운영환경처리

2026-03-10 08:39:42 +09:00
parent 43d0e55cb7
commit 5c082f7c9d
5 changed files with 58 additions and 4 deletions
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -76,6 +76,11 @@ http {
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-Host $server_name;

+            # 인증 헤더 및 쿠키 전달 (JWT 토큰 전달 보장)
+            proxy_pass_request_headers on;
+            proxy_set_header Cookie $http_cookie;
+            proxy_set_header Authorization $http_authorization;
+
            # 타임아웃 설정 (대용량 파일 업로드 지원)
            proxy_connect_timeout 300s;
            proxy_send_timeout 300s;
@@ -121,6 +126,28 @@ http {
        add_header X-Content-Type-Options "nosniff" always;
        add_header X-XSS-Protection "1; mode=block" always;

+        # API 프록시 설정 (Web에서 API 호출 시)
+        location /api/ {
+            proxy_pass http://api_backend/api/;
+            proxy_http_version 1.1;
+
+            # 프록시 헤더 설정
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_set_header X-Forwarded-Host $server_name;
+
+            # 인증 헤더 및 쿠키 전달
+            proxy_pass_request_headers on;
+            proxy_set_header Cookie $http_cookie;
+
+            # 타임아웃 설정
+            proxy_connect_timeout 300s;
+            proxy_send_timeout 300s;
+            proxy_read_timeout 300s;
+        }
+
        # 프록시 설정
        location / {
            proxy_pass http://web_backend;
@@ -139,7 +166,7 @@ http {

            # 타임아웃 설정
            proxy_connect_timeout 600s;
-            proxy_send_timeout 600s;질무
+            proxy_send_timeout 600s;
            proxy_read_timeout 600s;

            # 버퍼 설정
--- a/src/main/java/com/kamco/cd/training/config/SecurityConfig.java
+++ b/src/main/java/com/kamco/cd/training/config/SecurityConfig.java
@@ -3,6 +3,7 @@ package com.kamco.cd.training.config;
 import com.kamco.cd.training.auth.CustomAuthenticationProvider;
 import com.kamco.cd.training.auth.JwtAuthenticationFilter;
 import java.util.List;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
@@ -25,6 +26,9 @@ import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
@EnableWebSecurity
 public class SecurityConfig {

+  @Value("${cors.allowed-origins}")
+  private List<String> allowedOrigins;
+
  @Bean
  public SecurityFilterChain securityFilterChain(
      org.springframework.security.config.annotation.web.builders.HttpSecurity http,
@@ -104,15 +108,19 @@ public class SecurityConfig {
    return new BCryptPasswordEncoder();
  }

-  /** CORS 설정 */
+  /** CORS 설정 - application.yml에서 환경별로 관리 */
  @Bean
  public CorsConfigurationSource corsConfigurationSource() {
    CorsConfiguration config = new CorsConfiguration(); // CORS 객체 생성
-    config.setAllowedOriginPatterns(List.of("*")); // 도메인 허용
+
+    // application.yml에서 환경별로 설정된 도메인 사용
+    config.setAllowedOriginPatterns(allowedOrigins);
+
    config.setAllowedMethods(List.of("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
    config.setAllowedHeaders(List.of("*")); // 헤더요청 Authorization, Content-Type, X-Custom-Header
    config.setAllowCredentials(true); // 쿠키, Authorization 헤더, Bearer Token 등 자격증명 포함 요청을 허용할지 설정
-    config.setExposedHeaders(List.of("Content-Disposition"));
+    config.setExposedHeaders(List.of("Content-Disposition", "Authorization"));
+    config.setMaxAge(3600L); // Preflight 요청 캐시 (1시간)

    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    /** "/**" → 모든 API 경로에 대해 이 CORS 규칙을 적용 /api/** 같이 특정 경로만 지정 가능. */
--- a/src/main/resources/application-dev.yml
+++ b/src/main/resources/application-dev.yml
@@ -70,3 +70,11 @@ train:
    containerPrefix: kamco-cd-train
    shmSize: 16g
    ipcHost: true
+
+# CORS 설정 (개발 환경)
+cors:
+  allowed-origins:
+    - https://kamco.training-dev.gs.dabeeo.com
+    - http://localhost:3002
+    - http://192.168.2.109:3002
+    - http://192.168.2.109:7100
--- a/src/main/resources/application-prod.yml
+++ b/src/main/resources/application-prod.yml
@@ -70,3 +70,8 @@ train:
    shmSize: 16g
    ipcHost: true

+# CORS 설정 (운영 환경)
+cors:
+  allowed-origins:
+    - https://train-kamco.com
+
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -54,6 +54,12 @@ logging:
        web: INFO
        security: INFO
    root: INFO
+
+# CORS 설정
+cors:
+  allowed-origins:
+    - http://localhost:3000
+    - http://localhost:3002
 # actuator
 management:
  health: