diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml index 36ce447..96f6ec6 100644 --- a/.gitea/workflows/deploy.yml +++ b/.gitea/workflows/deploy.yml @@ -39,31 +39,39 @@ jobs: - name: Backup current nginx config run: | echo "πŸ“‹ Creating backup of current nginx configuration..." + # nginx system config + sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.backup.$(date +%Y%m%d_%H%M%S) + # nginx server config sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/default.backup.$(date +%Y%m%d_%H%M%S) echo "βœ… Backup created successfully" - - name: Validate new nginx configuration + - name: Validate & apply new nginx configuration run: | echo "πŸ” Validating new nginx configuration syntax..." # Backup current config and test with new one + + # nginx system config + sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.temp.backup + sudo cp nginx.conf /etc/nginx/nginx.conf + sudo nginx -t || { + echo "❌ New nginx system configuration has syntax errors!" + # Restore backup + sudo cp /etc/nginx/nginx.conf.temp.backup /etc/nginx/nginx.conf + exit 1 + } + echo "βœ… New configuration syntax is valid" + + # nginx server config sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/default.temp.backup sudo cp server-nginx-default /etc/nginx/sites-available/default sudo nginx -t || { - echo "❌ New nginx configuration has syntax errors!" + echo "❌ New nginx server configuration has syntax errors!" # Restore backup sudo cp /etc/nginx/sites-available/default.temp.backup /etc/nginx/sites-available/default exit 1 } - # Restore backup for now (will apply later) - sudo cp /etc/nginx/sites-available/default.temp.backup /etc/nginx/sites-available/default echo "βœ… New configuration syntax is valid" - - name: Apply new nginx configuration - run: | - echo "πŸ“‹ Applying new nginx configuration..." - sudo cp server-nginx-default /etc/nginx/sites-available/default - echo "βœ… Configuration file updated" - - name: Test nginx configuration run: | echo "πŸ” Testing nginx configuration with current setup..." diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 0000000..03d95e1 --- /dev/null +++ b/nginx.conf @@ -0,0 +1,95 @@ +user nginx nginx; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 1024; + # multi_accept on; +} + +http { + + ## + # Basic Settings + ## + sendfile on; + tcp_nopush on; + types_hash_max_size 2048; + # OS의 bit에 따라 배수둜 μ„€μ • + server_names_hash_bucket_size 64; + # TODO: μ„±λŠ₯에 따라 μ‘°μ •ν•„μš” + # β€» client_max_body_size = client_body_buffer_size -> disk에 κΈ°λ‘ν•˜μ§€ μ•ŠλŠ”λ‹€λŠ” κ°€μ •μ˜ 졜적의 νŠœλ‹ + client_max_body_size 1000M; + client_body_buffer_size 1000M; + + # security options + server_tokens off; + fastcgi_hide_header X-Powered-By; + + # enhance + # connection timeout(μž¬ν™œμš©) 0 ~ μ΅œλŒ€ν•œ 짧게 + keepalive_timeout 3; + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # SSL Settings + ## + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + + ## + # Logging Settings + ## + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + ## + # Gzip Settings + ## + + gzip on; + + # gzip_vary on; + # gzip_proxied any; + # gzip_comp_level 6; + # gzip_buffers 16 8k; + # gzip_http_version 1.1; + # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} + + +#mail { +# # See sample authentication script at: +# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript +# +# # auth_http localhost/auth.php; +# # pop3_capabilities "TOP" "USER"; +# # imap_capabilities "IMAP4rev1" "UIDPLUS"; +# +# server { +# listen localhost:110; +# protocol pop3; +# proxy on; +# } +# +# server { +# listen localhost:143; +# protocol imap; +# proxy on; +# } +#} diff --git a/server-nginx-default b/server-nginx-default index 53e1427..e0c0bd7 100644 --- a/server-nginx-default +++ b/server-nginx-default @@ -48,11 +48,18 @@ server { location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. + + # metric μˆ˜μ§‘ + stub_status on; + try_files $uri $uri/ /index.html; } # API endpoints location /api/ { + # metric μˆ˜μ§‘ + stub_status