fix(infra): nginx 동적 DNS resolve + Docker 헬스체크 추가
컨테이너 재생성 시 502 Bad Gateway 방지: - 모든 nginx proxy_pass를 set $upstream 변수 방식으로 전환 (9개 파일, 24개 location) - resolver 127.0.0.11 valid=10s ipv6=off 통합 선언 - ai-api location의 개별 resolver 8.8.8.8 제거 (server-level로 통합) - 10개 API 서비스에 healthcheck 추가 (Node: wget, Python: urllib) - 모든 web/gateway depends_on을 condition: service_healthy로 강화 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Hyungi Ahn
@@ -66,6 +66,12 @@ services:
|
|||||||
- SSO_JWT_REFRESH_EXPIRES_IN=${SSO_JWT_REFRESH_EXPIRES_IN:-30d}
|
- SSO_JWT_REFRESH_EXPIRES_IN=${SSO_JWT_REFRESH_EXPIRES_IN:-30d}
|
||||||
- REDIS_HOST=redis
|
- REDIS_HOST=redis
|
||||||
- REDIS_PORT=6379
|
- REDIS_PORT=6379
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD", "wget", "--spider", "-q", "http://localhost:3000/health"]
|
||||||
|
interval: 15s
|
||||||
|
timeout: 5s
|
||||||
|
retries: 3
|
||||||
|
start_period: 30s
|
||||||
depends_on:
|
depends_on:
|
||||||
mariadb:
|
mariadb:
|
||||||
condition: service_healthy
|
condition: service_healthy
|
||||||
@@ -104,6 +110,12 @@ services:
|
|||||||
- WEATHER_API_URL=${WEATHER_API_URL:-}
|
- WEATHER_API_URL=${WEATHER_API_URL:-}
|
||||||
- WEATHER_API_KEY=${WEATHER_API_KEY:-}
|
- WEATHER_API_KEY=${WEATHER_API_KEY:-}
|
||||||
- INTERNAL_SERVICE_KEY=${INTERNAL_SERVICE_KEY}
|
- INTERNAL_SERVICE_KEY=${INTERNAL_SERVICE_KEY}
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD", "wget", "--spider", "-q", "http://localhost:3005/api/health"]
|
||||||
|
interval: 15s
|
||||||
|
timeout: 5s
|
||||||
|
retries: 3
|
||||||
|
start_period: 30s
|
||||||
volumes:
|
volumes:
|
||||||
- system1_uploads:/usr/src/app/uploads
|
- system1_uploads:/usr/src/app/uploads
|
||||||
- system1_logs:/usr/src/app/logs
|
- system1_logs:/usr/src/app/logs
|
||||||
@@ -126,8 +138,10 @@ services:
|
|||||||
volumes:
|
volumes:
|
||||||
- ./system1-factory/web:/usr/share/nginx/html:ro
|
- ./system1-factory/web:/usr/share/nginx/html:ro
|
||||||
depends_on:
|
depends_on:
|
||||||
- system1-api
|
system1-api:
|
||||||
- sso-auth
|
condition: service_healthy
|
||||||
|
sso-auth:
|
||||||
|
condition: service_healthy
|
||||||
networks:
|
networks:
|
||||||
- tk-network
|
- tk-network
|
||||||
|
|
||||||
@@ -141,8 +155,15 @@ services:
|
|||||||
- "30008:8000"
|
- "30008:8000"
|
||||||
environment:
|
environment:
|
||||||
- API_BASE_URL=http://system1-api:3005
|
- API_BASE_URL=http://system1-api:3005
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD", "python", "-c", "import urllib.request; urllib.request.urlopen('http://localhost:8000/health')"]
|
||||||
|
interval: 15s
|
||||||
|
timeout: 5s
|
||||||
|
retries: 3
|
||||||
|
start_period: 30s
|
||||||
depends_on:
|
depends_on:
|
||||||
- system1-api
|
system1-api:
|
||||||
|
condition: service_healthy
|
||||||
networks:
|
networks:
|
||||||
- tk-network
|
- tk-network
|
||||||
|
|
||||||
@@ -175,6 +196,12 @@ services:
|
|||||||
- M_PROJECT_PASSWORD=${M_PROJECT_PASSWORD:-}
|
- M_PROJECT_PASSWORD=${M_PROJECT_PASSWORD:-}
|
||||||
- M_PROJECT_DEFAULT_PROJECT_ID=${M_PROJECT_DEFAULT_PROJECT_ID:-1}
|
- M_PROJECT_DEFAULT_PROJECT_ID=${M_PROJECT_DEFAULT_PROJECT_ID:-1}
|
||||||
