226 lines
9.9 KiB
Bash
Executable File
226 lines
9.9 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
NGINX_DIR="/data/training/nginx"
|
|
PASS=0
|
|
FAIL=0
|
|
|
|
# docker compose v1/v2 자동 감지
|
|
if command -v docker-compose &>/dev/null; then
|
|
DOCKER_COMPOSE="docker-compose"
|
|
elif docker compose version &>/dev/null 2>&1; then
|
|
DOCKER_COMPOSE="docker compose"
|
|
else
|
|
DOCKER_COMPOSE=""
|
|
fi
|
|
|
|
GREEN='\033[0;32m'
|
|
RED='\033[0;31m'
|
|
YELLOW='\033[1;33m'
|
|
NC='\033[0m'
|
|
|
|
ok() { echo -e "${GREEN}[OK]${NC} $1"; ((PASS++)); }
|
|
fail() { echo -e "${RED}[FAIL]${NC} $1"; ((FAIL++)); }
|
|
warn() { echo -e "${YELLOW}[WARN]${NC} $1"; }
|
|
section() { echo ""; echo "=== $1 ==="; }
|
|
|
|
# ──────────────────────────────────────────
|
|
section "디렉토리 확인"
|
|
# ──────────────────────────────────────────
|
|
for dir in \
|
|
/data/training/request \
|
|
/data/training/request/tmp \
|
|
/data/training/response \
|
|
/data/training/response/v6-cls-checkpoints \
|
|
/data/training/tmp \
|
|
"$NGINX_DIR" \
|
|
"$NGINX_DIR/ssl" \
|
|
"$NGINX_DIR/logs"; do
|
|
if [ -d "$dir" ]; then
|
|
ok "$dir"
|
|
else
|
|
fail "$dir 없음"
|
|
fi
|
|
done
|
|
|
|
# ──────────────────────────────────────────
|
|
section "nginx 파일 확인"
|
|
# ──────────────────────────────────────────
|
|
for f in \
|
|
"$NGINX_DIR/nginx.conf" \
|
|
"$NGINX_DIR/docker-compose-nginx.yml" \
|
|
"$NGINX_DIR/ssl/train-kamco.com.crt" \
|
|
"$NGINX_DIR/ssl/train-kamco.com.key" \
|
|
"$NGINX_DIR/ssl/openssl.cnf"; do
|
|
if [ -f "$f" ]; then
|
|
ok "$f"
|
|
else
|
|
fail "$f 없음"
|
|
fi
|
|
done
|
|
|
|
# ──────────────────────────────────────────
|
|
section "파일 권한 확인"
|
|
# ──────────────────────────────────────────
|
|
SSL_DIR_PERM=$(stat -c "%a" "$NGINX_DIR/ssl" 2>/dev/null)
|
|
KEY_PERM=$(stat -c "%a" "$NGINX_DIR/ssl/train-kamco.com.key" 2>/dev/null)
|
|
CRT_PERM=$(stat -c "%a" "$NGINX_DIR/ssl/train-kamco.com.crt" 2>/dev/null)
|
|
|
|
[ "$SSL_DIR_PERM" = "700" ] && ok "ssl/ 권한 700" || fail "ssl/ 권한 오류 (현재: $SSL_DIR_PERM, 기대: 700)"
|
|
[ "$KEY_PERM" = "600" ] && ok "train-kamco.com.key 권한 600" || fail "key 권한 오류 (현재: $KEY_PERM, 기대: 600)"
|
|
[ "$CRT_PERM" = "644" ] && ok "train-kamco.com.crt 권한 644" || fail "crt 권한 오류 (현재: $CRT_PERM, 기대: 644)"
