Add root redirect to /app for Docker and K8s

Author: hg1g

chart/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 name: login
 description: HOTOSM Login Service - Hanko SSO + OSM OAuth
-version: "0.1.1"
+version: "0.1.2"
 appVersion: "1.0.0"
 maintainers:
   - email: sysadmin@hotosm.org

chart/templates/ingress.yaml

@@ -140,4 +140,39 @@ spec:
             name: {{ include "login.frontend.fullname" . }}
             port:
               number: {{ .Values.frontend.service.port }}
+---
+# Root redirect - / to /app
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ include "login.frontend.fullname" . }}-root-redirect
+  labels:
+    {{- include "login.labels" . | nindent 4 }}
+    app.kubernetes.io/component: frontend
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/temporal-redirect: "https://{{ .Values.ingress.host }}/app"
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    external-dns.alpha.kubernetes.io/hostname: {{ .Values.ingress.host }}
+    external-dns.alpha.kubernetes.io/ttl: "300"
+spec:
+  {{- if .Values.ingress.className }}
+  ingressClassName: {{ .Values.ingress.className }}
+  {{- end }}
+  tls:
+  - hosts:
+    - {{ .Values.ingress.host }}
+    secretName: {{ include "login.frontend.fullname" . }}-root-tls
+  rules:
+  - host: {{ .Values.ingress.host }}
+    http:
+      paths:
+      - path: /
+        pathType: Exact
+        backend:
+          service:
+            name: {{ include "login.frontend.fullname" . }}
+            port:
+              number: {{ .Values.frontend.service.port }}
 {{- end }}

docker-compose.yml

@@ -196,6 +196,16 @@ services:
       - hotosm
     labels:
       - "traefik.enable=true"
+      # Redirect root / to /app
+      - "traefik.http.routers.login-root.rule=Host(`dev.login.hotosm.org`) && Path(`/`)"
+      - "traefik.http.routers.login-root.entrypoints=https"
+      - "traefik.http.routers.login-root.tls=true"
+      - "traefik.http.routers.login-root.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.login-root.priority=1"
+      - "traefik.http.routers.login-root.middlewares=login-root-redirect"
+      - "traefik.http.middlewares.login-root-redirect.redirectregex.regex=^https://([^/]+)/?$$"
+      - "traefik.http.middlewares.login-root-redirect.redirectregex.replacement=https://$${1}/app"
+      - "traefik.http.routers.login-root.service=login-frontend"
       # Frontend serves /app and /login paths (GET /login goes to frontend, POST /login has higher priority to Hanko)
       - "traefik.http.routers.login-frontend.rule=Host(`dev.login.hotosm.org`) && (PathPrefix(`/app`) || Path(`/login`))"
       - "traefik.http.routers.login-frontend.entrypoints=https"