- INTERNAL_SERVICE_KEY=${INTERNAL_SERVICE_KEY}
|
- INTERNAL_SERVICE_KEY=${INTERNAL_SERVICE_KEY}
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD", "wget", "--spider", "-q", "http://localhost:3005/api/health"]
|
||||||
|
interval: 15s
|
||||||
|
timeout: 5s
|
||||||
|
retries: 3
|
||||||
|
start_period: 30s
|
||||||
volumes:
|
volumes:
|
||||||
- system2_uploads:/usr/src/app/uploads
|
- system2_uploads:/usr/src/app/uploads
|
||||||
- system2_logs:/usr/src/app/logs
|
- system2_logs:/usr/src/app/logs
|
||||||
@@ -195,7 +222,8 @@ services:
|
|||||||
ports:
|
ports:
|
||||||
- "30180:80"
|
- "30180:80"
|
||||||
depends_on:
|
depends_on:
|
||||||
- system2-api
|
system2-api:
|
||||||
|
condition: service_healthy
|
||||||
networks:
|
networks:
|
||||||
- tk-network
|
- tk-network
|
||||||
|
|
||||||
@@ -223,6 +251,12 @@ services:
|
|||||||
- ADMIN_USERNAME=${SYSTEM3_ADMIN_USERNAME:-hyungi}
|
- ADMIN_USERNAME=${SYSTEM3_ADMIN_USERNAME:-hyungi}
|
||||||
- TZ=Asia/Seoul
|
- TZ=Asia/Seoul
|
||||||
- TKUSER_API_URL=http://tkuser-api:3000
|
- TKUSER_API_URL=http://tkuser-api:3000
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD", "python", "-c", "import urllib.request; urllib.request.urlopen('http://localhost:8000/api/health')"]
|
||||||
|
interval: 15s
|
||||||
|
timeout: 5s
|
||||||
|
retries: 3
|
||||||
|
start_period: 30s
|
||||||
volumes:
|
volumes:
|
||||||
- system3_uploads:/app/uploads
|
- system3_uploads:/app/uploads
|
||||||
depends_on:
|
depends_on:
|
||||||
@@ -242,7 +276,8 @@ services:
|
|||||||
volumes:
|
volumes:
|
||||||
- system3_uploads:/usr/share/nginx/html/uploads
|
- system3_uploads:/usr/share/nginx/html/uploads
|
||||||
depends_on:
|
depends_on:
|
||||||
- system3-api
|
system3-api:
|
||||||
|
condition: service_healthy
|
||||||
networks:
|
networks:
|
||||||
- tk-network
|
- tk-network
|
||||||
|
|
||||||
@@ -275,6 +310,12 @@ services:
|
|||||||
- NTFY_PUBLISH_TOKEN=${NTFY_PUBLISH_TOKEN}
|
- NTFY_PUBLISH_TOKEN=${NTFY_PUBLISH_TOKEN}
|
||||||
- NTFY_EXTERNAL_URL=${NTFY_EXTERNAL_URL:-https://ntfy.technicalkorea.net}
|
- NTFY_EXTERNAL_URL=${NTFY_EXTERNAL_URL:-https://ntfy.technicalkorea.net}
|
||||||
- TKFB_BASE_URL=${TKFB_BASE_URL:-https://tkfb.technicalkorea.net}
|
- TKFB_BASE_URL=${TKFB_BASE_URL:-https://tkfb.technicalkorea.net}
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD", "wget", "--spider", "-q", "http://localhost:3000/health"]
|
||||||
|
interval: 15s
|
||||||
|
timeout: 5s
|
||||||
|
retries: 3
|
||||||
|
start_period: 30s
|
||||||
volumes:
|
volumes:
|
||||||
- system1_uploads:/usr/src/app/uploads
|
- system1_uploads:/usr/src/app/uploads
|
||||||
depends_on:
|
depends_on:
|
||||||
@@ -292,7 +333,8 @@ services:
|
|||||||
ports:
|
ports:
|
||||||
- "30380:80"
|
- "30380:80"
|
||||||
depends_on:
|
depends_on:
|
||||||
- tkuser-api
|
tkuser-api:
|
||||||
|
condition: service_healthy
|
||||||
networks:
|
networks:
|
||||||
- tk-network
|
- tk-network
|
||||||
|
|
||||||
@@ -318,6 +360,12 @@ services:
|
|||||||
- DB_NAME=${MYSQL_DATABASE:-hyungi}
|
- DB_NAME=${MYSQL_DATABASE:-hyungi}
|
||||||
- SSO_JWT_SECRET=${SSO_JWT_SECRET}
|
- SSO_JWT_SECRET=${SSO_JWT_SECRET}
|
||||||
