[BE] feat: https 적용 (#171)

feat: https 적용

.github/workflows/cicd-be-prod.yml

@@ -0,0 +1,70 @@
+name: CICD for Backend Production 
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'backend/**'
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs: 
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    ## jdk setting
+    - uses: actions/checkout@v3
+    - name: Set up JDK 17
+      uses: actions/setup-java@v3
+      with:
+        java-version: '17'
+        distribution: 'temurin' # https://github.com/actions/setup-java
+        cache: gradle
+
+    ## gradle caching
+    - name: Gradle Caching
+      uses: actions/cache@v3
+      with:
+        path: |
+          .gradle/caches
+          .gradle/wrapper
+        key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
+        restore-keys: |
+          ${{ runner.os }}-
+
+    ## gradle build
+    - name: Test with Gradle
+      run: |
+        cd ./backend
+        ./gradlew test
+    
+    - name: Build with Gradle
+      run: |
+        cd ./backend
+        ./gradlew build -x test
+
+    - name: Login to Docker Hub
+      uses: docker/login-action@v2
+      with:
+        username: ${{ secrets.DOCKER_USERNAME }}
+        password: ${{ secrets.DOCKER_PASSWORD }}
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v2
+
+    - name: Build and push
+      uses: docker/build-push-action@v4
+      with:
+        context: ./backend
+        file: ./backend/Dockerfile
+        push: true
+        tags: ${{ secrets.DOCKER_USERNAME }}/dong-gle-backend:latest
+        platforms: linux/arm64
+
+  deploy:
+    needs: build
+    uses: ./.github/workflows/deploy-prod.yml
+    secrets: inherit

.github/workflows/deploy-prod.yml

@@ -0,0 +1,30 @@
+name: Run Docker Compose Production
+
+on:
+  workflow_call:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  deploy:
+    runs-on: [self-hosted,prod]
+    steps:
+    - uses: actions/checkout@v3
+    - name: create .env
+      run: |
+        touch .env
+        echo "DOCKER_USERNAME=${{ secrets.DOCKER_USERNAME }}" >> .env
+        echo "DB_URL=${{ secrets.DB_URL }}" >> .env
+        echo "DB_USERNAME=${{ secrets.DB_USERNAME_PROD }}" >> .env
+        echo "DB_PASSWORD=${{ secrets.DB_PASSWORD_PROD }}" >> .env
+        echo "SPRING_PROFILES_ACTIVE=${{ secrets.SPRING_PROFILES_ACTIVE }}" >> .env
+        echo "PROFILE"=${{ secrets.PROD_PROFILE }} >> .env
+    ## deploy to production
+    - name: Deploy to prod
+      run: |
+        sudo docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
+        sudo docker compose down -v
+        sudo docker compose pull
+        sudo docker compose up -d

.github/workflows/deploy.yml

@@ -19,13 +19,12 @@ jobs:
         echo "DB_URL=${{ secrets.DB_URL }}" >> .env
         echo "DB_USERNAME=${{ secrets.DB_USERNAME }}" >> .env
         echo "DB_PASSWORD=${{ secrets.DB_PASSWORD }}" >> .env
-        echo "MEDIUM_TOKEN=${{ secrets.medium_token }}" >> .env
-        echo "SPRING_PROFILES_ACTIVE=${{ secrets.PROFILE }}" >> .env
-        echo "NOTION_TOKEN"=${{ secrets.NOTION_TOKEN }} >> .env
+        echo "SPRING_PROFILES_ACTIVE=${{ secrets.SPRING_PROFILES_ACTIVE }}" >> .env
+        echo "PROFILE=${{ secrets.DEV_PROFILE }}" >> .env
     ## deploy to production
     - name: Deploy to prod
       run: |
         sudo docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
-        sudo docker compose down
+        sudo docker compose down -v
         sudo docker compose pull
         sudo docker compose up -d

backend/src/main/resources/application-prod.yaml

@@ -9,6 +9,4 @@ spring:
     properties:
       hibernate:
         format_sql: true
-    show-sql: true
-medium_token: ${MEDIUM_TOKEN}
-notion_token: ${NOTION_TOKEN}
+    show-sql: true

backend/src/main/resources/application.yaml

@@ -14,6 +14,4 @@ spring:
     show-sql: true
   h2:
     console:
-      enabled: true
-medium_token: medium_token
-notion_token: notion_token
+      enabled: true

conf-prod/nginx.conf

@@ -0,0 +1,33 @@
+server {
+        listen 80;
+        client_max_body_size 0;
+        server_name donggle.blog;
+        server_tokens off;
+        location / {
+                return 301 https://$host$request_uri;
+        }
+}
+server{
+        listen 443 ssl;
+        client_max_body_size 0;
+        server_name donggle.blog;
+
+        ssl_certificate /etc/nginx/certs/certificate.crt;
+        ssl_certificate_key /etc/nginx/certs/private.key;
+
+        location /api {
+                rewrite ^/api/(.*) /$1 break;
+                proxy_pass http://backend:8080;
+                proxy_set_header Host $host;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                proxy_set_header X-Forwarded-Proto $scheme;
+        }
+        location / {
+                proxy_pass http://frontend:3000;
+                proxy_set_header Host $host;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                proxy_set_header X-Forwarded-Proto $scheme;
+        }
+}

docker-compose.yml

@@ -14,15 +14,14 @@ services:
       - DB_URL
       - DB_USERNAME
       - DB_PASSWORD
-      - MEDIUM_TOKEN
-      - NOTION_TOKEN
 
   nginx:
     container_name: nginx
     image: nginx:latest
     restart: always
     volumes:
-      - ./conf/:/etc/nginx/conf.d
+      - /home/ubuntu/certs/:/etc/nginx/certs/
+      - ./conf-${PROFILE}/:/etc/nginx/conf.d/
     ports:
       - 80:80
       - 443:443