refactor: 서버 자체 SSL 활용하도록 단순화

- README.md 먼저 업데이트 (룰 준수) - Docker 컨테이너는 8080 포트에서 HTTP만 처리 - SSL/HTTPS는 서버 자체에서 처리 - certbot 관련 복잡한 설정 모두 제거 - 권한 문제 해결 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-07-09 16:24:38 +09:00 · 2025-07-09 16:24:38 +09:00 · 272c483e09
commit 272c483e09
parent 725d53364d
4 changed files with 9 additions and 42 deletions
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@ -34,7 +34,6 @@ jobs:
        run: |
          ssh -o StrictHostKeyChecking=no -p $PORT $USER@$HOST << 'EOF'
            cd ~/robeing-nginx
-            mkdir -p ssl certbot-webroot
            docker compose down || true
            docker compose up -d
          EOF
--- a/README.md
+++ b/README.md
@ -43,10 +43,10 @@ NAS_SSH_KEY_ADMIN: SSH 개인키

 ## SSL 설정

-Let's Encrypt를 통한 자동 SSL 인증서 발급:
- HTTP(80) → HTTPS(443) 자동 리다이렉트
- 도메인: ro-being.com
- 자동 갱신 설정
+서버 자체에 SSL 설정 완료:
+- Ubuntu 서버에서 certbot으로 SSL 인증서 관리
+- Docker 컨테이너는 8080 포트에서 HTTP만 처리
+- 서버 nginx가 HTTPS → HTTP(8080) 프록시

 ## 로컬 테스트

@ -57,6 +57,9 @@ docker compose up -d

 # 로그 확인
 docker compose logs -f nginx
+
+# 내부 서비스 확인
+curl http://localhost:8080
 ```

 ## 배포 상태 확인
--- a/default.conf
+++ b/default.conf
@ -1,28 +1,5 @@
-# HTTP to HTTPS redirect
 server {
    listen 80;
-    server_name ro-being.com;
-    
-    location /.well-known/acme-challenge/ {
-        root /var/www/certbot;
-    }
-    
-    location / {
-        return 301 https://$server_name$request_uri;
-    }
-}
-
-# HTTPS server
-server {
-    listen 443 ssl;
-    server_name ro-being.com;
-    
-    ssl_certificate /etc/nginx/ssl/live/ro-being.com/fullchain.pem;
-    ssl_certificate_key /etc/nginx/ssl/live/ro-being.com/privkey.pem;
-    
-    # SSL settings
-    ssl_protocols TLSv1.2 TLSv1.3;
-    ssl_ciphers HIGH:!aNULL:!MD5;
    
    # Main application proxy
    location / {
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -4,19 +4,7 @@ services:
  nginx:
    image: nginx:alpine
    ports:
-      - "80:80"
-      - "443:443"
+      - "8080:80"
    volumes:
      - ./default.conf:/etc/nginx/conf.d/default.conf:ro
-      - ./ssl:/etc/nginx/ssl:ro
-    restart: always
-    depends_on:
-      - certbot
-
-  certbot:
-    image: certbot/certbot:latest
-    volumes:
-      - ./ssl:/etc/letsencrypt
-      - ./certbot-webroot:/var/www/certbot
-    command: certonly --webroot --webroot-path=/var/www/certbot --email admin@ro-being.com --agree-tos --no-eff-email -d ro-being.com
-    restart: "no"
+    restart: always