diff --git a/.github/workflows/CLIENT_BUILD.yml b/.github/workflows/CLIENT_BUILD.yml index 7850337..6b059e0 100644 --- a/.github/workflows/CLIENT_BUILD.yml +++ b/.github/workflows/CLIENT_BUILD.yml @@ -84,7 +84,7 @@ jobs: username: ${{ secrets.RELEASE_USERNAME }} password: ${{ secrets.RELEASE_PASSWORD }} port: ${{ secrets.RELEASE_PORT }} - source: "docker-compose.production.yml" + source: "docker-compose.yml" target: "oao" - name: 운영 서버에서 Docker Compose 실행 @@ -100,7 +100,7 @@ jobs: cd oao - docker-compose -f docker-compose.production.yml up -d + docker-compose -f docker-compose.yml up -d docker image prune - name: 실패시 슬랙 메시지 전송 diff --git a/.github/workflows/CLIENT_DEV_BUILD.yml b/.github/workflows/CLIENT_DEV_BUILD.yml index fdc3166..e77b517 100644 --- a/.github/workflows/CLIENT_DEV_BUILD.yml +++ b/.github/workflows/CLIENT_DEV_BUILD.yml @@ -72,32 +72,6 @@ jobs: tags: ghcr.io/kumsil1006/oao-dev-client context: ./client - - name: Docker Compose 파일 개발 서버로 복사 - uses: appleboy/scp-action@master - with: - host: ${{ secrets.ANOTHER_HOST }} - username: ${{ secrets.ANOTHER_USERNAME }} - password: ${{ secrets.ANOTHER_PASSWORD }} - port: ${{ secrets.ANOTHER_PORT }} - source: "docker-compose.yml" - target: "oao" - - - name: 개발 서버에서 Docker Compose 실행 - uses: appleboy/ssh-action@master - with: - host: ${{ secrets.ANOTHER_HOST }} - username: ${{ secrets.ANOTHER_USERNAME }} - password: ${{ secrets.ANOTHER_PASSWORD }} - port: ${{ secrets.ANOTHER_PORT }} - script: | - echo ${{secrets.CONTAINER_REGISTRY_TOKEN}} | docker login ghcr.io -u kumsil1006 --password-stdin - docker pull ghcr.io/kumsil1006/oao-dev-client - - cd oao - - docker-compose up -d - docker image prune - - name: 실패시 슬랙 메시지 전송 if: ${{ failure() }} uses: ./.github/actions/slack-notify diff --git a/.github/workflows/PROXY_BUILD.yml b/.github/workflows/PROXY_BUILD.yml index f9d34dc..d62a7f9 100644 --- a/.github/workflows/PROXY_BUILD.yml +++ b/.github/workflows/PROXY_BUILD.yml @@ -4,7 +4,7 @@ on: branches: - release paths: - - "nginx/Dockerfile.production" + - "nginx/Dockerfile" jobs: proxy-build: @@ -26,7 +26,7 @@ jobs: push: true tags: ghcr.io/kumsil1006/oao-proxy context: ./nginx - file: ./nginx/Dockerfile.production + file: ./nginx/Dockerfile - name: Docker Compose 파일 운영 서버로 복사 uses: appleboy/scp-action@master @@ -35,7 +35,7 @@ jobs: username: ${{ secrets.RELEASE_USERNAME }} password: ${{ secrets.RELEASE_PASSWORD }} port: ${{ secrets.RELEASE_PORT }} - source: "docker-compose.production.yml" + source: "docker-compose.yml" target: "oao" - name: 운영 서버에서 Docker Compose 실행 @@ -48,10 +48,10 @@ jobs: script: | echo ${{secrets.CONTAINER_REGISTRY_TOKEN}} | docker login ghcr.io -u kumsil1006 --password-stdin docker pull ghcr.io/kumsil1006/oao-proxy - + cd oao - - docker-compose -f docker-compose.production.yml up -d + + docker-compose -f docker-compose.yml up -d docker image prune - name: 실패시 슬랙 메시지 전송 diff --git a/.github/workflows/PROXY_DEV_BUILD.yml b/.github/workflows/PROXY_DEV_BUILD.yml index df337eb..63e6c40 100644 --- a/.github/workflows/PROXY_DEV_BUILD.yml +++ b/.github/workflows/PROXY_DEV_BUILD.yml @@ -27,32 +27,6 @@ jobs: tags: ghcr.io/kumsil1006/oao-dev-proxy context: ./nginx - - name: Docker Compose 파일 개발 서버로 복사 - uses: appleboy/scp-action@master - with: - host: ${{ secrets.ANOTHER_HOST }} - username: ${{ secrets.ANOTHER_USERNAME }} - password: ${{ secrets.ANOTHER_PASSWORD }} - port: ${{ secrets.ANOTHER_PORT }} - source: "docker-compose.yml" - target: "oao" - - - name: 개발 서버에서 Docker Compose 실행 - uses: appleboy/ssh-action@master - with: - host: ${{ secrets.ANOTHER_HOST }} - username: ${{ secrets.ANOTHER_USERNAME }} - password: ${{ secrets.ANOTHER_PASSWORD }} - port: ${{ secrets.ANOTHER_PORT }} - script: | - echo ${{secrets.CONTAINER_REGISTRY_TOKEN}} | docker login ghcr.io -u kumsil1006 --password-stdin - docker pull ghcr.io/kumsil1006/oao-dev-proxy - - cd oao - - docker-compose up -d - docker image prune - - name: 실패시 슬랙 메시지 전송 if: ${{ failure() }} uses: ./.github/actions/slack-notify diff --git a/.github/workflows/SERVER_BUILD.yml b/.github/workflows/SERVER_BUILD.yml index e20a8e6..53fe489 100644 --- a/.github/workflows/SERVER_BUILD.yml +++ b/.github/workflows/SERVER_BUILD.yml @@ -53,7 +53,7 @@ jobs: username: ${{ secrets.RELEASE_USERNAME }} password: ${{ secrets.RELEASE_PASSWORD }} port: ${{ secrets.RELEASE_PORT }} - source: "docker-compose.production.yml" + source: "docker-compose.yml" target: "oao" - name: 운영 서버에서 Docker Compose 실행 @@ -69,7 +69,7 @@ jobs: cd oao - docker-compose -f docker-compose.production.yml up -d + docker-compose -f docker-compose.yml up -d docker image prune - name: 실패시 슬랙 메시지 전송 diff --git a/.github/workflows/SERVER_DEV_BUILD.yml b/.github/workflows/SERVER_DEV_BUILD.yml index 1a3dfbd..9221623 100644 --- a/.github/workflows/SERVER_DEV_BUILD.yml +++ b/.github/workflows/SERVER_DEV_BUILD.yml @@ -40,32 +40,6 @@ jobs: push: true tags: ghcr.io/kumsil1006/oao-dev-server - - name: Docker Compose 파일 개발 서버로 복사 - uses: appleboy/scp-action@master - with: - host: ${{ secrets.ANOTHER_HOST }} - username: ${{ secrets.ANOTHER_USERNAME }} - password: ${{ secrets.ANOTHER_PASSWORD }} - port: ${{ secrets.ANOTHER_PORT }} - source: "docker-compose.yml" - target: "oao" - - - name: 개발 서버에서 Docker Compose 실행 - uses: appleboy/ssh-action@master - with: - host: ${{ secrets.ANOTHER_HOST }} - username: ${{ secrets.ANOTHER_USERNAME }} - password: ${{ secrets.ANOTHER_PASSWORD }} - port: ${{ secrets.ANOTHER_PORT }} - script: | - echo ${{secrets.CONTAINER_REGISTRY_TOKEN}} | docker login ghcr.io -u kumsil1006 --password-stdin - docker pull ghcr.io/kumsil1006/oao-dev-server - - cd oao - - docker-compose up -d - docker image prune - - name: 실패시 슬랙 메시지 전송 if: ${{ failure() }} uses: ./.github/actions/slack-notify diff --git a/docker-compose.production.yml b/docker-compose.production.yml deleted file mode 100644 index da1d401..0000000 --- a/docker-compose.production.yml +++ /dev/null @@ -1,21 +0,0 @@ -version: "3.9" -services: - proxy: - image: "ghcr.io/kumsil1006/oao-proxy:latest" - ports: - - "80:80" - - "443:443" - restart: always - volumes: - - ./ssl/certificate.crt:/etc/ssl/certificate.crt - - ./ssl/private.key:/etc/ssl/private.key - frontend: - image: "ghcr.io/kumsil1006/oao-client:latest" - restart: always - expose: - - "3000" - backend: - image: "ghcr.io/kumsil1006/oao-server:latest" - restart: always - expose: - - "8080" diff --git a/docker-compose.yml b/docker-compose.yml index 93447bb..38f4530 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,17 +1,32 @@ version: "3.9" services: proxy: - image: "ghcr.io/kumsil1006/oao-dev-proxy:latest" + image: "nginx:latest" ports: - "80:80" + - "443:443" restart: always + volumes: + - ./nginx/default.conf:/etc/nginx/conf.d/default.conf + - ./data/certbot/conf:/etc/letsencrypt + - ./data/certbot/www:/var/www/certbot + command: '/bin/sh -c ''while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g "daemon off;"''' + + certbot: + image: "certbot/certbot" + restart: unless-stopped + volumes: + - ./data/certbot/conf:/etc/letsencrypt + - ./data/certbot/www:/var/www/certbot + entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" + frontend: - image: "ghcr.io/kumsil1006/oao-dev-client:latest" + image: "ghcr.io/kumsil1006/oao-client:latest" restart: always expose: - "3000" backend: - image: "ghcr.io/kumsil1006/oao-dev-server:latest" + image: "ghcr.io/kumsil1006/oao-server:latest" restart: always expose: - "8080" diff --git a/nginx/Dockerfile b/nginx/Dockerfile deleted file mode 100644 index 4f2c790..0000000 --- a/nginx/Dockerfile +++ /dev/null @@ -1,4 +0,0 @@ -FROM nginx -COPY ./default.conf /etc/nginx/conf.d/default.conf - -RUN apt-get update && apt-get install vim -y diff --git a/nginx/Dockerfile.production b/nginx/Dockerfile.production deleted file mode 100644 index 9de72f6..0000000 --- a/nginx/Dockerfile.production +++ /dev/null @@ -1,4 +0,0 @@ -FROM nginx -COPY ./default.production.conf /etc/nginx/conf.d/default.conf - -RUN apt-get update && apt-get install vim -y \ No newline at end of file diff --git a/nginx/default.conf b/nginx/default.conf index 154c7b9..2d824bb 100644 --- a/nginx/default.conf +++ b/nginx/default.conf @@ -1,5 +1,23 @@ server { listen 80; + server_name oneatonce.com; + server_tokens off; + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + +} +server { + listen 443 ssl; + server_name oneatonce.com; + server_tokens off; + + ssl_certificate /etc/letsencrypt/live/oneatonce.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/oneatonce.com/privkey.pem; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; + location / { proxy_pass http://frontend:3000; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/nginx/default.production.conf b/nginx/default.production.conf deleted file mode 100644 index 8669ff4..0000000 --- a/nginx/default.production.conf +++ /dev/null @@ -1,36 +0,0 @@ -server { - listen 80; - server_name oneatonce.com; - server_tokens off; - - location / { - return 301 https://$host$request_uri; - } -} -server { - listen 443 ssl; - server_name oneatonce.com; - server_tokens off; - ssl_certificate /etc/ssl/certificate.crt; - ssl_certificate_key /etc/ssl/private.key; - - location / { - proxy_pass http://frontend:3000; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - } - location /api { - rewrite ^/api(.*)$ $1 break; - proxy_pass http://backend:8080; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - } -} \ No newline at end of file