MVPTeam/kamco-train-api
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

운영환경처리

Browse Source
This commit is contained in:
dean[백병남]
2026-03-10 08:39:42 +09:00
parent 43d0e55cb7
commit 5c082f7c9d
5 changed files with 58 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
nginx/nginx.conf
View File

@@ -76,6 +76,11 @@ http {
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $server_name;
# 인증 헤더 및 쿠키 전달 (JWT 토큰 전달 보장)
proxy_pass_request_headers on;
proxy_set_header Cookie $http_cookie;
proxy_set_header Authorization $http_authorization;
# 타임아웃 설정 (대용량 파일 업로드 지원)
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
@@ -121,6 +126,28 @@ http {
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
# API 프록시 설정 (Web에서 API 호출 시)
location /api/ {
proxy_pass http://api_backend/api/;
proxy_http_version 1.1;
# 프록시 헤더 설정
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $server_name;
# 인증 헤더 및 쿠키 전달
proxy_pass_request_headers on;
proxy_set_header Cookie $http_cookie;
# 타임아웃 설정
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
}
# 프록시 설정
location / {
proxy_pass http://web_backend;
@@ -139,7 +166,7 @@ http {
# 타임아웃 설정
proxy_connect_timeout 600s;
proxy_send_timeout 600s;질무
proxy_send_timeout 600s;
proxy_read_timeout 600s;
# 버퍼 설정

14
src/main/java/com/kamco/cd/training/config/SecurityConfig.java
View File

@@ -3,6 +3,7 @@ package com.kamco.cd.training.config;
import com.kamco.cd.training.auth.CustomAuthenticationProvider;
import com.kamco.cd.training.auth.JwtAuthenticationFilter;
import java.util.List;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
@@ -25,6 +26,9 @@ import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
@EnableWebSecurity
public class SecurityConfig {
@Value("${cors.allowed-origins}")
private List<String> allowedOrigins;
@Bean
public SecurityFilterChain securityFilterChain(
org.springframework.security.config.annotation.web.builders.HttpSecurity http,
@@ -104,15 +108,19 @@ public class SecurityConfig {
return new BCryptPasswordEncoder();
}
/** CORS 설정 */
/** CORS 설정 - application.yml에서 환경별로 관리 */
@Bean
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration config = new CorsConfiguration(); // CORS 객체 생성
config.setAllowedOriginPatterns(List.of("*")); // 도메인 허용
// application.yml에서 환경별로 설정된 도메인 사용
config.setAllowedOriginPatterns(allowedOrigins);
config.setAllowedMethods(List.of("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"));
config.setAllowedHeaders(List.of("*")); // 헤더요청 Authorization, Content-Type, X-Custom-Header
config.setAllowCredentials(true); // 쿠키, Authorization 헤더, Bearer Token 등 자격증명 포함 요청을 허용할지 설정
config.setExposedHeaders(List.of("Content-Disposition"));
config.setExposedHeaders(List.of("Content-Disposition", "Authorization"));
config.setMaxAge(3600L); // Preflight 요청 캐시 (1시간)
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
/** "/**" → 모든 API 경로에 대해 이 CORS 규칙을 적용 /api/** 같이 특정 경로만 지정 가능. */

8
src/main/resources/application-dev.yml
View File

@@ -70,3 +70,11 @@ train:
containerPrefix: kamco-cd-train
shmSize: 16g
ipcHost: true
# CORS 설정 (개발 환경)
cors:
allowed-origins:
- https://kamco.training-dev.gs.dabeeo.com
- http://localhost:3002
- http://192.168.2.109:3002
- http://192.168.2.109:7100

5
src/main/resources/application-prod.yml
View File

@@ -70,3 +70,8 @@ train:
shmSize: 16g
ipcHost: true
# CORS 설정 (운영 환경)
cors:
allowed-origins:
- https://train-kamco.com

6
src/main/resources/application.yml
View File

@@ -54,6 +54,12 @@ logging:
web: INFO
security: INFO
root: INFO
# CORS 설정
cors:
allowed-origins:
- http://localhost:3000
- http://localhost:3002
# actuator
management:
health: