Fix sitemap.xml 404: correct nginx-unprivileged port 80 → 8080, set www canonical URLs, and fix site deployment target

[Copilot]

nginx-unprivileged:alpine binds on 8080, not 80. infra/k8s/site-deployment.yaml had port 80 hardcoded throughout, causing liveness/readiness probes to fail, pods to never become Ready, and the NGINX ingress to return 404 for all traffic to cloudhealthoffice.com — including /sitemap.xml.

Additionally, the sitemap and robots.txt were updated to use www.cloudhealthoffice.com as the canonical domain, so the sitemap is correctly referenced at https://www.cloudhealthoffice.com/sitemap.xml.

The marketing site runs in Azure Container Apps, not the Kubernetes cluster. The deploy-aks job was incorrectly applying the site Kubernetes manifests to AKS; those steps have been removed so AKS exclusively manages the portal and backend services.

Changes

• infra/k8s/site-deployment.yaml — containerPort, liveness/readiness probe ports, and service targetPort all changed 80 → 8080 (kept as reference; no longer applied to production)
• deploy-azure-aks.yml (deploy-site job) — split into two steps: image update and a dedicated Ensure ingress target port is 8080 step that queries the current port first, skips the update if already correct, and fails the job properly if the update is needed but fails (replaces the previous silent ::warning:: fallback)
• deploy-azure-aks.yml (deploy-aks job) — removed the "Substitute ACR image in site deployment" and "Apply site ingress" steps; the site is exclusively deployed via the deploy-site Container Apps job
• src/site/sitemap.xml — all <loc> entries updated to use https://www.cloudhealthoffice.com/ as the canonical base URL
• src/site/robots.txt — Sitemap: directive updated to https://www.cloudhealthoffice.com/sitemap.xml

# Before
- containerPort: 80
livenessProbe:
  httpGet: { path: /, port: 80 }
# service targetPort: 80

# After
- containerPort: 8080
livenessProbe:
  httpGet: { path: /, port: 8080 }
# service targetPort: 8080

# Ingress port check logic (deploy-site job)
CURRENT_PORT=$(az containerapp show ... --query "properties.configuration.ingress.targetPort" -o tsv)
if [ "$CURRENT_PORT" = "8080" ]; then
  echo "Already 8080; no update required."
else
  az containerapp ingress update --target-port 8080  # fails job if this fails
fi

Original prompt

My sitemap.xml is still giving a 404, we worked on a pr yesterday and again today to add and fix but it's still not accessible

---

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.

[aurelianware]

@copilot this is the url id expect it to be athttps://www.cloudhealthoffice.com/sitemap.xml

[Copilot]

@copilot this is the url id expect it to be athttps://www.cloudhealthoffice.com/sitemap.xml

Done in d5b7f03. Both sitemap.xml (all <loc> entries) and robots.txt (the Sitemap: directive) now use https://www.cloudhealthoffice.com/ as the canonical URL. The ingress already serves the www subdomain, so once the port-fix deployment rolls out the sitemap will be live at https://www.cloudhealthoffice.com/sitemap.xml.

[aurelianware]

@copilot I think the app is running in a container app environment t, not in the kubernetes closter

[Copilot]

Pull request overview

Fixes marketing site availability issues caused by a port mismatch (nginx-unprivileged listens on 8080) and updates SEO crawl hints to use www.cloudhealthoffice.com as the canonical domain.

Changes:

• Update Kubernetes site Deployment/Service/probes to use container port 8080 (service still exposed on 80).
• Update Azure Container Apps deploy workflow to set ingress --target-port 8080.
• Switch sitemap/robots canonical URLs to https://www.cloudhealthoffice.com/....

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File	Description
infra/k8s/site-deployment.yaml	Changes site container/probe/Service target port mapping to 8080.
.github/workflows/deploy-azure-aks.yml	Updates ACA ingress target port to 8080 during site deploy.
src/site/sitemap.xml	Updates <loc> URLs to use www canonical domain.
src/site/robots.txt	Updates Sitemap: directive to point to the www sitemap URL.

[Copilot]

This || echo "::warning::..." makes the step succeed even if the ingress target port update fails, which can leave the Container App serving 404s while the workflow reports a successful deploy. Consider failing the job when the port cannot be set (or at least querying the current ingress target port and only continuing if it’s already 8080).

Suggested change

	az containerapp ingress update \
	--name "${{ env.ACA_SITE_NAME }}" \
	--resource-group "${{ env.RESOURCE_GROUP }}" \
	--target-port 8080 || \
	echo "::warning::Could not update Container App ingress target port – ensure it is set to 8080 (nginx-unprivileged listens on 8080)"
	CURRENT_PORT=$(az containerapp show \
	--name "${{ env.ACA_SITE_NAME }}" \
	--resource-group "${{ env.RESOURCE_GROUP }}" \
	--query "properties.configuration.ingress.targetPort" -o tsv || echo "")
	if [ "$CURRENT_PORT" = "8080" ]; then
	echo "Ingress target port is already 8080; no update required."
	else
	echo "Ingress target port is '${CURRENT_PORT:-unknown}', updating to 8080..."
	az containerapp ingress update \
	--name "${{ env.ACA_SITE_NAME }}" \
	--resource-group "${{ env.RESOURCE_GROUP }}" \
	--target-port 8080
	fi

[aurelianware]

Are changes to kubernetes deployment still needed since it’s ACA?

[Copilot]

No, the K8s site manifest is no longer applied in production — the deploy-aks job's site deployment steps were removed in a46bf77 since the site runs exclusively in Container Apps. The file stays in the repo with the correct port as reference, but it has no effect on the live deployment.

[Copilot]

ports: is not indented as a list here. As written, - containerPort: 8080 is at the same indentation level as ports:, which makes the Pod spec invalid YAML for Kubernetes and will cause the Deployment apply to fail. Indent the list item under ports: (and keep consistent indentation for any additional ports).

Suggested change

	- containerPort: 8080
	- containerPort: 8080

[Copilot]

@copilot I think the app is running in a container app environment t, not in the kubernetes closter

Fixed in a46bf77. The deploy-aks job was incorrectly applying site-deployment.yaml and site-ingress.yaml to the Kubernetes cluster. Those two steps have been removed — the site is now exclusively deployed through the deploy-site job which targets Azure Container Apps (az containerapp update) with the correct port 8080.

[aurelianware]

@copilot apply changes based on the comments in this thread

[Copilot]

@copilot apply changes based on the comments in this thread

Applied in 476fa4f. The ingress step now queries the current targetPort first and only calls az containerapp ingress update if the port isn't already 8080. The silent || echo "::warning::" fallback is gone — if the update is needed and fails, the job now fails properly.