Merge pull request #330 from boostcampwm-2024/feature-shared-#284

Production 환경 구성

Author: github-actions[bot]

apps/backend/src/main.ts

@@ -25,7 +25,11 @@ async function bootstrap() {
   const documentFactory = () => SwaggerModule.createDocument(app, config);
   SwaggerModule.setup('api', app, documentFactory);
   app.enableCors({
-    origin: process.env.origin,
+    origin:
+      process.env.NODE_ENV === 'production'
+        ? ['https://octodocs.com', 'https://www.octodocs.com']
+        : process.env.origin,
+    credentials: true,
   });
   app.use(cookieParser());
   await app.listen(3000);

compose.init.yml

@@ -0,0 +1,32 @@
+version: "3.8"
+
+services:
+    nginx:
+        image: nginx:alpine
+        restart: always
+        ports:
+            - "80:80"
+        volumes:
+            - ./services/nginx/conf.d/prod_nginx_init.conf:/etc/nginx/conf.d/default.conf
+            - ./data/certbot/www:/var/www/certbot
+        networks:
+            - frontend
+
+    certbot:
+        image: certbot/certbot:latest
+        volumes:
+            - ./data/certbot/conf:/etc/letsencrypt
+            - ./data/certbot/www:/var/www/certbot
+            - ./data/certbot/log:/var/log/letsencrypt
+        command: >
+            certonly --webroot
+            --webroot-path=/var/www/certbot
+            --email [email protected]
+            --agree-tos
+            --no-eff-email
+            -d octodocs.com
+            -d www.octodocs.com
+
+networks:
+    frontend:
+        driver: bridge

compose.prod.yml

@@ -0,0 +1,58 @@
+version: "3.8"
+
+services:
+    nginx:
+        image: nginx:alpine
+        restart: always
+        ports:
+            - "80:80"
+            - "443:443"
+        volumes:
+            - ./services/nginx/conf.d/prod_nginx.conf:/etc/nginx/conf.d/default.conf
+            - ./data/certbot/conf:/etc/letsencrypt:ro
+            - ./data/certbot/www:/var/www/certbot
+            - ./apps/frontend/dist:/usr/share/nginx/html:ro
+        networks:
+            - frontend
+        depends_on:
+            - backend
+
+    backend:
+        build:
+            context: .
+            dockerfile: ./services/backend/Dockerfile.prod
+        image: backend:latest
+        env_file:
+            - .env.prod
+        volumes:
+            - .env.prod:/app/.env
+        expose:
+            - "3000"
+            - "1234"
+        networks:
+            - frontend
+            - backend
+        depends_on:
+            - redis
+
+    redis:
+        image: redis:latest
+        environment:
+            REDIS_HOST: ${REDIS_HOST}
+            REDIS_PORT: ${REDIS_PORT}
+        networks:
+            - backend
+
+    certbot-renewer:
+        image: certbot/certbot:latest
+        volumes:
+            - ./data/certbot/conf:/etc/letsencrypt
+            - ./data/certbot/www:/var/www/certbot
+            - ./data/certbot/log:/var/log/letsencrypt
+        entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew --webroot --webroot-path=/var/www/certbot; sleep 12h & wait $${!}; done;'"
+
+networks:
+    frontend:
+        driver: bridge
+    backend:
+        driver: bridge

services/backend/Dockerfile.prod

@@ -0,0 +1,38 @@
+# 빌드 스테이지
+FROM node:20-alpine as builder
+
+WORKDIR /app
+
+# 의존성 파일 복사
+COPY package.json yarn.lock ./
+COPY turbo.json ./
+COPY apps/backend/package.json ./apps/backend/
+COPY apps/frontend/package.json ./apps/frontend/
+
+# 의존성 설치
+RUN yarn install --frozen-lockfile
+
+# 소스 코드 복사
+COPY . .
+
+# 백엔드 빌드
+RUN yarn turbo run build --filter=backend
+
+# 실행 스테이지
+FROM node:20-alpine
+
+WORKDIR /app
+
+# 프로덕션에 필요한 파일만 복사
+COPY --from=builder /app/package.json /app/yarn.lock ./
+COPY --from=builder /app/apps/backend/package.json ./apps/backend/
+COPY --from=builder /app/apps/backend/dist ./apps/backend/dist
+
+# 프로덕션 의존성만 설치
+RUN yarn install --frozen-lockfile --production
+
+ENV NODE_ENV=production
+
+EXPOSE 3000 1234
+
+CMD ["yarn", "start"]

services/nginx/conf.d/prod_nginx.conf

@@ -0,0 +1,77 @@
+server {
+    listen 80;
+    server_name octodocs.com www.octodocs.com;
+
+    # Certbot 인증용 경로 (최상단에 위치)
+    location ^~ /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+        try_files $uri =404;
+        break;
+    }
+
+    # 나머지 모든 HTTP 트래픽은 HTTPS로 리다이렉트
+    location / {
+        return 301 https://$server_name$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl;
+    server_name octodocs.com www.octodocs.com;
+
+    # Let's Encrypt 인증서 경로
+    ssl_certificate /etc/letsencrypt/live/octodocs.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/octodocs.com/privkey.pem;
+    
+    # SSL 설정
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers HIGH:!aNULL:!MD5;
+    ssl_prefer_server_ciphers on;
+    
+    # 인증서가 없을 때 fallback
+    ssl_trusted_certificate /etc/letsencrypt/live/octodocs.com/chain.pem;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    
+    # 에러 페이지 설정
+    error_page 497 https://$server_name$request_uri;
+    
+    # gzip 압축 설정
+    gzip on;
+    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+    
+    # 프론트엔드 정적 파일
+    location / {
+        root /usr/share/nginx/html;
+        try_files $uri $uri/ /index.html;
+        expires 30d;
+    }
+
+    # API 프록시
+    location /api {
+        proxy_pass http://backend:3000;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_cache_bypass $http_upgrade;
+    }
+
+    # Socket.IO 프록시 (일반 웹소켓)
+    location /socket.io {
+        proxy_pass http://backend:1234;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        proxy_set_header Host $host;
+    }
+
+    # Y-Socket.IO 프록시 (YJS 웹소켓)
+    location /flow-room {
+        proxy_pass http://backend:1234;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        proxy_set_header Host $host;
+    }
+}

services/nginx/conf.d/prod_nginx_init.conf

@@ -0,0 +1,14 @@
+server {
+    listen 80;
+    server_name octodocs.com www.octodocs.com;
+
+    # Certbot 인증용 경로
+    location ^~ /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    # 나머지 요청에 대한 처리 (필요에 따라 수정)
+    location / {
+        return 200 '인증서 발급을 위한 임시 nginx 서버입니다.';
+    }
+}