From a42ff1f186c98d8f05f1639f658dac6d6f16d8fc Mon Sep 17 00:00:00 2001 From: vebnor Date: Fri, 1 Mar 2024 08:51:23 +0100 Subject: [PATCH 01/65] teste gcp deploy --- .github/workflows/deploy-docker-image-gcp.yml | 79 ++++++++++++++ deploy/dev-gcp.yml | 100 ++++++++++++++++++ deploy/prod-fss-k9saksbehandling copy.yml | 100 ++++++++++++++++++ 3 files changed, 279 insertions(+) create mode 100644 .github/workflows/deploy-docker-image-gcp.yml create mode 100644 deploy/dev-gcp.yml create mode 100644 deploy/prod-fss-k9saksbehandling copy.yml diff --git a/.github/workflows/deploy-docker-image-gcp.yml b/.github/workflows/deploy-docker-image-gcp.yml new file mode 100644 index 0000000000..5e9fd560e7 --- /dev/null +++ b/.github/workflows/deploy-docker-image-gcp.yml @@ -0,0 +1,79 @@ +name: Deploy Docker image +on: + push: + paths-ignore: + - '**.md' + - '.gitignore' + - 'CODEOWNERS' + branches: + - GCP-migrering + +jobs: + deploy-docker-image: + name: Deploy Docker image + runs-on: ubuntu-latest + permissions: + issues: write + contents: read + id-token: write + # needs: [test, lint-tscheck-build] + outputs: + image: ${{ steps.docker-push.outputs.image }} + steps: + - name: Hente kode + uses: actions/checkout@v4 + + - name: Setup .yarnrc.yml + run: | + yarn config set npmScopes.navikt.npmRegistryServer "https://npm.pkg.github.com" + yarn config set npmScopes.navikt.npmAlwaysAuth true + yarn config set npmScopes.navikt.npmAuthToken $NPM_AUTH_TOKEN + env: + NPM_AUTH_TOKEN: ${{ secrets.READER_TOKEN }} + + - name: Sette opp Node + uses: actions/setup-node@v4 + with: + node-version: '18' + cache: 'yarn' + + - name: Set timestamp + run: echo "TIMESTAMP=$(expr $(date +%Y%m%d%H%M%S))" >> $GITHUB_ENV + + - name: Installere dependencies + run: HUSKY=0 yarn install --immutable + + - name: Bygge dist + run: yarn build + + - uses: nais/docker-build-push@v0 + id: docker-push + with: + tag: 'latest' + team: k9saksbehandling + project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }} + identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} + + - name: Sett image for nais deploy + run: | + echo "IMAGE=${{steps.docker-push.outputs.image}}" >> $GITHUB_OUTPUT + + - name: Promoter til cluster og namespace + uses: nais/deploy/actions/deploy@v2 + env: + PRINT_PAYLOAD: true + CLUSTER: dev-gcp + RESOURCE: deploy/dev-gcp.yml + + trivy: + needs: [deploy-docker-image] + uses: navikt/sif-gha-workflows/.github/workflows/trivy.yml@main + permissions: + contents: write + id-token: write + security-events: write + actions: read + secrets: inherit + with: + image: ${{ needs.deploy-docker-image.outputs.image }} + team: k9saksbehandling diff --git a/deploy/dev-gcp.yml b/deploy/dev-gcp.yml new file mode 100644 index 0000000000..eb6a26ba19 --- /dev/null +++ b/deploy/dev-gcp.yml @@ -0,0 +1,100 @@ +apiVersion: "nais.io/v1alpha1" +kind: "Application" +metadata: + name: k9-sak-web + namespace: k9saksbehandling + labels: + team: k9saksbehandling + annotations: + nais.io/run-as-user: "101" # Fix permissions for nginx + nais.io/read-only-file-system: "false" # Fix permissions for nginx + nginx.ingress.kubernetes.io/proxy-buffer-size: "32k" + nginx.ingress.kubernetes.io/proxy-read-timeout: "600" + nginx.ingress.kubernetes.io/proxy-send-timeout: "600" +spec: + image: { { image } } + port: 9000 + liveness: + path: /isAlive + initialDelay: 20 + timeout: 1 + periodSeconds: 5 + failureThreshold: 10 + readiness: + path: /isReady + initialDelay: 20 + timeout: 1 + replicas: + min: 2 + max: 3 + cpuThresholdPercentage: 50 + resources: + limits: + cpu: 500m + memory: 64Mi + requests: + cpu: 200m + memory: 32Mi + ingresses: + - "https://k9.dev.intern.nav.no/" + env: + - name: APP_NAME + value: k9-sak-web + - name: APP_URL + value: "https://k9-sak.dev-fss-pub.nais.io" + - name: APP_PORT + value: "9000" + - name: APP_URL_K9FORMIDLING + value: "https://k9-formidling.dev-fss-pub.nais.io" + - name: APP_URL_K9FORMIDLING_DD + value: "https://k9-formidling-dokumentdata.dev-fss-pub.nais.io" + - name: APP_URL_K9OPPDRAG + value: "https://k9-oppdrag.dev-fss-pub.nais.io" + - name: APP_URL_KLAGE + value: "http://k9-klage.k9saksbehandling" + - name: APP_URL_K9TILBAKE + value: "http://k9-tilbake.default" + - name: APP_URL_K9FORDEL + value: "http://k9-fordel.k9saksbehandling" + - name: ENDRINGSLOGG_URL + value: "https://familie-endringslogg.intern.dev.nav.no/" + + # Feature-flag + - name: KLAGE_KABAL + value: "true" + - name: VARSELTEKST + value: "true" + - name: DOKUMENTDATA + value: "true" + - name: UNNTAKSBEHANDLING + value: "true" + - name: KLAGEBEHANDLING + value: "true" + - name: TILBAKE + value: "true" + - name: SOKNADPERIODESTRIPE + value: "false" + - name: TYPE_MEDISINSKE_OPPLYSNINGER_BREV + value: "true" + - name: LOS_MARKER_BEHANDLING + value: "true" + - name: LOS_MARKER_BEHANDLING_SUBMIT + value: "true" + - name: AKSJONSPUNKT_9014 + value: "true" + - name: AKSJONSPUNKT_9015 + value: "true" + - name: FRITEKST_REDIGERING + value: "true" + - name: INKLUDER_KALENDER_PILS + value: "true" + - name: SKJUL_AVSLUTTET_ARBEIDSGIVER + value: "true" + - name: OMS_PUNSJSTRIPE + value: "true" + - name: OMSORGEN_FOR_PERIODISERT + value: "true" + - name: OVERSTYR_BEREGNING + value: "true" + - name: "OVERSTYRING_UTTAK" + value: "true" diff --git a/deploy/prod-fss-k9saksbehandling copy.yml b/deploy/prod-fss-k9saksbehandling copy.yml new file mode 100644 index 0000000000..8c5f9cf75f --- /dev/null +++ b/deploy/prod-fss-k9saksbehandling copy.yml @@ -0,0 +1,100 @@ +apiVersion: "nais.io/v1alpha1" +kind: "Application" +metadata: + name: k9-sak-web + namespace: k9saksbehandling + labels: + team: k9saksbehandling + annotations: + nais.io/run-as-user: "101" # Fix permissions for nginx + nais.io/read-only-file-system: "false" # Fix permissions for nginx + nginx.ingress.kubernetes.io/proxy-buffer-size: "32k" + nginx.ingress.kubernetes.io/proxy-read-timeout: "600" + nginx.ingress.kubernetes.io/proxy-send-timeout: "600" +spec: + image: {{ image }} + port: 9000 + liveness: + path: /isAlive + initialDelay: 20 + timeout: 1 + periodSeconds: 5 + failureThreshold: 10 + readiness: + path: /isReady + initialDelay: 20 + timeout: 1 + replicas: + min: 2 + max: 3 + cpuThresholdPercentage: 50 + resources: + limits: + cpu: 500m + memory: 64Mi + requests: + cpu: 200m + memory: 32Mi + ingresses: + - "https://k9.intern.nav.no/" + env: + - name: APP_NAME + value: k9-sak-web + - name: APP_URL + value: "http://k9-sak" + - name: APP_PORT + value: "9000" + - name: APP_URL_K9FORMIDLING + value: "http://k9-formidling" + - name: APP_URL_K9FORMIDLING_DD + value: "http://k9-formidling-dokumentdata.k9saksbehandling" + - name: APP_URL_K9OPPDRAG + value: "http://k9-oppdrag.k9saksbehandling" + - name: APP_URL_KLAGE + value: "http://k9-klage.k9saksbehandling" + - name: APP_URL_K9TILBAKE + value: "http://k9-tilbake.k9saksbehandling" + - name: APP_URL_K9FORDEL + value: "http://k9-fordel.k9saksbehandling" + - name: ENDRINGSLOGG_URL + value: "https://familie-endringslogg.intern.nav.no/" + + # Feature-flag + - name: KLAGE_KABAL + value: "true" + - name: VARSELTEKST + value: "false" + - name: DOKUMENTDATA + value: "false" + - name: UNNTAKSBEHANDLING + value: "false" + - name: KLAGEBEHANDLING + value: "true" + - name: TILBAKE + value: "true" + - name: SOKNADPERIODESTRIPE + value: "false" + - name: TYPE_MEDISINSKE_OPPLYSNINGER_BREV + value: "true" + - name: LOS_MARKER_BEHANDLING + value: "true" + - name: LOS_MARKER_BEHANDLING_SUBMIT + value: "false" + - name: AKSJONSPUNKT_9014 + value: "true" + - name: AKSJONSPUNKT_9015 + value: "true" + - name: FRITEKST_REDIGERING + value: "true" + - name: INKLUDER_KALENDER_PILS + value: "false" + - name: SKJUL_AVSLUTTET_ARBEIDSGIVER + value: "false" + - name: OMS_PUNSJSTRIPE + value: "true" + - name: OMSORGEN_FOR_PERIODISERT + value: "true" + - name: OVERSTYR_BEREGNING + value: "false" + - name: "OVERSTYRING_UTTAK" + value: "false" From 030c4dba2c3ff27f1b62dbd274c71c7fa7e0239f Mon Sep 17 00:00:00 2001 From: vebnor Date: Fri, 1 Mar 2024 08:56:38 +0100 Subject: [PATCH 02/65] =?UTF-8?q?autoformattering=20=C3=B8dela=20yaml?