chore: fix ingress

odiora · odiora · commit 5bdb13fe00aa · 2026-04-10T11:15:33.000+03:00
diff --git a/.github/workflows/deploy-production-ru.yml b/.github/workflows/deploy-production-ru.yml
@@ -22,7 +22,7 @@ on:
       ru_test_host:
         description: "Temporary RU host for local testing without public DNS"
         required: true
-        default: ru-test.werf.io
+        default: ru.werf.io
         type: string
 
 env:
@@ -32,7 +32,7 @@ env:
   WERF_STAGES_STORAGE: "ghcr.io/werf/werfio-guides-stages"
   WERF_SET_ACTIVE_RELEASE: "global.active_release=2"
   WERFIO_GITHUB_TOKEN: "${{ secrets.API_TOKEN }}"
-  RU_TEST_HOST: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.ru_test_host || 'ru-test.werf.io' }}
+  RU_TEST_HOST: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.ru_test_host || 'ru.werf.io' }}
 
 jobs:
   converge-ru:
@@ -167,5 +167,6 @@ jobs:
 
 
 
+
 
 
diff --git a/.helm/templates/20-ingress-tuf-router.yaml b/.helm/templates/20-ingress-tuf-router.yaml
@@ -15,7 +15,7 @@ metadata:
   name: tuf-router
   annotations: {}
 spec:
-  ingressClassName: {{ pluck .Values.werf.env .Values.ingressClassName | first | default .Values.ingressClassName._default }}
+  ingressClassName: {{ include "ingressClassName" . }}
 {{- if or (ne .Values.werf.env "production") (ne $targetCluster "ru") $ruConfig.tlsEnabled }}
   tls:
   - hosts:
diff --git a/.helm/templates/20-ingress.yaml b/.helm/templates/20-ingress.yaml
@@ -23,7 +23,7 @@ metadata:
 {{- include "rewrites" . | indent 6 }}
     nginx.ingress.kubernetes.io/from-to-www-redirect: "true"
 spec:
-  ingressClassName: {{ pluck .Values.werf.env .Values.ingressClassName | first | default .Values.ingressClassName._default }}
+  ingressClassName: {{ include "ingressClassName" . }}
 {{- if or (eq $targetCluster "eu") $ruConfig.tlsEnabled }}
   tls:
   - hosts:
@@ -75,7 +75,7 @@ metadata:
     nginx.ingress.kubernetes.io/auth-signin: https://$host/dex-authenticator/sign_in
     nginx.ingress.kubernetes.io/auth-url: https://werfio-dex-authenticator.{{ $.Values.werf.namespace }}.svc.cluster.local/dex-authenticator/auth
 spec:
-  ingressClassName: {{ pluck .Values.werf.env .Values.ingressClassName | first | default .Values.ingressClassName._default }}
+  ingressClassName: {{ include "ingressClassName" . }}
   tls:
   - hosts:
       - {{ $host }}
@@ -106,7 +106,7 @@ metadata:
     nginx.ingress.kubernetes.io/auth-signin: https://$host/dex-authenticator/sign_in
     nginx.ingress.kubernetes.io/auth-url: https://werfio-ru-dex-authenticator.{{ $.Values.werf.namespace }}.svc.cluster.local/dex-authenticator/auth
 spec:
-  ingressClassName: {{ pluck .Values.werf.env .Values.ingressClassName | first | default .Values.ingressClassName._default }}
+  ingressClassName: {{ include "ingressClassName" . }}
   tls:
   - hosts:
       - {{ $host }}
@@ -134,7 +134,7 @@ spec:
   secretName: tls-{{ $host }}
   issuerRef:
     kind: ClusterIssuer
-    name: letsencrypt-standalone-geo
+    name: {{ include "certificateIssuerName" . }}
   commonName: {{ $ruHost }}
   dnsNames:
   - {{ $ruHost }}
@@ -150,7 +150,7 @@ spec:
   secretName: tls-{{ $host }}
   issuerRef:
     kind: ClusterIssuer
-    name: letsencrypt-standalone-geo
+    name: {{ include "certificateIssuerName" . }}
   commonName: {{ $host }}
   dnsNames:
   - {{ $host }}
diff --git a/.helm/templates/_helpers.tpl b/.helm/templates/_helpers.tpl
@@ -28,6 +28,27 @@ eu
 {{- end }}
 {{- end }}
 
+{{- define "ingressClassName" }}
+{{- $defaultClassName := pluck .Values.werf.env .Values.ingressClassName | first | default .Values.ingressClassName._default -}}
+{{- if eq .Values.werf.env "production" }}
+{{- $targetCluster := include "targetCluster" . -}}
+{{- $clusterConfig := get (.Values.productionDeploy | default dict) $targetCluster | default dict -}}
+{{- get $clusterConfig "ingressClassName" | default $defaultClassName -}}
+{{- else -}}
+{{- $defaultClassName -}}
+{{- end }}
+{{- end }}
+
+{{- define "certificateIssuerName" }}
+{{- if eq .Values.werf.env "production" }}
+{{- $targetCluster := include "targetCluster" . -}}
+{{- $clusterConfig := get (.Values.productionDeploy | default dict) $targetCluster | default dict -}}
+{{- get $clusterConfig "certificateIssuerName" | default "letsencrypt-standalone-geo" -}}
+{{- else -}}
+letsencrypt
+{{- end }}
+{{- end }}
+
 {{- define "clusterPlacement" }}
 {{- $targetCluster := include "targetCluster" . -}}
 {{- $clusterConfig := get (.Values.clusters | default dict) $targetCluster | default dict -}}
diff --git a/.helm/values.yaml b/.helm/values.yaml
@@ -5,10 +5,15 @@ imagePullSecrets:
   - github-werfio
 
