Merge pull request #27 from gooiman/feat/ssl

feat: ssl 설정
gooiman · Sep 28, 2024 · 09ba636 · 09ba636
2 parents be3d3ea + b61a227
commit 09ba636
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 3 deletions.
diff --git a/.github/workflows/publish-dev.yml b/.github/workflows/publish-dev.yml
@@ -60,7 +60,7 @@ jobs:
           path: build/libs/*.jar
   docker-build:
     name: 'Docker 이미지 빌드'
-    needs: [apply-terraform, build-server]
+    needs: [ apply-terraform, build-server ]
     runs-on: ubuntu-latest
     steps:
       - name: 레포지토리 체크아웃
@@ -79,6 +79,9 @@ jobs:
           --build-arg DATABASE_ADDRESS=${{ needs.apply-terraform.outputs.rds_endpoint }} \
           --build-arg DATABASE_USERNAME=${{ secrets.DEV_DATABASE_USER }} \
           --build-arg DATABASE_PASSWORD=${{ secrets.DEV_DATABASE_PASSWORD }} \
+          --build-arg JWT_SECRET=${{ secrets.JWT_SECRET }} \
+          --build-arg JWT_TOKEN_VALIDITY_TIME=${{ secrets.JWT_TOKEN_VALIDITY_TIME }} \
+          --build-arg KEYSTORE_PASSWORD=${{ secrets.KEYSTORE_PASSWORD }} \
           -t gooiman-api:${{ github.sha }} .
 
       - name: 도커 이미지 저장
@@ -92,7 +95,7 @@ jobs:
 
   ecr-push:
     name: 'ECR 푸시'
-    needs: [apply-terraform, docker-build]
+    needs: [ apply-terraform, docker-build ]
     runs-on: ubuntu-latest
     outputs:
       ecr_registry: ${{ steps.login-ecr.outputs.registry }}
@@ -160,7 +163,7 @@ jobs:
           echo "docker-compose -f /var/deployment/docker-compose.yml up -d" >> scripts/deploy.sh
           zip -r ${{ github.sha }}.zip .
           aws s3 cp ${{ github.sha }}.zip s3://gooiman-${{ env.ENVIRONMENT }}-deploy-bucket/${{ github.sha }}.zip
-          
+
 
       - name: CodeDeploy 배포 생성
         run: |

diff --git a/Dockerfile b/Dockerfile
@@ -7,12 +7,14 @@ ARG DATABASE_USERNAME=root
 ARG DATABASE_PASSWORD=password
 ARG JWT_SECRET=9bc0a269dbe8910fa16ced43ef5d14113a120fe1ab2d9b66bbd4c9bc0a269dbe8910fa16ced43ef5d14113
 ARG JWT_TOKEN_VALIDITY_TIME=864000
+ARG KEYSTORE_PASSWORD=changeit
 
 ENV spring.datasource.initialization-mode=always
 ENV SPRING_PROFILES_ACTIVE=${SPRING_PROFILES_ACTIVE}
 ENV DATABASE_ADDRESS=${DATABASE_ADDRESS}
 ENV DATABASE_USERNAME=${DATABASE_USERNAME}
 ENV DATABASE_PASSWORD=${DATABASE_PASSWORD}
+ENV KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}
 ENV JWT_SECRET=${JWT_SECRET}
 ENV JWT_TOKEN_VALIDITY_TIME=${JWT_TOKEN_VALIDITY_TIME}
 

diff --git a/src/main/resources/application-dev.yml b/src/main/resources/application-dev.yml
@@ -0,0 +1,6 @@
+server:
+  ssl:
+    enabled: true
+    key-store: classpath:keystore.p12
+    key-store-password: ${KEYSTORE_PASSWORD}
+    key-store-type: PKCS12
diff --git a/src/main/resources/application-prod.yml b/src/main/resources/application-prod.yml
@@ -0,0 +1,6 @@
+server:
+  ssl:
+    enabled: true
+    key-store: classpath:keystore.p12
+    key-store-password: ${KEYSTORE_PASSWORD}
+    key-store-type: PKCS12
diff --git a/src/main/resources/keystore.p12 b/src/main/resources/keystore.p12