on; + proxy_pass http://localhost:8000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -62,6 +69,9 @@ server { # Admin dashboard location /admin { + # metric μˆ˜μ§‘ + stub_status on; + proxy_pass http://localhost:8000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -71,6 +81,9 @@ server { # RB10508 API endpoints - 51124 μ„œλ²„λ‘œ ν”„λ‘μ‹œ location ^~ /rb10508/ { + # metric μˆ˜μ§‘ + stub_status on; + proxy_pass http://192.168.219.52:10508/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -80,6 +93,9 @@ server { # RB8001 API endpoints - 51124 μ„œλ²„λ‘œ ν”„λ‘μ‹œ location ^~ /rb8001/ { + # metric μˆ˜μ§‘ + stub_status on; + proxy_pass http://192.168.219.52:8001/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -89,6 +105,9 @@ server { # RB10408 API endpoints (ν¬μž¬λ‹˜ ν…ŒμŠ€νŠΈμš©) - 51124 μ„œλ²„λ‘œ ν”„λ‘μ‹œ location ^~ /rb10408/ { + # metric μˆ˜μ§‘ + stub_status on; + proxy_pass http://192.168.219.52:10408/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -98,6 +117,9 @@ server { # Robeing Gateway - API Gateway for routing to robeings location ^~ /gateway/ { + # metric μˆ˜μ§‘ + stub_status on; + proxy_pass http://localhost:8100/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -107,6 +129,9 @@ server { # Skill Email API endpoints location /skill-email/ { + # metric μˆ˜μ§‘ + stub_status on; + proxy_pass http://localhost:8501/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -115,6 +140,9 @@ server { } location /.well-known/acme-challenge/ { + # metric μˆ˜μ§‘ + stub_status on; + alias /var/www/html/.well-known/acme-challenge/; } @@ -184,11 +212,17 @@ server { # Main application static files location / { + # metric μˆ˜μ§‘ + stub_status on; + try_files $uri $uri/ /index.html; } # API endpoints location /api/ { + # metric μˆ˜μ§‘ + stub_status on; + proxy_pass http://localhost:8000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -198,6 +232,9 @@ server { # Admin dashboard location /admin { + # metric μˆ˜μ§‘ + stub_status on; + proxy_pass http://localhost:8000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -207,6 +244,9 @@ server { # RB10508 API endpoints - 51124 μ„œλ²„λ‘œ ν”„λ‘μ‹œ location ^~ /rb10508/ { + # metric μˆ˜μ§‘ + stub_status on; + proxy_pass http://192.168.219.52:10508/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -216,6 +256,9 @@ server { # RB8001 API endpoints - 51124 μ„œλ²„λ‘œ ν”„λ‘μ‹œ location ^~ /rb8001/ { + # metric μˆ˜μ§‘ + stub_status on; + proxy_pass http://192.168.219.52:8001/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -225,6 +268,9 @@ server { # RB10408 API endpoints (ν¬μž¬λ‹˜ ν…ŒμŠ€νŠΈμš©) - 51124 μ„œλ²„λ‘œ ν”„λ‘μ‹œ location ^~ /rb10408/ { + # metric μˆ˜μ§‘ + stub_status on; + proxy_pass http://192.168.219.52:10408/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -234,6 +280,9 @@ server { # Robeing Gateway - API Gateway for routing to robeings location ^~ /gateway/ { + # metric μˆ˜μ§‘ + stub_status on; + proxy_pass http://localhost:8100/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -243,6 +292,9 @@ server { # Skill Email API endpoints location /skill-email/ { + # metric μˆ˜μ§‘ + stub_status on; + proxy_pass http://localhost:8501/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -251,6 +303,9 @@ server { } location /.well-known/acme-challenge/ { + # metric μˆ˜μ§‘ + stub_status on; + alias /var/www/html/.well-known/acme-challenge/; } @@ -313,6 +368,9 @@ server { ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; location / { + # metric μˆ˜μ§‘ + stub_status on; + proxy_pass http://localhost:3000/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -338,6 +396,9 @@ server { ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; location / { + # metric μˆ˜μ§‘ + stub_status on; + proxy_pass http://localhost:9000/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -350,6 +411,9 @@ server { } location /.well-known/acme-challenge/ { + # metric μˆ˜μ§‘ + stub_status on; + alias /var/www/html/.well-known/acme-challenge/; } } \ No newline at end of file