hyungi/tk-factory-services
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
tk-factory-services/system1-factory/web/nginx.conf
Hyungi Ahn 7db072ed14 fix: /login, /dashboard 301 무한루프 해소 — gateway 내부 프록시로 전환 
tkfb.technicalkorea.net이 system1-web을 직접 가리키므로
자기 자신으로 301 리다이렉트 → 무한 루프 발생.
외부 리다이렉트 대신 gateway 컨테이너로 내부 프록시.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-01 15:44:08 +09:00

136 lines
4.3 KiB
Nginx Configuration File
Raw Permalink Blame History

server {
listen 80;
server_name _;
resolver 127.0.0.11 valid=10s ipv6=off;
client_max_body_size 50M;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
root /usr/share/nginx/html;
index index.html;
# HTML 캐시 비활성화
location ~* \.html$ {
expires -1;
add_header Cache-Control "no-store, no-cache, must-revalidate";
}
# SW, manifest 캐시 비활성화 (PWA 업데이트 즉시 반영)
location = /sw.js {
add_header Cache-Control "no-cache, no-store, must-revalidate";
}
location = /manifest.json {
add_header Cache-Control "no-cache, no-store, must-revalidate";
}
# 정적 파일 캐시 (JS, CSS, 이미지 등)
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf)$ {
expires 1h;
add_header Cache-Control "public, no-transform";
}
# SSO Auth API 프록시 (/api/auth/* → sso-auth)
location /api/auth/ {
set $upstream http://sso-auth:3000;
proxy_pass $upstream$request_uri;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# API 프록시 (System 1 API)
location /api/ {
set $upstream http://system1-api:3005;
proxy_pass $upstream$request_uri;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# 업로드 파일 프록시 (^~ 로 regex location보다 우선 매칭)
location ^~ /uploads/ {
set $upstream http://system1-api:3005;
proxy_pass $upstream$request_uri;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
# FastAPI Bridge 프록시
location /fastapi/ {
set $upstream http://system1-fastapi:8000;
rewrite ^/fastapi/(.*)$ /$1 break;
proxy_pass $upstream;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# SSO Auth 프록시 (gateway에서 이관)
location /auth/ {
set $upstream http://sso-auth:3000;
rewrite ^/auth/(.*)$ /api/auth/$1 break;
proxy_pass $upstream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# AI Service 프록시 (gateway에서 이관)
location /ai-api/ {
set $ai_upstream https://ai.hyungi.net;
rewrite ^/ai-api/(.*) /api/ai/$1 break;
proxy_pass $ai_upstream;
proxy_http_version 1.1;
proxy_set_header Host ai.hyungi.net;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_ssl_server_name on;
proxy_read_timeout 180s;
proxy_send_timeout 180s;
}
# /login → 로그인 페이지 (gateway 대시보드)
# tkfb.technicalkorea.net이 system1-web을 직접 가리키므로
# 외부 리다이렉트 대신 gateway 내부 프록시로 처리
location = /login {
set $gw http://gateway:80;
rewrite ^/login$ /dashboard break;
proxy_pass $gw;
proxy_set_header Host $host;
}
location = /dashboard {
set $gw http://gateway:80;
proxy_pass $gw;
proxy_set_header Host $host;
}
# Health check
location /health {
access_log off;
return 200 '{"status":"ok","service":"system1-web"}';
add_header Content-Type application/json;
}
# Static files (new Tailwind UI)
location /static/ {
expires 1h;
add_header Cache-Control "public, no-transform";
}
# SPA fallback
location / {
try_files $uri $uri/ /index.html;
}
}
Reference in New Issue View Git Blame Copy Permalink