diff --git a/backend/console-server/docker-compose.yml b/backend/console-server/docker-compose.yml index 066714cc..3cfea514 100644 --- a/backend/console-server/docker-compose.yml +++ b/backend/console-server/docker-compose.yml @@ -4,11 +4,15 @@ services: image: nginx:latest ports: - "80:80" + - "443:443" volumes: - ./nginx.conf:/etc/nginx/nginx.conf + - /etc/letsencrypt:/etc/letsencrypt depends_on: - server-blue - server-green + networks: + - app-network server-blue: image: ghcr.io/boostcampwm-2024/web35-watchducks/backend/console-server:latest @@ -24,6 +28,8 @@ services: interval: 10s timeout: 2s retries: 5 + networks: + - app-network server-green: image: ghcr.io/boostcampwm-2024/web35-watchducks/backend/console-server:latest @@ -39,3 +45,10 @@ services: interval: 10s timeout: 2s retries: 5 + networks: + - app-network + +networks: + app-network: + name: app-network + driver: bridge \ No newline at end of file diff --git a/backend/console-server/nginx.conf b/backend/console-server/nginx.conf index 9c43fd50..b3da4e3f 100644 --- a/backend/console-server/nginx.conf +++ b/backend/console-server/nginx.conf @@ -4,8 +4,24 @@ http { server server-green:3002 backup; } + # http를 https로 리디렉션 server { listen 80; + server_name watchducks-test.store; + + location / { + return 301 https://$host$request_uri; + } + } + + server { + listen 443 ssl; + server_name watchducks-test.store; + + ssl_certificate /etc/letsencrypt/live/watchducks-test.store/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/watchducks-test.store/privkey.pem; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers HIGH:!aNULL:!MD5; location / { proxy_pass http://console_server; diff --git a/backend/name-server/src/server/utils/dns-response-builder.ts b/backend/name-server/src/server/utils/dns-response-builder.ts index 21c5a24c..33662374 100644 --- a/backend/name-server/src/server/utils/dns-response-builder.ts +++ b/backend/name-server/src/server/utils/dns-response-builder.ts @@ -52,7 +52,7 @@ export class DNSResponseBuilder { name: question.name, type: 'A', class: 'IN', - ttl: 300, + ttl: 10, data: this.config.proxyServerIp, }, ]; diff --git a/backend/proxy-server/src/server/proxy-server.ts b/backend/proxy-server/src/server/proxy-server.ts index d80c4aa2..9712aaec 100644 --- a/backend/proxy-server/src/server/proxy-server.ts +++ b/backend/proxy-server/src/server/proxy-server.ts @@ -39,6 +39,9 @@ export class ProxyServer { connections: Number(process.env.DEFAULT_CONNECTIONS), pipelining: Number(process.env.DEFAULT_PIPELINING), keepAliveTimeout: Number(process.env.DEFAULT_KEEP_ALIVE), + connect: { + rejectUnauthorized: false, + }, }, }); } @@ -89,7 +92,7 @@ export class ProxyServer { private async executeProxyRequest(request: FastifyRequest, reply: FastifyReply): Promise { const host = validateHost(request.headers[HOST_HEADER]); const ip = await this.resolveDomain(host); - const targetUrl = buildTargetUrl(ip, request.url, 'http://'); // TODO: Protocol 별 arg 세팅 + const targetUrl = buildTargetUrl(ip, request.url, 'https://'); // TODO: Protocol 별 arg 세팅 await this.sendProxyRequest(targetUrl, request, reply); }