|
|
|
|
# ──────────────────────────────────────────
|
|
section "소유권 확인 (kcomu:kcomu)"
|
|
# ──────────────────────────────────────────
|
|
OWNER=$(stat -c "%U:%G" /data/training 2>/dev/null)
|
|
[ "$OWNER" = "kcomu:kcomu" ] && ok "/data/training 소유권 kcomu:kcomu" || fail "/data/training 소유권 오류 (현재: $OWNER)"
|
|
|
|
# ──────────────────────────────────────────
|
|
section "SSL 인증서 유효성"
|
|
# ──────────────────────────────────────────
|
|
if command -v openssl &>/dev/null && [ -f "$NGINX_DIR/ssl/train-kamco.com.crt" ]; then
|
|
EXPIRY=$(openssl x509 -in "$NGINX_DIR/ssl/train-kamco.com.crt" -noout -enddate 2>/dev/null | cut -d= -f2)
|
|
EXPIRY_EPOCH=$(date -d "$EXPIRY" +%s 2>/dev/null || date -j -f "%b %d %T %Y %Z" "$EXPIRY" +%s 2>/dev/null)
|
|
NOW_EPOCH=$(date +%s)
|
|
if [ "$EXPIRY_EPOCH" -gt "$NOW_EPOCH" ]; then
|
|
ok "인증서 유효 (만료: $EXPIRY)"
|
|
else
|
|
fail "인증서 만료됨 (만료: $EXPIRY)"
|
|
fi
|
|
|
|
SAN=$(openssl x509 -in "$NGINX_DIR/ssl/train-kamco.com.crt" -noout -text 2>/dev/null | grep -A1 "Subject Alternative Name" | tail -1)
|
|
echo " SAN: $SAN"
|
|
else
|
|
warn "openssl 없음 또는 인증서 파일 없음 - 인증서 검증 스킵"
|
|
fi
|
|
|
|
# ──────────────────────────────────────────
|
|
section "Docker 확인"
|
|
# ──────────────────────────────────────────
|
|
if command -v docker &>/dev/null && docker info &>/dev/null 2>&1; then
|
|
ok "Docker 실행 중"
|
|
|
|
# Docker network
|
|
if docker network ls --format '{{.Name}}' | grep -q "^kamco-cds$"; then
|
|
ok "Docker network kamco-cds 존재"
|
|
else
|
|
fail "Docker network kamco-cds 없음 (setup.sh 재실행 필요)"
|
|
fi
|
|
|
|
# nginx 컨테이너 상태
|
|
CONTAINER_STATUS=$(docker inspect --format '{{.State.Status}}' kamco-train-nginx 2>/dev/null)
|
|
if [ "$CONTAINER_STATUS" = "running" ]; then
|
|
ok "kamco-train-nginx 컨테이너 실행 중"
|
|
elif [ -z "$CONTAINER_STATUS" ]; then
|
|
warn "kamco-train-nginx 컨테이너 없음 (아직 미실행)"
|
|
else
|
|
fail "kamco-train-nginx 컨테이너 상태: $CONTAINER_STATUS"
|
|
fi
|
|
else
|
|
fail "Docker 미실행 또는 설치 안 됨"
|
|
fi
|
|
|
|
# ──────────────────────────────────────────
|
|
section "nginx 설정 문법 검사"
|
|
# ──────────────────────────────────────────
|
|
if command -v docker &>/dev/null && docker info &>/dev/null 2>&1; then
|
|
echo " docker run으로 nginx -t 실행 중..."
