:Cj1xKjdcsfR/ueF65IWYeTj8rFPmuq9eQUsUhxucusg=,tag:jnkySr9+7JPKlnDk1Vv67Q==,type:str] + AllowedOrigins: ENC[AES256_GCM,data:CNqSURbt9C6/DOVVzuFQy5HH9HN8AUDz4RTBHZOPL0Lq6PRzTPZVLS99qgmzpSnIltkio0QVVkSI8pGVC+s=,iv:esZJu7Rou4um7DvjZ4eswPO83i9EcItrqJR5fjslfAI=,tag:Sd95KKbdcvSB1UAy8LrLCg==,type:str] SSIIssuerNameYomaOrganization: ENC[AES256_GCM,data:1UBhaKVM3/BzQMC7dZkEPR2IrEaApCGxtHjjM2FyAg==,iv:hCas3b8m69wkSbV88r8UFc4Te3m2yzPOxL7rPlmshPo=,tag:++aG0GuZTB9kg2ZsVEB3HQ==,type:str] SSISchemaFullNameYoID: ENC[AES256_GCM,data:Fw+km5h8tCFDXPXW,iv:j4jLOcvrkidYN/GwkiT7aermN+tWTW945mdHNOoigx4=,tag:oi14XSI4P8cjJYjxxu22sQ==,type:str] TestDataSeedingEnvironments: ENC[AES256_GCM,data:SFs+lLIw/lLhZO+bivrvmzse,iv:npnOtJQrfKnOkNmonfKQ/Ejrblv+ttreUrF8hk298pE=,tag:CDzqfx4+h7H6iR9GZkJKgQ==,type:str] @@ -103,8 +103,8 @@ sops: azure_kv: [] hc_vault: [] age: [] - lastmodified: "2024-04-09T15:33:31Z" - mac: ENC[AES256_GCM,data:vgIw2ga0Wq147CzfistOYeYeB0mY/EzKMtIemdJoer6xBiDr7Th1y/IKSyqNpU+anMeKNBLdyoE1NOtMCPIktcwSIcZ6zpbfdovpSwGXbkvfXBaQn9wfO+RHRyTRFK29+kLVZQzi3uI8FFQ1D+BN322xO8EoCH18b9TPYP+hu98=,iv:WMHmdtkfeES/YaOU5UOOMuxRw6zzEu0QxYwneTxdEjE=,tag:XxZrQGmKoBcCoYfhQJxMow==,type:str] + lastmodified: "2024-04-10T08:47:02Z" + mac: ENC[AES256_GCM,data:04KGE0zpi29AW18w/UHboK2Poou30KPoH3KzcGBA7mQe1ymTHEM9PrccSiKhXSX2edxVLlJIHxk00CG7L0riX3DBFcfJm08p95lNN7J05+S5mz4Y+isy3/jb7TnrBSGYaVRJUtbrZFyx6bknNNpWK7U56G/fFKGXhYE3B1BjkzA=,iv:3uM39ndh8AV9VE1sr+A3i13mdEyHBQOmu34jRfSLCRs=,tag:yZ7f8jegLVK2uyrtu4pcrw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/helm/yoma-api/conf/prod/values.yaml b/helm/yoma-api/conf/prod/values.yaml index 4aee05fe5..759d9848a 100644 --- a/helm/yoma-api/conf/prod/values.yaml +++ b/helm/yoma-api/conf/prod/values.yaml @@ -12,7 +12,7 @@ ingress: className: nginx-internal annotations: nginx.ingress.kubernetes.io/enable-cors: "true" - nginx.ingress.kubernetes.io/cors-allow-origin: "https://app.yoma.world" + nginx.ingress.kubernetes.io/cors-allow-origin: "https://yoma.world" rules: - host: api.yoma.world external: @@ -20,7 +20,7 @@ ingress: className: nginx-external annotations: nginx.ingress.kubernetes.io/enable-cors: "true" - nginx.ingress.kubernetes.io/cors-allow-origin: "https://app.yoma.world" + nginx.ingress.kubernetes.io/cors-allow-origin: "https://yoma.world" nginx.ingress.kubernetes.io/server-snippet: | location /hangfire { deny all; diff --git a/helm/yoma-web/conf/prod/secrets.yaml b/helm/yoma-web/conf/prod/secrets.yaml index ceb08d5df..f3228d299 100644 --- a/helm/yoma-web/conf/prod/secrets.yaml +++ b/helm/yoma-web/conf/prod/secrets.yaml @@ -2,7 +2,7 @@ envSecret: NEXTAUTH_SECRET: ENC[AES256_GCM,data:MmcE7brrm2Ug2OqVb+YxnnyRotBAPQw7WJAX/7p1Xjg=,iv:7M+sMcZ1ft3aUoK3cK4QNl8mfPWhgQxyWzZ28bj6fL4=,tag:tuQmadxe+44sTlEYyu5ksg==,type:str] KEYCLOAK_CLIENT_ID: ENC[AES256_GCM,data:M7+DUh94un4=,iv:r0H9Kef5fyuJLHTGD9LZZaw/0g8EwQLJHwL7dqnqHiU=,tag:TTTrS5zA3f/AP/nIqVq0zQ==,type:str] KEYCLOAK_CLIENT_SECRET: ENC[AES256_GCM,data:wfg2edoHyTZobha23ThqnPvYB+uHwGq0G+/e4uoDRiE=,iv:0dlmERk0ixs126PK7AW00tQkBSdzhuH/ekix+T4281E=,tag:NAajmAtwwr2nB7BcnRB1OA==,type:str] - NEXTAUTH_URL: ENC[AES256_GCM,data:sF/lGL+dwCpzgljcoImu3zZPKj09Iw==,iv:Y1reaaVf4LaYzaDCg2NNvO0fsKugOCP2w/MbAbcRfkk=,tag:1NfOJIE+Dzp7Rwvd9N27Ig==,type:str] + NEXTAUTH_URL: ENC[AES256_GCM,data:mvED1DMDHyMQKy/64f95EIE2,iv:Z6ExR75Tlymswy7VdBe+3bMimEDAgecjtAerwxsT64Y=,tag:qNkBhrlFnKa1zItaav+5ew==,type:str] API_BASE_URL: ENC[AES256_GCM,data:pL3RxaZ6Z2VxtIld/xJJUU7yKwt5pVtftW3h,iv:nIvKD2F+JVTyfbhLysqciNvn/gJ5XmGHPncnLnA3kDQ=,tag:OrEh8A0c8RPenyqhnSqeUA==,type:str] KEYCLOAK_ISSUER: ENC[AES256_GCM,data:5Izgw0A6pEzqTzI3PGQgtYLCuVY5GkYHyVMG8UGR+gd9Iyo=,iv:Krp7wjQuX2QTqk7IfZSrKcD0+1cl5Ut/oeIWVWrh22c=,tag:MOpUe6JlE5tpVsPL6C3FQg==,type:str] NEXT_PUBLIC_GOOGLE_MAPS_API_KEY: ENC[AES256_GCM,data:qlIgT1/4//PkVhifm9g1bAWliBcjB6XZmN6VH4GWmvZG+3YPdqxr,iv:I+4Df6apJYnBnOQ+RY4BaPm2pDPLY3mJTNnJmMCVSA4=,tag:a3pR+GYHcGEpwRoEa0IETQ==,type:str] @@ -21,8 +21,8 @@ sops: azure_kv: [] hc_vault: [] age: [] - lastmodified: "2024-04-03T14:15:19Z" - mac: ENC[AES256_GCM,data:vMwVhbt/MddZ4T9iH5t/bg+rtQaQlpJ0ICp0N2y1eVcQKoC/1iDPcz+S2DhJSc+uS8fwlUNQr+23eIwh2O6PsoSkZm9sGSnz3UQyZRdmI9zYiCw4OTHona4HsNo9Khzmj7onTWNh2oGfIetsnaPxlLSeDRoCHOeqVQCskW2wdfA=,iv:Rd+FH5nWmAA6kJIblyzUV6MbpFJGSnvkcVrWTn9vekU=,tag:P24eG7DfN7vMdwvSqf3/Tg==,type:str] + lastmodified: "2024-04-08T18:13:55Z" + mac: ENC[AES256_GCM,data:vZvsTx1jagOgRfLEkVsvOfN/H4iFBJQ7+3UFEOTSLAEkLacsjbYceqYa2+5aNY10c/uCZ/Q+Y1+16JsRiRXWWYu2mfPyvqq5EHvjrsIztbfq96xUZGmXmPhdm3mll2Y52b2+kwMzgTt7JLAxzonNGgalxzXsSygly3aS7bc0HJw=,iv:lZqcKisApcva0vgT9zqzJ+keehxS5pVljnqVhG0s1cw=,tag:VQCsOEVaaisQKfV+074U2w==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/helm/yoma-web/conf/prod/values.yaml b/helm/yoma-web/conf/prod/values.yaml index 5dc166966..4c131632e 100644 --- a/helm/yoma-web/conf/prod/values.yaml +++ b/helm/yoma-web/conf/prod/values.yaml @@ -14,50 +14,15 @@ ingress: annotations: nginx.ingress.kubernetes.io/proxy-buffer-size: 32k nginx.ingress.kubernetes.io/configuration-snippet: |- - if ($host = 'app.yoma.africa') { - rewrite ^ https://app.yoma.world$request_uri permanent; - } - if ($host = 'partner.yoma.world') { - rewrite ^ https://app.yoma.world$request_uri permanent; - } - if ($request_uri = '/register') { - rewrite ^ https://app.yoma.world permanent; - } - if ($request_uri = '/login') { - rewrite ^ https://app.yoma.world permanent; - } - if ($request_uri = '/employer/auth/login') { - rewrite ^ https://app.yoma.world permanent; + if ($host = 'www.yoma.world') { + rewrite ^ https://yoma.world/$request_uri permanent; } rules: - - host: app.yoma.world - - host: partner.yoma.world - - host: app.yoma.africa + - host: yoma.world + - host: www.yoma.world external: enabled: true annotations: nginx.ingress.kubernetes.io/proxy-buffer-size: 32k - nginx.ingress.kubernetes.io/configuration-snippet: |- - if ($host = 'app.yoma.africa') { - rewrite ^ https://app.yoma.world$request_uri permanent; - } - if ($host = 'partner.yoma.world') { - rewrite ^ https://app.yoma.world$request_uri permanent; - } - if ($host = 'www.yoma.world') { - rewrite ^ https://app.yoma.world$request_uri permanent; - } - if ($request_uri = '/register') { - rewrite ^ https://app.yoma.world permanent; - } - if ($request_uri = '/login') { - rewrite ^ https://app.yoma.world permanent; - } - if ($request_uri = '/employer/auth/login') { - rewrite ^ https://app.yoma.world permanent; - } rules: - - host: app.yoma.world - - host: partner.yoma.world - - host: app.yoma.africa - - host: www.yoma.world + - host: yoma.world