- INTERNAL_SERVICE_KEY=${INTERNAL_SERVICE_KEY}
|
- INTERNAL_SERVICE_KEY=${INTERNAL_SERVICE_KEY}
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD", "wget", "--spider", "-q", "http://localhost:3000/health"]
|
||||||
|
interval: 15s
|
||||||
|
timeout: 5s
|
||||||
|
retries: 3
|
||||||
|
start_period: 30s
|
||||||
depends_on:
|
depends_on:
|
||||||
mariadb:
|
mariadb:
|
||||||
condition: service_healthy
|
condition: service_healthy
|
||||||
@@ -333,7 +381,8 @@ services:
|
|||||||
ports:
|
ports:
|
||||||
- "30480:80"
|
- "30480:80"
|
||||||
depends_on:
|
depends_on:
|
||||||
- tkpurchase-api
|
tkpurchase-api:
|
||||||
|
condition: service_healthy
|
||||||
networks:
|
networks:
|
||||||
- tk-network
|
- tk-network
|
||||||
|
|
||||||
@@ -359,6 +408,12 @@ services:
|
|||||||
- DB_NAME=${MYSQL_DATABASE:-hyungi}
|
- DB_NAME=${MYSQL_DATABASE:-hyungi}
|
||||||
- SSO_JWT_SECRET=${SSO_JWT_SECRET}
|
- SSO_JWT_SECRET=${SSO_JWT_SECRET}
|
||||||
- INTERNAL_SERVICE_KEY=${INTERNAL_SERVICE_KEY}
|
- INTERNAL_SERVICE_KEY=${INTERNAL_SERVICE_KEY}
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD", "wget", "--spider", "-q", "http://localhost:3000/health"]
|
||||||
|
interval: 15s
|
||||||
|
timeout: 5s
|
||||||
|
retries: 3
|
||||||
|
start_period: 30s
|
||||||
volumes:
|
volumes:
|
||||||
- tksafety_uploads:/usr/src/app/uploads
|
- tksafety_uploads:/usr/src/app/uploads
|
||||||
depends_on:
|
depends_on:
|
||||||
@@ -378,7 +433,8 @@ services:
|
|||||||
volumes:
|
volumes:
|
||||||
- tksafety_uploads:/usr/share/nginx/html/uploads
|
- tksafety_uploads:/usr/share/nginx/html/uploads
|
||||||
depends_on:
|
depends_on:
|
||||||
- tksafety-api
|
tksafety-api:
|
||||||
|
condition: service_healthy
|
||||||
networks:
|
networks:
|
||||||
- tk-network
|
- tk-network
|
||||||
|
|
||||||
@@ -403,6 +459,12 @@ services:
|
|||||||
- DB_PASSWORD=${MYSQL_PASSWORD}
|
- DB_PASSWORD=${MYSQL_PASSWORD}
|
||||||
- DB_NAME=${MYSQL_DATABASE:-hyungi}
|
- DB_NAME=${MYSQL_DATABASE:-hyungi}
|
||||||
- SSO_JWT_SECRET=${SSO_JWT_SECRET}
|
- SSO_JWT_SECRET=${SSO_JWT_SECRET}
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD", "wget", "--spider", "-q", "http://localhost:3000/health"]
|
||||||
|
interval: 15s
|
||||||
|
timeout: 5s
|
||||||
|
retries: 3
|
||||||
|
start_period: 30s
|
||||||
depends_on:
|
depends_on:
|
||||||
mariadb:
|
mariadb:
|
||||||
condition: service_healthy
|
condition: service_healthy
|
||||||
@@ -418,7 +480,8 @@ services:
|
|||||||
ports:
|
ports:
|
||||||
- "30680:80"
|
- "30680:80"
|
||||||
depends_on:
|
depends_on:
|
||||||
- tksupport-api
|
tksupport-api:
|
||||||
|
condition: service_healthy
|
||||||
networks:
|
networks:
|
||||||
- tk-network
|
- tk-network
|
||||||
|
|
||||||
@@ -461,6 +524,12 @@ services:
|
|||||||
- TKUSER_API_URL=http://tkuser-api:3000
|
- TKUSER_API_URL=http://tkuser-api:3000
|
||||||
- ENVIRONMENT=production
|
- ENVIRONMENT=production
|
||||||
- TZ=Asia/Seoul
|
- TZ=Asia/Seoul
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD", "python", "-c", "import urllib.request; urllib.request.urlopen('http://localhost:8000/health')"]
|
||||||
|
interval: 15s
|
||||||
|
timeout: 5s
|
||||||
|
retries: 3
|
||||||
|
