diff --git a/.gitignore b/.gitignore
index f454fa165bac1cbccf965d9286938b0911d0668e..dfb544737e7417568f8bbd6b7cf766d853f29c10 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,6 @@
/database
/redis/data
+/nginx/log
/.env*
!/.env.example
diff --git a/docker-compose.yml b/docker-compose.yml
index a735eb64d9a137c6a295bc45d2e87e0796edd5a1..135af9fd4a3e576ebd2ee63a6e5700cf581546da 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,4 +1,21 @@
services:
+ nginx:
+ image: return0927/nginx:1.19.3-hakase
+ environment:
+ TZ: Asia/Seoul
+ LANG: en_US.UTF-8
+ LC_ALL: en_US.UTF-8
+ volumes:
+ - ./nginx/conf.d:/etc/nginx/conf.d
+ - ./nginx/include.d:/etc/nginx/include.d
+ - ./nginx/.htpasswd:/etc/nginx/.htpasswd
+ - ./nginx/mime.types:/etc/nginx/mime.types
+ - ./nginx/nginx.conf:/etc/nginx/nginx.conf
+ - ./nginx/log/nginx:/var/log/nginx
+ restart: always
+ ports:
+ - 80
+
backend:
image: git.ajou.ac.kr:5050/meanspec/meanspec-backend:latest
restart: unless-stopped
@@ -6,9 +23,10 @@ services:
TZ: Asia/Seoul
LANG: en_US.utf-8
LC_ALL: en_US.utf-8
- ports:
- - 8000:8000
env_file: .env
+ deploy:
+ mode: replicated
+ replicas: 1
postgres:
image: docker.io/library/postgres:17-alpine
diff --git a/nginx/.htpasswd b/nginx/.htpasswd
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/nginx/conf.d/.gitkeep b/nginx/conf.d/.gitkeep
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/nginx/include.d/ssl.conf b/nginx/include.d/ssl.conf
new file mode 100644
index 0000000000000000000000000000000000000000..c6702464dea4f1c336b1f972004574447d568162
--- /dev/null
+++ b/nginx/include.d/ssl.conf
@@ -0,0 +1,21 @@
+ssl_session_cache shared:le_nginx_SSL:1m;
+ssl_session_timeout 1440m;
+ssl_prefer_server_ciphers on;
+add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
+
+ssl_protocols TLSv1.2 TLSv1.3;
+
+#resolver 1.1.1.1 1.0.0.1 valid=86400s;
+#resolver_timeout 15s;
+#ssl_stapling on;
+#ssl_stapling_verify on;
+
+add_header X-Frame-Options sameorigin;
+add_header X-Content-Type-Options nosniff;
+add_header X-XSS-Protection "1; mode=block";
+add_header Referrer-Policy "same-origin";
+add_header Content-Security-Policy "default-src https: data: wss:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; script-src-elem https: 'unsafe-inline'";
+
+#ssl_dyn_rec_enable on;
+#ssl_early_data on;
+
diff --git a/nginx/mime.types b/nginx/mime.types
new file mode 100644
index 0000000000000000000000000000000000000000..61c1b54b5ecb3d4419d63da4f2abe3608bb7eb3a
--- /dev/null
+++ b/nginx/mime.types
@@ -0,0 +1,96 @@
+types {
+ text/html html htm shtml;
+ text/css css;
+ text/xml xml plist;
+ image/gif gif;
+ image/jpeg jpeg jpg;
+ application/javascript js;
+ application/atom+xml atom;
+ application/rss+xml rss;
+
+ text/mathml mml;
+ text/plain txt;
+ text/vnd.sun.j2me.app-descriptor jad;
+ text/vnd.wap.wml wml;
+ text/x-component htc;
+
+ image/png png;
+ image/svg+xml svg svgz;
+ image/tiff tif tiff;
+ image/vnd.wap.wbmp wbmp;
+ image/webp webp;
+ image/x-icon ico;
+ image/x-jng jng;
+ image/x-ms-bmp bmp;
+
+ font/woff woff;
+ font/woff2 woff2;
+
+ application/java-archive jar war ear;
+ application/json json;
+ application/mac-binhex40 hqx;
+ application/msword doc;
+ application/pdf pdf;
+ application/postscript ps eps ai;
+ application/rtf rtf;
+ application/vnd.apple.mpegurl m3u8;
+ application/vnd.google-earth.kml+xml kml;
+ application/vnd.google-earth.kmz kmz;
+ application/vnd.ms-excel xls;
+ application/vnd.ms-fontobject eot;
+ application/vnd.ms-powerpoint ppt;
+ application/vnd.oasis.opendocument.graphics odg;
+ application/vnd.oasis.opendocument.presentation odp;
+ application/vnd.oasis.opendocument.spreadsheet ods;