|
|
if docker run --rm \
|
|
-v "$NGINX_DIR/nginx.conf:/etc/nginx/nginx.conf:ro" \
|
|
-v "$NGINX_DIR/ssl:/etc/nginx/ssl:ro" \
|
|
nginx:alpine nginx -t 2>&1; then
|
|
ok "nginx 설정 문법 OK"
|
|
else
|
|
fail "nginx 설정 문법 오류"
|
|
fi
|
|
else
|
|
warn "Docker 없음 - nginx 문법 검사 스킵"
|
|
fi
|
|
|
|
# ──────────────────────────────────────────
|
|
section "/etc/hosts 확인"
|
|
# ──────────────────────────────────────────
|
|
for domain in api.train-kamco.com train-kamco.com; do
|
|
HOSTS_LINE=$(grep "$domain" /etc/hosts | grep -v "^#" | head -1)
|
|
if [ -n "$HOSTS_LINE" ]; then
|
|
ok "$domain 등록됨 → $HOSTS_LINE"
|
|
else
|
|
fail "$domain /etc/hosts 미등록"
|
|
fi
|
|
done
|
|
|
|
# ──────────────────────────────────────────
|
|
section "도메인 해석 확인"
|
|
# ──────────────────────────────────────────
|
|
for domain in api.train-kamco.com train-kamco.com; do
|
|
RESOLVED=$(getent hosts "$domain" 2>/dev/null | awk '{print $1}' | head -1)
|
|
if [ -n "$RESOLVED" ]; then
|
|
ok "$domain → $RESOLVED"
|
|
else
|
|
fail "$domain 해석 실패 (DNS 또는 hosts 문제)"
|
|
fi
|
|
done
|
|
|
|
# ──────────────────────────────────────────
|
|
section "포트 연결 확인 (80 / 443)"
|
|
# ──────────────────────────────────────────
|
|
for port in 80 443; do
|
|
if command -v nc &>/dev/null; then
|
|
if nc -z -w3 api.train-kamco.com "$port" 2>/dev/null; then
|
|
ok "api.train-kamco.com:$port 열림"
|
|
else
|
|
warn "api.train-kamco.com:$port 닫힘 (nginx 미실행일 수 있음)"
|
|
fi
|
|
elif command -v curl &>/dev/null; then
|
|
HTTP_CODE=$(curl -sk -o /dev/null -w "%{http_code}" --connect-timeout 3 \
|
|
"$([ "$port" = "443" ] && echo https || echo http)://api.train-kamco.com/" 2>/dev/null)
|
|
if [ -n "$HTTP_CODE" ] && [ "$HTTP_CODE" != "000" ]; then
|
|
ok "api.train-kamco.com:$port 응답 (HTTP $HTTP_CODE)"
|
|
else
|
|
warn "api.train-kamco.com:$port 응답 없음 (nginx 미실행일 수 있음)"
|
|
fi
|
|
else
|
|
warn "nc/curl 없음 - 포트 확인 스킵"
|
|
break
|
|
fi
|
|
done
|
|
|
|
# ──────────────────────────────────────────
|
|
section "HTTPS 헬스체크"
|
|
# ──────────────────────────────────────────
|
|
if command -v curl &>/dev/null; then
|
|
for url in \
|
|
"https://api.train-kamco.com/monitor/health" \
|
|
"https://train-kamco.com/monitor/health"; do
|
|
HTTP_CODE=$(curl -sk -o /dev/null -w "%{http_code}" --connect-timeout 5 "$url" 2>/dev/null)
|
|
if [ "$HTTP_CODE" = "200" ]; then
|
|
ok "$url → HTTP $HTTP_CODE"
|
|
elif [ "$HTTP_CODE" = "000" ] || [ -z "$HTTP_CODE" ]; then
|
|
warn "$url → 응답 없음 (nginx 미실행일 수 있음)"
|
|
else
|
|
warn "$url → HTTP $HTTP_CODE"
|
|
fi
|
|
done
|
|
else
|
|
warn "curl 없음 - HTTPS 헬스체크 스킵"
|
|
fi
|
|
|
|
# ──────────────────────────────────────────
|
|
section "결과 요약"
|
|
# ──────────────────────────────────────────
|
|
echo ""
|
|
echo -e " ${GREEN}PASS: $PASS${NC} / ${RED}FAIL: $FAIL${NC}"
|
|
echo ""
|
|
if [ $FAIL -eq 0 ]; then
|
|
echo -e "${GREEN}모든 체크 통과. nginx 실행 준비 완료.${NC}"
|
|
if [ -n "$DOCKER_COMPOSE" ]; then
|
|
echo " cd $NGINX_DIR && $DOCKER_COMPOSE -f docker-compose-nginx.yml up -d"
|
|
else
|
|
echo " [WARN] docker-compose / docker compose 를 찾을 수 없습니다."
|
|
fi
|
|
else
|
|
echo -e "${RED}$FAIL 개 항목 실패. 위 오류를 확인하세요.${NC}"
|
|
exit 1
|
|
fi
|