feat: 개발서버 및 프로덕션서버 HTTPS 적용 (#225)

* chore: 배포서버 HTTPS 적용

Co-Authored-By: 조영우 <[email protected]>

* chore: 개발서버 HTTPS 적용

* chore: nginx conf를 개발서버와 배포서버로 분리

* chore: 개발서버 분리를 위한 nginx dockerFile 분리

* fix: Dockerfile COPY설정에 빠진 디렉토리 수정

* fix: Dockerfile 오타 수정

---------

Co-authored-by: 조영우 <[email protected]>
Co-authored-by: 조영우 <[email protected]>

docker-compose.dev.yml

@@ -4,14 +4,19 @@ services:
   nginx:
     build:
       context: ./nginx
+      dockerfile: Dockerfile.dev
     ports:
       - "80:80"
+      - "443:443"
     depends_on:
       - backend
       - frontend
+    volumes:
+      - certbot-www:/var/www/certbot/:ro
+      - certbot-conf:/etc/nginx/ssl/:ro
     networks:
       - lesser-net
-  
+
   backend:
     build:
       context: ./backend
@@ -28,7 +33,7 @@ services:
       - db
     networks:
       - lesser-net
-  
+
   frontend:
     build:
       context: ./frontend
@@ -52,3 +57,7 @@ networks:
 
 volumes:
   mysql_data: {}
+  certbot-www:
+    external: true
+  certbot-conf:
+    external: true

docker-compose.yml

@@ -4,14 +4,19 @@ services:
   nginx:
     build:
       context: ./nginx
+      dockerfile: Dockerfile.prod
     ports:
       - "80:80"
+      - "443:443"
     depends_on:
       - backend
       - frontend
+    volumes:
+      - certbot-www:/var/www/certbot/:ro
+      - certbot-conf:/etc/nginx/ssl/:ro
     networks:
       - lesser-net
-  
+
   backend:
     build:
       context: ./backend
@@ -26,7 +31,7 @@ services:
       - JWT_SECRET=${JWT_SECRET}
     networks:
       - lesser-net
-  
+
   frontend:
     build:
       context: ./frontend
@@ -35,4 +40,10 @@ services:
 
 networks:
   lesser-net:
-    external: true
+    external: true
+
+volumes:
+  certbot-www:
+    external: true
+  certbot-conf:
+    external: true

nginx/Dockerfile.dev

@@ -0,0 +1,5 @@
+FROM nginx
+
+COPY conf/conf.d/dev.conf /etc/nginx/conf.d
+
+CMD ["nginx", "-g", "daemon off;"]

nginx/Dockerfile.prod

@@ -0,0 +1,5 @@
+FROM nginx
+
+COPY conf/conf.d/prod.conf /etc/nginx/conf.d
+
+CMD ["nginx", "-g", "daemon off;"]

nginx/conf/conf.d/dev.conf

@@ -0,0 +1,43 @@
+server {
+    listen 80;
+    listen [::]:80;
+
+	server_name dev.lesser-project.site;
+    server_tokens off;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return 301 https://dev.lesser-project.site$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+	server_name dev.lesser-project.site;
+
+    ssl_certificate /etc/nginx/ssl/live/dev.lesser-project.site/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/dev.lesser-project.site/privkey.pem;
+
+    location / {
+        proxy_pass http://frontend:5000;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_cache_bypass $http_upgrade;
+    }
+
+    location /api {
+        proxy_pass http://backend:3000;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_cache_bypass $http_upgrade;
+    }
+}

nginx/conf/conf.d/default.conf → nginx/conf/conf.d/prod.conf

@@ -1,6 +1,27 @@
 server {
-	server_name lesser-project.site;
     listen 80;
+    listen [::]:80;
+
+	server_name lesser-project.site;
+    server_tokens off;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return 301 https://lesser-project.site$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+	server_name lesser-project.site;
+
+    ssl_certificate /etc/nginx/ssl/live/lesser-project.site/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/lesser-project.site/privkey.pem;
 
     location / {
         proxy_pass http://frontend:5000;