배포 환경 설정 파일 추가 (#176)

2020147542 · web-flow · commit 69d6a2e11dfd · 2025-02-26T10:59:37.000+09:00
diff --git a/docker/deploy/default.conf b/docker/deploy/default.conf
@@ -0,0 +1,40 @@
+server {
+    listen 80;
+    server_name 15.164.219.98.nip.io;
+
+    location ^~ /.well-known/acme-challenge/ {
+        default_type "text/plain";
+        root /var/www/certbot;
+        allow all;
+    }
+
+    # HTTP를 HTTPS로 리다이렉트
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl;
+    server_name 15.164.219.98.nip.io;
+
+    # SSL 인증서 설정
+    ssl_certificate /etc/letsencrypt/live/15.164.219.98.nip.io/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/15.164.219.98.nip.io/privkey.pem;
+
+    # SSL 설정 최적화
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
+
+    # HSTS 설정 (선택사항)
+    add_header Strict-Transport-Security "max-age=31536000" always;
+
+    location / {
+        proxy_pass http://172.31.42.108:8080;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
diff --git a/docker/deploy/nginx-compose.yml b/docker/deploy/nginx-compose.yml
@@ -0,0 +1,24 @@
+services:
+  nginx:
+    image: nginx:latest
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./conf.d:/etc/nginx/conf.d
+      - ./certbot/conf:/etc/letsencrypt
+      - ./certbot/www:/var/www/certbot
+    command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
+    networks:
+      - app-network
+  certbot:
+    image: certbot/certbot
+    volumes:
+      - ./certbot/conf:/etc/letsencrypt
+      - ./certbot/www:/var/www/certbot
+    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
+    networks:
+      - app-network
+networks:
+  app-network:
+    driver: bridge
