Fix non-www redirect support

20tab · Jan 24, 2024 · ccb0a69 · ccb0a69
1 parent db6c436
commit ccb0a69
Show file tree

Hide file tree

Showing 8 changed files with 168 additions and 57 deletions.
diff --git a/{{cookiecutter.project_dirname}}/terraform/base/digitalocean-k8s/variables.tf b/{{cookiecutter.project_dirname}}/terraform/base/digitalocean-k8s/variables.tf
@@ -109,6 +109,7 @@ variable "redis_cluster_region" {
   type        = string
   default     = ""
 }
+
 variable "redis_cluster_version" {
   description = "The DigitalOcean Redis cluster major version."
   type        = string

diff --git a/{{cookiecutter.project_dirname}}/terraform/environment/digitalocean-k8s/main.tf b/{{cookiecutter.project_dirname}}/terraform/environment/digitalocean-k8s/main.tf
@@ -205,6 +205,8 @@ module "routing" {
   tls_certificate_key           = var.tls_certificate_key
 
   monitoring_subdomain = var.monitoring_subdomain
+
+  secondary_domains = var.secondary_domains
 }
 
 /* Secrets */

diff --git a/{{cookiecutter.project_dirname}}/terraform/environment/digitalocean-k8s/variables.tf b/{{cookiecutter.project_dirname}}/terraform/environment/digitalocean-k8s/variables.tf
@@ -208,6 +208,17 @@ variable "s3_secret_key" {
   sensitive   = true
 }
 
+variable "secondary_domains" {
+  description = "An optional list of secondary domains to redirect to the main one."
+  type        = list(string)
+  default     = []
+
+  validation {
+    condition     = length(var.subdomains) > 0
+    error_message = "At least one subdomain must be specified."
+  }
+}
+
 variable "stack_slug" {
   description = "The stack slug (e.g. 'main')."
   type        = string

diff --git a/{{cookiecutter.project_dirname}}/terraform/environment/modules/kubernetes/monitoring/main.tf b/{{cookiecutter.project_dirname}}/terraform/environment/modules/kubernetes/monitoring/main.tf
@@ -53,7 +53,8 @@ resource "helm_release" "loki" {
       "loki.config.storage_config.aws.endpoint"          = var.s3_host
       "loki.config.storage_config.aws.region"            = var.s3_region
       "loki.config.storage_config.aws.secret_access_key" = var.s3_secret_key
-    } : {}
+    } : map()
+
     content {
       name  = set.key
       value = set.value
@@ -91,6 +92,7 @@ resource "helm_release" "grafana" {
       "adminPassword"       = var.grafana_password
       "persistence.enabled" = var.grafana_persistence_enabled
     }
+
     content {
       name  = set.key
       value = set.value

diff --git a/{{cookiecutter.project_dirname}}/terraform/environment/modules/kubernetes/routing/main.tf b/{{cookiecutter.project_dirname}}/terraform/environment/modules/kubernetes/routing/main.tf
@@ -11,6 +11,14 @@ locals {
 
   traefik_hosts = join(", ", [for i in local.domains : "`${i}`"])
 
+  secondary_domains_traefik_hosts = join(", ", [for i in var.secondary_domains : "`${i}`"])
+
+  http_redirect_traefik_hosts = join(", ", [for i in concat(
+    local.domains,
+    var.secondary_domains,
+    local.monitoring_domain != "" ? [local.monitoring_domain] : [],
+  ) : "`${i}`"])
+
   base_middlewares = var.basic_auth_enabled && local.basic_auth_ready ? [{ "name" : "traefik-basic-auth" }] : []
 
   letsencrypt_enabled        = var.letsencrypt_certificate_email != ""
@@ -66,27 +74,6 @@ resource "kubernetes_manifest" "traefik_basic_auth_middleware" {
   }
 }
 
-/* HTTPS Redirect */
-
-resource "kubernetes_manifest" "middleware_redirect_to_https" {
-  count = local.tls_enabled ? 1 : 0
-
-  manifest = {
-    apiVersion = "traefik.containo.us/v1alpha1"
-    kind       = "Middleware"
-    metadata = {
-      name      = "redirect-to-https"
-      namespace = var.namespace
-    }
-    spec = {
-      redirectScheme = {
-        scheme    = "https"
-        permanent = true
-      }
-    }
-  }
-}
-
 /* TLS Secret */
 
 resource "kubernetes_secret_v1" "tls" {
@@ -155,13 +142,13 @@ resource "kubernetes_manifest" "certificate" {
         kind = "Issuer"
       }
       dnsNames = concat(
-        local.domains, local.monitoring_domain != "" ? [local.monitoring_domain] : []
+        local.domains, var.secondary_domains, local.monitoring_domain != "" ? [local.monitoring_domain] : []
       )
     }
   }
 }
 
-/* Traefik Ingress Route */
+/* Main Ingress Route */
 
 resource "kubernetes_manifest" "main_ingress_route" {
   manifest = {
@@ -257,39 +244,6 @@ resource "kubernetes_manifest" "monitoring_ingress_route" {
   }
 }
 
