Deployment with GCP - Githubissues

great-park commented 1 year ago

GCP을 이용하여 배포를 진행한다.

[x] GCP 인스턴스 생성
[x] spring project 배포
[x] localhost -> public IP address 교체
[x] nginx - reverse proxy
[x] Docker 사용
[x] 도메인 연결(for 구글 로그인)
[x] https 적용(for 구글 로그인)

great-park commented 1 year ago

구글 소셜 로그인 정책상 (1) https 통신 (2) 도메인 연결 등을 만족시켜야 한다. 따라서 아래와 같이 수정한다.

./docker-compose,yml


version: '3'
services:
nginx:
image: nginx:latest
restart: unless-stopped
volumes:
  - ./nginx/conf.d:/etc/nginx/conf.d
  - ./data/certbot/conf:/etc/letsencrypt 
  - ./data/certbot/www:/var/www/certbot
ports:
  - 80:80
  - 443:443
depends_on:
  - spring
spring:
container_name: spring-app
image: "cksgh1735/spring2:latest"
ports:
  - 8080:8080

certbot:
image: certbot/certbot
restart: unless-stopped
volumes:
  - ./data/certbot/conf:/etc/letsencrypt 
  - ./data/certbot/www:/var/www/certbot

2. ./nginx/conf.d/app.conf

server { listen 80; server_name ku-wonder.shop www.ku-wonder.shop; server_tokens off;

location /.well-known/acme-challenge/ {
    root /var/www/certbot;
}

location / {
    return 301 https://$host$request_uri;
}

}

server { listen 443 ssl; server_name ku-wonder.shop www.ku-wonder.shop server_tokens off;

ssl_certificate /etc/letsencrypt/live/ku-wonder.shop/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ku-wonder.shop/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

location / {
    proxy_pass  http://spring:8080;
    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
}

}

great-park commented 1 year ago

cerbot을 통한 인증서 발급 script 쉘 스크립트를 init-letsencrypt.sh 파일로 docker-compose.yaml 파일이 있는 경로에 함께 저장한다.

#!/bin/bash

if ! [ -x "$(command -v docker-compose)" ]; then
  echo 'Error: docker-compose is not installed.' >&2
  exit 1
fi

domains=(ku-wonder.shop www.ku-wonder.shop)
rsa_key_size=4096
data_path="./data/certbot"
email="cksgh1735@gmail.com" # Adding a valid address is strongly recommended
staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits

if [ -d "$data_path" ]; then
  read -p "Existing data found for $domains. Continue and replace existing certificate? (y/N) " decision
  if [ "$decision" != "Y" ] && [ "$decision" != "y" ]; then
    exit
  fi
fi

if [ ! -e "$data_path/conf/options-ssl-nginx.conf" ] || [ ! -e "$data_path/conf/ssl-dhparams.pem" ]; then
  echo "### Downloading recommended TLS parameters ..."
  mkdir -p "$data_path/conf"
  curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf"
  curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem"
  echo
fi

echo "### Creating dummy certificate for $domains ..."
path="/etc/letsencrypt/live/$domains"
mkdir -p "$data_path/conf/live/$domains"
docker-compose run --rm --entrypoint "\
  openssl req -x509 -nodes -newkey rsa:$rsa_key_size -days 1\
    -keyout '$path/privkey.pem' \
    -out '$path/fullchain.pem' \
    -subj '/CN=localhost'" certbot
echo

echo "### Starting nginx ..."
docker-compose up --force-recreate -d nginx
echo

echo "### Deleting dummy certificate for $domains ..."
docker-compose run --rm --entrypoint "\
  rm -Rf /etc/letsencrypt/live/$domains && \
  rm -Rf /etc/letsencrypt/archive/$domains && \
  rm -Rf /etc/letsencrypt/renewal/$domains.conf" certbot
echo

echo "### Requesting Let's Encrypt certificate for $domains ..."
#Join $domains to -d args
domain_args=""
for domain in "${domains[@]}"; do
  domain_args="$domain_args -d $domain"
done

# Select appropriate email arg
case "$email" in
  "") email_arg="--register-unsafely-without-email" ;;
  *) email_arg="--email $email" ;;
esac

# Enable staging mode if needed
if [ $staging != "0" ]; then staging_arg="--staging"; fi

docker-compose run --rm --entrypoint "\
  certbot certonly --webroot -w /var/www/certbot \
    $staging_arg \
    $email_arg \
    $domain_args \
    --rsa-key-size $rsa_key_size \
    --agree-tos \
    --force-renewal" certbot
echo

echo "### Reloading nginx ..."
docker-compose exec nginx nginx -s reload

KUGODS-Wonder / Wonder-API-Server

Deployment with GCP #8