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- deploy/dev-gcp.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/dev-gcp.yml b/deploy/dev-gcp.yml index eb6a26ba19..6ee6406247 100644 --- a/deploy/dev-gcp.yml +++ b/deploy/dev-gcp.yml @@ -12,7 +12,7 @@ metadata: nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600" spec: - image: { { image } } + image: {{ image }} port: 9000 liveness: path: /isAlive From c76ed5ca884a21130fa8ef0abbc2a34b407c9889 Mon Sep 17 00:00:00 2001 From: vebnor Date: Fri, 1 Mar 2024 09:13:57 +0100 Subject: [PATCH 03/65] GITHUB_ENV, ikke GITHUB_OUTPUT --- .github/workflows/deploy-docker-image-gcp.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-docker-image-gcp.yml b/.github/workflows/deploy-docker-image-gcp.yml index 5e9fd560e7..987f806c57 100644 --- a/.github/workflows/deploy-docker-image-gcp.yml +++ b/.github/workflows/deploy-docker-image-gcp.yml @@ -56,7 +56,7 @@ jobs: - name: Sett image for nais deploy run: | - echo "IMAGE=${{steps.docker-push.outputs.image}}" >> $GITHUB_OUTPUT + echo "IMAGE=${{steps.docker-push.outputs.image}}" >> $GITHUB_ENV - name: Promoter til cluster og namespace uses: nais/deploy/actions/deploy@v2 From c2470c359ab5aee396f77630d41e96da62b8ba0a Mon Sep 17 00:00:00 2001 From: vebnor Date: Fri, 1 Mar 2024 09:18:09 +0100 Subject: [PATCH 04/65] bruke en ingress som ikke er deprecated :D --- deploy/dev-gcp.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/dev-gcp.yml b/deploy/dev-gcp.yml index 6ee6406247..7d161bc1e5 100644 --- a/deploy/dev-gcp.yml +++ b/deploy/dev-gcp.yml @@ -36,7 +36,7 @@ spec: cpu: 200m memory: 32Mi ingresses: - - "https://k9.dev.intern.nav.no/" + - "https://k9.intern.dev.nav.no/" env: - name: APP_NAME value: k9-sak-web From 2c546ccac329fcc44d52dff242a2967c99e048b8 Mon Sep 17 00:00:00 2001 From: vebnor Date: Fri, 1 Mar 2024 09:24:59 +0100 Subject: [PATCH 05/65] =?UTF-8?q?legger=20inn=20upstream=20hosts=20som=20k?= =?UTF-8?q?an=20n=C3=A5s=20fra=20gcp?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- deploy/dev-gcp.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/dev-gcp.yml b/deploy/dev-gcp.yml index 7d161bc1e5..d1a2e52ba1 100644 --- a/deploy/dev-gcp.yml +++ b/deploy/dev-gcp.yml @@ -51,11 +51,11 @@ spec: - name: APP_URL_K9OPPDRAG value: "https://k9-oppdrag.dev-fss-pub.nais.io" - name: APP_URL_KLAGE - value: "http://k9-klage.k9saksbehandling" + value: "https://k9-klage.dev-fss-pub.nais.io" - name: APP_URL_K9TILBAKE - value: "http://k9-tilbake.default" + value: "https://k9-tilbake.dev-fss-pub.nais.io" - name: APP_URL_K9FORDEL - value: "http://k9-fordel.k9saksbehandling" + value: "https://k9-fordel.dev-fss-pub.nais.io" - name: ENDRINGSLOGG_URL value: "https://familie-endringslogg.intern.dev.nav.no/" From a9cf021af5c634efec0b4372989235a2bffbd3cf Mon Sep 17 00:00:00 2001 From: vebnor Date: Fri, 1 Mar 2024 10:26:46 +0100 Subject: [PATCH 06/65] =?UTF-8?q?pr=C3=B8ve=20=C3=A5=20redeploye?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/deploy-docker-image.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/deploy-docker-image.yml b/.github/workflows/deploy-docker-image.yml index 9e22ed63f9..46940c890b 100644 --- a/.github/workflows/deploy-docker-image.yml +++ b/.github/workflows/deploy-docker-image.yml @@ -68,6 +68,7 @@ jobs: team: k9saksbehandling project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }} identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} + - name: Sett image for nais deploy run: | echo "IMAGE=${{steps.docker-push.outputs.image}}" >> $GITHUB_OUTPUT From a1582c1434c1da9b86e877d153278dde462c3e01 Mon Sep 17 00:00:00 2001 From: vebnor Date: Fri, 1 Mar 2024 10:35:00 +0100 Subject: [PATCH 07/65] =?UTF-8?q?=C2=AF\=5F(=E3=83=84)=5F/=C2=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- deploy/dev-gcp.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/dev-gcp.yml b/deploy/dev-gcp.yml index d1a2e52ba1..1b34264619 100644 --- a/deploy/dev-gcp.yml +++ b/deploy/dev-gcp.yml @@ -41,7 +41,7 @@ spec: - name: APP_NAME value: k9-sak-web - name: APP_URL - value: "https://k9-sak.dev-fss-pub.nais.io" + value: "https://k9-sak.dev-fss-pub.nais.io/" - name: APP_PORT value: "9000" - name: APP_URL_K9FORMIDLING From 7004ecfa211497fb8dacfa3a32b0367770a6fdad Mon Sep 17 00:00:00 2001 From: vebnor Date: Fri, 1 Mar 2024 13:00:49 +0100 Subject: [PATCH 08/65] problem med nginx reverse proxy og SSL --- deploy/dev-gcp.yml | 2 +- proxy.nginx | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/deploy/dev-gcp.yml b/deploy/dev-gcp.yml index 1b34264619..d1a2e52ba1 100644 --- a/deploy/dev-gcp.yml +++ b/deploy/dev-gcp.yml @@ -41,7 +41,7 @@ spec: - name: APP_NAME value: k9-sak-web - name: APP_URL - value: "https://k9-sak.dev-fss-pub.nais.io/" + value: "https://k9-sak.dev-fss-pub.nais.io" - name: APP_PORT value: "9000" - name: APP_URL_K9FORMIDLING diff --git a/proxy.nginx b/proxy.nginx index 39a69ad55c..fcb465d620 100644 --- a/proxy.nginx +++ b/proxy.nginx @@ -60,6 +60,7 @@ server { location "/k9/sak/" { proxy_set_header Host $http_host; + proxy_ssl_server_name on; proxy_pass "${APP_URL}"; proxy_intercept_errors on; error_page 401 = @401_json; From 35e99bc0b46baaa99c8e72673f5dafc67dfc7dfd Mon Sep 17 00:00:00 2001 From: vebnor Date: Fri, 1 Mar 2024 14:01:49 +0100 Subject: [PATCH 09/65] =?UTF-8?q?pr=C3=B8ve=20igjen?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- proxy.nginx | 1 + 1 file changed, 1 insertion(+) diff --git a/proxy.nginx b/proxy.nginx index fcb465d620..93aedb5fde 100644 --- a/proxy.nginx +++ b/proxy.nginx @@ -61,6 +61,7 @@ server { location "/k9/sak/" { proxy_set_header Host $http_host; proxy_ssl_server_name on; + proxy_http_version 1.1; proxy_pass "${APP_URL}"; proxy_intercept_errors on; error_page 401 = @401_json; From 5b02e7f38571f38b0c05b6e40caa131057e86a85 Mon Sep 17 00:00:00 2001 From: vebnor Date: Fri, 1 Mar 2024 14:53:32 +0100 Subject: [PATCH 10/65] Access policy outbound :-) --- deploy/dev-gcp.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/deploy/dev-gcp.yml b/deploy/dev-gcp.yml index d1a2e52ba1..5f77c03909 100644 --- a/deploy/dev-gcp.yml +++ b/deploy/dev-gcp.yml @@ -37,6 +37,10 @@ spec: memory: 32Mi ingresses: - "https://k9.intern.dev.nav.no/" + accessPolicy: + outbound: + external: + - host: k9-sak.dev-fss-pub.nais.io env: - name: APP_NAME value: k9-sak-web From 1523e1ce39192fc20a7958507726dafec9b9e232 Mon Sep 17 00:00:00 2001 From: vebnor Date: Fri, 1 Mar 2024 14:56:27 +0100 Subject: [PATCH 11/65] rydde --- proxy.nginx | 2 -- 1 file changed, 2 deletions(-) diff --git a/proxy.nginx b/proxy.nginx index 93aedb5fde..39a69ad55c 100644 --- a/proxy.nginx +++ b/proxy.nginx @@ -60,8 +60,6 @@ server { location "/k9/sak/" { proxy_set_header Host $http_host; - proxy_ssl_server_name on; - proxy_http_version 1.1; proxy_pass "${APP_URL}"; proxy_intercept_errors on; error_page 401 = @401_json; From 49643272a79ec52979469bddd754ba0c8850744c Mon Sep 17 00:00:00 2001 From: vebnor Date: Fri, 1 Mar 2024 15:11:22 +0100 Subject: [PATCH 12/65] =?UTF-8?q?pr=C3=B8ver=20=C3=A5=20fjerne=20error=20p?= =?UTF-8?q?age=20og=20ser=20hva=20vi=20f=C3=A5r?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- proxy.nginx | 1 - 1 file changed, 1 deletion(-) diff --git a/proxy.nginx b/proxy.nginx index 39a69ad55c..eca96a6a1b 100644 --- a/proxy.nginx +++ b/proxy.nginx @@ -64,7 +64,6 @@ server { proxy_intercept_errors on; error_page 401 = @401_json; error_page 403 = @403_json; - error_page 404 = @404_json; error_page 504 = @504_json; } From e4460391f06cdcc026030a1dce9a42392ea3d777 Mon Sep 17 00:00:00 2001 From: vebnor Date: Fri, 1 Mar 2024 15:42:14 +0100 Subject: [PATCH 13/65] test --- deploy/dev-gcp.yml | 2 +- start-server.