[DDING-002] 운영 서버 매트릭 수집 세팅 및 요청 및 응답 로그 수집 (#314)

Author: KoSeonJe

.ebextensions/03-swap-file

@@ -0,0 +1,30 @@
+commands:
+  01_create_swap:
+    command: |
+      # 스왑 파일이 이미 존재하는지 확인
+      if [ ! -f /swapfile ]; then
+        echo "Creating 1GB swap file..."
+
+        # 1GB 스왑 파일 생성 (fallocate 사용 - 더 빠름)
+        fallocate -l 1G /swapfile || dd if=/dev/zero of=/swapfile bs=1M count=1024
+
+        # 스왑 파일 권한 설정 (보안상 중요)
+        chmod 600 /swapfile
+
+        # 스왑 영역 설정
+        mkswap /swapfile
+
+        # 스왑 활성화
+        swapon /swapfile
+
+        # 부팅 시 자동 마운트를 위해 /etc/fstab에 추가 (중복 방지)
+        if ! grep -q '/swapfile' /etc/fstab; then
+          echo '/swapfile none swap sw 0 0' >> /etc/fstab
+        fi
+
+        echo "1GB swap file created successfully"
+      else
+        echo "Swap file already exists, skipping creation"
+        swapon -s
+      fi
+    ignoreErrors: false

.github/workflows/prod-server-deployer.yml

@@ -53,6 +53,7 @@ jobs:
           cp build/libs/*.jar deploy/application.jar
           cp Procfile deploy/Procfile
           cp -r promtail deploy/promtail
+          cp -r alloy deploy/alloy
           cp -r .ebextensions deploy/.ebextensions
           cp -r .platform deploy/.platform
           cd deploy && zip -r deploy.zip .

.platform/nginx/nginx.conf

@@ -28,9 +28,25 @@ http {
     keepalive 1024;
   }
 
+  upstream springboot-actuator {
+      server 127.0.0.1:9090;
+      keepalive 38;
+    }
+
   server {
       listen 80 default_server;
 
+      location /server/actuator {
+          proxy_pass          http://springboot-actuator;
+          proxy_http_version  1.1;
+          proxy_set_header    Connection          $connection_upgrade;
+          proxy_set_header    Upgrade             $http_upgrade;
+
+          proxy_set_header    Host                $host;
+          proxy_set_header    X-Real-IP           $remote_addr;
+          proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
+      }
+
       location / {
           proxy_pass          http://springboot;
           proxy_http_version  1.1;

alloy/alloy-docker-compose.yml

@@ -0,0 +1,12 @@
+version: '3'
+
+services:
+  alloy:
+    image: grafana/alloy:latest
+    container_name: alloy
+    network_mode: host
+    volumes:
+      - /var/app/current/alloy/config.alloy:/etc/alloy/config.alloy:ro
+    environment:
+      - ALLOY_ENV=prod
+      - SERVER_NAME=prod-server

alloy/config.alloy

@@ -0,0 +1,71 @@
+prometheus.scrape "spring_boot" {
+    targets = [
+        {
+            "__address__" = "localhost:9090",
+            "__metrics_path__" = "/server/actuator/prometheus",
+            "job" = "spring-boot",
+            "instance" = sys.env("SERVER_NAME"),
+            "environment" = sys.env("ALLOY_ENV"),
+            "server_type" = "application",
+        },
+    ]
+    scrape_interval = "15s"
+    scrape_timeout = "10s"
+    forward_to = [prometheus.remote_write.central.receiver]
+}
+
+prometheus.exporter.unix "system" {
+    filesystem {
+        mount_points_exclude = "^/(sys|proc|dev|host|etc)($|/)"
+        fs_types_exclude = "^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$"
+    }
+    enable_collectors = ["processes"]
+}
+
+prometheus.scrape "system" {
+    targets = prometheus.exporter.unix.system.targets
+    job_name = "node"
+    scrape_interval = "15s"
+    scrape_timeout = "10s"
+
+    forward_to = [prometheus.relabel.system_labels.receiver]
+}
+
+prometheus.relabel "system_labels" {
+    forward_to = [prometheus.remote_write.central.receiver]
+
+    rule {
+        target_label = "instance"
+        replacement = sys.env("SERVER_NAME")
+    }
+
+    rule {
+        target_label = "environment"
+        replacement = sys.env("ALLOY_ENV")
+    }
+
+    rule {
+        target_label = "server_type"
+        replacement = "system"
+    }
+}
+
+
+prometheus.remote_write "central" {
+    endpoint {
+        url = "http://3.39.151.102:9090/api/v1/write"
+        remote_timeout = "30s"
+        queue_config {
+            capacity = 10000
+            max_shards = 10
+            min_shards = 1
+            max_samples_per_send = 1000
+            batch_send_deadline = "5s"
+        }
+    }
+    wal {
+        truncate_frequency = "2h"
+        min_keepalive_time = "5m"
+        max_keepalive_time = "8h"
+    }
+}

promtail/promtail-docker-compose.yml

@@ -5,13 +5,11 @@ services:
   promtail:
     image: grafana/promtail:2.9.1
     container_name: promtail
-    environment:
-      - LOKI_URL
     volumes:
       - /var/app/current/promtail/promtail-config.yml:/etc/promtail/config.yml
       - /var/app/current/logs:/var/logs  # 로컬 로그 파일 경로를 Promtail에 마운트
     command: >
       -config.file=/etc/promtail/config.yml
-      -client.url=${LOKI_URL}
+      -client.url=http://3.39.151.102:3100/loki/api/v1/push
     ports:
       - "9080:9080"  # Promtail의 웹 UI를 호스트와 매핑

src/main/java/ddingdong/ddingdongBE/common/config/SecurityConfig.java

@@ -7,7 +7,6 @@
 import ddingdong.ddingdongBE.common.filter.JwtAuthenticationFilter;
 import ddingdong.ddingdongBE.common.handler.CustomAccessDeniedHandler;
 import ddingdong.ddingdongBE.common.handler.RestAuthenticationEntryPoint;
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -27,9 +26,6 @@ public class SecurityConfig {
 
     private static final String API_PREFIX = "/server";
 
-    @Value("security.actuator.base-path")
-    private String actuatorPath;
-
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http, JwtAuthService authService, JwtConfig config)
             throws Exception {
@@ -40,7 +36,10 @@ public SecurityFilterChain filterChain(HttpSecurity http, JwtAuthService authSer
                         .permitAll()
                         .requestMatchers(API_PREFIX + "/admin/**").hasRole("ADMIN")
                         .requestMatchers(API_PREFIX + "/central/**").hasRole("CLUB")
-                        .requestMatchers(actuatorPath).hasRole("ADMIN")
+                        .requestMatchers(GET,
+                                "/server/actuator/health",
+                                "/server/actuator/prometheus",
+                                "/server/actuator/metrics").permitAll()
                         .requestMatchers(GET,
                                 API_PREFIX + "/clubs/**",
                                 API_PREFIX + "/notices/**",

src/main/java/ddingdong/ddingdongBE/common/exception/CustomExceptionHandler.java

@@ -45,7 +45,7 @@ public ErrorResponse handleSystemException(Throwable exception, HttpServletReque
 
         loggingApplicationError(connectionInfo
                 + "\n"
-                + "[SYSTEM-ERROR]" + " : " + exception.getMessage());
+                + "[SYSTEM-ERROR]" + " : " + exception.getMessage(), exception);
 
         Sentry.captureException(exception, scope -> {
             scope.setExtra("requestMethod", requestMethod);
@@ -70,7 +70,7 @@ public ErrorResponse handleIllegalArgumentException(IllegalArgumentException exc
 
         loggingApplicationWarn(connectionInfo
                 + "\n"
-                + exception.getClass().getSimpleName() + " : " + exception.getMessage());
+                + exception.getClass().getSimpleName() + " : " + exception.getMessage(), exception);
 
         return new ErrorResponse(BAD_REQUEST.value(), exception.getMessage(), LocalDateTime.now()
         );
@@ -83,7 +83,7 @@ public ErrorResponse handlePersistenceException(CustomException exception, HttpS
 
         loggingApplicationWarn(connectionInfo
                 + "\n"
-                + exception.getErrorCode() + " : " + exception.getMessage());
+                + exception.getErrorCode() + " : " + exception.getMessage(), exception);
 
         return new ErrorResponse(exception.getErrorCode(), exception.getMessage(), LocalDateTime.now()
         );
@@ -96,7 +96,7 @@ public ErrorResponse handleAuthenticationException(AuthenticationException excep
 
         loggingApplicationWarn(connectionInfo
                 + "\n"
-                + exception.getClass().getSimpleName() + " : " + exception.getMessage());
+                + exception.getClass().getSimpleName() + " : " + exception.getMessage(), exception);
 
