generated from SHDS-ESC/TemplateRepo
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathnginx.conf
More file actions
75 lines (75 loc) · 2.87 KB
/
nginx.conf
File metadata and controls
75 lines (75 loc) · 2.87 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
upstream spring_upstream { server sharp_ishizaka:8090; keepalive 64; }
server {
listen 80;
server_name esc.shinhanacademy.co.kr;
# 정적(SPA) - CORS 헤더 추가
root /usr/share/nginx/html;
# CSS 파일 직접 서빙 (동적 로딩용)
location ~* ^/src/.*\.css$ {
expires 7d;
add_header Cache-Control "public, max-age=604800";
add_header 'Access-Control-Allow-Origin' '*' always;
try_files $uri =404;
}
# 기타 정적 파일들
location ~* \.(js|css|png|jpg|jpeg|gif|svg|ico|woff2?)$ {
expires 7d;
add_header Cache-Control "public, max-age=604800";
add_header 'Access-Control-Allow-Origin' '*' always;
try_files $uri =404;
}
location / {
add_header 'Access-Control-Allow-Origin' '*' always;
try_files $uri /index.html;
}
# 공통 프록시 설정(매크로처럼)
set $xfp $http_x_forwarded_proto;
if ($xfp = "") { set $xfp "https"; } # 프록시가 못 내릴 때 대비(선호: https)
location /api/ {
# CORS는 Spring Boot에서 처리하므로 nginx에서는 프록시만 수행
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $xfp; # 엣지의 https를 보존
proxy_pass http://spring_upstream;
proxy_redirect off;
}
# 정확히 /auth (슬래시 없음)
location = /auth {
# CORS는 Spring Boot에서 처리하므로 nginx에서는 프록시만 수행
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $xfp;
proxy_pass http://spring_upstream/auth;
proxy_redirect off;
}
# /auth/ 이하
location /auth/ {
# CORS는 Spring Boot에서 처리하므로 nginx에서는 프록시만 수행
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $xfp;
proxy_pass http://spring_upstream; # URI 붙이지 않기
proxy_redirect off;
}
location /agent/ {
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $xfp;
proxy_pass http://spring_upstream;
proxy_redirect off;
}
# (옵션) 큰 요청/응답 대비
client_max_body_size 20m;
proxy_read_timeout 60s;
proxy_send_timeout 60s;
# (옵션) 혼합콘텐츠 보조장치: 엣지가 헤더를 그대로 전달하면 효과 있음
add_header Content-Security-Policy "upgrade-insecure-requests" always;
}