Refactor: Rename services and containers to home-service-proxy

nginx.conf

@@ -0,0 +1,119 @@
+user nginx;
+worker_processes auto;
+error_log /var/log/nginx/error.log warn;
+pid /var/run/nginx.pid;
+
+events {
+    worker_connections 1024;
+    use epoll;
+    multi_accept on;
+}
+
+http {
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    # 보안 헤더
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+    
+    # 서버 정보 숨기기
+    server_tokens off;
+    
+    # 로그 포맷 (Fail2Ban용)
+    log_format security '$remote_addr - $remote_user [$time_local] '
+                       '"$request" $status $body_bytes_sent '
+                       '"$http_referer" "$http_user_agent" '
+                       '$request_time $upstream_response_time';
+
+    access_log /var/log/nginx/access.log security;
+
+    # 기본 설정
+    sendfile on;
+    tcp_nopush on;
+    tcp_nodelay on;
+    keepalive_timeout 65;
+    types_hash_max_size 2048;
+    client_max_body_size 100M;
+
+    # Gzip 압축
+    gzip on;
+    gzip_vary on;
+    gzip_min_length 1024;
+    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+    # Rate Limiting (DDoS 방어)
+    limit_req_zone $binary_remote_addr zone=jellyfin:10m rate=10r/s;
+    limit_req_zone $binary_remote_addr zone=auth:10m rate=5r/m;
+    
+    # 연결 제한
+    limit_conn_zone $binary_remote_addr zone=perip:10m;
+    limit_conn_zone $server_name zone=perserver:10m;
+
+    # 젤리핀 앱 프록시 설정 (호스트의 8096 포트로 연결)
+    upstream jellyfin_app {
+        server host.docker.internal:8096;  # macOS Docker에서 호스트 접근
+        keepalive 32;
+    }
+
+    server {
+        listen 80;
+        server_name jellyfin.hyungi.net;
+
+        # 보안 제한
+        limit_req zone=jellyfin burst=20 nodelay;
+        limit_conn perip 10;
+        limit_conn perserver 100;
+
+        # 로그인 페이지 특별 제한
+        location ~ ^/(Users/authenticatebyname|Users/AuthenticateByName) {
+            limit_req zone=auth burst=3 nodelay;
+            proxy_pass http://jellyfin_app;
+            include /etc/nginx/conf.d/security.conf;
+        }
+
+        # 관리자 페이지 접근 제한 (선택사항)
+        location /web/index.html#!/dashboard {
+            # 특정 IP만 허용 (필요시 주석 해제)
+            # allow 192.168.219.0/24;  # 내부 네트워크
+            # allow YOUR_TRUSTED_IP;    # 신뢰할 수 있는 외부 IP
+            # deny all;
+            
+            proxy_pass http://jellyfin_app;
+            include /etc/nginx/conf.d/security.conf;
+        }
+
+        # 메인 프록시 설정
+        location / {
+            proxy_pass http://jellyfin_app;
+            include /etc/nginx/conf.d/security.conf;
+        }
+
+        # 웹소켓 지원 (실시간 업데이트용)
+        location /socket {
+            proxy_pass http://jellyfin_app;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+        }
+
+        # 보안: 숨겨야 할 경로들
+        location ~ /\.ht {
+            deny all;
+        }
+        
+        location ~ /\. {
+            deny all;
+        }
+    }
+}
+
+
+
+