diff --git a/nginx/nginx.conf b/nginx/nginx.conf index 007a4e9..e8a0341 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -76,6 +76,11 @@ http { proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $server_name; + # 인증 헤더 및 쿠키 전달 (JWT 토큰 전달 보장) + proxy_pass_request_headers on; + proxy_set_header Cookie $http_cookie; + proxy_set_header Authorization $http_authorization; + # 타임아웃 설정 (대용량 파일 업로드 지원) proxy_connect_timeout 300s; proxy_send_timeout 300s; @@ -121,6 +126,28 @@ http { add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; + # API 프록시 설정 (Web에서 API 호출 시) + location /api/ { + proxy_pass http://api_backend/api/; + proxy_http_version 1.1; + + # 프록시 헤더 설정 + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $server_name; + + # 인증 헤더 및 쿠키 전달 + proxy_pass_request_headers on; + proxy_set_header Cookie $http_cookie; + + # 타임아웃 설정 + proxy_connect_timeout 300s; + proxy_send_timeout 300s; + proxy_read_timeout 300s; + } + # 프록시 설정 location / { proxy_pass http://web_backend; @@ -139,7 +166,7 @@ http { # 타임아웃 설정 proxy_connect_timeout 600s; - proxy_send_timeout 600s;질무 + proxy_send_timeout 600s; proxy_read_timeout 600s; # 버퍼 설정 diff --git a/src/main/java/com/kamco/cd/training/config/SecurityConfig.java b/src/main/java/com/kamco/cd/training/config/SecurityConfig.java index dd5ba6d..5b45732 100644 --- a/src/main/java/com/kamco/cd/training/config/SecurityConfig.java +++ b/src/main/java/com/kamco/cd/training/config/SecurityConfig.java @@ -3,6 +3,7 @@ package com.kamco.cd.training.config; import com.kamco.cd.training.auth.CustomAuthenticationProvider; import com.kamco.cd.training.auth.JwtAuthenticationFilter; import java.util.List; +import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpMethod; @@ -25,6 +26,9 @@ import org.springframework.web.cors.UrlBasedCorsConfigurationSource; @EnableWebSecurity public class SecurityConfig { + @Value("${cors.allowed-origins}") + private List allowedOrigins; + @Bean public SecurityFilterChain securityFilterChain( org.springframework.security.config.annotation.web.builders.HttpSecurity http, @@ -104,15 +108,19 @@ public class SecurityConfig { return new BCryptPasswordEncoder(); } - /** CORS 설정 */ + /** CORS 설정 - application.yml에서 환경별로 관리 */ @Bean public CorsConfigurationSource corsConfigurationSource() { CorsConfiguration config = new CorsConfiguration(); // CORS 객체 생성 - config.setAllowedOriginPatterns(List.of("*")); // 도메인 허용 + + // application.yml에서 환경별로 설정된 도메인 사용 + config.setAllowedOriginPatterns(allowedOrigins); + config.setAllowedMethods(List.of("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS")); config.setAllowedHeaders(List.of("*")); // 헤더요청 Authorization, Content-Type, X-Custom-Header config.setAllowCredentials(true); // 쿠키, Authorization 헤더, Bearer Token 등 자격증명 포함 요청을 허용할지 설정 - config.setExposedHeaders(List.of("Content-Disposition")); + config.setExposedHeaders(List.of("Content-Disposition", "Authorization")); + config.setMaxAge(3600L); // Preflight 요청 캐시 (1시간) UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); /** "/**" → 모든 API 경로에 대해 이 CORS 규칙을 적용 /api/** 같이 특정 경로만 지정 가능. */ diff --git a/src/main/resources/application-dev.yml b/src/main/resources/application-dev.yml index f678018..d0845cb 100644 --- a/src/main/resources/application-dev.yml +++ b/src/main/resources/application-dev.yml @@ -70,3 +70,11 @@ train: containerPrefix: kamco-cd-train shmSize: 16g ipcHost: true + +# CORS 설정 (개발 환경) +cors: + allowed-origins: + - https://kamco.training-dev.gs.dabeeo.com + - http://localhost:3002 + - http://192.168.2.109:3002 + - http://192.168.2.109:7100 diff --git a/src/main/resources/application-prod.yml b/src/main/resources/application-prod.yml index 1cba166..c8b297c 100644 --- a/src/main/resources/application-prod.yml +++ b/src/main/resources/application-prod.yml @@ -70,3 +70,8 @@ train: shmSize: 16g ipcHost: true +# CORS 설정 (운영 환경) +cors: + allowed-origins: + - https://train-kamco.com + diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 4735e93..c94d8ef 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -54,6 +54,12 @@ logging: web: INFO security: INFO root: INFO + +# CORS 설정 +cors: + allowed-origins: + - http://localhost:3000 + - http://localhost:3002 # actuator management: health: