diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml index a750988..c7b9bd2 100644 --- a/docker-compose.prod.yml +++ b/docker-compose.prod.yml @@ -86,9 +86,9 @@ services: volumes: - ./frontend/build:/var/www/frontend - ./backend/static:/backend/static - - /etc/nginx/nginx.conf:/etc/nginx/nginx.conf - - /etc/nginx/certificate.pem:/etc/nginx/certificate.pem - - /etc/nginx/private.key:/etc/nginx/private.key + - ./nginx/nginx.conf:/etc/nginx/nginx.conf + - ./nginx/certificate.pem:/etc/nginx/certificate.pem + - ./nginx/private.key:/etc/nginx/private.key depends_on: - backend - frontend @@ -124,10 +124,10 @@ services: - /sys:/host/sys:ro - /:/rootfs:ro command: - - '--path.procfs=/host/proc' - - '--path.rootfs=/rootfs' - - '--path.sysfs=/host/sys' - - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)' + - "--path.procfs=/host/proc" + - "--path.rootfs=/rootfs" + - "--path.sysfs=/host/sys" + - "--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)" ports: - 9100:9100 expose: diff --git a/nginx/nginx.conf b/nginx/nginx.conf index 882f6ef..4540255 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -1,57 +1,63 @@ -upstream backend { - server backend:8000; +events { + worker_connections 1024; } -server { - listen 80; - server_name gtd.kro.kr; - return 301 https://gtd.kro.kr$request_uri; -} - -server { - listen 443 ssl; - server_name gtd.kro.kr; - client_max_body_size 10M; - - ssl_certificate /etc/nginx/certificate.pem; # managed by Certbot - ssl_certificate_key /etc/nginx/private.key; # managed by Certbot - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_prefer_server_ciphers on; - ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; - - location /.well-known/acme-challenge/ { - allow all; - root /var/www/certbot; - } - - location ~* (service-worker\.js)$ { - add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; - expires off; - proxy_no_cache 1; - } - - location /static/ { - alias /backend/static/; +http { + upstream backend { + server backend:8000; } - location /api/ { - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Forwarded-Host $server_name; - proxy_set_header Host $host; - proxy_redirect off; - proxy_connect_timeout 300s; - proxy_read_timeout 600s; - proxy_send_timeout 600s; - proxy_buffer_size 128k; - proxy_buffers 4 256k; - proxy_busy_buffers_size 256k; - proxy_pass http://backend; + server { + listen 80; + server_name gtd.kro.kr; + return 301 https://gtd.kro.kr$request_uri; } - location / { - root /var/www/frontend; - index index.html index.htm; - try_files $uri $uri/ /index.html; + server { + listen 443 ssl; + server_name gtd.kro.kr; + client_max_body_size 10M; + + ssl_certificate /etc/nginx/certificate.pem; # managed by Certbot + ssl_certificate_key /etc/nginx/private.key; # managed by Certbot + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; + + location /.well-known/acme-challenge/ { + allow all; + root /var/www/certbot; + } + + location ~* (service-worker\.js)$ { + add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; + expires off; + proxy_no_cache 1; + } + + location /static/ { + alias /backend/static/; + } + + location /api/ { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-Host $server_name; + proxy_set_header Host $host; + proxy_redirect off; + proxy_connect_timeout 300s; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + proxy_buffer_size 128k; + proxy_buffers 4 256k; + proxy_busy_buffers_size 256k; + proxy_pass http://backend; + } + + location / { + root /var/www/frontend; + index index.html index.htm; + try_files $uri $uri/ /index.html; + } } }