diff --git a/.github/workflows/dev_deploy.yml b/.github/workflows/dev_deploy.yml index befe6e91..a7498b00 100644 --- a/.github/workflows/dev_deploy.yml +++ b/.github/workflows/dev_deploy.yml @@ -29,7 +29,6 @@ jobs: spring.jpa.hibernate.ddl-auto=update server.forward-headers-strategy=framework - # PostgreSQL 설정 추가 ✅ spring.datasource.url=\${SPRING_DATASOURCE_URL} spring.datasource.username=\${SPRING_DATASOURCE_USERNAME} spring.datasource.password=\${SPRING_DATASOURCE_PASSWORD} @@ -91,25 +90,98 @@ jobs: cache-from: type=gha cache-to: type=gha,mode=max - deploy: + deploy-dev: + needs: build + runs-on: ubuntu-latest + if: github.ref == 'refs/heads/develop' + environment: development + + steps: + - name: Deploy to Dev Server + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ vars.EC2_HOST }} + username: ${{ vars.EC2_USERNAME }} + key: ${{ secrets.EC2_SSH_KEY }} + script: | + cd /home/ubuntu/edison-infra + + cat > .env << 'ENVEOF' + DOCKERHUB_USERNAME=${{ vars.DOCKERHUB_USERNAME }} + + SPRING_TAG=${{ github.sha }} + AI_TAG=latest + + RDS_URL=${{ vars.RDS_URL }} + RDS_USERNAME=${{ vars.RDS_USERNAME }} + RDS_PASSWORD=${{ secrets.RDS_PASSWORD }} + + REDIS_PASSWORD=${{ secrets.REDIS_PASSWORD }} + + JWT_SECRET=${{ secrets.JWT_SECRET }} + JWT_ACCESS_EXPIRATION=${{ vars.JWT_ACCESS_EXPIRATION }} + JWT_REFRESH_EXPIRATION=${{ vars.JWT_REFRESH_EXPIRATION }} + + GOOGLE_CLIENT_ID=${{ vars.GOOGLE_CLIENT_ID }} + GOOGLE_CLIENT_SECRET=${{ secrets.GOOGLE_CLIENT_SECRET }} + + OPENAI_KEY=${{ secrets.OPENAI_KEY }} + + AWS_ACCESS_KEY=${{ secrets.AWS_ACCESS_KEY }} + AWS_SECRET_KEY=${{ secrets.AWS_SECRET_KEY }} + CLOUD_AWS_CREDENTIALS_ACCESS_KEY=${{ secrets.AWS_ACCESS_KEY }} + CLOUD_AWS_CREDENTIALS_SECRET_KEY=${{ secrets.AWS_SECRET_KEY }} + CLOUD_AWS_S3_BUCKET=${{ vars.AWS_S3_BUCKET }} + ENVEOF + + ./deploy.sh spring ${{ github.sha }} dev + + echo "✅ Deployed to DEV server" + + deploy-prod: needs: build runs-on: ubuntu-latest if: github.ref == 'refs/heads/main' + environment: production steps: - - name: Deploy to EC2 + - name: Deploy to Prod Server uses: appleboy/ssh-action@v1.0.3 with: - host: ${{ secrets.EC2_HOST }} - username: ${{ secrets.EC2_USERNAME }} + host: ${{ vars.EC2_HOST }} + username: ${{ vars.EC2_USERNAME }} key: ${{ secrets.EC2_SSH_KEY }} script: | cd /home/ubuntu/edison-infra cat > .env << 'ENVEOF' - ${{ secrets.ENV_FILE }} + DOCKERHUB_USERNAME=${{ vars.DOCKERHUB_USERNAME }} + + SPRING_TAG=${{ github.sha }} + AI_TAG=latest + + RDS_URL=${{ vars.RDS_URL }} + RDS_USERNAME=${{ vars.RDS_USERNAME }} + RDS_PASSWORD=${{ secrets.RDS_PASSWORD }} + + REDIS_PASSWORD=${{ secrets.REDIS_PASSWORD }} + + JWT_SECRET=${{ secrets.JWT_SECRET }} + JWT_ACCESS_EXPIRATION=${{ vars.JWT_ACCESS_EXPIRATION }} + JWT_REFRESH_EXPIRATION=${{ vars.JWT_REFRESH_EXPIRATION }} + + GOOGLE_CLIENT_ID=${{ vars.GOOGLE_CLIENT_ID }} + GOOGLE_CLIENT_SECRET=${{ secrets.GOOGLE_CLIENT_SECRET }} + + OPENAI_KEY=${{ secrets.OPENAI_KEY }} + + AWS_ACCESS_KEY=${{ secrets.AWS_ACCESS_KEY }} + AWS_SECRET_KEY=${{ secrets.AWS_SECRET_KEY }} + CLOUD_AWS_CREDENTIALS_ACCESS_KEY=${{ secrets.AWS_ACCESS_KEY }} + CLOUD_AWS_CREDENTIALS_SECRET_KEY=${{ secrets.AWS_SECRET_KEY }} + CLOUD_AWS_S3_BUCKET=${{ vars.AWS_S3_BUCKET }} ENVEOF - sed -i 's/^SPRING_TAG=.*/SPRING_TAG=${{ github.sha }}/' .env + ./deploy.sh spring ${{ github.sha }} prod - ./deploy.sh spring ${{ github.sha }} \ No newline at end of file + echo "✅ Deployed to PROD server" \ No newline at end of file diff --git a/nginx/nginx.conf b/nginx/nginx.conf deleted file mode 100644 index 0c420d0f..00000000 --- a/nginx/nginx.conf +++ /dev/null @@ -1,96 +0,0 @@ -# 기본 설정 -user www-data; -worker_processes auto; -pid /run/nginx.pid; -include /etc/nginx/modules-enabled/*.conf; - -# 이벤트 처리 설정 -events { - worker_connections 1024; -} - -# HTTP 설정 -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - # 로그 설정 - access_log /var/log/nginx/access.log; - error_log /var/log/nginx/error.log; - - sendfile on; - keepalive_timeout 65; - - # HTTP 요청 → HTTPS로 리디렉션 - server { - listen 80; - listen [::]:80; - server_name api.umcedison.site; - - # Let's Encrypt 인증 요청은 HTTP로 유지 - location ^~ /.well-known/acme-challenge/ { - allow all; - root /var/www/html; - default_type "text/plain"; - try_files $uri =404; - } - - # 헬스 체크 경로 - location /health-check { - return 200 'healthy'; - add_header Content-Type text/plain; - } - - # 나머지 요청은 HTTPS로 리디렉션 - location / { - return 301 https://api.umcedison.site$request_uri; - } - } - - # HTTPS 설정 - server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name api.umcedison.site; - - ssl_certificate /etc/letsencrypt/live/api.umcedison.site/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/api.umcedison.site/privkey.pem; - - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers HIGH:!aNULL:!MD5; - ssl_prefer_server_ciphers on; - - # HSTS 설정 - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - - # HTTPS에서도 인증서 갱신 허용 - location ^~ /.well-known/acme-challenge/ { - allow all; - root /var/www/html; - default_type "text/plain"; - try_files $uri =404; - } - - # 프록시 설정 (리디렉션 금지) - location / { - proxy_pass http://localhost:8080; - proxy_http_version 1.1; # HTTP/1.1 강제 적용 - proxy_set_header Upgrade $http_upgrade; # WebSocket 지원 - proxy_set_header Connection 'upgrade'; # 연결 유지 - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto https; # HTTPS로 고정 - proxy_set_header X-Forwarded-Ssl on; # SSL 사용 명시 - - # Authorization 헤더 추가 - proxy_set_header Authorization $http_authorization; - - # 프록시 타임아웃 설정 - proxy_connect_timeout 20s; - proxy_send_timeout 60s; - proxy_read_timeout 60s; - } - } -}