start_period: 30s
|
||||||
volumes:
|
volumes:
|
||||||
- tkeg_uploads:/app/uploads
|
- tkeg_uploads:/app/uploads
|
||||||
depends_on:
|
depends_on:
|
||||||
@@ -482,7 +551,8 @@ services:
|
|||||||
ports:
|
ports:
|
||||||
- "30780:80"
|
- "30780:80"
|
||||||
depends_on:
|
depends_on:
|
||||||
- tkeg-api
|
tkeg-api:
|
||||||
|
condition: service_healthy
|
||||||
networks:
|
networks:
|
||||||
- tk-network
|
- tk-network
|
||||||
|
|
||||||
@@ -522,8 +592,10 @@ services:
|
|||||||
ports:
|
ports:
|
||||||
- "30000:80"
|
- "30000:80"
|
||||||
depends_on:
|
depends_on:
|
||||||
- sso-auth
|
sso-auth:
|
||||||
- system1-api
|
condition: service_healthy
|
||||||
|
system1-api:
|
||||||
|
condition: service_healthy
|
||||||
networks:
|
networks:
|
||||||
- tk-network
|
- tk-network
|
||||||
|
|
||||||
|
|||||||
@@ -1,6 +1,7 @@
|
|||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
server_name _;
|
server_name _;
|
||||||
|
resolver 127.0.0.11 valid=10s ipv6=off;
|
||||||
|
|
||||||
root /usr/share/nginx/html;
|
root /usr/share/nginx/html;
|
||||||
|
|
||||||
@@ -33,7 +34,9 @@ server {
|
|||||||
|
|
||||||
# SSO Auth 프록시
|
# SSO Auth 프록시
|
||||||
location /auth/ {
|
location /auth/ {
|
||||||
proxy_pass http://sso-auth:3000/api/auth/;
|
set $upstream http://sso-auth:3000;
|
||||||
|
rewrite ^/auth/(.*)$ /api/auth/$1 break;
|
||||||
|
proxy_pass $upstream;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
@@ -42,7 +45,8 @@ server {
|
|||||||
|
|
||||||
# System1 API 프록시 (대시보드 배너용: 알림/TBM/휴가 카운트)
|
# System1 API 프록시 (대시보드 배너용: 알림/TBM/휴가 카운트)
|
||||||
location /api/ {
|
location /api/ {
|
||||||
proxy_pass http://system1-api:3005/api/;
|
set $upstream http://system1-api:3005;
|
||||||
|
proxy_pass $upstream$request_uri;
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
|||||||
@@ -1,6 +1,7 @@
|
|||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
server_name _;
|
server_name _;
|
||||||
|
resolver 127.0.0.11 valid=10s ipv6=off;
|
||||||
|
|
||||||
client_max_body_size 50M;
|
client_max_body_size 50M;
|
||||||
|
|
||||||
@@ -25,7 +26,8 @@ server {
|
|||||||
|
|
||||||
# API 프록시 (System 1 API)
|
# API 프록시 (System 1 API)
|
||||||
location /api/ {
|
location /api/ {
|
||||||
proxy_pass http://system1-api:3005/api/;
|
set $upstream http://system1-api:3005;
|
||||||
|
proxy_pass $upstream$request_uri;
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
@@ -35,14 +37,17 @@ server {
|
|||||||
|
|
||||||
# 업로드 파일 프록시 (^~ 로 regex location보다 우선 매칭)
|
# 업로드 파일 프록시 (^~ 로 regex location보다 우선 매칭)
|
||||||
location ^~ /uploads/ {
|
location ^~ /uploads/ {
|
||||||
proxy_pass http://system1-api:3005/uploads/;
|
set $upstream http://system1-api:3005;
|
||||||
|
proxy_pass $upstream$request_uri;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
}
|
}
|
||||||
|
|
||||||
# FastAPI Bridge 프록시
|
# FastAPI Bridge 프록시
|
||||||
location /fastapi/ {
|
location /fastapi/ {
|
||||||
proxy_pass http://system1-fastapi:8000/;
|
set $upstream http://system1-fastapi:8000;
|
||||||
|
rewrite ^/fastapi/(.*)$ /$1 break;
|
||||||
|
proxy_pass $upstream;
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
@@ -52,7 +57,9 @@ server {
|
|||||||
