Update NGINX configuration for met-web (#2365)

bcgov · Jan 25, 2024 · 3ec0a75 · 3ec0a75
1 parent ce34d48
commit 3ec0a75
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 23 deletions.
diff --git a/CHANGELOG.MD b/CHANGELOG.MD
@@ -1,3 +1,8 @@
+## January 25, 2024
+- **Task** Resolve issue preventing met-web from deploying on the Dev OpenShift environment. [🎟️DESENG-469](https://apps.itsm.gov.bc.ca/jira/browse/DESENG-469)
+  - Remove Epic Engage-related links and update Keycloak link.
+  - Remove additional authentication method.
+
 ## January 24, 2024
 - **Task** Update default project type to GDX for all deployments by default. [🎟️DESENG-472](https://apps.itsm.gov.bc.ca/jira/browse/DESENG-472)
   - Set the default project type to GDX on all continuous deployment (CD) files.

diff --git a/met-web/nginx/nginx.dev.conf b/met-web/nginx/nginx.dev.conf
@@ -46,9 +46,9 @@ http {
     worker-src 'self' blob:;
     img-src 'self' data: blob: https://citz-gdx.objectstore.gov.bc.ca;
     style-src 'self' 'unsafe-inline';
-    connect-src 'self' https://spt.apps.gov.bc.ca/com.snowplowanalytics.snowplow/tp2 https://epic-engage-analytics-api-dev.apps.gold.devops.gov.bc.ca https://epic-engage-web-dev.apps.gold.devops.gov.bc.ca https://met-analytics-api-dev.apps.gold.devops.gov.bc.ca https://epic-engage-oidc-dev.apps.gold.devops.gov.bc.ca https://met-oidc-dev.apps.gold.devops.gov.bc.ca https://kit.fontawesome.com https://ka-f.fontawesome.com https://citz-gdx.objectstore.gov.bc.ca https://api.mapbox.com https://governmentofbc.maps.arcgis.com https://tiles.arcgis.com https://www.arcgis.com https://vimeo.com;
-    frame-src 'self' https://met-oidc-dev.apps.gold.devops.gov.bc.ca https://epic-engage-web-dev.apps.gold.devops.gov.bc.ca https://epic-engage-analytics-api-dev.apps.gold.devops.gov.bc.ca https://epic-engage-oidc-dev.apps.gold.devops.gov.bc.ca https://met-analytics-dev.apps.gold.devops.gov.bc.ca https://www.youtube.com https://player.vimeo.com;
-    frame-ancestors 'self' https://met-oidc-dev.apps.gold.devops.gov.bc.ca https://epic-engage-oidc-dev.apps.gold.devops.gov.bc.ca";
+    connect-src 'self' https://spt.apps.gov.bc.ca/com.snowplowanalytics.snowplow/tp2 https://met-analytics-api-dev.apps.gold.devops.gov.bc.ca https://dev.loginproxy.gov.bc.ca/auth https://kit.fontawesome.com https://ka-f.fontawesome.com https://citz-gdx.objectstore.gov.bc.ca https://api.mapbox.com https://governmentofbc.maps.arcgis.com https://tiles.arcgis.com https://www.arcgis.com https://vimeo.com;
+    frame-src 'self' https://dev.loginproxy.gov.bc.ca/auth https://met-analytics-dev.apps.gold.devops.gov.bc.ca https://www.youtube.com https://player.vimeo.com;
+    frame-ancestors 'self' https://dev.loginproxy.gov.bc.ca/auth";
     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
     add_header X-Content-Type-Options "nosniff";
     add_header X-XSS-Protection 1;
@@ -61,14 +61,7 @@ http {
     error_log /dev/stdout info;
     access_log /dev/stdout;
 
-    # Add a readiness check endpoint
-    location /readiness {
-        return 200 "OK";
-    }
-
     location / {
-      auth_basic "Restricted Area";
-      auth_basic_user_file /etc/nginx/.htpasswd;
       root   /usr/share/nginx/html;
       index  index.html index.htm;
       try_files $uri $uri/ /index.html;