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/dev-gcp.yml b/deploy/dev-gcp.yml index 5f77c03909..1477c9b63a 100644 --- a/deploy/dev-gcp.yml +++ b/deploy/dev-gcp.yml @@ -36,7 +36,7 @@ spec: cpu: 200m memory: 32Mi ingresses: - - "https://k9.intern.dev.nav.no/" + - "https://k9.intern.dev.nav.no" accessPolicy: outbound: external: diff --git a/start-server.sh b/start-server.sh index a92535f1f7..65805d1b68 100755 --- a/start-server.sh +++ b/start-server.sh @@ -20,7 +20,7 @@ export APP_PORT="${APP_PORT:-443}" export APP_NAME="${APP_NAME:-devimg}" export APP_VERSION="${APP_VERSION:-localhost}" -envsubst '$APP_URL $APP_PORT $APP_HOSTNAME $APP_NAME $APP_VERSION $APP_PATH_PREFIX $APP_URL_K9FORMIDLING $APP_URL_K9FORMIDLING_DD $APP_URL_K9OPPDRAG $APP_URL_KLAGE $APP_URL_K9TILBAKE $APP_URL_K9FORDEL $ENDRINGSLOGG_URL' < /etc/nginx/conf.d/app.conf.template > /etc/nginx/conf.d/default.conf +envsubst '$APP_URL $APP_PORT $APP_HOSTNAME $APP_NAME $APP_VERSION $APP_URL_K9FORMIDLING $APP_URL_K9FORMIDLING_DD $APP_URL_K9OPPDRAG $APP_URL_KLAGE $APP_URL_K9TILBAKE $APP_URL_K9FORDEL $ENDRINGSLOGG_URL' < /etc/nginx/conf.d/app.conf.template > /etc/nginx/conf.d/default.conf echo "### Nginx conf ###" cat /etc/nginx/conf.d/default.conf From 23e3da2cdf8bf52af7df46d286b8a6e2e54c1f60 Mon Sep 17 00:00:00 2001 From: vebnor Date: Fri, 1 Mar 2024 15:45:14 +0100 Subject: [PATCH 14/65] rydde --- .github/workflows/deploy-docker-image-gcp.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/deploy-docker-image-gcp.yml b/.github/workflows/deploy-docker-image-gcp.yml index 987f806c57..26c478c0b0 100644 --- a/.github/workflows/deploy-docker-image-gcp.yml +++ b/.github/workflows/deploy-docker-image-gcp.yml @@ -16,7 +16,6 @@ jobs: issues: write contents: read id-token: write - # needs: [test, lint-tscheck-build] outputs: image: ${{ steps.docker-push.outputs.image }} steps: From 4ecc66960fe11d01d1a25f6ae3eb53b2cc6647b0 Mon Sep 17 00:00:00 2001 From: vebnor Date: Fri, 1 Mar 2024 15:46:58 +0100 Subject: [PATCH 15/65] boop --- .github/workflows/deploy-docker-image-gcp.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/deploy-docker-image-gcp.yml b/.github/workflows/deploy-docker-image-gcp.yml index 26c478c0b0..cd2f763e2c 100644 --- a/.github/workflows/deploy-docker-image-gcp.yml +++ b/.github/workflows/deploy-docker-image-gcp.yml @@ -1,10 +1,6 @@ name: Deploy Docker image on: push: - paths-ignore: - - '**.md' - - '.gitignore' - - 'CODEOWNERS' branches: - GCP-migrering From 910c5ca91058612ccd17d19b7cb57df7045817f0 Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 10:16:37 +0100 Subject: [PATCH 16/65] access policy --- deploy/dev-gcp.yml | 2 +- proxy.nginx | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/dev-gcp.yml b/deploy/dev-gcp.yml index 1477c9b63a..74e3edcd7f 100644 --- a/deploy/dev-gcp.yml +++ b/deploy/dev-gcp.yml @@ -40,7 +40,7 @@ spec: accessPolicy: outbound: external: - - host: k9-sak.dev-fss-pub.nais.io + - host: "k9-sak.dev-fss-pub.nais.io" env: - name: APP_NAME value: k9-sak-web diff --git a/proxy.nginx b/proxy.nginx index eca96a6a1b..831f14ea1c 100644 --- a/proxy.nginx +++ b/proxy.nginx @@ -41,12 +41,12 @@ server { add_header Cache-Control $custom_cache_control; - # Health check for NAIS location = /k9/feature-toggle/toggles.json { add_header Content-Type application/json; root /tmp/; } + # Health check for NAIS location = /isAlive { return 200 "Application:UP"; add_header Content-Type text/plain; From b6667f7f6b7472ddc0dfc72806f681c42b55a8fd Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 10:35:52 +0100 Subject: [PATCH 17/65] proxy ssl server name --- proxy.nginx | 2 ++ 1 file changed, 2 insertions(+) diff --git a/proxy.nginx b/proxy.nginx index 831f14ea1c..930c01164d 100644 --- a/proxy.nginx +++ b/proxy.nginx @@ -59,11 +59,13 @@ server { } location "/k9/sak/" { + proxy_ssl_server_name on; proxy_set_header Host $http_host; proxy_pass "${APP_URL}"; proxy_intercept_errors on; error_page 401 = @401_json; error_page 403 = @403_json; + error_page 404 = @404_json; error_page 504 = @504_json; } From 88706a2c8d509476b1443f47feb25f1c4feb5db1 Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 10:42:03 +0100 Subject: [PATCH 18/65] fjerne access policy igjen --- deploy/dev-gcp.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/deploy/dev-gcp.yml b/deploy/dev-gcp.yml index 74e3edcd7f..1d04c9f416 100644 --- a/deploy/dev-gcp.yml +++ b/deploy/dev-gcp.yml @@ -37,10 +37,10 @@ spec: memory: 32Mi ingresses: - "https://k9.intern.dev.nav.no" - accessPolicy: - outbound: - external: - - host: "k9-sak.dev-fss-pub.nais.io" +# accessPolicy: +# outbound: +# external: +# - host: "k9-sak.dev-fss-pub.nais.io" env: - name: APP_NAME value: k9-sak-web From 3ff0f397db5c43a8b62bdad2cc6557593b91179e Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 10:51:57 +0100 Subject: [PATCH 19/65] access policy --- deploy/dev-gcp.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/deploy/dev-gcp.yml b/deploy/dev-gcp.yml index 1d04c9f416..74e3edcd7f 100644 --- a/deploy/dev-gcp.yml +++ b/deploy/dev-gcp.yml @@ -37,10 +37,10 @@ spec: memory: 32Mi ingresses: - "https://k9.intern.dev.nav.no" -# accessPolicy: -# outbound: -# external: -# - host: "k9-sak.dev-fss-pub.nais.io" + accessPolicy: + outbound: + external: + - host: "k9-sak.dev-fss-pub.nais.io" env: - name: APP_NAME value: k9-sak-web From aec9c55571799364978eea7c1842ead482234c33 Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 11:25:39 +0100 Subject: [PATCH 20/65] test --- deploy/dev-gcp.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/dev-gcp.yml b/deploy/dev-gcp.yml index 74e3edcd7f..d2ee7347c0 100644 --- a/deploy/dev-gcp.yml +++ b/deploy/dev-gcp.yml @@ -45,7 +45,7 @@ spec: - name: APP_NAME value: k9-sak-web - name: APP_URL - value: "https://k9-sak.dev-fss-pub.nais.io" + value: "https://k9-sak.dev-fss-pub.nais.io/" - name: APP_PORT value: "9000" - name: APP_URL_K9FORMIDLING From 422e6ee526cae10fb52c45561a9f4d33297f8a5e Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 11:41:51 +0100 Subject: [PATCH 21/65] debug --- proxy.nginx | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/proxy.nginx b/proxy.nginx index 930c01164d..4b4db31162 100644 --- a/proxy.nginx +++ b/proxy.nginx @@ -5,6 +5,10 @@ charset utf-8; client_body_buffer_size 20M; # Default er satt veldig lavt. Får problemer med enkelte dokument queries. +log_format debug '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for" ' + 'Request URI: "$request_uri"'; # Expires map map $sent_http_content_type $expires { default off; @@ -22,7 +26,7 @@ map $upstream_http_cache_control $custom_cache_control { server { listen "${APP_PORT}"; server_name "${APP_HOSTNAME}"; - + access_log /dev/stdout debug; # Proxy headers. Will be overwritten if you set them in blocks. proxy_buffers 16 32k; proxy_buffer_size 32k; From b2e8f070eb778a35cdd0e7c553db52809a73d8af Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 11:50:12 +0100 Subject: [PATCH 22/65] =?UTF-8?q?pr=C3=B8ve=20=C3=A5=20logge=20upstream=20?= =?UTF-8?q?address?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- proxy.nginx | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/proxy.nginx b/proxy.nginx index 4b4db31162..588db734bd 100644 --- a/proxy.nginx +++ b/proxy.nginx @@ -5,10 +5,11 @@ charset utf-8; client_body_buffer_size 20M; # Default er satt veldig lavt. Får problemer med enkelte dokument queries. -log_format debug '$remote_addr - $remote_user [$time_local] "$request" ' + log_format debug '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" ' - 'Request URI: "$request_uri"'; + 'Request URI: "$request_uri" ' + 'Upstream Address: "$upstream_addr"'; # Expires map map $sent_http_content_type $expires { default off; From f032e3065b23bd9a8df270985abd07170dd50b87 Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 12:02:37 +0100 Subject: [PATCH 23/65] debug --- proxy.nginx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proxy.nginx b/proxy.nginx index 588db734bd..09bbfe11c7 100644 --- a/proxy.nginx +++ b/proxy.nginx @@ -66,7 +66,7 @@ server { location "/k9/sak/" { proxy_ssl_server_name on; proxy_set_header Host $http_host; - proxy_pass "${APP_URL}"; + proxy_pass "https://k9-sak.dev-fss-pub.nais.io/k9/sak/api/init-fetch"; proxy_intercept_errors on; error_page 401 = @401_json; error_page 403 = @403_json; From eb953fab7b0bb02459b535025cd32f97e352cd56 Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 12:08:42 +0100 Subject: [PATCH 24/65] debug --- proxy.nginx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proxy.nginx b/proxy.nginx index 09bbfe11c7..cf41c7a21b 100644 --- a/proxy.nginx +++ b/proxy.nginx @@ -66,7 +66,7 @@ server { location "/k9/sak/" { proxy_ssl_server_name on; proxy_set_header Host $http_host; - proxy_pass "https://k9-sak.dev-fss-pub.nais.io/k9/sak/api/init-fetch"; + proxy_pass "https://k9-sak.dev-fss-pub.nais.io/k9/sak/api/init-fetch/"; proxy_intercept_errors on; error_page 401 = @401_json; error_page 403 = @403_json; From ab22daa382f25a94cb3f92b5607b702b7a08688f Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 12:24:14 +0100 Subject: [PATCH 25/65] debug --- Dockerfile | 2 +- deploy/dev-gcp.yml | 2 +- proxy.nginx | 8 +------- 3 files changed, 3 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3c26632c94..c9b2237da3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM nginxinc/nginx-unprivileged:stable-alpine-slim +FROM nginx LABEL org.opencontainers.image.source=https://github.com/navikt/k9-sak-web diff --git a/deploy/dev-gcp.yml b/deploy/dev-gcp.yml index d2ee7347c0..74e3edcd7f 100644 --- a/deploy/dev-gcp.yml +++ b/deploy/dev-gcp.yml @@ -45,7 +45,7 @@ spec: - name: APP_NAME value: k9-sak-web - name: APP_URL - value: "https://k9-sak.dev-fss-pub.nais.io/" + value: "https://k9-sak.dev-fss-pub.nais.io" - name: APP_PORT value: "9000" - name: APP_URL_K9FORMIDLING diff --git a/proxy.nginx b/proxy.nginx index cf41c7a21b..a2c8a0e87e 100644 --- a/proxy.nginx +++ b/proxy.nginx @@ -5,11 +5,6 @@ charset utf-8; client_body_buffer_size 20M; # Default er satt veldig lavt. Får problemer med enkelte dokument queries. - log_format debug '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for" ' - 'Request URI: "$request_uri" ' - 'Upstream Address: "$upstream_addr"'; # Expires map map $sent_http_content_type $expires { default off; @@ -27,7 +22,6 @@ map $upstream_http_cache_control $custom_cache_control { server { listen "${APP_PORT}"; server_name "${APP_HOSTNAME}"; - access_log /dev/stdout debug; # Proxy headers. Will be overwritten if you set them in blocks. proxy_buffers 16 32k; proxy_buffer_size 32k; @@ -66,7 +60,7 @@ server { location "/k9/sak/" { proxy_ssl_server_name on; proxy_set_header Host $http_host; - proxy_pass "https://k9-sak.dev-fss-pub.nais.io/k9/sak/api/init-fetch/"; + proxy_pass "${APP_URL}"; proxy_intercept_errors on; error_page 401 = @401_json; error_page 403 = @403_json; From 8d03e6b1fc80d500d9b6ce095ff0503ca0859b9a Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 12:32:12 +0100 Subject: [PATCH 26/65] debug --- start-server.sh | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/start-server.sh b/start-server.sh index 65805d1b68..47d90a93ba 100755 --- a/start-server.sh +++ b/start-server.sh @@ -1,18 +1,7 @@ #!/usr/bin/env bash set -e -_shutdown_() { - # https://github.com/kubernetes/contrib/issues/1140 - # https://github.com/kubernetes/kubernetes/issues/43576 - # https://github.com/kubernetes/kubernetes/issues/64510 - # https://nav-it.slack.com/archives/C5KUST8N6/p1543497847341300 - echo "shutdown initialized, allowing incoming requests for 5 seconds before continuing" - sleep 5 - nginx -s quit - wait "$pid" -} -trap _shutdown_ SIGTERM -[ -d /tmp/k9/feature-toggle ] && echo "Feature toggle-directory finnes fra før, tilbakestiller" && rm -r /tmp/k9/feature-toggle/* || mkdir -p /tmp/k9/feature-toggle + envsubst < /etc/nginx/conf.d/feature-toggles.json > /tmp/k9/feature-toggle/toggles.json export APP_HOSTNAME="${HOSTNAME:-localhost}" From 91392531a95863786f7cfa1e3afce5d833951cce Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 12:36:32 +0100 Subject: [PATCH 27/65] debug --- start-server.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/start-server.sh b/start-server.sh index 47d90a93ba..4eb0026d73 100755 --- a/start-server.sh +++ b/start-server.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash set -e - +[ -d /tmp/k9/feature-toggle ] && echo "Feature toggle-directory finnes fra før, tilbakestiller" && rm -r /tmp/k9/feature-toggle/* || mkdir -p /tmp/k9/feature-toggle envsubst < /etc/nginx/conf.d/feature-toggles.json > /tmp/k9/feature-toggle/toggles.json export APP_HOSTNAME="${HOSTNAME:-localhost}" From fd0b477a233d43344246ade4f67c3b39c5f16aba Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 12:42:10 +0100 Subject: [PATCH 28/65] debug --- deploy/dev-gcp.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/deploy/dev-gcp.yml b/deploy/dev-gcp.yml index 74e3edcd7f..ecf52d7897 100644 --- a/deploy/dev-gcp.yml +++ b/deploy/dev-gcp.yml @@ -6,7 +6,6 @@ metadata: labels: team: k9saksbehandling annotations: - nais.io/run-as-user: "101" # Fix permissions for nginx nais.io/read-only-file-system: "false" # Fix permissions for nginx nginx.ingress.kubernetes.io/proxy-buffer-size: "32k" nginx.ingress.kubernetes.io/proxy-read-timeout: "600" From 07c007f7fb68640b27499229de884ee9070f46b3 Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 12:47:58 +0100 Subject: [PATCH 29/65] debug --- deploy/dev-fss-k9saksbehandling.yml | 2 +- deploy/dev-gcp.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/deploy/dev-fss-k9saksbehandling.yml b/deploy/dev-fss-k9saksbehandling.yml index e2a9172e00..5dc8a370ba 100644 --- a/deploy/dev-fss-k9saksbehandling.yml +++ b/deploy/dev-fss-k9saksbehandling.yml @@ -36,7 +36,7 @@ spec: cpu: 200m memory: 32Mi ingresses: - - "https://k9.dev.intern.nav.no/" + - "https://k9.dev.intern.nav.no" env: - name: APP_NAME value: k9-sak-web diff --git a/deploy/dev-gcp.yml b/deploy/dev-gcp.yml index ecf52d7897..74e3edcd7f 100644 --- a/deploy/dev-gcp.yml +++ b/deploy/dev-gcp.yml @@ -6,6 +6,7 @@ metadata: labels: team: k9saksbehandling annotations: + nais.io/run-as-user: "101" # Fix permissions for nginx nais.io/read-only-file-system: "false" # Fix permissions for nginx nginx.ingress.kubernetes.io/proxy-buffer-size: "32k" nginx.ingress.kubernetes.io/proxy-read-timeout: "600" From 0a95040f01600a074b2628189e452195f3472a23 Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 12:49:41 +0100 Subject: [PATCH 30/65] debug --- Dockerfile | 8 +++++++- deploy/dev-gcp.yml | 2 -- proxy.nginx | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index c9b2237da3..8359b12039 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,12 @@ -FROM nginx +FROM nginx:latest LABEL org.opencontainers.image.source=https://github.com/navikt/k9-sak-web +# Install curl +RUN apt-get update && \ + apt-get install -y curl && \ + rm -rf /var/lib/apt/lists/* + +USER root ADD proxy.nginx /etc/nginx/conf.d/app.conf.template ADD feature-toggles.json /etc/nginx/conf.d/feature-toggles.json diff --git a/deploy/dev-gcp.yml b/deploy/dev-gcp.yml index 74e3edcd7f..24a64e7724 100644 --- a/deploy/dev-gcp.yml +++ b/deploy/dev-gcp.yml @@ -6,8 +6,6 @@ metadata: labels: team: k9saksbehandling annotations: - nais.io/run-as-user: "101" # Fix permissions for nginx - nais.io/read-only-file-system: "false" # Fix permissions for nginx nginx.ingress.kubernetes.io/proxy-buffer-size: "32k" nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600" diff --git a/proxy.nginx b/proxy.nginx index a2c8a0e87e..f8db58fb18 100644 --- a/proxy.nginx +++ b/proxy.nginx @@ -22,6 +22,7 @@ map $upstream_http_cache_control $custom_cache_control { server { listen "${APP_PORT}"; server_name "${APP_HOSTNAME}"; + # Proxy headers. Will be overwritten if you set them in blocks. proxy_buffers 16 32k; proxy_buffer_size 32k; @@ -58,7 +59,6 @@ server { } location "/k9/sak/" { - proxy_ssl_server_name on; proxy_set_header Host $http_host; proxy_pass "${APP_URL}"; proxy_intercept_errors on; From 83bb1220a8c1b44502a462f8379e3ce4b8429caa Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 12:54:23 +0100 Subject: [PATCH 31/65] debug --- deploy/dev-gcp.