From d421a093c8ee21a64ee5af47775ec5503c42b779 Mon Sep 17 00:00:00 2001 From: EarthlingDavey <15802017+EarthlingDavey@users.noreply.github.com> Date: Thu, 3 Oct 2024 18:10:49 +0100 Subject: [PATCH] Add temp ingress and add some ewwio config. --- config/application.php | 7 ++++++ deploy/production/config.yml | 2 ++ deploy/production/ingress.tpl.yml | 41 ++++++++++++++++++++++++++++++- 3 files changed, 49 insertions(+), 1 deletion(-) diff --git a/config/application.php b/config/application.php index 7ded3fc17..deed257c7 100644 --- a/config/application.php +++ b/config/application.php @@ -162,6 +162,13 @@ // ACF License Key Config::define('ACF_PRO_LICENSE', env('ACF_PRO_LICENSE')); +// Set to true to turn off automatic optimization of your images. +// i.e. during migration, when using WP Offload Media - Metadata Tool. +Config::define('EWWW_IMAGE_OPTIMIZER_NOAUTO', env('EWWW_IMAGE_OPTIMIZER_NOAUTO')); + +// Enable "agency" mode, which hides all external links and support resources. +Config::define('EWWWIO_WHITELABEL', true); + /** * Debugging Settings */ diff --git a/deploy/production/config.yml b/deploy/production/config.yml index 801326df5..c30531c61 100644 --- a/deploy/production/config.yml +++ b/deploy/production/config.yml @@ -12,3 +12,5 @@ data: # The following IDs are not private, they form part of the publicly visible oauth login url. OAUTH_CLIENT_ID: "f508fd07-8504-47ed-a7d1-aa55fd2163d1" OAUTH_TENANT_ID: "c6874728-71e6-41fe-a9e1-2e8c36776ad8" + WP_REDIS_DISABLED: "true" + EWWW_IMAGE_OPTIMIZER_NOAUTO: "true" diff --git a/deploy/production/ingress.tpl.yml b/deploy/production/ingress.tpl.yml index 1989c04c6..f3dc9d8fb 100644 --- a/deploy/production/ingress.tpl.yml +++ b/deploy/production/ingress.tpl.yml @@ -1 +1,40 @@ -# Intentionally empty file. \ No newline at end of file +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: intranet-production-ingress + namespace: intranet-production + annotations: + external-dns.alpha.kubernetes.io/set-identifier: intranet-production-ingress-intranet-production-green + external-dns.alpha.kubernetes.io/aws-weight: "100" + nginx.ingress.kubernetes.io/auth-type: basic + nginx.ingress.kubernetes.io/auth-secret: basic-auth-secret + nginx.ingress.kubernetes.io/auth-realm: 'Production Access | Authentication Required' + # Set vhost so that WP doesn't see prod-intranet.apps... and redirect. + nginx.ingress.kubernetes.io/upstream-vhost: intranet.justice.gov.uk + nginx.ingress.kubernetes.io/server-snippet: | + location = /health { + auth_basic off; + access_log off; + default_type text/plain; + add_header Content-Type text/plain; + return 200 "OK"; + } + location = /.well-known/security.txt { + auth_basic off; + return 301 https://raw.githubusercontent.com/ministryofjustice/security-guidance/main/contact/vulnerability-disclosure-security.txt; + } +spec: + tls: + - hosts: + - prod-intranet.apps.live.cloud-platform.service.justice.gov.uk + rules: + - host: prod-intranet.apps.live.cloud-platform.service.justice.gov.uk + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: nginx-service + port: + number: 8080