Add temp ingress and add some ewwio config.

ministryofjustice · Oct 3, 2024 · d421a09 · d421a09
1 parent 86aac7c
commit d421a09
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 1 deletion.
diff --git a/config/application.php b/config/application.php
@@ -162,6 +162,13 @@
 // ACF License Key
 Config::define('ACF_PRO_LICENSE', env('ACF_PRO_LICENSE'));
 
+// Set to true to turn off automatic optimization of your images.
+// i.e. during migration, when using WP Offload Media - Metadata Tool.
+Config::define('EWWW_IMAGE_OPTIMIZER_NOAUTO', env('EWWW_IMAGE_OPTIMIZER_NOAUTO'));
+
+// Enable "agency" mode, which hides all external links and support resources.
+Config::define('EWWWIO_WHITELABEL', true);
+
 /**
  * Debugging Settings
  */

diff --git a/deploy/production/config.yml b/deploy/production/config.yml
@@ -12,3 +12,5 @@ data:
   # The following IDs are not private, they form part of the publicly visible oauth login url.
   OAUTH_CLIENT_ID: "f508fd07-8504-47ed-a7d1-aa55fd2163d1"
   OAUTH_TENANT_ID: "c6874728-71e6-41fe-a9e1-2e8c36776ad8"
+  WP_REDIS_DISABLED: "true"
+  EWWW_IMAGE_OPTIMIZER_NOAUTO: "true"
diff --git a/deploy/production/ingress.tpl.yml b/deploy/production/ingress.tpl.yml
@@ -1 +1,40 @@
-# Intentionally empty file.
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: intranet-production-ingress
+  namespace: intranet-production
+  annotations:
+    external-dns.alpha.kubernetes.io/set-identifier: intranet-production-ingress-intranet-production-green
+    external-dns.alpha.kubernetes.io/aws-weight: "100"
+    nginx.ingress.kubernetes.io/auth-type: basic
+    nginx.ingress.kubernetes.io/auth-secret: basic-auth-secret
+    nginx.ingress.kubernetes.io/auth-realm: 'Production Access | Authentication Required'
+    # Set vhost so that WP doesn't see prod-intranet.apps... and redirect.
+    nginx.ingress.kubernetes.io/upstream-vhost: intranet.justice.gov.uk
+    nginx.ingress.kubernetes.io/server-snippet: |
+      location = /health {
+        auth_basic off;
+        access_log off;
+        default_type text/plain;
+        add_header Content-Type text/plain;
+        return 200 "OK";
+      }
+      location = /.well-known/security.txt {
+        auth_basic off;
+        return 301 https://raw.githubusercontent.com/ministryofjustice/security-guidance/main/contact/vulnerability-disclosure-security.txt;
+      }
+spec:
+  tls:
+  - hosts:
+    - prod-intranet.apps.live.cloud-platform.service.justice.gov.uk
+  rules:
+  - host: prod-intranet.apps.live.cloud-platform.service.justice.gov.uk
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: nginx-service
+            port:
+              number: 8080