From 5a0d496f4992edb31342abbe35ef5ce5c07c6044 Mon Sep 17 00:00:00 2001 From: seonghyeok Date: Mon, 25 Aug 2025 09:21:18 +0900 Subject: [PATCH 1/6] =?UTF-8?q?fix:=20nginx=EA=B0=80=20=EC=9B=B9=EC=86=8C?= =?UTF-8?q?=EC=BC=93=20=ED=95=B8=EB=93=9C=EC=85=B0=EC=9D=B4=ED=81=AC=20?= =?UTF-8?q?=EC=9A=94=EC=B2=AD=EC=9D=84=20=EC=A0=9C=EB=8C=80=EB=A1=9C=20?= =?UTF-8?q?=EC=B2=98=EB=A6=AC=ED=95=98=EB=8F=84=EB=A1=9D=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/infra-config/nginx.conf | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/docs/infra-config/nginx.conf b/docs/infra-config/nginx.conf index 303463bce..d683cf677 100644 --- a/docs/infra-config/nginx.conf +++ b/docs/infra-config/nginx.conf @@ -1,5 +1,6 @@ server { listen 80; + server_name api.stage.solid-connection.com; # http를 사용하는 경우 주석 해제 # location / { @@ -17,9 +18,10 @@ server { server { listen 443 ssl; + server_name api.stage.solid-connection.com; - ssl_certificate /etc/letsencrypt/live/api.solid-connection.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/api.solid-connection.com/privkey.pem; + ssl_certificate /etc/letsencrypt/live/api.stage.solid-connection.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/api.stage.solid-connection.com/privkey.pem; client_max_body_size 10M; ssl_protocols TLSv1.2 TLSv1.3; @@ -31,10 +33,13 @@ server { ssl_stapling_verify on; location / { - proxy_pass http://solid-connection-server:8080; + proxy_pass http://localhost:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; } -} \ No newline at end of file +} From d1fcce6156e4fbf409b526c03d973a805017d034 Mon Sep 17 00:00:00 2001 From: seonghyeok Date: Mon, 25 Aug 2025 09:57:09 +0900 Subject: [PATCH 2/6] =?UTF-8?q?chore:=20=EB=B3=80=EA=B2=BD=EB=90=9C=20ngin?= =?UTF-8?q?x.conf=EA=B0=80=20cd=20=EB=8B=A8=EA=B3=84=EC=97=90=EC=84=9C=20?= =?UTF-8?q?=EA=B0=9C=EB=B0=9C=20=EC=84=9C=EB=B2=84=EC=97=90=20=EB=B0=98?= =?UTF-8?q?=EC=98=81=EB=90=98=EB=8F=84=EB=A1=9D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 서버에 존재하는 default를 nginx.conf에 통합 --- .github/workflows/dev-cd.yml | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/.github/workflows/dev-cd.yml b/.github/workflows/dev-cd.yml index 4269f9d46..f7448d545 100644 --- a/.github/workflows/dev-cd.yml +++ b/.github/workflows/dev-cd.yml @@ -71,7 +71,17 @@ jobs: source: "./docs/infra-config/config.alloy" target: "/home/${{ secrets.DEV_USERNAME }}/solid-connection-dev/" - - name: Run docker compose + - name: Copy nginx config to remote + uses: appleboy/scp-action@master + with: + host: ${{ secrets.DEV_HOST }} + username: ${{ secrets.DEV_USERNAME }} + key: ${{ secrets.DEV_PRIVATE_KEY }} + source: "./docs/infra-config/nginx.conf" + target: "/home/${{ secrets.DEV_USERNAME }}/solid-connection-dev/nginx" + rename: "default.conf" + + - name: Run docker compose and apply nginx config uses: appleboy/ssh-action@master with: host: ${{ secrets.DEV_HOST }} @@ -79,6 +89,10 @@ jobs: key: ${{ secrets.DEV_PRIVATE_KEY }} script_stop: true script: | + sudo cp /home/${{ secrets.DEV_USERNAME }}/solid-connection-dev/nginx/default.conf /etc/nginx/conf.d/default.conf + sudo nginx -t + sudo nginx -s reload + cd /home/${{ secrets.DEV_USERNAME }}/solid-connection-dev docker compose down docker compose -f docker-compose.dev.yml up -d --build From a846f30342afe86b7308450a36efd4b11a076693 Mon Sep 17 00:00:00 2001 From: seonghyeok Date: Mon, 25 Aug 2025 13:03:57 +0900 Subject: [PATCH 3/6] =?UTF-8?q?test:=20=ED=85=8C=EC=8A=A4=ED=8A=B8=20?