From b9f73704418954b2954454c0d4a8374e9657346d Mon Sep 17 00:00:00 2001 From: hwansae91 Date: Sun, 31 Aug 2025 15:08:35 +0900 Subject: [PATCH] =?UTF-8?q?[enhance]=20=EB=B3=B4=EC=95=88=20=EB=B0=8F=20re?= =?UTF-8?q?quest=20body=20size=20=EB=93=B1=EC=9C=BC=EB=A1=9C=20=EC=9D=B8?= =?UTF-8?q?=ED=95=B4=20=EC=84=B1=EB=8A=A5=20=ED=8A=9C=EB=8B=9D=20=EB=B0=8F?= =?UTF-8?q?=20nginx=20=EC=9C=A0=EC=A0=80/=EA=B7=B8=EB=A3=B9=20=EC=B6=94?= =?UTF-8?q?=EA=B0=80=20=C2=B7=20groupadd=20-g=2010000=20nginx=20=C2=B7=20u?= =?UTF-8?q?seradd=20--system=20-u=2010000=20--no-create-home=20--shell=20/?= =?UTF-8?q?bin/false=20-g=20nginx=20=20nginx=20=E2=80=BB=20=EC=B6=94?= =?UTF-8?q?=EA=B0=80=ED=95=9C=20=EC=BD=94=EB=93=9C=EC=97=90=EB=8A=94=20?= =?UTF-8?q?=EC=A3=BC=EC=84=9D=EC=9C=BC=EB=A1=9C=20=EA=B8=B0=EB=8A=A5?= =?UTF-8?q?=EC=84=A4=EB=AA=85=EC=9D=84=20=EB=8B=AC=EC=95=84=EB=86=93?= =?UTF-8?q?=EC=9D=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitea/workflows/deploy.yml | 28 +++++++---- nginx.conf | 95 +++++++++++++++++++++++++++++++++++++ server-nginx-default | 64 +++++++++++++++++++++++++ 3 files changed, 177 insertions(+), 10 deletions(-) create mode 100644 nginx.conf diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml index 36ce447..96f6ec6 100644 --- a/.gitea/workflows/deploy.yml +++ b/.gitea/workflows/deploy.yml @@ -39,31 +39,39 @@ jobs: - name: Backup current nginx config run: | echo "πŸ“‹ Creating backup of current nginx configuration..." + # nginx system config + sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.backup.$(date +%Y%m%d_%H%M%S) + # nginx server config sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/default.backup.$(date +%Y%m%d_%H%M%S) echo "βœ… Backup created successfully" - - name: Validate new nginx configuration + - name: Validate & apply new nginx configuration run: | echo "πŸ” Validating new nginx configuration syntax..." # Backup current config and test with new one + + # nginx system config + sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.temp.backup + sudo cp nginx.conf /etc/nginx/nginx.conf + sudo nginx -t || { + echo "❌ New nginx system configuration has syntax errors!" + # Restore backup + sudo cp /etc/nginx/nginx.conf.temp.backup /etc/nginx/nginx.conf + exit 1 + } + echo "βœ… New configuration syntax is valid" + + # nginx server config sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/default.temp.backup sudo cp server-nginx-default /etc/nginx/sites-available/default sudo nginx -t || { - echo "❌ New nginx configuration has syntax errors!" + echo "❌ New nginx server configuration has syntax errors!" # Restore backup sudo cp /etc/nginx/sites-available/default.temp.backup /etc/nginx/sites-available/default exit 1 } - # Restore backup for now (will apply later) - sudo cp /etc/nginx/sites-available/default.temp.backup /etc/nginx/sites-available/default echo "βœ… New configuration syntax is valid" - - name: Apply new nginx configuration - run: | - echo "πŸ“‹ Applying new nginx configuration..." - sudo cp server-nginx-default /etc/nginx/sites-available/default - echo "βœ… Configuration file updated" - - name: Test nginx configuration run: | echo "πŸ” Testing nginx configuration with current setup..." diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 0000000..03d95e1 --- /dev/null +++ b/nginx.conf @@ -0,0 +1,95 @@ +user nginx nginx; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 1024; + # multi_accept on; +} + +http { + + ## + # Basic Settings + ## + sendfile on; + tcp_nopush on; + types_hash_max_size 2048; + # OS의 bit에 따라 배수둜 μ„€μ • + server_names_hash_bucket_size 64; + # TODO: μ„±λŠ₯에 따라 μ‘°μ •ν•„μš” + # β€» client_max_body_size = client_body_buffer_size -> disk에 κΈ°λ‘ν•˜μ§€ μ•ŠλŠ”λ‹€λŠ” κ°€μ •μ˜ 졜적의 νŠœλ‹ + client_max_body_size 1000M; + client_body_buffer_size 1000M; + + # security options + server_tokens off; + fastcgi_hide_header X-Powered-By; + + # enhance + # connection timeout(μž¬ν™œμš©) 0 ~ μ΅œλŒ€ν•œ 짧게 + keepalive_timeout 3; + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # SSL Settings + ## + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + + ## + # Logging Settings + ## + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + ## + # Gzip Settings + ## + + gzip on; + + # gzip_vary on; + # gzip_proxied any; + # gzip_comp_level 6; + # gzip_buffers 16 8k; + # gzip_http_version 1.1; + # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} + + +#mail { +# # See sample authentication script at: +# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript +# +# # auth_http localhost/auth.php; +# # pop3_capabilities "TOP" "USER"; +# # imap_capabilities "IMAP4rev1" "UIDPLUS"; +# +# server { +# listen localhost:110; +# protocol pop3; +# proxy on; +# } +# +# server { +# listen localhost:143; +# protocol imap; +# proxy on; +# } +#} diff --git a/server-nginx-default b/server-nginx-default index 53e1427..e0c0bd7 100644 --- a/server-nginx-default +++ b/server-nginx-default @@ -48,11 +48,18 @@ server { location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. + + # metric μˆ˜μ§‘ + stub_status on; + try_files $uri $uri/ /index.html; } # API endpoints location /api/ { + # metric μˆ˜μ§‘ + stub_status on; + proxy_pass http://localhost:8000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -62,6 +69,9 @@ server { # Admin dashboard location /admin { + # metric μˆ˜μ§‘ + stub_status on; + proxy_pass http://localhost:8000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -71,6 +81,9 @@ server { # RB10508 API endpoints - 51124 μ„œλ²„λ‘œ ν”„λ‘μ‹œ location ^~ /rb10508/ { + # metric μˆ˜μ§‘ + stub_status on; + proxy_pass http://192.168.219.52:10508/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -80,6 +93,9 @@ server { # RB8001 API endpoints - 51124 μ„œλ²„λ‘œ ν”„λ‘μ‹œ location ^~ /rb8001/ { + # metric μˆ˜μ§‘ + stub_status on; + proxy_pass http://192.168.219.52:8001/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -89,6 +105,9 @@ server { # RB10408 API endpoints (ν¬μž¬λ‹˜ ν…ŒμŠ€νŠΈμš©) - 51124 μ„œλ²„λ‘œ ν”„λ‘μ‹œ location ^~ /rb10408/ { + # metric μˆ˜μ§‘ + stub_status on; + proxy_pass http://192.168.219.52:10408/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -98,6 +117,9 @@ server { # Robeing Gateway - API Gateway for routing to robeings location ^~ /gateway/ { + # metric μˆ˜μ§‘ + stub_status on; + proxy_pass http://localhost:8100/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -107,6 +129,9 @@ server { # Skill Email API endpoints location /skill-email/ { + # metric μˆ˜μ§‘ + stub_status on; + proxy_pass http://localhost:8501/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -115,6 +140,9 @@ server { } location /.well-known/acme-challenge/ { + # metric μˆ˜μ§‘ + stub_status on; + alias /var/www/html/.well-known/acme-challenge/; } @@ -184,11 +212,17 @@ server { # Main application static files location / { + # metric μˆ˜μ§‘ + stub_status on; + try_files $uri $uri/ /index.html; } # API endpoints location /api/ { + # metric μˆ˜μ§‘ + stub_status on; + proxy_pass http://localhost:8000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -198,6 +232,9 @@ server { # Admin dashboard location /admin { + # metric μˆ˜μ§‘ + stub_status on; + proxy_pass http://localhost:8000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -207,6 +244,9 @@ server { # RB10508 API endpoints - 51124 μ„œλ²„λ‘œ ν”„λ‘μ‹œ location ^~ /rb10508/ { + # metric μˆ˜μ§‘ + stub_status on; + proxy_pass http://192.168.219.52:10508/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -216,6 +256,9 @@ server { # RB8001 API endpoints - 51124 μ„œλ²„λ‘œ ν”„λ‘μ‹œ location ^~ /rb8001/ { + # metric μˆ˜μ§‘ + stub_status on; + proxy_pass http://192.168.219.52:8001/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -225,6 +268,9 @@ server { # RB10408 API endpoints (ν¬μž¬λ‹˜ ν…ŒμŠ€νŠΈμš©) - 51124 μ„œλ²„λ‘œ ν”„λ‘μ‹œ location ^~ /rb10408/ { + # metric μˆ˜μ§‘ + stub_status on; + proxy_pass http://192.168.219.52:10408/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -234,6 +280,9 @@ server { # Robeing Gateway - API Gateway for routing to robeings location ^~ /gateway/ { + # metric μˆ˜μ§‘ + stub_status on; + proxy_pass http://localhost:8100/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -243,6 +292,9 @@ server { # Skill Email API endpoints location /skill-email/ { + # metric μˆ˜μ§‘ + stub_status on; + proxy_pass http://localhost:8501/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -251,6 +303,9 @@ server { } location /.well-known/acme-challenge/ { + # metric μˆ˜μ§‘ + stub_status on; + alias /var/www/html/.well-known/acme-challenge/; } @@ -313,6 +368,9 @@ server { ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; location / { + # metric μˆ˜μ§‘ + stub_status on; + proxy_pass http://localhost:3000/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -338,6 +396,9 @@ server { ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; location / { + # metric μˆ˜μ§‘ + stub_status on; + proxy_pass http://localhost:9000/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -350,6 +411,9 @@ server { } location /.well-known/acme-challenge/ { + # metric μˆ˜μ§‘ + stub_status on; + alias /var/www/html/.well-known/acme-challenge/; } } \ No newline at end of file