chore: nginx https설정 및 배포

boostcampwm-2024 · Nov 14, 2024 · e216c7d · e216c7d
1 parent 56d8b09
commit e216c7d
Show file tree

Hide file tree

Showing 4 changed files with 42 additions and 19 deletions.
diff --git a/.gitignore b/.gitignore
@@ -16,3 +16,4 @@
 .pnp.*
 .env.*
 .env
+ssl
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -25,5 +25,22 @@ services:
     networks:
       - app-network
 
+  nginx:
+    image: nginx:latest
+    container_name: nginx
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./nginx.conf:/etc/nginx/nginx.conf
+      - ./corinee/ssl:/etc/nginx/ssl/ca_bundle.crt
+      - ./corinee/ssl:/etc/nginx/ssl/certificate.crt
+      - ./corinee/ssl:/etc/nginx/ssl/private.key
+    depends_on:
+      - client
+      - certbot
+    networks:
+      - app-network
+
 networks:
   app-network:
diff --git a/dockerfile-client b/dockerfile-client
@@ -8,7 +8,7 @@ RUN yarn build
 FROM nginx:alpine
 COPY --from=build /app/dist /usr/share/nginx/html
 
-COPY nginx.conf /etc/nginx/conf.d/default.conf
+COPY nginx.conf /etc/nginx/nginx.conf
 
 EXPOSE 443
 CMD ["nginx", "-g", "daemon off;"]
diff --git a/nginx.conf b/nginx.conf
@@ -3,25 +3,30 @@ server {
     listen 443;
     server_name corinee.site;
 
-    # 정적 파일 서빙 설정
+     # SSL 인증서 설정
+    ssl_certificate /etc/nginx/ssl/certificate.crt;
+    ssl_certificate_key /etc/nginx/ssl/private.key;
+    ssl_trusted_certificate /etc/nginx/ssl/ca_bundle.crt;  # 인증서 체인 파일 추가
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384';
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+
+    # client 서비스로 프록시 (프론트엔드 애플리케이션)
     location / {
-        root /usr/share/nginx/html;
-        try_files $uri /index.html;  # SPA(싱글 페이지 애플리케이션) 라우팅
+        proxy_pass http://client:80;  # client 컨테이너의 포트로 프록시
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
     }
 
-    # # SSE 요청을 처리하는 프록시 설정 예시
-    # location /sse {
-    #     proxy_pass http://backend_server:3000; # SSE 요청을 백엔드 서버로 프록시
-    #     proxy_set_header Host $host;
-    #     proxy_set_header X-Real-IP $remote_addr;
-    #     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    #     proxy_set_header X-Forwarded-Proto $scheme;
-
-    #     # SSE 스트리밍을 위해 버퍼링 비활성화
-    #     proxy_buffering off;
-
-    #     # SSE 연결을 오랫동안 유지할 수 있도록 타임아웃 설정
-    #     proxy_read_timeout 3600s;
-    #     proxy_send_timeout 3600s;
-    # }
+    # server 서비스로 프록시 (API 요청을 server로 전달)
+    location /api {
+        proxy_pass http://server:3000;  # server 컨테이너의 포트로 프록시
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
 }
-Original file line number
+Diff line change
@@ Expand Up / @@ -16,3 +16,4 @@ @@
     .pnp.*
     .env.*
     .env
+    ssl