Merge pull request #270 from boostcampwm-2022/env/SSL-인증서-자동-발급-설정-및-…

…dev-서버-관련-파일-삭제 Env/ssl 인증서 자동 발급 설정 및 dev 서버 관련 파일 삭제
boostcampwm-2022 · Apr 20, 2023 · e5dd3c6 · e5dd3c6
2 parents c40b660 + 105d096
commit e5dd3c6
Show file tree

Hide file tree

Showing 12 changed files with 46 additions and 156 deletions.
diff --git a/.github/workflows/CLIENT_BUILD.yml b/.github/workflows/CLIENT_BUILD.yml
@@ -84,7 +84,7 @@ jobs:
           username: ${{ secrets.RELEASE_USERNAME }}
           password: ${{ secrets.RELEASE_PASSWORD }}
           port: ${{ secrets.RELEASE_PORT }}
-          source: "docker-compose.production.yml"
+          source: "docker-compose.yml"
           target: "oao"
 
       - name: 운영 서버에서 Docker Compose 실행
@@ -100,7 +100,7 @@ jobs:
 
             cd oao
 
-            docker-compose -f docker-compose.production.yml up -d
+            docker-compose -f docker-compose.yml up -d
             docker image prune
 
       - name: 실패시 슬랙 메시지 전송

diff --git a/.github/workflows/CLIENT_DEV_BUILD.yml b/.github/workflows/CLIENT_DEV_BUILD.yml
@@ -72,32 +72,6 @@ jobs:
           tags: ghcr.io/kumsil1006/oao-dev-client
           context: ./client
 
-      - name: Docker Compose 파일 개발 서버로 복사
-        uses: appleboy/scp-action@master
-        with:
-          host: ${{ secrets.ANOTHER_HOST }}
-          username: ${{ secrets.ANOTHER_USERNAME }}
-          password: ${{ secrets.ANOTHER_PASSWORD }}
-          port: ${{ secrets.ANOTHER_PORT }}
-          source: "docker-compose.yml"
-          target: "oao"
-
-      - name: 개발 서버에서 Docker Compose 실행
-        uses: appleboy/ssh-action@master
-        with:
-          host: ${{ secrets.ANOTHER_HOST }}
-          username: ${{ secrets.ANOTHER_USERNAME }}
-          password: ${{ secrets.ANOTHER_PASSWORD }}
-          port: ${{ secrets.ANOTHER_PORT }}
-          script: |
-            echo ${{secrets.CONTAINER_REGISTRY_TOKEN}} | docker login ghcr.io -u kumsil1006 --password-stdin
-            docker pull ghcr.io/kumsil1006/oao-dev-client
-
-            cd oao
-
-            docker-compose up -d
-            docker image prune
-
       - name: 실패시 슬랙 메시지 전송
         if: ${{ failure() }}
         uses: ./.github/actions/slack-notify

diff --git a/.github/workflows/PROXY_BUILD.yml b/.github/workflows/PROXY_BUILD.yml
@@ -4,7 +4,7 @@ on:
     branches:
       - release
     paths:
-      - "nginx/Dockerfile.production"
+      - "nginx/Dockerfile"
 
 jobs:
   proxy-build:
@@ -26,7 +26,7 @@ jobs:
           push: true
           tags: ghcr.io/kumsil1006/oao-proxy
           context: ./nginx
-          file: ./nginx/Dockerfile.production
+          file: ./nginx/Dockerfile
 
       - name: Docker Compose 파일 운영 서버로 복사
         uses: appleboy/scp-action@master
@@ -35,7 +35,7 @@ jobs:
           username: ${{ secrets.RELEASE_USERNAME }}
           password: ${{ secrets.RELEASE_PASSWORD }}
           port: ${{ secrets.RELEASE_PORT }}
-          source: "docker-compose.production.yml"
+          source: "docker-compose.yml"
           target: "oao"
 
       - name: 운영 서버에서 Docker Compose 실행
@@ -48,10 +48,10 @@ jobs:
           script: |
             echo ${{secrets.CONTAINER_REGISTRY_TOKEN}} | docker login ghcr.io -u kumsil1006 --password-stdin
             docker pull ghcr.io/kumsil1006/oao-proxy
-            
+
             cd oao
-            
-            docker-compose -f docker-compose.production.yml up -d
+
+            docker-compose -f docker-compose.yml up -d
             docker image prune
 
       - name: 실패시 슬랙 메시지 전송

diff --git a/.github/workflows/PROXY_DEV_BUILD.yml b/.github/workflows/PROXY_DEV_BUILD.yml
@@ -27,32 +27,6 @@ jobs:
           tags: ghcr.io/kumsil1006/oao-dev-proxy
           context: ./nginx
 