= =?UTF-8?q?=EC=BD=94=EB=93=9C=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 초기 핸드셰이크는 ws가 아니라 http 프로토콜을 사용함 - 핸드셰이크를 테스트하므로 목적에 맞게 클래스 이름 변경 --- ...tompIntegrationTest.java => WebSocketHandshakeTest.java} | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) rename src/test/java/com/example/solidconnection/websocket/{WebSocketStompIntegrationTest.java => WebSocketHandshakeTest.java} (95%) diff --git a/src/test/java/com/example/solidconnection/websocket/WebSocketStompIntegrationTest.java b/src/test/java/com/example/solidconnection/websocket/WebSocketHandshakeTest.java similarity index 95% rename from src/test/java/com/example/solidconnection/websocket/WebSocketStompIntegrationTest.java rename to src/test/java/com/example/solidconnection/websocket/WebSocketHandshakeTest.java index 330b084dd..2bde3c0c6 100644 --- a/src/test/java/com/example/solidconnection/websocket/WebSocketStompIntegrationTest.java +++ b/src/test/java/com/example/solidconnection/websocket/WebSocketHandshakeTest.java @@ -30,8 +30,8 @@ import org.springframework.web.socket.sockjs.client.WebSocketTransport; @TestContainerSpringBootTest -@DisplayName("WebSocket/STOMP 통합 테스트") -class WebSocketStompIntegrationTest { +@DisplayName("WebSocket Handshake 테스트") +class WebSocketHandshakeTest { @LocalServerPort private int port; @@ -47,7 +47,7 @@ class WebSocketStompIntegrationTest { @BeforeEach void setUp() { - this.url = String.format("ws://localhost:%d/connect", port); + this.url = String.format("http://localhost:%d/connect", port); List transports = List.of(new WebSocketTransport(new StandardWebSocketClient())); this.stompClient = new WebSocketStompClient(new SockJsClient(transports)); this.stompClient.setMessageConverter(new MappingJackson2MessageConverter()); From 4875df930f61bc3e73e99af9593f482a4b045e3a Mon Sep 17 00:00:00 2001 From: seonghyeok Date: Mon, 25 Aug 2025 19:59:52 +0900 Subject: [PATCH 4/6] =?UTF-8?q?chore:=20docker-compose=20down=20=EC=8B=9C?= =?UTF-8?q?=20=EB=AA=85=EC=8B=9C=EC=A0=81=EC=9D=B8=20yml=EC=9D=84=20?= =?UTF-8?q?=EC=82=AC=EC=9A=A9=ED=95=98=EB=8F=84=EB=A1=9D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/dev-cd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dev-cd.yml b/.github/workflows/dev-cd.yml index f7448d545..a9f1a7285 100644 --- a/.github/workflows/dev-cd.yml +++ b/.github/workflows/dev-cd.yml @@ -94,5 +94,5 @@ jobs: sudo nginx -s reload cd /home/${{ secrets.DEV_USERNAME }}/solid-connection-dev - docker compose down + docker compose -f docker-compose.dev.yml down docker compose -f docker-compose.dev.yml up -d --build From 86e4b52b1722216967c93d9bf9bde1e357861891 Mon Sep 17 00:00:00 2001 From: seonghyeok Date: Tue, 26 Aug 2025 10:40:28 +0900 Subject: [PATCH 5/6] =?UTF-8?q?chore:=20nginx=20conf=20=ED=8C=8C=EC=9D=BC?= =?UTF-8?q?