Merge pull request #40 from haram-jo/feature/#39

[feat] AWS 배포 하기 위한 yml 관련 환경 설정 변경

Author: haram-jo

.github/workflows/deploy.yml

@@ -50,7 +50,7 @@ services:
       - mysql
       - redis
     environment:
-      SPRING_PROFILES_ACTIVE: docker
+      SPRING_PROFILES_ACTIVE: prod
     env_file:
       - .env
     networks:
@@ -85,14 +85,18 @@ services:
     networks:
       - app-network
 
-  kafka:
+  kafka-1:
     image: confluentinc/cp-kafka:7.4.0
     ports:
       - "9092:9092" #도커 내부 포트 9092를 내 컴퓨터 포트 9092에 매핑
     environment:
       KAFKA_BROKER_ID: 1
       KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
-      KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://localhost:9092 # 도커 외부에서 도는 API 서버가 카프카를 찾아갈 수 있음
+        # ✅ 리스너 이름을 서비스 이름인 kafka-1로 설정
+      KAFKA_LISTENERS: PLAINTEXT://0.0.0.0:29092,CONTROLLER://0.0.0.0:9092
+      KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://kafka-1:29092,CONTROLLER://localhost:9092
+      KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:PLAINTEXT,CONTROLLER:PLAINTEXT
+      KAFKA_INTER_BROKER_LISTENER_NAME: PLAINTEXT
       KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
     depends_on:
       - zookeeper

docker-compose.yml

@@ -70,6 +70,9 @@ dependencies {
 	// 테스트를 위한 설정 (선택 사항)
 	testImplementation 'org.springframework.kafka:spring-kafka-test'
 
+	implementation 'org.springframework.boot:spring-boot-starter-actuator'
+
+
 }
 
 tasks.named('test') {

services/api/build.gradle

@@ -44,12 +44,16 @@ public PasswordEncoder passwordEncoder() {
     public CorsConfigurationSource corsConfigurationSource() {
         CorsConfiguration configuration = new CorsConfiguration();
 
-        // 프론트엔드 포트 허용
-        configuration.setAllowedOrigins(List.of("http://localhost:5173"));
+        // [핵심 수정] 환경 변수에서 프론트엔드 주소를 가져오고, 없으면 로컬 주소를 기본값으로 사용
+        String frontendUrl = System.getenv("FRONTEND_URL");
+        if (frontendUrl == null) frontendUrl = "http://localhost:5173";
+
+        // 로컬과 실제 배포 주소를 모두 허용 목록에 넣습니다.
+        configuration.setAllowedOrigins(List.of(frontendUrl, "http://localhost:5173"));
+
         configuration.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "OPTIONS"));
         configuration.setAllowedHeaders(List.of("*"));
-        // 쿠키 전송을 위해 필수 설정
-        configuration.setAllowCredentials(true);
+        configuration.setAllowCredentials(true); // 쿠키/인증정보 전송 허용
 
         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
         source.registerCorsConfiguration("/**", configuration);
@@ -110,12 +114,3 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                 return http.build();
             }
         }
-
-        /* 테스트 코드
-                .csrf(csrf -> csrf.disable()) // 테스트 위해 임시허용
-                // 모든 경로에 대해 접근 허용
-                .authorizeHttpRequests(auth -> auth
-                        .anyRequest().permitAll()
-                );
-        http.addFilterBefore(customLoginFilter(), UsernamePasswordAuthenticationFilter.class);
-        */

services/api/src/main/java/com/sprint/api/config/SecurityConfig.java

@@ -1,13 +1,23 @@
-# ----- API는 local, MySQL는 Docker -----
-spring.datasource.url=jdbc:mysql://mysql:3306/appdb?useSSL=false&allowPublicKeyRetrieval=true&serverTimezone=Asia/Seoul
+# 1. Database (RDS \uC5F0\uACB0\uC6A9)
+# \uD658\uACBD \uBCC0\uC218\uAC00 \uC788\uC73C\uBA74 \uADF8 \uAC12\uC744 \uC4F0\uACE0, \uC5C6\uC73C\uBA74 \uAE30\uBCF8\uAC12(mysql:3306)\uC744 \uC0AC\uC6A9\uD558\uB3C4\uB85D \uC124\uC815\uD568
+spring.datasource.url=jdbc:mysql://${RDS_HOSTNAME:mysql}:${RDS_PORT:3306}/${RDS_DB_NAME:appdb}?useSSL=false&allowPublicKeyRetrieval=true&serverTimezone=Asia/Seoul
+spring.datasource.username=${RDS_USERNAME:app}
+spring.datasource.password=${RDS_PASSWORD:app}
 spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
-spring.datasource.username=app
-spring.datasource.password=app
 