|
|
||||||
# SSO Auth 프록시 (gateway에서 이관)
|
# SSO Auth 프록시 (gateway에서 이관)
|
||||||
location /auth/ {
|
location /auth/ {
|
||||||
proxy_pass http://sso-auth:3000/api/auth/;
|
set $upstream http://sso-auth:3000;
|
||||||
|
rewrite ^/auth/(.*)$ /api/auth/$1 break;
|
||||||
|
proxy_pass $upstream;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
@@ -61,7 +68,6 @@ server {
|
|||||||
|
|
||||||
# AI Service 프록시 (gateway에서 이관)
|
# AI Service 프록시 (gateway에서 이관)
|
||||||
location /ai-api/ {
|
location /ai-api/ {
|
||||||
resolver 8.8.8.8 valid=300s ipv6=off;
|
|
||||||
set $ai_upstream https://ai.hyungi.net;
|
set $ai_upstream https://ai.hyungi.net;
|
||||||
rewrite ^/ai-api/(.*) /api/ai/$1 break;
|
rewrite ^/ai-api/(.*) /api/ai/$1 break;
|
||||||
proxy_pass $ai_upstream;
|
proxy_pass $ai_upstream;
|
||||||
|
|||||||
@@ -1,6 +1,7 @@
|
|||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
server_name _;
|
server_name _;
|
||||||
|
resolver 127.0.0.11 valid=10s ipv6=off;
|
||||||
|
|
||||||
root /usr/share/nginx/html;
|
root /usr/share/nginx/html;
|
||||||
index pages/safety/issue-report.html;
|
index pages/safety/issue-report.html;
|
||||||
@@ -26,7 +27,8 @@ server {
|
|||||||
|
|
||||||
# System 1 API 프록시 (공장/작업장, TBM, 출입관리, 프로젝트)
|
# System 1 API 프록시 (공장/작업장, TBM, 출입관리, 프로젝트)
|
||||||
location /api/workplaces/ {
|
location /api/workplaces/ {
|
||||||
proxy_pass http://system1-api:3005;
|
set $upstream http://system1-api:3005;
|
||||||
|
proxy_pass $upstream$request_uri;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
@@ -34,7 +36,8 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
location /api/projects/ {
|
location /api/projects/ {
|
||||||
proxy_pass http://system1-api:3005;
|
set $upstream http://system1-api:3005;
|
||||||
|
proxy_pass $upstream$request_uri;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
@@ -42,7 +45,8 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
location /api/tbm/ {
|
location /api/tbm/ {
|
||||||
proxy_pass http://system1-api:3005;
|
set $upstream http://system1-api:3005;
|
||||||
|
proxy_pass $upstream$request_uri;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
@@ -50,7 +54,8 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
location /api/workplace-visits/ {
|
location /api/workplace-visits/ {
|
||||||
proxy_pass http://system1-api:3005;
|
set $upstream http://system1-api:3005;
|
||||||
|
proxy_pass $upstream$request_uri;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
@@ -59,7 +64,6 @@ server {
|
|||||||
|
|
||||||
# AI Service 프록시 (맥미니 home-service-proxy 경유)
|
# AI Service 프록시 (맥미니 home-service-proxy 경유)
|
||||||
location /ai-api/ {
|
location /ai-api/ {
|
||||||
resolver 8.8.8.8 valid=300s ipv6=off;
|
|
||||||
set $ai_upstream https://ai.hyungi.net;
|
set $ai_upstream https://ai.hyungi.net;
|
||||||
rewrite ^/ai-api/(.*) /api/ai/$1 break;
|
rewrite ^/ai-api/(.*) /api/ai/$1 break;
|
||||||
proxy_pass $ai_upstream;
|
proxy_pass $ai_upstream;
|
||||||
@@ -75,7 +79,8 @@ server {
|
|||||||
|
|
||||||
# System 2 API 프록시 (신고 관련)
|
# System 2 API 프록시 (신고 관련)
|
||||||
location /api/ {
|
location /api/ {
|
||||||
proxy_pass http://system2-api:3005;
|