=20=ED=99=98=EA=B2=BD=20=EB=B6=84=EB=A6=AC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/dev-cd.yml | 2 +- .../{nginx.conf => nginx.dev.conf} | 0 docs/infra-config/nginx.prod.conf | 36 +++++++++++++++++++ 3 files changed, 37 insertions(+), 1 deletion(-) rename docs/infra-config/{nginx.conf => nginx.dev.conf} (100%) create mode 100644 docs/infra-config/nginx.prod.conf diff --git a/.github/workflows/dev-cd.yml b/.github/workflows/dev-cd.yml index a9f1a7285..f0d6d3cb0 100644 --- a/.github/workflows/dev-cd.yml +++ b/.github/workflows/dev-cd.yml @@ -77,7 +77,7 @@ jobs: host: ${{ secrets.DEV_HOST }} username: ${{ secrets.DEV_USERNAME }} key: ${{ secrets.DEV_PRIVATE_KEY }} - source: "./docs/infra-config/nginx.conf" + source: "./docs/infra-config/nginx.dev.conf" target: "/home/${{ secrets.DEV_USERNAME }}/solid-connection-dev/nginx" rename: "default.conf" diff --git a/docs/infra-config/nginx.conf b/docs/infra-config/nginx.dev.conf similarity index 100% rename from docs/infra-config/nginx.conf rename to docs/infra-config/nginx.dev.conf diff --git a/docs/infra-config/nginx.prod.conf b/docs/infra-config/nginx.prod.conf new file mode 100644 index 000000000..abe128067 --- /dev/null +++ b/docs/infra-config/nginx.prod.conf @@ -0,0 +1,36 @@ +server { + listen 80; + server_name api.solid-connection.com; + + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl; + server_name api.solid-connection.com; + + ssl_certificate /etc/letsencrypt/live/api.solid-connection.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/api.solid-connection.com/privkey.pem; + client_max_body_size 10M; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; # 클라이언트 보다 서버의 암호화 알고리즘을 우선하도록 설정 + ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256"; + ssl_session_cache shared:SSL:10m; # SSL 세션 캐시 설정 + ssl_session_timeout 10m; + ssl_stapling on; # OCSP 스테이플링 활성화 + ssl_stapling_verify on; + + location / { + proxy_pass http://127.0.0.1:8080; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } +} From 628e7a6792c6d1792553b1c3250a67955ed678f1 Mon Sep 17 00:00:00 2001 From: seonghyeok Date: Tue, 26 Aug 2025 10:42:37 +0900 Subject: [PATCH 6/6] =?UTF-8?q?chore:=20prod=20=ED=99=98=EA=B2=BD=EC=97=90?= =?UTF-8?q?=EC=84=9C=20cd=20=EC=8A=A4=ED=81=AC=EB=A6=BD=ED=8A=B8=20?= =?UTF-8?q?=EC=88=98=ED=96=89=20=EC=8B=9C=20nginx=20conf=20=ED=8C=8C?= =?UTF-8?q?=EC=9D=BC=EC=9D=B4=20=EC=A0=81=EC=9A=A9=EB=90=98=EB=8F=84?= =?UTF-8?q?=EB=A1=9D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - docker compose down 시 명시적으로 yml 파일 지정 --- .github/workflows/prod-cd.yml | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/.github/workflows/prod-cd.yml b/.github/workflows/prod-cd.yml index 714aede30..d52c524c9 100644 --- a/.github/workflows/prod-cd.yml +++ b/.github/workflows/prod-cd.yml @@ -71,7 +71,17 @@ jobs: source: "./docs/infra-config/config.alloy" target: "/home/${{ secrets.USERNAME }}/solid-connect-server/" - - name: Run docker compose + - name: Copy nginx config to remote + uses: appleboy/scp-action@master + with: + host: ${{ secrets.HOST }} + username: ${{ secrets.USERNAME }} + key: ${{ secrets.PRIVATE_KEY }} + source: "./docs/infra-config/nginx.prod.conf" + target: "/home/${{ secrets.USERNAME }}/solid-connection-prod/nginx" + rename: "default.conf" + + - name: Run docker compose and apply nginx config uses: appleboy/ssh-action@master with: host: ${{ secrets.HOST }} @@ -79,6 +89,10 @@ jobs: key: ${{ secrets.PRIVATE_KEY }} script_stop: true script: | + sudo cp /home/${{ secrets.USERNAME }}/solid-connection-prod/nginx/default.conf /etc/nginx/conf.d/default.conf + sudo nginx -t + sudo nginx -s reload + cd /home/${{ secrets.USERNAME }}/solid-connect-server - docker compose down + docker compose -f docker-compose.prod.yml down docker compose -f docker-compose.prod.yml up -d --build