diff --git a/met-web/nginx/nginx.prod.conf b/met-web/nginx/nginx.prod.conf
@@ -46,9 +46,9 @@ http {
       worker-src 'self' blob:;
       img-src 'self' data: blob: https://citz-gdx.objectstore.gov.bc.ca;
       style-src 'self' 'unsafe-inline';
-      connect-src 'self' https://spt.apps.gov.bc.ca/com.snowplowanalytics.snowplow/tp2 https://epic-engage-analytics-api-prod.apps.gold.devops.gov.bc.ca https://epic-engage-web-prod.apps.gold.devops.gov.bc.ca https://met-analytics-api-prod.apps.gold.devops.gov.bc.ca https://epic-engage-oidc-prod.apps.gold.devops.gov.bc.ca https://met-oidc.apps.gold.devops.gov.bc.ca https://kit.fontawesome.com https://ka-f.fontawesome.com https://citz-gdx.objectstore.gov.bc.ca https://api.mapbox.com https://governmentofbc.maps.arcgis.com https://tiles.arcgis.com https://www.arcgis.com https://vimeo.com;
-      frame-src 'self' https://met-oidc.apps.gold.devops.gov.bc.ca https://epic-engage-analytics-api-prod.apps.gold.devops.gov.bc.ca https://epic-engage-web-prod.apps.gold.devops.gov.bc.ca https://epic-engage-oidc-prod.apps.gold.devops.gov.bc.ca https://met-analytics-prod.apps.gold.devops.gov.bc.ca https://www.youtube.com https://player.vimeo.com;
-      frame-ancestors 'self' https://met-oidc.apps.gold.devops.gov.bc.ca https://epic-engage-oidc-prod.apps.gold.devops.gov.bc.ca";
+      connect-src 'self' https://spt.apps.gov.bc.ca/com.snowplowanalytics.snowplow/tp2 https://met-analytics-api-prod.apps.gold.devops.gov.bc.ca https://loginproxy.gov.bc.ca/auth https://kit.fontawesome.com https://ka-f.fontawesome.com https://citz-gdx.objectstore.gov.bc.ca https://api.mapbox.com https://governmentofbc.maps.arcgis.com https://tiles.arcgis.com https://www.arcgis.com https://vimeo.com;
+      frame-src 'self' https://loginproxy.gov.bc.ca/auth https://met-analytics-prod.apps.gold.devops.gov.bc.ca https://www.youtube.com https://player.vimeo.com;
+      frame-ancestors 'self' https://loginproxy.gov.bc.ca/auth";
     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
     add_header X-Content-Type-Options "nosniff";
     add_header X-XSS-Protection 1;

diff --git a/met-web/nginx/nginx.test.conf b/met-web/nginx/nginx.test.conf
@@ -46,9 +46,9 @@ http {
       worker-src 'self' blob:;
       img-src 'self' data: blob: https://citz-gdx.objectstore.gov.bc.ca;
       style-src 'self' 'unsafe-inline';
-      connect-src 'self' https://spt.apps.gov.bc.ca/com.snowplowanalytics.snowplow/tp2 https://epic-engage-web-test.apps.gold.devops.gov.bc.ca https://epic-engage-analytics-api-test.apps.gold.devops.gov.bc.ca https://epic-engage-oidc-test.apps.gold.devops.gov.bc.ca https://met-analytics-api-test.apps.gold.devops.gov.bc.ca https://met-oidc-test.apps.gold.devops.gov.bc.ca https://kit.fontawesome.com https://ka-f.fontawesome.com https://citz-gdx.objectstore.gov.bc.ca https://api.mapbox.com https://governmentofbc.maps.arcgis.com https://tiles.arcgis.com https://www.arcgis.com https://vimeo.com;
-      frame-src 'self' https://met-oidc-test.apps.gold.devops.gov.bc.ca https://epic-engage-web-test.apps.gold.devops.gov.bc.ca https://epic-engage-oidc-test.apps.gold.devops.gov.bc.ca https://epic-engage-analytics-api-test.apps.gold.devops.gov.bc.ca https://met-analytics-test.apps.gold.devops.gov.bc.ca https://www.youtube.com https://player.vimeo.com;
-      frame-ancestors 'self' https://met-oidc-test.apps.gold.devops.gov.bc.ca https://epic-engage-oidc-test.apps.gold.devops.gov.bc.ca";
+      connect-src 'self' https://spt.apps.gov.bc.ca/com.snowplowanalytics.snowplow/tp2 https://met-analytics-api-test.apps.gold.devops.gov.bc.ca https://test.loginproxy.gov.bc.ca/auth https://kit.fontawesome.com https://ka-f.fontawesome.com https://citz-gdx.objectstore.gov.bc.ca https://api.mapbox.com https://governmentofbc.maps.arcgis.com https://tiles.arcgis.com https://www.arcgis.com https://vimeo.com;
+      frame-src 'self' https://test.loginproxy.gov.bc.ca/auth https://met-analytics-test.apps.gold.devops.gov.bc.ca https://www.youtube.com https://player.vimeo.com;
+      frame-ancestors 'self' https://test.loginproxy.gov.bc.ca/auth";
     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
     add_header X-Content-Type-Options "nosniff";
     add_header X-XSS-Protection 1;
@@ -61,14 +61,7 @@ http {
     error_log /dev/stdout info;
     access_log /dev/stdout;
 
-     # Add a readiness check endpoint
-    location /readiness {
-        return 200 "OK";
-    }
-
     location / {
-      auth_basic "Restricted Area";
-      auth_basic_user_file /etc/nginx/.htpasswd;
       root   /usr/share/nginx/html;
       index  index.html index.htm;
       try_files $uri $uri/ /index.html;