fix: ssl 관련 설정 강화

Tolerblanc · Tolerblanc · commit 54827caa7ba4 · 2024-11-28T23:21:13.000+09:00
diff --git a/services/nginx/conf.d/prod_nginx.conf b/services/nginx/conf.d/prod_nginx.conf
@@ -2,9 +2,11 @@ server {
     listen 80;
     server_name octodocs.com www.octodocs.com;
 
-    # Certbot 인증용 경로
-    location /.well-known/acme-challenge/ {
+    # Certbot 인증용 경로 (최상단에 위치)
+    location ^~ /.well-known/acme-challenge/ {
         root /var/www/certbot;
+        try_files $uri =404;
+        break;
     }
 
     # 나머지 모든 HTTP 트래픽은 HTTPS로 리다이렉트
@@ -26,6 +28,14 @@ server {
     ssl_ciphers HIGH:!aNULL:!MD5;
     ssl_prefer_server_ciphers on;
     
+    # 인증서가 없을 때 fallback
+    ssl_trusted_certificate /etc/letsencrypt/live/octodocs.com/chain.pem;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    
+    # 에러 페이지 설정
+    error_page 497 https://$server_name$request_uri;
+    
     # gzip 압축 설정
     gzip on;
     gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
@@ -49,7 +59,7 @@ server {
 
     # Socket.IO 프록시 (일반 웹소켓)
     location /socket.io {
-        proxy_pass http://backend:3000;
+        proxy_pass http://backend:1234;
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "Upgrade";