 productionDeploy:
+  eu:
+    ingressClassName: standalone-geo
+    certificateIssuerName: letsencrypt-standalone-geo
   ru:
     hostOverride: ""
     tlsEnabled: true
     certificateEnabled: true
+    ingressClassName: nginx
+    certificateIssuerName: letsencrypt
 
 clusters:
   eu:
diff --git a/backend/common.go b/backend/common.go
@@ -525,14 +525,6 @@ func URLToVersion(version string) (result string) {
 	return
 }
 
-func normalizedRequestHost(r *http.Request) string {
-	host := r.Host
-	if parsedHost, _, err := net.SplitHostPort(r.Host); err == nil {
-		host = parsedHost
-	}
-	return host
-}
-
 func validateURL(url string) error {
 	if strings.ToLower(os.Getenv("URL_VALIDATION")) == "false" {
 		return nil
@@ -603,8 +595,7 @@ func getGroups() (groups []string) {
 
 func getRootFilesPath(r *http.Request) (result string) {
 	result = "./root/"
-	host := normalizedRequestHost(r)
-	if strings.HasPrefix(host, "ru.") || strings.HasPrefix(host, "ru-") {
+	if strings.HasPrefix(r.Host, "ru.") || strings.HasPrefix(r.Host, "ru-") {
 		result += "ru"
 	} else {
 		result += "en"
diff --git a/backend/handlers.go b/backend/handlers.go
@@ -97,10 +97,10 @@ func unknownVersionHandler(w http.ResponseWriter, r *http.Request) {
 	}
 
 	URLToRedirect = fmt.Sprintf("/docs/%v%v", group, pageURLRelative)
-	err = validateURL(fmt.Sprintf("https://%s%s", normalizedRequestHost(r), URLToRedirect))
+	err = validateURL(fmt.Sprintf("https://%s%s", r.Host, URLToRedirect))
 
 	if err != nil {
-		log.Errorf("Error validating URL: %v, (original was https://%s/%v)", err.Error(), normalizedRequestHost(r), r.URL.RequestURI())
+		log.Errorf("Error validating URL: %v, (original was https://%s/%v)", err.Error(), r.Host, r.URL.RequestURI())
 		notFoundHandler(w, r)
 	} else {
 		http.Redirect(w, r, fmt.Sprintf("%s", URLToRedirect), 302)
@@ -126,11 +126,11 @@ func groupChannelHandler(w http.ResponseWriter, r *http.Request) {
 	err, version = getVersionFromChannelAndGroup(&ReleasesStatus, vars["channel"], vars["group"])
 	if err == nil {
 		URLToRedirect = fmt.Sprintf("/docs/%v%v", VersionToURL(version), pageURLRelative)
-		err = validateURL(fmt.Sprintf("https://%s%s", normalizedRequestHost(r), URLToRedirect))
+		err = validateURL(fmt.Sprintf("https://%s%s", r.Host, URLToRedirect))
 	}
 
 	if err != nil {
-		log.Errorf("Error validating URL: %v, (original was https://%s/%v)", err.Error(), normalizedRequestHost(r), r.URL.RequestURI())
+		log.Errorf("Error validating URL: %v, (original was https://%s/%v)", err.Error(), r.Host, r.URL.RequestURI())
 		// URLToRedirect = fmt.Sprintf("/404.html")
 		notFoundHandler(w, r)
 	} else {
diff --git a/backend/main.go b/backend/main.go
@@ -24,7 +24,7 @@ func newRouter() *mux.Router {
 
 	var ruHostMatch mux.MatcherFunc = func(r *http.Request, rm *mux.RouteMatch) bool {
 		result := false
-		result, _ = regexp.MatchString(`^ru[\.\-](localhost|.*(\.flant\.dev|werf\.io))$`, normalizedRequestHost(r))
+		result, _ = regexp.MatchString(`^ru[\.\-](localhost|.*(\.flant\.dev|werf\.io))$`, r.Host)
 		return result
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,7 @@ func newRouter() *mux.Router {`
`24`	`24`
`25`	`25`	`var ruHostMatch mux.MatcherFunc = func(r http.Request, rm mux.RouteMatch) bool {`
`26`	`26`	`result := false`
`27`		- result, _ = regexp.MatchString(`^ru[\.\-](localhost\|.*(\.flant\.dev\|werf\.io))$`, normalizedRequestHost(r))
	`27`	+ result, _ = regexp.MatchString(`^ru[\.\-](localhost\|.*(\.flant\.dev\|werf\.io))$`, r.Host)
`28`	`28`	`return result`
`29`	`29`	`}`
`30`	`30`