1e98f0d04a
- 37개 파일 IP → zioinfo.co.kr 치환 (소스/매뉴얼/설정/하네스) - Manager DrConsole/NetworkConsole/CsapConsole 빌드 + /var/www/manager/ 배포 - 테스트: Manager HTTP 200, ITSM 신규 API 7개 전체 200 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
174 lines
5.5 KiB
Bash
174 lines
5.5 KiB
Bash
#!/bin/bash
|
|
# ============================================================
|
|
# Nginx 통합 설정 — zioinfo 홈페이지 + GUARDiA ITSM
|
|
# 실행: bash 07_nginx_all.sh [도메인] [itsm도메인]
|
|
# 예시: bash 07_nginx_all.sh zioinfo.co.kr itsm.zioinfo.co.kr
|
|
# ============================================================
|
|
|
|
DOMAIN=${1:-"$(curl -s ifconfig.me)"} # IP 또는 도메인
|
|
ITSM_DOMAIN=${2:-"itsm.${DOMAIN}"}
|
|
|
|
GREEN='\033[0;32m'; CYAN='\033[0;36m'; NC='\033[0m'
|
|
info() { echo -e "${GREEN}[OK]${NC} $1"; }
|
|
section() { echo -e "\n${CYAN}=== $1 ===${NC}"; }
|
|
|
|
section "1. zioinfo 홈페이지 Nginx 설정"
|
|
sudo tee /etc/nginx/sites-available/zioinfo <<NGINX
|
|
# ──────────────────────────────────────────────
|
|
# (주)지오정보기술 홈페이지
|
|
# ──────────────────────────────────────────────
|
|
server {
|
|
listen 80;
|
|
server_name ${DOMAIN} www.${DOMAIN};
|
|
|
|
root /var/www/zioinfo;
|
|
index index.html;
|
|
|
|
# React SPA
|
|
location / {
|
|
try_files \$uri \$uri/ /index.html;
|
|
add_header Cache-Control "no-cache";
|
|
}
|
|
|
|
# 정적 자산 캐시
|
|
location ~* \.(js|css|png|jpg|gif|ico|svg|woff2|ttf)$ {
|
|
expires 30d;
|
|
add_header Cache-Control "public, immutable";
|
|
}
|
|
|
|
# Spring Boot API (홈페이지 문의 접수 등)
|
|
location /api/ {
|
|
proxy_pass http://127.0.0.1:8080;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade \$http_upgrade;
|
|
proxy_set_header Connection keep-alive;
|
|
proxy_set_header Host \$host;
|
|
proxy_set_header X-Real-IP \$remote_addr;
|
|
proxy_cache_bypass \$http_upgrade;
|
|
}
|
|
|
|
# 보안 헤더
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header Referrer-Policy "same-origin" always;
|
|
|
|
# gzip
|
|
gzip on;
|
|
gzip_vary on;
|
|
gzip_types text/plain text/css application/javascript application/json image/svg+xml;
|
|
gzip_min_length 1024;
|
|
}
|
|
NGINX
|
|
info "zioinfo 홈페이지 설정 완료"
|
|
|
|
section "2. GUARDiA ITSM Nginx 설정"
|
|
sudo tee /etc/nginx/sites-available/guardia <<NGINX
|
|
# ──────────────────────────────────────────────
|
|
# GUARDiA ITSM 관리 시스템
|
|
# ──────────────────────────────────────────────
|
|
upstream guardia_api {
|
|
server 127.0.0.1:8001;
|
|
keepalive 32;
|
|
}
|
|
|
|
server {
|
|
listen 80;
|
|
server_name ${ITSM_DOMAIN};
|
|
|
|
client_max_body_size 100M;
|
|
|
|
# GUARDiA React SPA + FastAPI
|
|
location / {
|
|
proxy_pass http://guardia_api;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade \$http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_set_header Host \$host;
|
|
proxy_set_header X-Real-IP \$remote_addr;
|
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto \$scheme;
|
|
proxy_read_timeout 300s;
|
|
proxy_send_timeout 300s;
|
|
}
|
|
|
|
# WebSocket (SSE + WS)
|
|
location /ws/ {
|
|
proxy_pass http://guardia_api;
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade \$http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_set_header Host \$host;
|
|
proxy_read_timeout 3600s;
|
|
}
|
|
|
|
# 정적 파일 직접 서빙 (성능)
|
|
location /static/ {
|
|
alias /opt/guardia/app/static/;
|
|
expires 7d;
|
|
}
|
|
|
|
# 업로드 파일
|
|
location /uploads/ {
|
|
alias /opt/guardia/uploads/;
|
|
expires 1d;
|
|
}
|
|
|
|
# 보안 — 내부 전용 경로 차단
|
|
location ~ ^/(admin/shell|api/ssh/exec) {
|
|
allow 127.0.0.1;
|
|
deny all;
|
|
proxy_pass http://guardia_api;
|
|
}
|
|
|
|
# 보안 헤더
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header X-XSS-Protection "1; mode=block" always;
|
|
|
|
gzip on;
|
|
gzip_types text/plain text/css application/javascript application/json;
|
|
}
|
|
NGINX
|
|
info "GUARDiA ITSM 설정 완료"
|
|
|
|
section "3. IP 직접 접속용 기본 설정 (도메인 없을 때)"
|
|
sudo tee /etc/nginx/sites-available/default-ip <<NGINX
|
|
# IP로 직접 접속 → zioinfo 홈페이지
|
|
server {
|
|
listen 80 default_server;
|
|
server_name _;
|
|
root /var/www/zioinfo;
|
|
index index.html;
|
|
location / { try_files \$uri \$uri/ /index.html; }
|
|
}
|
|
|
|
# IP:8001 → GUARDiA ITSM (개발용)
|
|
server {
|
|
listen 8001;
|
|
server_name _;
|
|
location / {
|
|
proxy_pass http://127.0.0.1:8001;
|
|
proxy_set_header Host \$host;
|
|
proxy_set_header X-Real-IP \$remote_addr;
|
|
}
|
|
}
|
|
NGINX
|
|
|
|
section "4. 심볼릭 링크 및 설정 적용"
|
|
sudo ln -sf /etc/nginx/sites-available/zioinfo /etc/nginx/sites-enabled/zioinfo
|
|
sudo ln -sf /etc/nginx/sites-available/guardia /etc/nginx/sites-enabled/guardia
|
|
sudo ln -sf /etc/nginx/sites-available/default-ip /etc/nginx/sites-enabled/default-ip
|
|
sudo rm -f /etc/nginx/sites-enabled/default
|
|
|
|
sudo nginx -t
|
|
sudo systemctl reload nginx
|
|
info "Nginx 설정 적용 완료"
|
|
|
|
section "5. 상태 확인"
|
|
echo ""
|
|
echo -e "${GREEN}✅ 서비스 접속 주소${NC}"
|
|
echo " 홈페이지: http://${DOMAIN}"
|
|
echo " GUARDiA ITSM: http://${ITSM_DOMAIN}"
|
|
echo " (IP 직접)홈: http://$(curl -s ifconfig.me)"
|
|
echo " (IP 직접)ITSM: http://$(curl -s ifconfig.me):8001"
|