-# JPA
+# 2. JPA (\uC6B4\uC601 \uD658\uACBD \uC8FC\uC758!)
+# \uBC30\uD3EC \uC2DC\uC5D0\uB294 'update'\uBCF4\uB2E4 'none'\uC774\uB098 'validate'\uAC00 \uC548\uC804\uD558\uC9C0\uB9CC, \uCD08\uAE30 \uAD6C\uCD95 \uC2DC\uC5D0\uB294 update\uB97C \uC720\uC9C0\uD574\uB3C4 \uB428
 spring.jpa.hibernate.ddl-auto=update
-spring.jpa.show-sql=true
+spring.jpa.show-sql=false
 spring.jpa.properties.hibernate.format_sql=true
 
-# schema.sql/data.sql ???? ????? ??? ? ???(??? always?)
-spring.sql.init.mode=never
+# 3. Redis (ElastiCache \uC5F0\uACB0\uC6A9)
+spring.data.redis.host=${REDIS_HOST:my-redis}
+spring.data.redis.port=${REDIS_PORT:6379}
+
+# 4. Kafka (MSK \uB610\uB294 Cloud Kafka \uC5F0\uACB0\uC6A9)
+spring.kafka.bootstrap-servers=${KAFKA_BROKERS:kafka-1:29092}
+
+# 5. Actuator (\uBCF4\uC548\uC744 \uC704\uD574 health\uB9CC \uB178\uCD9C)
+management.endpoints.web.exposure.include=health
+management.endpoint.health.show-details=always

services/api/src/main/resources/application-prod.properties

@@ -1,8 +1,11 @@
 spring.application.name=api
-spring.profiles.active=local
+spring.profiles.active=prod
 
 # JWT \uC124\uC815 
 jwt.secret=${JWT_SECRET}
 
 # TMDB API \uD1A0\uD070 (\uACF5\uD1B5)
-custom.tmdb.access-token=${TMDB_ACCESS_TOKEN}
+custom.tmdb.access-token=${TMDB_ACCESS_TOKEN}
+
+# Actuator endpoint \uBAA8\uB450 \uB178\uCD9C
+management.endpoints.web.exposure.include=*

services/api/src/main/resources/application.properties

@@ -1,8 +1,8 @@
 server.port=8081
 
-spring.datasource.url=jdbc:mysql://mysql:3306/appdb?useSSL=false&allowPublicKeyRetrieval=true&serverTimezone=Asia/Seoul
-spring.datasource.username=app
-spring.datasource.password=app
+spring.datasource.url=jdbc:mysql://${RDS_HOSTNAME:mysql}:${RDS_PORT:3306}/${RDS_DB_NAME:appdb}?useSSL=false&allowPublicKeyRetrieval=true&serverTimezone=Asia/Seoul
+spring.datasource.username=${RDS_USERNAME:app}
+spring.datasource.password=${RDS_PASSWORD:app}
 
 spring.jpa.hibernate.ddl-auto=update
 spring.jpa.show-sql=false

services/batch/src/main/resources/application-docker.properties

@@ -1,39 +1,48 @@
 # Nginx 전체 설정 파일
 worker_processes auto;
 
- events {
-     worker_connections 1024;
- }
-
- http {
-     include       /etc/nginx/mime.types;
-     default_type  application/octet-stream;
-
-     sendfile        on;
-     keepalive_timeout  65;
-
-     # 1. 기존 include는 주석 처리하거나 그대로 둡니다.
-     # include /etc/nginx/conf.d/*.conf;
-
-     # 2. 서버 설정
-     server {
-         listen 80;
-
-         # 일반 API 요청 (로컬 API 서버 연결)
-         location /api/ {
-             proxy_pass http://host.docker.internal:8080;
-             proxy_set_header Host $host;
-             proxy_set_header X-Real-IP $remote_addr;
-         }
-
-         # SSE 전용 설정 (실시간 알림용)
-         location /api/sse {
-             proxy_pass http://host.docker.internal:8080;
-             proxy_set_header Connection "";
-             proxy_http_version 1.1;
-             proxy_buffering off;        # 새로고침 안해도 알람 전송해주는 설정
-             proxy_cache off;
-             proxy_read_timeout 3600s;
-         }
-     }
- }
+events {
+    worker_connections 1024;
+}
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    sendfile        on;
+    keepalive_timeout  65;
+
+    server {
+        listen 80;
+
+        # [필수] AWS 내부 DNS 서버 주소 (Service Discovery를 찾기 위해 꼭 필요함)
+        resolver 10.0.0.2 valid=30s;
+
+        # [필수] 변수 정의: API 서버의 내부 도메인 주소
+        set $api_url http://api.mopl.local:8080;
+
+        # 1. 일반 API 요청
+        location /api/ {
+            proxy_pass $api_url;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+
+        # 2. SSE 전용 설정 (실시간 알림용)
+        location /api/sse {
+            proxy_pass $api_url;
+            proxy_set_header Connection "";
+            proxy_http_version 1.1;
+            proxy_buffering off;
+            proxy_cache off;
+            proxy_read_timeout 3600s;
+        }
+
+        # [추가] ALB 건강 체크용 (배포 시 필수)
+        location /health {
+            access_log off;
+            return 200 'OK';
+        }
+    }
+}