hoony

2026-04-20 15:30:26 +09:00
parent 9fa549285f
commit f75ec77ccf
7 changed files with 639 additions and 0 deletions
--- a/deploy/check-nginx.sh
+++ b/deploy/check-nginx.sh
@@ -0,0 +1,225 @@
+#!/bin/bash
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+NGINX_DIR="/data/training/nginx"
+PASS=0
+FAIL=0
+
+# docker compose v1/v2 자동 감지
+if command -v docker-compose &>/dev/null; then
+    DOCKER_COMPOSE="docker-compose"
+elif docker compose version &>/dev/null 2>&1; then
+    DOCKER_COMPOSE="docker compose"
+else
+    DOCKER_COMPOSE=""
+fi
+
+GREEN='\033[0;32m'
+RED='\033[0;31m'
+YELLOW='\033[1;33m'
+NC='\033[0m'
+
+ok()   { echo -e "${GREEN}[OK]${NC}   $1"; ((PASS++)); }
+fail() { echo -e "${RED}[FAIL]${NC} $1"; ((FAIL++)); }
+warn() { echo -e "${YELLOW}[WARN]${NC} $1"; }
+section() { echo ""; echo "=== $1 ==="; }
+
+# ──────────────────────────────────────────
+section "디렉토리 확인"
+# ──────────────────────────────────────────
+for dir in \
+    /data/training/request \
+    /data/training/request/tmp \
+    /data/training/response \
+    /data/training/response/v6-cls-checkpoints \
+    /data/training/tmp \
+    "$NGINX_DIR" \
+    "$NGINX_DIR/ssl" \
+    "$NGINX_DIR/logs"; do
+    if [ -d "$dir" ]; then
+        ok "$dir"
+    else
+        fail "$dir 없음"
+    fi
+done
+
+# ──────────────────────────────────────────
+section "nginx 파일 확인"
+# ──────────────────────────────────────────
+for f in \
+    "$NGINX_DIR/nginx.conf" \
+    "$NGINX_DIR/docker-compose-nginx.yml" \
+    "$NGINX_DIR/ssl/train-kamco.com.crt" \
+    "$NGINX_DIR/ssl/train-kamco.com.key" \
+    "$NGINX_DIR/ssl/openssl.cnf"; do
+    if [ -f "$f" ]; then
+        ok "$f"
+    else
+        fail "$f 없음"
+    fi
+done
+
+# ──────────────────────────────────────────
+section "파일 권한 확인"
+# ──────────────────────────────────────────
+SSL_DIR_PERM=$(stat -c "%a" "$NGINX_DIR/ssl" 2>/dev/null)
+KEY_PERM=$(stat -c "%a" "$NGINX_DIR/ssl/train-kamco.com.key" 2>/dev/null)
+CRT_PERM=$(stat -c "%a" "$NGINX_DIR/ssl/train-kamco.com.crt" 2>/dev/null)
+
+[ "$SSL_DIR_PERM" = "700" ] && ok "ssl/ 권한 700" || fail "ssl/ 권한 오류 (현재: $SSL_DIR_PERM, 기대: 700)"
+[ "$KEY_PERM" = "600" ]     && ok "train-kamco.com.key 권한 600" || fail "key 권한 오류 (현재: $KEY_PERM, 기대: 600)"
+[ "$CRT_PERM" = "644" ]     && ok "train-kamco.com.crt 권한 644" || fail "crt 권한 오류 (현재: $CRT_PERM, 기대: 644)"
+
+# ──────────────────────────────────────────
+section "소유권 확인 (kcomu:kcomu)"
+# ──────────────────────────────────────────
+OWNER=$(stat -c "%U:%G" /data/training 2>/dev/null)
+[ "$OWNER" = "kcomu:kcomu" ] && ok "/data/training 소유권 kcomu:kcomu" || fail "/data/training 소유권 오류 (현재: $OWNER)"
+
+# ──────────────────────────────────────────
+section "SSL 인증서 유효성"
+# ──────────────────────────────────────────
+if command -v openssl &>/dev/null && [ -f "$NGINX_DIR/ssl/train-kamco.com.crt" ]; then
+    EXPIRY=$(openssl x509 -in "$NGINX_DIR/ssl/train-kamco.com.crt" -noout -enddate 2>/dev/null | cut -d= -f2)
+    EXPIRY_EPOCH=$(date -d "$EXPIRY" +%s 2>/dev/null || date -j -f "%b %d %T %Y %Z" "$EXPIRY" +%s 2>/dev/null)
+    NOW_EPOCH=$(date +%s)
+    if [ "$EXPIRY_EPOCH" -gt "$NOW_EPOCH" ]; then
+        ok "인증서 유효 (만료: $EXPIRY)"
+    else
+        fail "인증서 만료됨 (만료: $EXPIRY)"
+    fi
+
+    SAN=$(openssl x509 -in "$NGINX_DIR/ssl/train-kamco.com.crt" -noout -text 2>/dev/null | grep -A1 "Subject Alternative Name" | tail -1)
+    echo "    SAN: $SAN"
+else
+    warn "openssl 없음 또는 인증서 파일 없음 - 인증서 검증 스킵"
+fi
+
+# ──────────────────────────────────────────
+section "Docker 확인"
+# ──────────────────────────────────────────
+if command -v docker &>/dev/null && docker info &>/dev/null 2>&1; then
+    ok "Docker 실행 중"
+
+    # Docker network
+    if docker network ls --format '{{.Name}}' | grep -q "^kamco-cds$"; then
+        ok "Docker network kamco-cds 존재"
+    else
+        fail "Docker network kamco-cds 없음 (setup.sh 재실행 필요)"
+    fi
+
+    # nginx 컨테이너 상태
+    CONTAINER_STATUS=$(docker inspect --format '{{.State.Status}}' kamco-train-nginx 2>/dev/null)
+    if [ "$CONTAINER_STATUS" = "running" ]; then
+        ok "kamco-train-nginx 컨테이너 실행 중"
+    elif [ -z "$CONTAINER_STATUS" ]; then
+        warn "kamco-train-nginx 컨테이너 없음 (아직 미실행)"
+    else
+        fail "kamco-train-nginx 컨테이너 상태: $CONTAINER_STATUS"
+    fi
+else
+    fail "Docker 미실행 또는 설치 안 됨"
+fi
+
+# ──────────────────────────────────────────
+section "nginx 설정 문법 검사"
+# ──────────────────────────────────────────
+if command -v docker &>/dev/null && docker info &>/dev/null 2>&1; then
+    echo "  docker run으로 nginx -t 실행 중..."
+    if docker run --rm \
+        -v "$NGINX_DIR/nginx.conf:/etc/nginx/nginx.conf:ro" \
+        -v "$NGINX_DIR/ssl:/etc/nginx/ssl:ro" \
+        nginx:alpine nginx -t 2>&1; then
+        ok "nginx 설정 문법 OK"
+    else
+        fail "nginx 설정 문법 오류"
+    fi
+else
+    warn "Docker 없음 - nginx 문법 검사 스킵"
+fi
+
+# ──────────────────────────────────────────
+section "/etc/hosts 확인"
+# ──────────────────────────────────────────
+for domain in api.train-kamco.com train-kamco.com; do
+    HOSTS_LINE=$(grep "$domain" /etc/hosts | grep -v "^#" | head -1)
+    if [ -n "$HOSTS_LINE" ]; then
+        ok "$domain 등록됨  →  $HOSTS_LINE"
+    else
+        fail "$domain /etc/hosts 미등록"
+    fi
+done
+
+# ──────────────────────────────────────────
+section "도메인 해석 확인"
+# ──────────────────────────────────────────
+for domain in api.train-kamco.com train-kamco.com; do
+    RESOLVED=$(getent hosts "$domain" 2>/dev/null | awk '{print $1}' | head -1)
+    if [ -n "$RESOLVED" ]; then
+        ok "$domain → $RESOLVED"
+    else
+        fail "$domain 해석 실패 (DNS 또는 hosts 문제)"
+    fi
+done
+
+# ──────────────────────────────────────────
+section "포트 연결 확인 (80 / 443)"
+# ──────────────────────────────────────────
+for port in 80 443; do
+    if command -v nc &>/dev/null; then
+        if nc -z -w3 api.train-kamco.com "$port" 2>/dev/null; then
+            ok "api.train-kamco.com:$port 열림"
+        else
+            warn "api.train-kamco.com:$port 닫힘 (nginx 미실행일 수 있음)"
+        fi
+    elif command -v curl &>/dev/null; then
+        HTTP_CODE=$(curl -sk -o /dev/null -w "%{http_code}" --connect-timeout 3 \
+            "$([ "$port" = "443" ] && echo https || echo http)://api.train-kamco.com/" 2>/dev/null)
+        if [ -n "$HTTP_CODE" ] && [ "$HTTP_CODE" != "000" ]; then
+            ok "api.train-kamco.com:$port 응답 (HTTP $HTTP_CODE)"
+        else
+            warn "api.train-kamco.com:$port 응답 없음 (nginx 미실행일 수 있음)"
+        fi
+    else
+        warn "nc/curl 없음 - 포트 확인 스킵"
+        break
+    fi
+done
+
+# ──────────────────────────────────────────
+section "HTTPS 헬스체크"
+# ──────────────────────────────────────────
+if command -v curl &>/dev/null; then
+    for url in \
+        "https://api.train-kamco.com/monitor/health" \
+        "https://train-kamco.com/monitor/health"; do
+        HTTP_CODE=$(curl -sk -o /dev/null -w "%{http_code}" --connect-timeout 5 "$url" 2>/dev/null)
+        if [ "$HTTP_CODE" = "200" ]; then
+            ok "$url → HTTP $HTTP_CODE"
+        elif [ "$HTTP_CODE" = "000" ] || [ -z "$HTTP_CODE" ]; then
+            warn "$url → 응답 없음 (nginx 미실행일 수 있음)"
+        else
+            warn "$url → HTTP $HTTP_CODE"
+        fi
+    done
+else
+    warn "curl 없음 - HTTPS 헬스체크 스킵"
+fi
+
+# ──────────────────────────────────────────
+section "결과 요약"
+# ──────────────────────────────────────────
+echo ""
+echo -e "  ${GREEN}PASS: $PASS${NC}  /  ${RED}FAIL: $FAIL${NC}"
+echo ""
+if [ $FAIL -eq 0 ]; then
+    echo -e "${GREEN}모든 체크 통과. nginx 실행 준비 완료.${NC}"
+    if [ -n "$DOCKER_COMPOSE" ]; then
+        echo "  cd $NGINX_DIR && $DOCKER_COMPOSE -f docker-compose-nginx.yml up -d"
+    else
+        echo "  [WARN] docker-compose / docker compose 를 찾을 수 없습니다."
+    fi
+else
+    echo -e "${RED}$FAIL 개 항목 실패. 위 오류를 확인하세요.${NC}"
+    exit 1
+fi