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/deploy/dev-gcp.yml b/deploy/dev-gcp.yml index 24a64e7724..ecf52d7897 100644 --- a/deploy/dev-gcp.yml +++ b/deploy/dev-gcp.yml @@ -6,6 +6,7 @@ metadata: labels: team: k9saksbehandling annotations: + nais.io/read-only-file-system: "false" # Fix permissions for nginx nginx.ingress.kubernetes.io/proxy-buffer-size: "32k" nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/proxy-send-timeout: "600" From 9431dfc2c8d27d5e087b697c907a3dffcb82b293 Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 12:56:30 +0100 Subject: [PATCH 32/65] debug --- Dockerfile | 2 -- deploy/dev-gcp.yml | 5 +++-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8359b12039..d13d8d14ff 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,8 +6,6 @@ RUN apt-get update && \ apt-get install -y curl && \ rm -rf /var/lib/apt/lists/* -USER root - ADD proxy.nginx /etc/nginx/conf.d/app.conf.template ADD feature-toggles.json /etc/nginx/conf.d/feature-toggles.json ADD start-server.sh /start-server.sh diff --git a/deploy/dev-gcp.yml b/deploy/dev-gcp.yml index ecf52d7897..8f5538e915 100644 --- a/deploy/dev-gcp.yml +++ b/deploy/dev-gcp.yml @@ -6,6 +6,7 @@ metadata: labels: team: k9saksbehandling annotations: + nais.io/run-as-user: "101" # Fix permissions for nginx nais.io/read-only-file-system: "false" # Fix permissions for nginx nginx.ingress.kubernetes.io/proxy-buffer-size: "32k" nginx.ingress.kubernetes.io/proxy-read-timeout: "600" @@ -24,8 +25,8 @@ spec: initialDelay: 20 timeout: 1 replicas: - min: 2 - max: 3 + min: 1 + max: 1 cpuThresholdPercentage: 50 resources: limits: From f972555b3e73c0287be6e9d0ee908a1650817601 Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 13:00:37 +0100 Subject: [PATCH 33/65] debug --- Dockerfile | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index d13d8d14ff..3c26632c94 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,6 @@ -FROM nginx:latest +FROM nginxinc/nginx-unprivileged:stable-alpine-slim LABEL org.opencontainers.image.source=https://github.com/navikt/k9-sak-web -# Install curl -RUN apt-get update && \ - apt-get install -y curl && \ - rm -rf /var/lib/apt/lists/* ADD proxy.nginx /etc/nginx/conf.d/app.conf.template ADD feature-toggles.json /etc/nginx/conf.d/feature-toggles.json From 256cece467c4313d161e2ac3f375acd84e331b13 Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 13:05:35 +0100 Subject: [PATCH 34/65] debug --- start-server.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/start-server.sh b/start-server.sh index 4eb0026d73..65805d1b68 100755 --- a/start-server.sh +++ b/start-server.sh @@ -1,6 +1,17 @@ #!/usr/bin/env bash set -e +_shutdown_() { + # https://github.com/kubernetes/contrib/issues/1140 + # https://github.com/kubernetes/kubernetes/issues/43576 + # https://github.com/kubernetes/kubernetes/issues/64510 + # https://nav-it.slack.com/archives/C5KUST8N6/p1543497847341300 + echo "shutdown initialized, allowing incoming requests for 5 seconds before continuing" + sleep 5 + nginx -s quit + wait "$pid" +} +trap _shutdown_ SIGTERM [ -d /tmp/k9/feature-toggle ] && echo "Feature toggle-directory finnes fra før, tilbakestiller" && rm -r /tmp/k9/feature-toggle/* || mkdir -p /tmp/k9/feature-toggle envsubst < /etc/nginx/conf.d/feature-toggles.json > /tmp/k9/feature-toggle/toggles.json From 6473bd233e54db89a823f9b14041731dd54373b5 Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 13:06:15 +0100 Subject: [PATCH 35/65] . --- deploy/dev-fss-k9saksbehandling.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/dev-fss-k9saksbehandling.yml b/deploy/dev-fss-k9saksbehandling.yml index 5dc8a370ba..e2a9172e00 100644 --- a/deploy/dev-fss-k9saksbehandling.yml +++ b/deploy/dev-fss-k9saksbehandling.yml @@ -36,7 +36,7 @@ spec: cpu: 200m memory: 32Mi ingresses: - - "https://k9.dev.intern.nav.no" + - "https://k9.dev.intern.nav.no/" env: - name: APP_NAME value: k9-sak-web From 31d51db82cdb6d0a1599c90bc0f97a65e23338e9 Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 13:34:58 +0100 Subject: [PATCH 36/65] debug --- packages/sak-app/src/data/k9sakApi.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/sak-app/src/data/k9sakApi.ts b/packages/sak-app/src/data/k9sakApi.ts index 6023444555..0af14d2a30 100644 --- a/packages/sak-app/src/data/k9sakApi.ts +++ b/packages/sak-app/src/data/k9sakApi.ts @@ -71,7 +71,7 @@ export enum K9sakApiKeys { } const endpoints = new RestApiConfigBuilder() - .withGet('/k9/sak/api/init-fetch', K9sakApiKeys.INIT_FETCH) + .withGet('https://k9-sak.dev-fss-pub.nais.io/k9/sak/api/init-fetch', K9sakApiKeys.INIT_FETCH) .withGet('/k9/tilbake/api/init-fetch', K9sakApiKeys.INIT_FETCH_TILBAKE) .withGet('/k9/klage/api/init-fetch', K9sakApiKeys.INIT_FETCH_KLAGE) From b99cae52afc81b8fe85b4825167cb3486b494249 Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 13:41:50 +0100 Subject: [PATCH 37/65] csp --- proxy.nginx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proxy.nginx b/proxy.nginx index f8db58fb18..32d4a74ef1 100644 --- a/proxy.nginx +++ b/proxy.nginx @@ -34,7 +34,7 @@ server { # complete disable cache and send some debug headers add_header X-Cache-Status $upstream_cache_status; add_header X-Application-Id "${APP_NAME}:${APP_VERSION}, pod=${APP_HOSTNAME}"; - add_header Content-Security-Policy "default-src 'self'; img-src 'self' data:; font-src 'self' https://cdn.nav.no data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self' https://sentry.gc.nav.no"; + add_header Content-Security-Policy "default-src 'self'; img-src 'self' data:; font-src 'self' https://cdn.nav.no data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self' https://sentry.gc.nav.no https://k9-sak.dev-fss-pub.nais.io"; add_header X-Content-Type-Options "nosniff"; add_header X-XSS-Protection "1;mode=block"; add_header Strict-Transport-Security "max-age=31536000"; From f0e4e8e201af5ee6202968939ad52d0d1dd11364 Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 13:46:11 +0100 Subject: [PATCH 38/65] debug --- proxy.nginx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proxy.nginx b/proxy.nginx index 32d4a74ef1..bf8f17cf59 100644 --- a/proxy.nginx +++ b/proxy.nginx @@ -174,7 +174,7 @@ server { sendfile on; add_header X-Application-Id "${APP_NAME}:${APP_VERSION}, pod=${APP_HOSTNAME}"; - add_header Content-Security-Policy "default-src 'self'; img-src 'self' data:; font-src 'self' https://cdn.nav.no data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self' https://sentry.gc.nav.no"; + add_header Content-Security-Policy "default-src 'self'; img-src 'self' data:; font-src 'self' https://cdn.nav.no data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self' https://sentry.gc.nav.no https://k9-sak.dev-fss-pub.nais.io"; add_header X-Content-Type-Options "nosniff"; add_header X-XSS-Protection "1;mode=block"; add_header Strict-Transport-Security "max-age=31536000"; From 28097f455c48b892144006c2e8574e95ef385a1d Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 13:58:40 +0100 Subject: [PATCH 39/65] debug --- proxy.nginx | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/proxy.nginx b/proxy.nginx index bf8f17cf59..d3c5375949 100644 --- a/proxy.nginx +++ b/proxy.nginx @@ -34,7 +34,7 @@ server { # complete disable cache and send some debug headers add_header X-Cache-Status $upstream_cache_status; add_header X-Application-Id "${APP_NAME}:${APP_VERSION}, pod=${APP_HOSTNAME}"; - add_header Content-Security-Policy "default-src 'self'; img-src 'self' data:; font-src 'self' https://cdn.nav.no data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self' https://sentry.gc.nav.no https://k9-sak.dev-fss-pub.nais.io"; + add_header Content-Security-Policy "default-src 'self'; img-src 'self' data:; font-src 'self' https://cdn.nav.no data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self' https://sentry.gc.nav.no"; add_header X-Content-Type-Options "nosniff"; add_header X-XSS-Protection "1;mode=block"; add_header Strict-Transport-Security "max-age=31536000"; @@ -59,9 +59,7 @@ server { } location "/k9/sak/" { - proxy_set_header Host $http_host; proxy_pass "${APP_URL}"; - proxy_intercept_errors on; error_page 401 = @401_json; error_page 403 = @403_json; error_page 404 = @404_json; @@ -174,7 +172,7 @@ server { sendfile on; add_header X-Application-Id "${APP_NAME}:${APP_VERSION}, pod=${APP_HOSTNAME}"; - add_header Content-Security-Policy "default-src 'self'; img-src 'self' data:; font-src 'self' https://cdn.nav.no data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self' https://sentry.gc.nav.no https://k9-sak.dev-fss-pub.nais.io"; + add_header Content-Security-Policy "default-src 'self'; img-src 'self' data:; font-src 'self' https://cdn.nav.no data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self' https://sentry.gc.nav.no"; add_header X-Content-Type-Options "nosniff"; add_header X-XSS-Protection "1;mode=block"; add_header Strict-Transport-Security "max-age=31536000"; From 1c3b0b423938127a69ec5d4aab94febe18f7a8e7 Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 14:00:27 +0100 Subject: [PATCH 40/65] debug --- proxy.nginx | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/proxy.nginx b/proxy.nginx index d3c5375949..a14c0b515b 100644 --- a/proxy.nginx +++ b/proxy.nginx @@ -26,20 +26,7 @@ server { # Proxy headers. Will be overwritten if you set them in blocks. proxy_buffers 16 32k; proxy_buffer_size 32k; - proxy_pass_header Nav-Callid; - proxy_set_header Referer $http_referer; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Real-IP $remote_addr; - - # complete disable cache and send some debug headers - add_header X-Cache-Status $upstream_cache_status; - add_header X-Application-Id "${APP_NAME}:${APP_VERSION}, pod=${APP_HOSTNAME}"; - add_header Content-Security-Policy "default-src 'self'; img-src 'self' data:; font-src 'self' https://cdn.nav.no data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self' https://sentry.gc.nav.no"; - add_header X-Content-Type-Options "nosniff"; - add_header X-XSS-Protection "1;mode=block"; - add_header Strict-Transport-Security "max-age=31536000"; - add_header Cache-Control $custom_cache_control; location = /k9/feature-toggle/toggles.json { add_header Content-Type application/json; From d8ecc843602b8b5a2629145a82bcc84e69872f28 Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 14:04:03 +0100 Subject: [PATCH 41/65] debug --- deploy/dev-gcp.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/dev-gcp.yml b/deploy/dev-gcp.yml index 8f5538e915..74e3edcd7f 100644 --- a/deploy/dev-gcp.yml +++ b/deploy/dev-gcp.yml @@ -25,8 +25,8 @@ spec: initialDelay: 20 timeout: 1 replicas: - min: 1 - max: 1 + min: 2 + max: 3 cpuThresholdPercentage: 50 resources: limits: From 04365f92c0083473f6e90f0aa3f88663100d43d5 Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 14:05:04 +0100 Subject: [PATCH 42/65] debug --- packages/sak-app/src/data/k9sakApi.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/sak-app/src/data/k9sakApi.ts b/packages/sak-app/src/data/k9sakApi.ts index 0af14d2a30..6023444555 100644 --- a/packages/sak-app/src/data/k9sakApi.ts +++ b/packages/sak-app/src/data/k9sakApi.ts @@ -71,7 +71,7 @@ export enum K9sakApiKeys { } const endpoints = new RestApiConfigBuilder() - .withGet('https://k9-sak.dev-fss-pub.nais.io/k9/sak/api/init-fetch', K9sakApiKeys.INIT_FETCH) + .withGet('/k9/sak/api/init-fetch', K9sakApiKeys.INIT_FETCH) .withGet('/k9/tilbake/api/init-fetch', K9sakApiKeys.INIT_FETCH_TILBAKE) .withGet('/k9/klage/api/init-fetch', K9sakApiKeys.INIT_FETCH_KLAGE) From 2ac8d2a5f899e654b1ae0c9652141ccea9b3d77b Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 14:09:38 +0100 Subject: [PATCH 43/65] debug --- proxy.nginx | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/proxy.nginx b/proxy.nginx index a14c0b515b..d3c5375949 100644 --- a/proxy.nginx +++ b/proxy.nginx @@ -26,7 +26,20 @@ server { # Proxy headers. Will be overwritten if you set them in blocks. proxy_buffers 16 32k; proxy_buffer_size 32k; + proxy_pass_header Nav-Callid; + proxy_set_header Referer $http_referer; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + + # complete disable cache and send some debug headers + add_header X-Cache-Status $upstream_cache_status; + add_header X-Application-Id "${APP_NAME}:${APP_VERSION}, pod=${APP_HOSTNAME}"; + add_header Content-Security-Policy "default-src 'self'; img-src 'self' data:; font-src 'self' https://cdn.nav.no data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; connect-src 'self' https://sentry.gc.nav.no"; + add_header X-Content-Type-Options "nosniff"; + add_header X-XSS-Protection "1;mode=block"; + add_header Strict-Transport-Security "max-age=31536000"; + add_header Cache-Control $custom_cache_control; location = /k9/feature-toggle/toggles.json { add_header Content-Type application/json; From ffdb742d40792887baf961012689722126f0e48d Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 14:14:04 +0100 Subject: [PATCH 44/65] debug --- proxy.nginx | 1 + 1 file changed, 1 insertion(+) diff --git a/proxy.nginx b/proxy.nginx index d3c5375949..0bed41e854 100644 --- a/proxy.nginx +++ b/proxy.nginx @@ -60,6 +60,7 @@ server { location "/k9/sak/" { proxy_pass "${APP_URL}"; + proxy_intercept_errors on; error_page 401 = @401_json; error_page 403 = @403_json; error_page 404 = @404_json; From 3fea2c23e26cd015b585037be619df3f87aaa35b Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 14:18:22 +0100 Subject: [PATCH 45/65] debug --- proxy.nginx | 1 + 1 file changed, 1 insertion(+) diff --git a/proxy.nginx b/proxy.nginx index 0bed41e854..f8db58fb18 100644 --- a/proxy.nginx +++ b/proxy.nginx @@ -59,6 +59,7 @@ server { } location "/k9/sak/" { + proxy_set_header Host $http_host; proxy_pass "${APP_URL}"; proxy_intercept_errors on; error_page 401 = @401_json; From 37b65659e155cb3ab54e9fdb3a9c9c71f77c1da2 Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 14:22:55 +0100 Subject: [PATCH 46/65] debug --- proxy.nginx | 1 - 1 file changed, 1 deletion(-) diff --git a/proxy.nginx b/proxy.nginx index f8db58fb18..0bed41e854 100644 --- a/proxy.nginx +++ b/proxy.nginx @@ -59,7 +59,6 @@ server { } location "/k9/sak/" { - proxy_set_header Host $http_host; proxy_pass "${APP_URL}"; proxy_intercept_errors on; error_page 401 = @401_json; From d0e9f5ba0890e3554aae8deb9975d8698cd92aa6 Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 15:19:24 +0100 Subject: [PATCH 47/65] fjerner :latest tag --- .github/workflows/deploy-docker-image-gcp.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/deploy-docker-image-gcp.yml b/.github/workflows/deploy-docker-image-gcp.yml index cd2f763e2c..c944cd1acc 100644 --- a/.github/workflows/deploy-docker-image-gcp.yml +++ b/.github/workflows/deploy-docker-image-gcp.yml @@ -44,7 +44,6 @@ jobs: - uses: nais/docker-build-push@v0 id: docker-push with: - tag: 'latest' team: k9saksbehandling project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }} identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} From bf7e4de57d2476e9f77d9faada7439ce4f463630 Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 15:49:37 +0100 Subject: [PATCH 48/65] headers --- proxy.nginx | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/proxy.nginx b/proxy.nginx index 0bed41e854..a8b112e4fe 100644 --- a/proxy.nginx +++ b/proxy.nginx @@ -2,6 +2,8 @@ access_log off; error_log /dev/stdout info; charset utf-8; +log_format debug 'Host: "$host", HTTP Host: "$http_host"' + client_body_buffer_size 20M; # Default er satt veldig lavt. Får problemer med enkelte dokument queries. @@ -22,7 +24,7 @@ map $upstream_http_cache_control $custom_cache_control { server { listen "${APP_PORT}"; server_name "${APP_HOSTNAME}"; - + access_log /path/to/log debug; # Proxy headers. Will be overwritten if you set them in blocks. proxy_buffers 16 32k; proxy_buffer_size 32k; @@ -59,6 +61,7 @@ server { } location "/k9/sak/" { + proxy_set_header Host $host; proxy_pass "${APP_URL}"; proxy_intercept_errors on; error_page 401 = @401_json; @@ -68,7 +71,7 @@ server { } location "/k9/formidling/" { - proxy_set_header Host $http_host; + proxy_set_header Host $host; proxy_pass "${APP_URL_K9FORMIDLING}"; proxy_intercept_errors on; error_page 401 = @401_json; @@ -88,7 +91,7 @@ server { } location "/k9/oppdrag/" { - proxy_set_header Host $http_host; + proxy_set_header Host $host; proxy_pass "${APP_URL_K9OPPDRAG}"; proxy_intercept_errors on; error_page 401 = @401_json; @@ -98,7 +101,7 @@ server { } location "/k9/klage/" { - proxy_set_header Host $http_host; + proxy_set_header Host $host; proxy_pass "${APP_URL_KLAGE}"; proxy_intercept_errors on; error_page 401 = @401_json; @@ -108,7 +111,7 @@ server { } location "/k9/tilbake/" { - proxy_set_header Host $http_host; + proxy_set_header Host $host; proxy_pass "${APP_URL_K9TILBAKE}"; proxy_intercept_errors on; error_page 401 = @401_json; @@ -118,7 +121,7 @@ server { } location "/k9/fordel/" { - proxy_set_header Host $http_host; + proxy_set_header Host $host; proxy_pass "${APP_URL_K9FORDEL}"; proxy_intercept_errors on; error_page 401 = @401_json; From 8f41acf60f5d1ca47d49ecdc587cd6e90d7d45d0 Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 15:52:58 +0100 Subject: [PATCH 49/65] stdout --- proxy.nginx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proxy.nginx b/proxy.nginx index a8b112e4fe..db4e2f4e61 100644 --- a/proxy.nginx +++ b/proxy.nginx @@ -24,7 +24,7 @@ map $upstream_http_cache_control $custom_cache_control { server { listen "${APP_PORT}"; server_name "${APP_HOSTNAME}"; - access_log /path/to/log debug; + access_log /dev/stdout info; # Proxy headers. Will be overwritten if you set them in blocks. proxy_buffers 16 32k; proxy_buffer_size 32k; From ec7ee5de286647e88f4c520834d633fadc16c763 Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 16:03:47 +0100 Subject: [PATCH 50/65] stdout --- proxy.nginx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proxy.nginx b/proxy.nginx index db4e2f4e61..8aeda97d54 100644 --- a/proxy.nginx +++ b/proxy.nginx @@ -24,7 +24,7 @@ map $upstream_http_cache_control $custom_cache_control { server { listen "${APP_PORT}"; server_name "${APP_HOSTNAME}"; - access_log /dev/stdout info; + access_log /dev/stdout debug; # Proxy headers. Will be overwritten if you set them in blocks. proxy_buffers 16 32k; proxy_buffer_size 32k; From f360868967a9fe70fc852506daa44e2a1ab4d8ce Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 21:01:00 +0100 Subject: [PATCH 51/65] trigge deploy --- proxy.nginx | 1 + 1 file changed, 1 insertion(+) diff --git a/proxy.nginx b/proxy.nginx index 8aeda97d54..05a5853154 100644 --- a/proxy.nginx +++ b/proxy.nginx @@ -60,6 +60,7 @@ server { add_header Content-Type text/plain; } + location "/k9/sak/" { proxy_set_header Host $host; proxy_pass "${APP_URL}"; From 8b2db728d12866f44eeead383387c42a716b2f61 Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 21:07:49 +0100 Subject: [PATCH 52/65] =?UTF-8?q?Fjerner=20host=20header=20da=20vi=20f?= =?UTF-8?q?=C3=A5r=20404=20n=C3=A5r=20den=20settes?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- proxy.nginx | 8 -------- 1 file changed, 8 deletions(-) diff --git a/proxy.nginx b/proxy.nginx index 05a5853154..9b9ceed318 100644 --- a/proxy.nginx +++ b/proxy.nginx @@ -2,7 +2,6 @@ access_log off; error_log /dev/stdout info; charset utf-8; -log_format debug 'Host: "$host", HTTP Host: "$http_host"' client_body_buffer_size 20M; # Default er satt veldig lavt. Får problemer med enkelte dokument queries. @@ -62,7 +61,6 @@ server { location "/k9/sak/" { - proxy_set_header Host $host; proxy_pass "${APP_URL}"; proxy_intercept_errors on; error_page 401 = @401_json; @@ -72,7 +70,6 @@ server { } location "/k9/formidling/" { - proxy_set_header Host $host; proxy_pass "${APP_URL_K9FORMIDLING}"; proxy_intercept_errors on; error_page 401 = @401_json; @@ -82,7 +79,6 @@ server { } location "/k9/formidling/dokumentdata" { - proxy_set_header Host $http_host; proxy_pass "${APP_URL_K9FORMIDLING_DD}"; proxy_intercept_errors on; error_page 401 = @401_json; @@ -92,7 +88,6 @@ server { } location "/k9/oppdrag/" { - proxy_set_header Host $host; proxy_pass "${APP_URL_K9OPPDRAG}"; proxy_intercept_errors on; error_page 401 = @401_json; @@ -102,7 +97,6 @@ server { } location "/k9/klage/" { - proxy_set_header Host $host; proxy_pass "${APP_URL_KLAGE}"; proxy_intercept_errors on; error_page 401 = @401_json; @@ -112,7 +106,6 @@ server { } location "/k9/tilbake/" { - proxy_set_header Host $host; proxy_pass "${APP_URL_K9TILBAKE}"; proxy_intercept_errors on; error_page 401 = @401_json; @@ -122,7 +115,6 @@ server { } location "/k9/fordel/" { - proxy_set_header Host $host; proxy_pass "${APP_URL_K9FORDEL}"; proxy_intercept_errors on; error_page 401 = @401_json; From bc884670413b49a0f34a507ac4b5398e00504f36 Mon Sep 17 00:00:00 2001 From: vebnor Date: Mon, 4 Mar 2024 21:21:54 +0100 Subject: [PATCH 53/65] fjerner debug-logging --- proxy.nginx | 1 - 1 file changed, 1 deletion(-) diff --git a/proxy.nginx b/proxy.nginx index 9b9ceed318..4cb93e5395 100644 --- a/proxy.nginx +++ b/proxy.nginx @@ -23,7 +23,6 @@ map $upstream_http_cache_control $custom_cache_control { server { listen "${APP_PORT}"; server_name "${APP_HOSTNAME}"; - access_log /dev/stdout debug; # Proxy headers. Will be overwritten if you set them in blocks. proxy_buffers 16 32k; proxy_buffer_size 32k; From dc16094b93195476ef10af0b0579ed716ebb9d66 Mon Sep 17 00:00:00 2001 From: vebnor Date: Tue, 5 Mar 2024 13:32:25 +0100 Subject: [PATCH 54/65] =?UTF-8?q?teste=20=C3=A5=20inkludere=20host?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- proxy.nginx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proxy.nginx b/proxy.nginx index 4cb93e5395..ef98cd4f2d 100644 --- a/proxy.nginx +++ b/proxy.nginx @@ -140,7 +140,7 @@ server { location @401_json { default_type application/json; - add_header Location /k9/sak/resource/login?original=$request_uri always; + add_header Location /k9/sak/resource/login?original=$host$request_uri always; return 401 '{"feilmelding":"Bruker ikke innlogget","type":"MANGLER_TILGANG_FEIL"}'; } From 4913ad160fe0988db1ecde1a169d956a840e94c2 Mon Sep 17 00:00:00 2001 From: vebnor Date: Tue, 5 Mar 2024 13:38:51 +0100 Subject: [PATCH 55/65] test --- proxy.nginx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proxy.nginx b/proxy.nginx index ef98cd4f2d..d01b8ddaf4 100644 --- a/proxy.nginx +++ b/proxy.nginx @@ -140,7 +140,7 @@ server { location @401_json { default_type application/json; - add_header Location /k9/sak/resource/login?original=$host$request_uri always; + add_header Location /k9/sak/resource/login?original=https://$host$request_uri always; return 401 '{"feilmelding":"Bruker ikke innlogget","type":"MANGLER_TILGANG_FEIL"}'; } From 60d8da341ebe3cf66481bfe4f2880065a2b6be10 Mon Sep 17 00:00:00 2001 From: vebnor Date: Tue, 5 Mar 2024 14:00:30 +0100 Subject: [PATCH 56/65] test --- proxy.nginx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proxy.nginx b/proxy.nginx index d01b8ddaf4..0822c77844 100644 --- a/proxy.nginx +++ b/proxy.nginx @@ -140,7 +140,7 @@ server { location @401_json { default_type application/json; - add_header Location /k9/sak/resource/login?original=https://$host$request_uri always; + add_header Location https://$host/k9/sak/resource/login?original=https://$host$request_uri always; return 401 '{"feilmelding":"Bruker ikke innlogget","type":"MANGLER_TILGANG_FEIL"}'; } From 4a4ea0dcf6287190f98e0b8313c368de43ba00d2 Mon Sep 17 00:00:00 2001 From: vebnor Date: Tue, 5 Mar 2024 14:06:02 +0100 Subject: [PATCH 57/65] ugh --- proxy.nginx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proxy.nginx b/proxy.nginx index 0822c77844..4cb93e5395 100644 --- a/proxy.nginx +++ b/proxy.nginx @@ -140,7 +140,7 @@ server { location @401_json { default_type application/json; - add_header Location https://$host/k9/sak/resource/login?original=https://$host$request_uri