Merge pull request #142 from boostcampwm-2024/Feature/#136_NginX_HTTPS

Feature/#136 HTTPS 접속을 위한 NginX 설정 변경
boostcampwm-2024 · Nov 18, 2024 · 59a22c5 · 59a22c5
2 parents 07c63f7 + 01f8886
commit 59a22c5
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 0 deletions.
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -25,8 +25,10 @@ services:
       dockerfile: ./nginx/Dockerfile
     ports:
       - "80:80"
+      - "443:443"
     volumes:
       - ./client/dist:/usr/share/nginx/html
+      - /etc/letsencrypt:/etc/letsencrypt:ro
     depends_on:
       - frontend
       - backend

diff --git a/nginx/Dockerfile b/nginx/Dockerfile
@@ -5,4 +5,5 @@ WORKDIR /usr/share/nginx/html
 COPY ./nginx/default.conf /etc/nginx/conf.d/default.conf
 
 EXPOSE 80
+EXPOSE 443
 CMD ["nginx", "-g", "daemon off;"]
diff --git a/nginx/default.conf b/nginx/default.conf
@@ -3,8 +3,38 @@ upstream backend {
   server backend:3000; # 백엔드 서버 (NestJS)
 }
 
+# HTTP 서버 블록
 server {
   listen 80;
+  server_name nocta.site www.nocta.site;
+
+  # Let's Encrypt 인증을 위한 설정
+  location /.well-known/acme-challenge/ {
+    root /var/www/certbot;
+  }
+
+  # HTTPS로 리다이렉트
+  location / {
+    return 301 https://$host$request_uri;
+  }
+}
+
+# HTTPS 서버 블록
+server {
+  listen 443 ssl;
+  server_name nocta.site www.nocta.site;
+
+  # SSL 인증서와 키 파일 경로
+  ssl_certificate /etc/letsencrypt/live/nocta.site/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/nocta.site/privkey.pem;
+
+  # SSL 설정
+  ssl_protocols TLSv1.2 TLSv1.3;
+  ssl_prefer_server_ciphers on;
+  ssl_ciphers HIGH:!aNULL:!MD5;
+
+  # HSTS 설정 (HTTPS 강제)
+  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
 
   # /api 경로로 들어오는 요청은 백엔드로 전달
   location /api {