-resource "kubernetes_manifest" "ingressroute_redirect_to_https" {
-  count = local.tls_enabled ? 1 : 0
-
-  manifest = {
-    apiVersion = "traefik.containo.us/v1alpha1"
-    kind       = "IngressRoute"
-    metadata = {
-      name      = "redirect-to-https"
-      namespace = var.namespace
-    }
-    spec = merge(
-      {
-        entryPoints = ["web"]
-        routes = [
-          {
-            kind  = "Rule"
-            match = "Host(${local.traefik_hosts})"
-            middlewares = [
-              { name = "redirect-to-https" }
-            ]
-            services = [
-              {
-                name = coalesce(var.frontend_service_slug, var.backend_service_slug)
-                port = coalesce(var.frontend_service_port, var.backend_service_port)
-              }
-            ]
-          }
-        ]
-      }
-    )
-  }
-}
-
 /* Metrics Ingress Route */
 
 resource "kubernetes_secret_v1" "metrics_basic_auth" {
@@ -373,3 +327,120 @@ resource "kubernetes_manifest" "metrics_ingress_route" {
     )
   }
 }
+
+/* HTTPS Redirect */
+
+resource "kubernetes_manifest" "middleware_redirect_to_https" {
+  count = local.tls_enabled ? 1 : 0
+
+  manifest = {
+    apiVersion = "traefik.io/v1alpha1"
+    kind       = "Middleware"
+    metadata = {
+      name      = "redirect-to-https"
+      namespace = var.namespace
+    }
+    spec = {
+      redirectScheme = {
+        scheme    = "https"
+        permanent = true
+      }
+    }
+  }
+}
+
+resource "kubernetes_manifest" "ingressroute_redirect_to_https" {
+  count = local.tls_enabled ? 1 : 0
+
+  manifest = {
+    apiVersion = "traefik.io/v1alpha1"
+    kind       = "IngressRoute"
+    metadata = {
+      name      = "redirect-to-https"
+      namespace = var.namespace
+    }
+    spec = merge(
+      {
+        entryPoints = ["web"]
+        routes = [
+          {
+            kind  = "Rule"
+            match = "Host(${local.http_redirect_traefik_hosts})"
+            middlewares = [
+              { name = "redirect-to-https" }
+            ]
+            services = [
+              {
+                name = coalesce(var.frontend_service_slug, var.backend_service_slug)
+                port = coalesce(var.frontend_service_port, var.backend_service_port)
+              }
+            ]
+          }
+        ]
+      }
+    )
+  }
+}
+
+/* Secondary Domains Redirect */
+
+resource "kubernetes_manifest" "middleware_secondary_domains_redirect" {
+  manifest = {
+    apiVersion = "traefik.io/v1alpha1"
+    kind       = "Middleware"
+    metadata = {
+      name      = "redirect-secondary-domains"
+      namespace = var.namespace
+    }
+    spec = {
+      redirectRegex = {
+        regex = join(
+          "", [
+            "^(https?)://(?:",
+            join("|", [for i in var.secondary_domains : replace(i, ".", "\\.")]),
+            ")(.*)$"
+          ]
+        )
+        replacement = "$1://${local.domains[0]}$2"
+      }
+    }
+  }
+
+  computed_fields = ["metadata.labels.domain", "metadata.name"]
+}
+
+resource "kubernetes_manifest" "ingressroute_secondary_domains_redirect" {
+  manifest = {
+    apiVersion = "traefik.io/v1alpha1"
+    kind       = "IngressRoute"
+    metadata = {
+      name      = "redirect-secondary-domains"
+      namespace = var.namespace
+    }
+    spec = merge(
+      {
+        entryPoints = local.tls_enabled ? ["websecure"] : ["web"]
+        routes = [
+          {
+            kind  = "Rule"
+            match = "Host(${local.secondary_domains_traefik_hosts})"
+            middlewares = [
+              { name = "redirect-secondary-domains" },
+            ]
+            services = [
+              {
+                name = coalesce(var.frontend_service_slug, var.backend_service_slug)
+                port = coalesce(var.frontend_service_port, var.backend_service_port)
+              }
+            ]
+          }
+        ]
+      },
+      local.letsencrypt_enabled ? {
+        tls = {
+          secretName = "tls-letsencrypt"
+        }
+      } : {}
+    )
+  }
+}
diff --git a/...kiecutter.project_dirname}}/terraform/environment/modules/kubernetes/routing/variables.tf b/...kiecutter.project_dirname}}/terraform/environment/modules/kubernetes/routing/variables.tf
@@ -98,6 +98,17 @@ variable "project_domain" {
   type        = string
 }
 
+variable "secondary_domains" {
+  description = "An optional list of secondary domains to redirect to the main one."
+  type        = list(string)
+  default     = []
+
+  validation {
+    condition     = length(var.subdomains) > 0
+    error_message = "At least one subdomain must be specified."
+  }
+}
+
 variable "subdomains" {
   description = "The subdomains associated to the environment."
   type        = list(string)

diff --git a/{{cookiecutter.project_dirname}}/terraform/environment/other-k8s/main.tf b/{{cookiecutter.project_dirname}}/terraform/environment/other-k8s/main.tf
@@ -131,6 +131,8 @@ module "routing" {
   tls_certificate_key           = var.tls_certificate_key
 
   monitoring_subdomain = var.monitoring_subdomain
+
+  secondary_domains = var.secondary_domains
 }
 
 /* Secrets */

diff --git a/{{cookiecutter.project_dirname}}/terraform/environment/other-k8s/variables.tf b/{{cookiecutter.project_dirname}}/terraform/environment/other-k8s/variables.tf
@@ -224,6 +224,17 @@ variable "s3_secret_key" {
   sensitive   = true
 }
 
+variable "secondary_domains" {
+  description = "An optional list of secondary domains to redirect to the main one."
+  type        = list(string)
+  default     = []
+
+  validation {
+    condition     = length(var.subdomains) > 0
+    error_message = "At least one subdomain must be specified."
+  }
+}
+
 variable "stack_slug" {
   description = "The stack slug (e.g. 'main')."
   type        = string