always; + add_header Location /k9/sak/resource/login?original=$request_uri always; return 401 '{"feilmelding":"Bruker ikke innlogget","type":"MANGLER_TILGANG_FEIL"}'; } From b00018af26f5308759ea32255f09475791618cf4 Mon Sep 17 00:00:00 2001 From: vebnor Date: Tue, 5 Mar 2024 14:11:03 +0100 Subject: [PATCH 58/65] test --- proxy.nginx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proxy.nginx b/proxy.nginx index 4cb93e5395..a652dc69cc 100644 --- a/proxy.nginx +++ b/proxy.nginx @@ -140,7 +140,7 @@ server { location @401_json { default_type application/json; - add_header Location /k9/sak/resource/login?original=$request_uri always; + add_header Location /k9/sak/resource/login?redirectTo=$host/k9/web always; return 401 '{"feilmelding":"Bruker ikke innlogget","type":"MANGLER_TILGANG_FEIL"}'; } From ccc1fc45804cafa207a9323753b467d2a0bef05f Mon Sep 17 00:00:00 2001 From: vebnor Date: Tue, 5 Mar 2024 15:53:36 +0100 Subject: [PATCH 59/65] location --- proxy.nginx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proxy.nginx b/proxy.nginx index a652dc69cc..0853887650 100644 --- a/proxy.nginx +++ b/proxy.nginx @@ -140,7 +140,7 @@ server { location @401_json { default_type application/json; - add_header Location /k9/sak/resource/login?redirectTo=$host/k9/web always; + add_header Location k9.intern.dev.nav.no/k9/sak/resource/login?original=$request_uri always; return 401 '{"feilmelding":"Bruker ikke innlogget","type":"MANGLER_TILGANG_FEIL"}'; } From 9b0247d482eb49f30d3c33a6a31967695fc44d37 Mon Sep 17 00:00:00 2001 From: vebnor Date: Tue, 5 Mar 2024 15:59:07 +0100 Subject: [PATCH 60/65] test --- packages/rest-api/src/requestApi/RequestRunner.ts | 3 ++- proxy.nginx | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/packages/rest-api/src/requestApi/RequestRunner.ts b/packages/rest-api/src/requestApi/RequestRunner.ts index 7ddbb1b912..9aac7dd6e1 100644 --- a/packages/rest-api/src/requestApi/RequestRunner.ts +++ b/packages/rest-api/src/requestApi/RequestRunner.ts @@ -136,7 +136,8 @@ class RequestRunner { if (popupWindow === null) { const location = `${response.headers.location}`; const queryParamAddition = location.includes('?') ? '&' : '?'; - const redirectLocation = `${location}${queryParamAddition}redirectTo=/k9/web/close`; + const redirectLocation = `${location}${queryParamAddition}redirectTo=/k9/web/close` + console.log('redirectLocation', redirectLocation); popupWindow = window.open(redirectLocation, undefined, 'height=600,width=800'); } const timer = setInterval(async () => { diff --git a/proxy.nginx b/proxy.nginx index 0853887650..16daadf590 100644 --- a/proxy.nginx +++ b/proxy.nginx @@ -140,7 +140,7 @@ server { location @401_json { default_type application/json; - add_header Location k9.intern.dev.nav.no/k9/sak/resource/login?original=$request_uri always; + add_header Location k9.intern.dev.nav.no/k9/sak/resource/login?original=k9.intern.dev.nav.no$request_uri always; return 401 '{"feilmelding":"Bruker ikke innlogget","type":"MANGLER_TILGANG_FEIL"}'; } From be48f5ce8435d741545b0f1513c869f030957d92 Mon Sep 17 00:00:00 2001 From: vebnor Date: Tue, 5 Mar 2024 16:00:36 +0100 Subject: [PATCH 61/65] =?UTF-8?q?g=C3=A5=20tilbake=20til=20hvordan=20det?= =?UTF-8?q?=20var?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- proxy.nginx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proxy.nginx b/proxy.nginx index 16daadf590..4cb93e5395 100644 --- a/proxy.nginx +++ b/proxy.nginx @@ -140,7 +140,7 @@ server { location @401_json { default_type application/json; - add_header Location k9.intern.dev.nav.no/k9/sak/resource/login?original=k9.intern.dev.nav.no$request_uri always; + add_header Location /k9/sak/resource/login?original=$request_uri always; return 401 '{"feilmelding":"Bruker ikke innlogget","type":"MANGLER_TILGANG_FEIL"}'; } From f72e3b315cef25e59aba2404426163382665e449 Mon Sep 17 00:00:00 2001 From: vebnor Date: Fri, 8 Mar 2024 09:24:31 +0100 Subject: [PATCH 62/65] debug --- packages/sak-app/src/app/components/Home.tsx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/sak-app/src/app/components/Home.tsx b/packages/sak-app/src/app/components/Home.tsx index 189bc55367..61fc48a44b 100644 --- a/packages/sak-app/src/app/components/Home.tsx +++ b/packages/sak-app/src/app/components/Home.tsx @@ -31,7 +31,7 @@ const Home = ({ headerHeight }: OwnProps) => ( } /> } /> } /> - } /> + {/* } /> */} } /> From 182d8f479c9b34e02af2e5b2ec54e4cc31915482 Mon Sep 17 00:00:00 2001 From: vebnor Date: Fri, 8 Mar 2024 12:02:31 +0100 Subject: [PATCH 63/65] proxy host --- proxy.nginx | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/proxy.nginx b/proxy.nginx index 4cb93e5395..39a69ad55c 100644 --- a/proxy.nginx +++ b/proxy.nginx @@ -3,7 +3,6 @@ access_log off; error_log /dev/stdout info; charset utf-8; - client_body_buffer_size 20M; # Default er satt veldig lavt. Får problemer med enkelte dokument queries. # Expires map @@ -23,6 +22,7 @@ map $upstream_http_cache_control $custom_cache_control { server { listen "${APP_PORT}"; server_name "${APP_HOSTNAME}"; + # Proxy headers. Will be overwritten if you set them in blocks. proxy_buffers 16 32k; proxy_buffer_size 32k; @@ -41,12 +41,12 @@ server { add_header Cache-Control $custom_cache_control; + # Health check for NAIS location = /k9/feature-toggle/toggles.json { add_header Content-Type application/json; root /tmp/; } - # Health check for NAIS location = /isAlive { return 200 "Application:UP"; add_header Content-Type text/plain; @@ -58,8 +58,8 @@ server { add_header Content-Type text/plain; } - location "/k9/sak/" { + proxy_set_header Host $http_host; proxy_pass "${APP_URL}"; proxy_intercept_errors on; error_page 401 = @401_json; @@ -69,6 +69,7 @@ server { } location "/k9/formidling/" { + proxy_set_header Host $http_host; proxy_pass "${APP_URL_K9FORMIDLING}"; proxy_intercept_errors on; error_page 401 = @401_json; @@ -78,6 +79,7 @@ server { } location "/k9/formidling/dokumentdata" { + proxy_set_header Host $http_host; proxy_pass "${APP_URL_K9FORMIDLING_DD}"; proxy_intercept_errors on; error_page 401 = @401_json; @@ -87,6 +89,7 @@ server { } location "/k9/oppdrag/" { + proxy_set_header Host $http_host; proxy_pass "${APP_URL_K9OPPDRAG}"; proxy_intercept_errors on; error_page 401 = @401_json; @@ -96,6 +99,7 @@ server { } location "/k9/klage/" { + proxy_set_header Host $http_host; proxy_pass "${APP_URL_KLAGE}"; proxy_intercept_errors on; error_page 401 = @401_json; @@ -105,6 +109,7 @@ server { } location "/k9/tilbake/" { + proxy_set_header Host $http_host; proxy_pass "${APP_URL_K9TILBAKE}"; proxy_intercept_errors on; error_page 401 = @401_json; @@ -114,6 +119,7 @@ server { } location "/k9/fordel/" { + proxy_set_header Host $http_host; proxy_pass "${APP_URL_K9FORDEL}"; proxy_intercept_errors on; error_page 401 = @401_json; From 7795b2fc7fc9f93d21b1add557774749a1cecaf3 Mon Sep 17 00:00:00 2001 From: vebnor Date: Fri, 8 Mar 2024 12:32:57 +0100 Subject: [PATCH 64/65] debug --- proxy.nginx | 1 - 1 file changed, 1 deletion(-) diff --git a/proxy.nginx b/proxy.nginx index 39a69ad55c..eca96a6a1b 100644 --- a/proxy.nginx +++ b/proxy.nginx @@ -64,7 +64,6 @@ server { proxy_intercept_errors on; error_page 401 = @401_json; error_page 403 = @403_json; - error_page 404 = @404_json; error_page 504 = @504_json; } From e0ff844be5b2cfa01da90a1cd9ced3c2a73ec041 Mon Sep 17 00:00:00 2001 From: vebnor Date: Fri, 5 Apr 2024 15:02:26 +0200 Subject: [PATCH 65/65] =?UTF-8?q?navn=20p=C3=A5=20workflow=20s=C3=A5=20man?= =?UTF-8?q?=20kan=20skille=20de?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/deploy-docker-image-gcp.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-docker-image-gcp.yml b/.github/workflows/deploy-docker-image-gcp.yml index c944cd1acc..0293a4793f 100644 --- a/.github/workflows/deploy-docker-image-gcp.yml +++ b/.github/workflows/deploy-docker-image-gcp.yml @@ -1,4 +1,4 @@ -name: Deploy Docker image +name: Deploy Docker image GCP on: push: branches: