diff --git a/.github/workflows/backend-prod-cd.yml b/.github/workflows/backend-prod-cd.yml index a275494..b103814 100644 --- a/.github/workflows/backend-prod-cd.yml +++ b/.github/workflows/backend-prod-cd.yml @@ -1,4 +1,4 @@ -name: Siso - 밸런스 게임 벡엔드 배포 자동화 워크 플로우(backend-prod) +name: Siso - 밸런스 게임 벡엔드 배포 자동화 워크플로우 (backend-prod) on: push: @@ -13,21 +13,20 @@ jobs: permissions: pull-requests: read outputs: - backend: ${{ steps.filter.outputs.backend }} # backend 변경 여부를 출력으로 설정 - frontend: ${{ steps.filter.outputs.frontend }} # frontend 변경 여부를 출력으로 설정 + backend: ${{ steps.filter.outputs.backend }} + frontend: ${{ steps.filter.outputs.frontend }} steps: - uses: actions/checkout@v4 with: - fetch-depth: 0 # 모든 Git 히스토리를 가져옴 + fetch-depth: 0 - name: Get previous tag id: previoustag run: echo "PREVIOUS_TAG=$(git describe --tags --abbrev=0 HEAD^ --always)" >> $GITHUB_OUTPUT - # 이전 태그를 찾아서 환경 변수로 저장 - uses: dorny/paths-filter@v3 id: filter with: - base: ${{ steps.previoustag.outputs.PREVIOUS_TAG }} # 이전 태그 기준 - ref: ${{ github.ref }} # 현재 GitHub 참조(커밋, 태그 등) + base: ${{ steps.previoustag.outputs.PREVIOUS_TAG }} + ref: ${{ github.ref }} filters: | backend: - 'backend/**' @@ -67,8 +66,17 @@ jobs: key: ${{ secrets.EC2_KEY }} port: ${{ secrets.SSH_PORT }} script: | - docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }} - docker pull ${{ secrets.DOCKER_USERNAME }}/siso-backend:latest - docker stop siso-backend || true - docker rm siso-backend || true - docker run -d --env-file /home/ubuntu/env/backend.env -p 80:80 --name siso-backend ${{ secrets.DOCKER_USERNAME }}/siso-backend:latest + docker-compose pull + docker-compose down + docker-compose up -d + + - name: 인증서 갱신 및 Nginx 재시작 + uses: appleboy/ssh-action@master + with: + host: ${{ secrets.EC2_HOST }} + username: ${{ secrets.EC2_USERNAME }} + key: ${{ secrets.EC2_KEY }} + port: ${{ secrets.SSH_PORT }} + script: | + docker-compose run certbot renew + docker-compose restart nginx diff --git a/backend/docker-compose.yml b/backend/docker-compose.yml new file mode 100644 index 0000000..ab03a60 --- /dev/null +++ b/backend/docker-compose.yml @@ -0,0 +1,41 @@ +version: '3' + +services: + nginx: + image: nginx:latest + container_name: nginx + ports: + - '80:80' + - '443:443' + volumes: + - ./nginx/conf.d:/etc/nginx/conf.d + - ./nginx/certs:/etc/nginx/certs + - ./nginx/html:/usr/share/nginx/html + - ./nginx/letsencrypt:/var/www/certbot + networks: + - web + restart: unless-stopped + + certbot: + image: certbot/certbot + container_name: certbot + volumes: + - ./nginx/certs:/etc/letsencrypt + - ./nginx/letsencrypt:/var/www/certbot + entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" + networks: + - web + restart: unless-stopped + + backend: + image: ${{ secrets.DOCKER_USERNAME }}/siso-backend:latest + container_name: siso-backend + env_file: + - /home/ubuntu/env/backend.env + networks: + - web + restart: unless-stopped + +networks: + web: + external: true diff --git a/backend/nginx/conf.d/default.conf b/backend/nginx/conf.d/default.conf new file mode 100644 index 0000000..ff487c0 --- /dev/null +++ b/backend/nginx/conf.d/default.conf @@ -0,0 +1,33 @@ +server { + listen 80; + server_name your_domain.com; + + location / { + proxy_pass http://your_nestjs_container:3000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location ~ /.well-known/acme-challenge { + allow all; + root /var/www/certbot; + } +} + +server { + listen 443 ssl; + server_name your_domain.com; + + ssl_certificate /etc/nginx/certs/live/your_domain.com/fullchain.pem; + ssl_certificate_key /etc/nginx/certs/live/your_domain.com/privkey.pem; + + location / { + proxy_pass http://your_nestjs_container:3000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +}