From 272c483e0916b5546c4e99311d3936bf4846d2fa Mon Sep 17 00:00:00 2001 From: happybell80 Date: Wed, 9 Jul 2025 16:24:38 +0900 Subject: [PATCH] =?UTF-8?q?refactor:=20=EC=84=9C=EB=B2=84=20=EC=9E=90?= =?UTF-8?q?=EC=B2=B4=20SSL=20=ED=99=9C=EC=9A=A9=ED=95=98=EB=8F=84=EB=A1=9D?= =?UTF-8?q?=20=EB=8B=A8=EC=88=9C=ED=99=94?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - README.md 먼저 업데이트 (룰 준수) - Docker 컨테이너는 8080 포트에서 HTTP만 처리 - SSL/HTTPS는 서버 자체에서 처리 - certbot 관련 복잡한 설정 모두 제거 - 권한 문제 해결 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude --- .github/workflows/deploy.yml | 1 - README.md | 11 +++++++---- default.conf | 23 ----------------------- docker-compose.yml | 16 ++-------------- 4 files changed, 9 insertions(+), 42 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 28e2ed1..fee0090 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -34,7 +34,6 @@ jobs: run: | ssh -o StrictHostKeyChecking=no -p $PORT $USER@$HOST << 'EOF' cd ~/robeing-nginx - mkdir -p ssl certbot-webroot docker compose down || true docker compose up -d EOF \ No newline at end of file diff --git a/README.md b/README.md index ab9b429..e1d4925 100644 --- a/README.md +++ b/README.md @@ -43,10 +43,10 @@ NAS_SSH_KEY_ADMIN: SSH 개인키 ## SSL 설정 -Let's Encrypt를 통한 자동 SSL 인증서 발급: -- HTTP(80) → HTTPS(443) 자동 리다이렉트 -- 도메인: ro-being.com -- 자동 갱신 설정 +서버 자체에 SSL 설정 완료: +- Ubuntu 서버에서 certbot으로 SSL 인증서 관리 +- Docker 컨테이너는 8080 포트에서 HTTP만 처리 +- 서버 nginx가 HTTPS → HTTP(8080) 프록시 ## 로컬 테스트 @@ -57,6 +57,9 @@ docker compose up -d # 로그 확인 docker compose logs -f nginx + +# 내부 서비스 확인 +curl http://localhost:8080 ``` ## 배포 상태 확인 diff --git a/default.conf b/default.conf index 8e9b61d..220d7a6 100644 --- a/default.conf +++ b/default.conf @@ -1,28 +1,5 @@ -# HTTP to HTTPS redirect server { listen 80; - server_name ro-being.com; - - location /.well-known/acme-challenge/ { - root /var/www/certbot; - } - - location / { - return 301 https://$server_name$request_uri; - } -} - -# HTTPS server -server { - listen 443 ssl; - server_name ro-being.com; - - ssl_certificate /etc/nginx/ssl/live/ro-being.com/fullchain.pem; - ssl_certificate_key /etc/nginx/ssl/live/ro-being.com/privkey.pem; - - # SSL settings - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers HIGH:!aNULL:!MD5; # Main application proxy location / { diff --git a/docker-compose.yml b/docker-compose.yml index 787bc9c..b8de61f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,19 +4,7 @@ services: nginx: image: nginx:alpine ports: - - "80:80" - - "443:443" + - "8080:80" volumes: - ./default.conf:/etc/nginx/conf.d/default.conf:ro - - ./ssl:/etc/nginx/ssl:ro - restart: always - depends_on: - - certbot - - certbot: - image: certbot/certbot:latest - volumes: - - ./ssl:/etc/letsencrypt - - ./certbot-webroot:/var/www/certbot - command: certonly --webroot --webroot-path=/var/www/certbot --email admin@ro-being.com --agree-tos --no-eff-email -d ro-being.com - restart: "no" \ No newline at end of file + restart: always \ No newline at end of file