-      - name: Docker Compose 파일 개발 서버로 복사
-        uses: appleboy/scp-action@master
-        with:
-          host: ${{ secrets.ANOTHER_HOST }}
-          username: ${{ secrets.ANOTHER_USERNAME }}
-          password: ${{ secrets.ANOTHER_PASSWORD }}
-          port: ${{ secrets.ANOTHER_PORT }}
-          source: "docker-compose.yml"
-          target: "oao"
-
-      - name: 개발 서버에서 Docker Compose 실행
-        uses: appleboy/ssh-action@master
-        with:
-          host: ${{ secrets.ANOTHER_HOST }}
-          username: ${{ secrets.ANOTHER_USERNAME }}
-          password: ${{ secrets.ANOTHER_PASSWORD }}
-          port: ${{ secrets.ANOTHER_PORT }}
-          script: |
-            echo ${{secrets.CONTAINER_REGISTRY_TOKEN}} | docker login ghcr.io -u kumsil1006 --password-stdin
-            docker pull ghcr.io/kumsil1006/oao-dev-proxy
-
-            cd oao
-
-            docker-compose up -d
-            docker image prune
-            
       - name: 실패시 슬랙 메시지 전송
         if: ${{ failure() }}
         uses: ./.github/actions/slack-notify

diff --git a/.github/workflows/SERVER_BUILD.yml b/.github/workflows/SERVER_BUILD.yml
@@ -53,7 +53,7 @@ jobs:
           username: ${{ secrets.RELEASE_USERNAME }}
           password: ${{ secrets.RELEASE_PASSWORD }}
           port: ${{ secrets.RELEASE_PORT }}
-          source: "docker-compose.production.yml"
+          source: "docker-compose.yml"
           target: "oao"
 
       - name: 운영 서버에서 Docker Compose 실행
@@ -69,7 +69,7 @@ jobs:
 
             cd oao
 
-            docker-compose -f docker-compose.production.yml up -d
+            docker-compose -f docker-compose.yml up -d
             docker image prune
 
       - name: 실패시 슬랙 메시지 전송

diff --git a/.github/workflows/SERVER_DEV_BUILD.yml b/.github/workflows/SERVER_DEV_BUILD.yml
@@ -40,32 +40,6 @@ jobs:
           push: true
           tags: ghcr.io/kumsil1006/oao-dev-server
 
-      - name: Docker Compose 파일 개발 서버로 복사
-        uses: appleboy/scp-action@master
-        with:
-          host: ${{ secrets.ANOTHER_HOST }}
-          username: ${{ secrets.ANOTHER_USERNAME }}
-          password: ${{ secrets.ANOTHER_PASSWORD }}
-          port: ${{ secrets.ANOTHER_PORT }}
-          source: "docker-compose.yml"
-          target: "oao"
-
-      - name: 개발 서버에서 Docker Compose 실행
-        uses: appleboy/ssh-action@master
-        with:
-          host: ${{ secrets.ANOTHER_HOST }}
-          username: ${{ secrets.ANOTHER_USERNAME }}
-          password: ${{ secrets.ANOTHER_PASSWORD }}
-          port: ${{ secrets.ANOTHER_PORT }}
-          script: |
-            echo ${{secrets.CONTAINER_REGISTRY_TOKEN}} | docker login ghcr.io -u kumsil1006 --password-stdin
-            docker pull ghcr.io/kumsil1006/oao-dev-server
-
-            cd oao
-
-            docker-compose up -d
-            docker image prune
-
       - name: 실패시 슬랙 메시지 전송
         if: ${{ failure() }}
         uses: ./.github/actions/slack-notify

diff --git a/docker-compose.production.yml b/docker-compose.production.yml
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,17 +1,32 @@
 version: "3.9"
 services:
   proxy:
-    image: "ghcr.io/kumsil1006/oao-dev-proxy:latest"
+    image: "nginx:latest"
     ports:
       - "80:80"
+      - "443:443"
     restart: always
+    volumes:
+      - ./nginx/default.conf:/etc/nginx/conf.d/default.conf
+      - ./data/certbot/conf:/etc/letsencrypt
+      - ./data/certbot/www:/var/www/certbot
+    command: '/bin/sh -c ''while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g "daemon off;"'''
+
+  certbot:
+    image: "certbot/certbot"
+    restart: unless-stopped
+    volumes:
+      - ./data/certbot/conf:/etc/letsencrypt
+      - ./data/certbot/www:/var/www/certbot
+    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
+
   frontend:
-    image: "ghcr.io/kumsil1006/oao-dev-client:latest"
+    image: "ghcr.io/kumsil1006/oao-client:latest"
     restart: always
     expose:
       - "3000"
   backend:
-    image: "ghcr.io/kumsil1006/oao-dev-server:latest"
+    image: "ghcr.io/kumsil1006/oao-server:latest"
     restart: always
     expose:
       - "8080"
diff --git a/nginx/Dockerfile b/nginx/Dockerfile
diff --git a/nginx/Dockerfile.production b/nginx/Dockerfile.production
diff --git a/nginx/default.conf b/nginx/default.conf
@@ -1,5 +1,23 @@
 server {
         listen 80;
+        server_name oneatonce.com;
+        server_tokens off;
+
+        location /.well-known/acme-challenge/ {
+                root /var/www/certbot;
+        }
+
+}
+server {
+        listen 443 ssl;
+        server_name oneatonce.com;
+        server_tokens off;
+
+        ssl_certificate /etc/letsencrypt/live/oneatonce.com/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/oneatonce.com/privkey.pem;
+        include /etc/letsencrypt/options-ssl-nginx.conf;
+        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
         location / {
                 proxy_pass http://frontend:3000;
                 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

diff --git a/nginx/default.production.conf b/nginx/default.production.conf