refactor(gateway): gateway↔system1 분리 — gateway=문짝, system1-web=독립

gateway에서 system1 프록시 제거, 대시보드+로그인+공유JS만 담당.
system1-web에 /auth/, /ai-api/ 프록시 이관. tkds-web 제거(gateway 흡수).
notification-bell URL tkfb→tkds, system3 로그인 URL tkds/dashboard로 변경.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

gateway/nginx.conf

@@ -2,29 +2,32 @@ server {
     listen 80;
     server_name _;
 
-    client_max_body_size 50M;
-
-    # ===== Gateway 자체 페이지 (포털, 로그인) =====
     root /usr/share/nginx/html;
 
-    # 로그인 페이지
-    location = /login {
+    # 대시보드 (로그인 포함)
+    location = /dashboard {
         add_header Cache-Control "no-store, no-cache, must-revalidate";
         add_header Pragma "no-cache";
-        try_files /login.html =404;
+        try_files /dashboard.html =404;
     }
 
-    # 대시보드 → tkds로 리다이렉트 (북마크 깨짐 방지)
-    location = /dashboard {
-        return 301 $scheme://tkds.technicalkorea.net/dashboard;
+    location = / {
+        return 302 /dashboard$is_args$args;
     }
 
-    # 공유 JS/CSS (nav-header 등)
+    # 레거시 /login → /dashboard 리다이렉트
+    location = /login {
+        return 302 /dashboard$is_args$args;
+    }
+
+    # 공유 JS (notification-bell.js, nav-header.js)
     location /shared/ {
         alias /usr/share/nginx/html/shared/;
+        expires 1h;
+        add_header Cache-Control "public, no-transform";
     }
 
-    # ===== SSO Auth API =====
+    # SSO Auth 프록시
     location /auth/ {
         proxy_pass http://sso-auth:3000/api/auth/;
         proxy_set_header Host $host;
@@ -33,7 +36,7 @@ server {
         proxy_set_header X-Forwarded-Proto $scheme;
     }
 
-    # ===== System 1 API 프록시 =====
+    # System1 API 프록시 (대시보드 배너용: 알림/TBM/휴가 카운트)
     location /api/ {
         proxy_pass http://system1-api:3005/api/;
         proxy_http_version 1.1;
@@ -43,50 +46,9 @@ server {
         proxy_set_header X-Forwarded-Proto $scheme;
     }
 
-    # ===== System 1 업로드 파일 =====
-    location /uploads/ {
-        proxy_pass http://system1-api:3005/uploads/;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-    }
-
-    # ===== System 1 FastAPI Bridge =====
-    location /fastapi/ {
-        proxy_pass http://system1-fastapi:8000/;
-        proxy_http_version 1.1;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-    }
-
-    # ===== AI Service API (맥미니 home-service-proxy 경유) =====
-    location /ai-api/ {
-        resolver 8.8.8.8 valid=300s ipv6=off;
-        set $ai_upstream https://ai.hyungi.net;
-        rewrite ^/ai-api/(.*) /api/ai/$1 break;
-        proxy_pass $ai_upstream;
-        proxy_http_version 1.1;
-        proxy_set_header Host ai.hyungi.net;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_ssl_server_name on;
-        proxy_read_timeout 180s;
-        proxy_send_timeout 180s;
-    }
-
-    # ===== System 1 Web (나머지 모든 경로) =====
-    location / {
-        proxy_pass http://system1-web:80;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-    }
-
-    # ===== Health Check =====
+    # Health check
     location /health {
+        access_log off;
         return 200 '{"status":"ok","service":"gateway"}';
         add_header Content-Type application/json;
     }