set $upstream http://system2-api:3005;
|
||||||
|
proxy_pass $upstream$request_uri;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
@@ -84,7 +89,8 @@ server {
|
|||||||
|
|
||||||
# System 2 uploads (신고 사진 등)
|
# System 2 uploads (신고 사진 등)
|
||||||
location ^~ /uploads/issues/ {
|
location ^~ /uploads/issues/ {
|
||||||
proxy_pass http://system2-api:3005/uploads/issues/;
|
set $upstream http://system2-api:3005;
|
||||||
|
proxy_pass $upstream$request_uri;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
@@ -93,7 +99,8 @@ server {
|
|||||||
|
|
||||||
# System 1 uploads 프록시 (작업장 레이아웃 이미지 등)
|
# System 1 uploads 프록시 (작업장 레이아웃 이미지 등)
|
||||||
location ^~ /uploads/ {
|
location ^~ /uploads/ {
|
||||||
proxy_pass http://system1-api:3005/uploads/;
|
set $upstream http://system1-api:3005;
|
||||||
|
proxy_pass $upstream$request_uri;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
|||||||
@@ -1,6 +1,7 @@
|
|||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
server_name _;
|
server_name _;
|
||||||
|
resolver 127.0.0.11 valid=10s ipv6=off;
|
||||||
|
|
||||||
client_max_body_size 10M;
|
client_max_body_size 10M;
|
||||||
|
|
||||||
@@ -36,7 +37,8 @@ server {
|
|||||||
|
|
||||||
# API 프록시 (System 3 API)
|
# API 프록시 (System 3 API)
|
||||||
location /api/ {
|
location /api/ {
|
||||||
proxy_pass http://system3-api:8000/api/;
|
set $upstream http://system3-api:8000;
|
||||||
|
proxy_pass $upstream$request_uri;
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection 'upgrade';
|
proxy_set_header Connection 'upgrade';
|
||||||
@@ -54,7 +56,6 @@ server {
|
|||||||
|
|
||||||
# AI API 프록시 (맥미니 home-service-proxy 경유)
|
# AI API 프록시 (맥미니 home-service-proxy 경유)
|
||||||
location /ai-api/ {
|
location /ai-api/ {
|
||||||
resolver 8.8.8.8 valid=300s ipv6=off;
|
|
||||||
set $ai_upstream https://ai.hyungi.net;
|
set $ai_upstream https://ai.hyungi.net;
|
||||||
rewrite ^/ai-api/(.*) /api/ai/$1 break;
|
rewrite ^/ai-api/(.*) /api/ai/$1 break;
|
||||||
proxy_pass $ai_upstream;
|
proxy_pass $ai_upstream;
|
||||||
|
|||||||
@@ -1,13 +1,16 @@
|
|||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
server_name localhost;
|
server_name localhost;
|
||||||
|
resolver 127.0.0.11 valid=10s ipv6=off;
|
||||||
root /usr/share/nginx/html;
|
root /usr/share/nginx/html;
|
||||||
index index.html;
|
index index.html;
|
||||||
|
|
||||||
client_max_body_size 100M;
|
client_max_body_size 100M;
|
||||||
|
|
||||||
location /api/ {
|
location /api/ {
|
||||||
proxy_pass http://tkeg-api:8000/;
|
set $upstream http://tkeg-api:8000;
|
||||||
|
rewrite ^/api/(.*)$ /$1 break;
|
||||||
|
proxy_pass $upstream;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
|||||||
@@ -2,6 +2,7 @@ server {
|
|||||||
listen 80;
|
listen 80;
|
||||||
server_name _;
|
server_name _;
|
||||||
charset utf-8;
|
charset utf-8;
|
||||||
|
resolver 127.0.0.11 valid=10s ipv6=off;
|
||||||
|
|
||||||
add_header X-Content-Type-Options "nosniff" always;
|
add_header X-Content-Type-Options "nosniff" always;
|
||||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||||
@@ -25,7 +26,8 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
location /api/ {
|
location /api/ {