+ application/vnd.oasis.opendocument.text odt;
+ application/vnd.openxmlformats-officedocument.presentationml.presentation
+ pptx;
+ application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
+ xlsx;
+ application/vnd.openxmlformats-officedocument.wordprocessingml.document
+ docx;
+ application/vnd.wap.wmlc wmlc;
+ application/x-7z-compressed 7z;
+ application/x-cocoa cco;
+ application/x-java-archive-diff jardiff;
+ application/x-java-jnlp-file jnlp;
+ application/x-makeself run;
+ application/x-perl pl pm;
+ application/x-pilot prc pdb;
+ application/x-rar-compressed rar;
+ application/x-redhat-package-manager rpm;
+ application/x-sea sea;
+ application/x-shockwave-flash swf;
+ application/x-stuffit sit;
+ application/x-tcl tcl tk;
+ application/x-x509-ca-cert der pem crt;
+ application/x-xpinstall xpi;
+ application/xhtml+xml xhtml;
+ application/xspf+xml xspf;
+ application/zip zip;
+
+ application/octet-stream bin exe dll;
+ application/octet-stream deb;
+ application/octet-stream dmg;
+ application/octet-stream iso img;
+ application/octet-stream msi msp msm;
+
+ audio/midi mid midi kar;
+ audio/mpeg mp3;
+ audio/ogg ogg;
+ audio/x-m4a m4a;
+ audio/x-realaudio ra;
+
+ video/3gpp 3gpp 3gp;
+ video/mp2t ts;
+ video/mp4 mp4;
+ video/mpeg mpeg mpg;
+ video/quicktime mov;
+ video/webm webm;
+ video/x-flv flv;
+ video/x-m4v m4v;
+ video/x-mng mng;
+ video/x-ms-asf asx asf;
+ video/x-ms-wmv wmv;
+ video/x-msvideo avi;
+}
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
new file mode 100644
index 0000000000000000000000000000000000000000..fbcd9938c427f17fa34c88f2c26116b9817e59e6
--- /dev/null
+++ b/nginx/nginx.conf
@@ -0,0 +1,95 @@
+user nginx;
+worker_processes 16;
+
+error_log /var/log/nginx/error.log warn;
+pid /var/run/nginx.pid;
+
+
+events {
+ worker_connections 1024;
+}
+
+
+http {
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ log_format main '$remote_addr($http_x_forwarded_for) - $remote_user [$time_local] "$request" '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent"';
+
+ access_log /var/log/nginx/access.log main;
+
+ sendfile on;
+ client_max_body_size 1G;
+ #tcp_nopush on;
+
+ # Cloudflare CDN --------------
+ # IPv4
+ set_real_ip_from 173.245.48.0/20;
+ set_real_ip_from 103.21.244.0/22;
+ set_real_ip_from 103.22.200.0/22;
+ set_real_ip_from 103.31.4.0/22;
+ set_real_ip_from 141.101.64.0/18;
+ set_real_ip_from 108.162.192.0/18;
+ set_real_ip_from 190.93.240.0/20;
+ set_real_ip_from 188.114.96.0/20;
+ set_real_ip_from 197.234.240.0/22;
+ set_real_ip_from 198.41.128.0/17;
+ set_real_ip_from 162.158.0.0/15;
+ set_real_ip_from 104.16.0.0/12;
+ set_real_ip_from 172.64.0.0/13;
+ set_real_ip_from 131.0.72.0/22;
+ # IPv6
+ #set_real_ip_from 2400:cb00::/32;
+ #set_real_ip_from 2606:4700::/32;
+ #set_real_ip_from 2803:f800::/32;
+ #set_real_ip_from 2405:b500::/32;
+ #set_real_ip_from 2405:8100::/32;
+ #set_real_ip_from 2a06:98c0::/29;
+ #set_real_ip_from 2c0f:f248::/32;
+ real_ip_header CF-Connecting-IP;
+
+
+ keepalive_timeout 65;
+
+ server_tokens off;
+ #more_set_headers 'Server: proxy default';
+
+ #gzip on;
+
+ charset utf-8;
+ upstream backend {
+ server backend:8000;
+ }
+
+ server {
+ listen 80;
+ charset utf-8;
+
+ add_header X-Response-Creator 'meanspec-infra';
+
+ access_log /var/log/nginx/access.log;
+ error_log /var/log/nginx/error.log;
+
+ #client_max_body_sze 1G;
+
+ location / {
+ proxy_pass_header Server;
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Scheme $scheme;
+ proxy_pass http://backend;
+ }
+
+ location /raw_status {
+ stub_status;
+ }
+ }
+
+
+
+ include /etc/nginx/conf.d/*.conf;
+}
+