Feature/deseng536 Redirect landuseplanning.gov.bc.ca to planninginpartnership.ca

CHANGELOG.md

@@ -1,3 +1,8 @@
+### 1.12 July 28, 2024
+* Redirect landuseplanning to planninginpartnership domain [DESENG-536](https://apps.itsm.gov.bc.ca/jira/browse/DESENG-536)
+* Fix local build issue by inputting proper package.json version and removing build step
+* Remove commented-out nginx config
+
 ### 1.11 June 19, 2024
 * Sign up for project updates form not working [DESENG-653](https://apps.itsm.gov.bc.ca/jira/browse/DESENG-653)
 * Restore "land use planning" page hero image, add FAQ page link [DESENG-652](https://apps.itsm.gov.bc.ca/jira/browse/DESENG-652)

openshift/templates/nginx-runtime/Dockerfile

@@ -13,9 +13,6 @@ COPY ./s2i/bin/ /usr/libexec/s2i/
 # Expose this variable to OpenShift
 LABEL io.openshift.s2i.scripts-url=image:///usr/libexec/s2i
 
-# Copy config from source to container
-COPY nginx.conf.template /tmp/
-
 # create empty Environment Settings JS file
 RUN echo "" > /etc/nginx/publicServerEnvironmentSettings.js
 

openshift/templates/nginx-runtime/nginx.conf.template

@@ -1,3 +1,6 @@
+# This config file's functionality has been reassigned to per-environment ConfigMaps in the dev, test, and prod projects in OpenShift
+# It is maintained here for transparency only
+
 worker_processes  auto;
 
 error_log  /var/log/nginx/error.log;
@@ -13,34 +16,15 @@ http {
     default_type  application/octet-stream;
     server_tokens off;
 
-    # ip filtering
-    #%IpFilterRules%
-
-#    geo $loggable {
-#        default 1;
-#        %RealIpFrom% 0;
-#    }
-
     # Use a w3c standard log format
     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                       '$status $body_bytes_sent "$http_referer" '
                       '"$http_user_agent" "$http_x_forwarded_for"';
     access_log  /var/log/nginx/access.log  main;
-#    access_log  /var/log/nginx/access.log  main if=$loggable;
 
     sendfile        on;
-    #tcp_nopush     on;
-
     keepalive_timeout  65;
 
-    #gzip  on;
-
-    #real_ip module
- #   set_real_ip_from %RealIpFrom%;
-    #%AdditionalRealIpFromRules%
- #   real_ip_recursive on;
- #   real_ip_header    X-Forwarded-For;
-
     #throttle zones
     limit_req_zone $binary_remote_addr zone=bra1:10m rate=1r/s;
     limit_req_zone $binary_remote_addr zone=bra3:10m rate=3r/s;
@@ -54,8 +38,9 @@ http {
     client_max_body_size 100m;
 
     server {
-        listen       8080 default_server;
-        server_name  localhost;
+        listen 8080;
+        server_name landuseplanning.gov.bc.ca;
+        rewrite ^/(.*)$ https://planninginpartnership.ca/$1 permanent;
 
         # add in most common security headers
         add_header Content-Security-Policy "default-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'";
@@ -99,15 +84,61 @@ http {
             # Only allow access from localhost
             allow all;
 
-            # Other request should be denied
-            # deny all;
-
             # No need to log this request, its just noise
             access_log off;
         }
 
     }
-
-
 
+    server {
+        listen 8080 default_server;
+        server_name localhost;
+
+        # add in most common security headers
+        add_header Content-Security-Policy "default-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'";
+        add_header Strict-Transport-Security "max-age=86400; includeSubDomains";
+        add_header X-Content-Type-Options "nosniff";
+        add_header X-XSS-Protection 1;
+        add_header X-Frame-Options DENY;
+        add_header X-UA-Compatible "IE=Edge,chrome=1";
+
+        # serve our angular app here
+        location / {
+            # important - the root folder must be where your index.htm file is.
+            root   /tmp/app/dist;
+            index  index.html index.htm;
+            try_files $uri $uri/ /index.html;
+            gzip            on;
+            gzip_min_length 1000;
+            gzip_types      *;
+
+            sendfile off;
+            expires -1;
+
+            # propagate SMGOV_* headers
+            add_header  SMGOV_USERGUID $http_smgov_userguid;
+            add_header  SMGOV_USERDISPLAYNAME  $http_smgov_userdisplayname;
+            add_header  SMGOV_USERTYPE  $http_smgov_usertype;
+            add_header  SMGOV_USERIDENTIFIER  $http_smgov_useridentifier;           
+        }
+
+        # redirect server error pages to the static page /50x.html
+        error_page   500 502 503 504  /50x.html;
+        location = /50x.html {
+            root   /usr/share/nginx/html;
+        }
+
+        # For status of ngnix service, OpenShift is configured to call this
+        location /nginx_status {
+            # Enable Nginx stats
+            stub_status on;
+
+            # Only allow access from localhost
+            allow all;
+
+            # No need to log this request, its just noise
+            access_log off;
+        }
+
+    }
 }

openshift/templates/nginx-runtime/s2i/bin/run

@@ -1,7 +1,5 @@
 #!/bin/bash
 echo run script starting...
-sed "s~%RealIpFrom%~${RealIpFrom:-172.51.0.0/16}~g; s~%IpFilterRules%~${IpFilterRules}~g; s~%AdditionalRealIpFromRules%~${AdditionalRealIpFromRules}~g" /tmp/nginx.conf.template > /etc/nginx/nginx.conf
-
 echo "window.localStorage.setItem('from_public_server--remote_api_path', '${REMOTE_API_PATH:-set-in-project-nginx-runtime}');" > /etc/nginx/publicServerEnvironmentSettings.js;
 echo "window.localStorage.setItem('from_public_server--remote_api_base_path', '${REMOTE_API_BASE_PATH:-set-in-project-nginx-runtime}');" >> /etc/nginx/publicServerEnvironmentSettings.js;
 echo "window.localStorage.setItem('from_public_server--remote_admin_path', '${REMOTE_ADMIN_PATH:-set-in-project-nginx-runtime}');" >> /etc/nginx/publicServerEnvironmentSettings.js;