|
||||||
proxy_pass http://tkpurchase-api:3000/api/;
|
set $upstream http://tkpurchase-api:3000;
|
||||||
|
proxy_pass $upstream$request_uri;
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
|||||||
@@ -2,6 +2,7 @@ server {
|
|||||||
listen 80;
|
listen 80;
|
||||||
server_name _;
|
server_name _;
|
||||||
charset utf-8;
|
charset utf-8;
|
||||||
|
resolver 127.0.0.11 valid=10s ipv6=off;
|
||||||
|
|
||||||
add_header X-Content-Type-Options "nosniff" always;
|
add_header X-Content-Type-Options "nosniff" always;
|
||||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||||
@@ -25,7 +26,8 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
location /api/ {
|
location /api/ {
|
||||||
proxy_pass http://tksafety-api:3000/api/;
|
set $upstream http://tksafety-api:3000;
|
||||||
|
proxy_pass $upstream$request_uri;
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
|||||||
@@ -2,6 +2,7 @@ server {
|
|||||||
listen 80;
|
listen 80;
|
||||||
server_name _;
|
server_name _;
|
||||||
charset utf-8;
|
charset utf-8;
|
||||||
|
resolver 127.0.0.11 valid=10s ipv6=off;
|
||||||
|
|
||||||
add_header X-Content-Type-Options "nosniff" always;
|
add_header X-Content-Type-Options "nosniff" always;
|
||||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||||
@@ -25,7 +26,8 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
location /api/ {
|
location /api/ {
|
||||||
proxy_pass http://tksupport-api:3000/api/;
|
set $upstream http://tksupport-api:3000;
|
||||||
|
proxy_pass $upstream$request_uri;
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
|||||||
@@ -2,6 +2,7 @@ server {
|
|||||||
listen 80;
|
listen 80;
|
||||||
server_name _;
|
server_name _;
|
||||||
charset utf-8;
|
charset utf-8;
|
||||||
|
resolver 127.0.0.11 valid=10s ipv6=off;
|
||||||
|
|
||||||
add_header X-Content-Type-Options "nosniff" always;
|
add_header X-Content-Type-Options "nosniff" always;
|
||||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||||
@@ -40,7 +41,8 @@ server {
|
|||||||
|
|
||||||
# 업로드 파일 프록시 (^~ 로 regex location보다 우선 매칭)
|
# 업로드 파일 프록시 (^~ 로 regex location보다 우선 매칭)
|
||||||
location ^~ /uploads/ {
|
location ^~ /uploads/ {
|
||||||
proxy_pass http://tkuser-api:3000/uploads/;
|
set $upstream http://tkuser-api:3000;
|
||||||
|
proxy_pass $upstream$request_uri;
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
@@ -48,7 +50,8 @@ server {
|
|||||||
|
|
||||||
# work-issues API 프록시 → system2-api
|
# work-issues API 프록시 → system2-api
|
||||||
location /api/work-issues/ {
|
location /api/work-issues/ {
|
||||||
proxy_pass http://system2-api:3005;
|
set $upstream http://system2-api:3005;
|
||||||
|
proxy_pass $upstream$request_uri;
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
@@ -58,7 +61,8 @@ server {
|
|||||||
|
|
||||||
# API 프록시 → tkuser-api
|
# API 프록시 → tkuser-api
|
||||||
location /api/ {
|
location /api/ {
|
||||||
proxy_pass http://tkuser-api:3000;
|
set $upstream http://tkuser-api:3000;
|
||||||
|
proxy_pass $upstream$request_uri;
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection 'upgrade';
|
proxy_set_header Connection 'upgrade';
|
||||||
|
|||||||
Reference in New Issue
Block a user