diff --git a/docker-compose.yml b/docker-compose.yml index 207ef91e..8510c35c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -24,22 +24,20 @@ services: networks: - app-network - # nginx: - # image: nginx:latest - # container_name: nginx - # ports: - # - "80:80" - # - "443:443" - # volumes: - # - ./nginx.conf:/etc/nginx/nginx.conf - # - ./corinee/ssl/ca_bundle.crt:/etc/nginx/ssl/ca_bundle.crt - # - ./corinee/ssl/certificate.crt:/etc/nginx/ssl/certificate.crt - # - ./corinee/ssl/private.key:/etc/nginx/ssl/private.key - # depends_on: - # - client - # - certbot - # networks: - # - app-network + nginx: + image: nginx:latest + container_name: nginx + ports: + - "80:80" + - "443:443" + volumes: + - ./corinee/ssl/ca_bundle.crt:/etc/nginx/ssl/ca_bundle.crt + - ./corinee/ssl/certificate.crt:/etc/nginx/ssl/certificate.crt + - ./corinee/ssl/private.key:/etc/nginx/ssl/private.key + depends_on: + - client + networks: + - app-network networks: app-network: diff --git a/nginx.conf b/nginx.conf index 2704139b..cc8a4ea5 100644 --- a/nginx.conf +++ b/nginx.conf @@ -1,27 +1,32 @@ #nginx.conf server { - listen 80; - server_name www.corinee.site; + listen 443; + server_name corinee.site; - # 정적 파일 서빙 설정 + # SSL 인증서 설정 + ssl_certificate /etc/nginx/ssl/certificate.crt; + ssl_certificate_key /etc/nginx/ssl/private.key; + ssl_trusted_certificate /etc/nginx/ssl/ca_bundle.crt; # 인증서 체인 파일 추가 + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384'; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + + # client 서비스로 프록시 (프론트엔드 애플리케이션) location / { - root /usr/share/nginx/html; - try_files $uri /index.html; # SPA(싱글 페이지 애플리케이션) 라우팅 + proxy_pass http://client:80; # client 컨테이너의 포트로 프록시 + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; } - # # SSE 요청을 처리하는 프록시 설정 예시 - # location /sse { - # proxy_pass http://backend_server:3000; # SSE 요청을 백엔드 서버로 프록시 - # proxy_set_header Host $host; - # proxy_set_header X-Real-IP $remote_addr; - # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - # proxy_set_header X-Forwarded-Proto $scheme; - - # # SSE 스트리밍을 위해 버퍼링 비활성화 - # proxy_buffering off; - - # # SSE 연결을 오랫동안 유지할 수 있도록 타임아웃 설정 - # proxy_read_timeout 3600s; - # proxy_send_timeout 3600s; - # } + # server 서비스로 프록시 (API 요청을 server로 전달) + location /api { + proxy_pass http://server:3000; # server 컨테이너의 포트로 프록시 + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } } diff --git a/packages/client/src/api/instance.ts b/packages/client/src/api/instance.ts index b89a2fe7..5964cd20 100644 --- a/packages/client/src/api/instance.ts +++ b/packages/client/src/api/instance.ts @@ -1,7 +1,7 @@ import axios from 'axios'; export const instance = axios.create({ - baseURL: ' https://175.106.98.147:3000', + baseURL: ' http://175.106.98.147:3000', timeout: 2000, });