         return new ErrorResponse(exception.getErrorCode(), exception.getMessage(), LocalDateTime.now()
         );
@@ -115,7 +115,7 @@ public ErrorResponse handleMethodArgumentNotValidException(MethodArgumentNotVali
 
         loggingApplicationWarn(connectionInfo
                 + "\n"
-                + exception.getClass().getSimpleName() + " : " + message);
+                + exception.getClass().getSimpleName() + " : " + message, exception);
 
         return new ErrorResponse(BAD_REQUEST.value(), message, LocalDateTime.now()
         );
@@ -145,12 +145,12 @@ private String createLogConnectionInfo(HttpServletRequest request) {
         return requestMethod + requestUrl + "?" + queryString + " from ip: " + clientIp;
     }
 
-    private void loggingApplicationWarn(String applicationLog) {
-        log.warn("errorLog = {}", applicationLog);
+    private void loggingApplicationWarn(String applicationLog, Throwable e) {
+        log.warn("errorLog = {}", applicationLog, e);
     }
 
-    private void loggingApplicationError(String applicationLog) {
-        log.error("errorLog = {}", applicationLog);
+    private void loggingApplicationError(String applicationLog, Throwable e) {
+        log.error("errorLog = {}", applicationLog, e);
     }
 
     private String getRequestBody(HttpServletRequest request) {

src/main/java/ddingdong/ddingdongBE/common/filter/HttpLoggingFilter.java

@@ -0,0 +1,102 @@
+package ddingdong.ddingdongBE.common.filter;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.List;
+import java.util.UUID;
+import lombok.extern.slf4j.Slf4j;
+import org.slf4j.MDC;
+import org.springframework.stereotype.Component;
+import org.springframework.util.AntPathMatcher;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+@Slf4j
+@Component
+public class HttpLoggingFilter extends OncePerRequestFilter {
+
+    private static final List<String> EXCLUDE_URI = List.of(
+            "/actuator/**",
+            "/swagger-ui/**",
+            "/api-docs",
+            "/favicon.ico"
+    );
+
+    private final AntPathMatcher antPathMatcher = new AntPathMatcher();
+
+    @Override
+    protected void doFilterInternal(
+            final HttpServletRequest request,
+            final HttpServletResponse response,
+            final FilterChain filterChain
+    ) throws ServletException, IOException {
+
+        final String requestURI = request.getRequestURI();
+        if (isExcluded(requestURI)) {
+            filterChain.doFilter(request, response);
+            return;
+        }
+
+        final String requestId = createRequestId();
+        final long startTime = System.currentTimeMillis();
+
+        logRequest(request, requestId);
+
+        try {
+            filterChain.doFilter(request, response);
+        } finally {
+            final long duration = System.currentTimeMillis() - startTime;
+            logResponse(request, response, requestId, duration);
+            MDC.remove("request_id");
+        }
+    }
+
+    private String createRequestId() {
+        String requestId = UUID.randomUUID().toString().substring(0, 8);
+        MDC.put("request_id", requestId);
+        return requestId;
+    }
+
+    private void logRequest(HttpServletRequest request, String requestId) {
+        log.info("[{}] → {} {} | IP: {}",
+                requestId,
+                request.getMethod(),
+                getFullRequestUrl(request),
+                getClientIpAddress(request)
+        );
+    }
+
+    private void logResponse(HttpServletRequest request, HttpServletResponse response,
+            String requestId, long duration) {
+        log.info("[{}] ← {} | Status: {} | {}ms",
+                requestId,
+                request.getMethod(),
+                response.getStatus(),
+                duration
+        );
+    }
+
+    private String getFullRequestUrl(HttpServletRequest request) {
+        String queryString = request.getQueryString();
+        return queryString != null ? request.getRequestURI() + "?" + queryString : request.getRequestURI();
+    }
+
+    private String getClientIpAddress(HttpServletRequest request) {
+        // AWS ALB에서 설정하는 X-Forwarded-For 헤더 확인
+        String xForwardedFor = request.getHeader("X-Forwarded-For");
+        if (xForwardedFor != null && !xForwardedFor.isEmpty()) {
+            // 첫 번째 IP가 실제 클라이언트 IP
+            return xForwardedFor.split(",")[0].trim();
+        }
+
+        // fallback: Remote Address
+        return request.getRemoteAddr();
+    }
+
+    private boolean isExcluded(String requestURI) {
+        return EXCLUDE_URI.stream()
+                .anyMatch(pattern -> antPathMatcher.match(pattern, requestURI));
+    }
+}