fix: Nginx가 WebSocket Handshake 요청을 올바르게 처리하도록 (#481)

* fix: nginx가 웹소켓 핸드셰이크 요청을 제대로 처리하도록 수정

* chore: 변경된 nginx.conf가 cd 단계에서 개발 서버에 반영되도록

- 서버에 존재하는 default를 nginx.conf에 통합

* test: 테스트 코드 수정

- 초기 핸드셰이크는 ws가 아니라 http 프로토콜을 사용함
- 핸드셰이크를 테스트하므로 목적에 맞게 클래스 이름 변경

* chore: docker-compose down 시 명시적인 yml을 사용하도록

* chore: nginx conf 파일 환경 분리

* chore: prod 환경에서 cd 스크립트 수행 시 nginx conf 파일이 적용되도록

- docker compose down 시 명시적으로 yml 파일 지정

Author: whqtker

.github/workflows/dev-cd.yml

@@ -71,14 +71,28 @@ jobs:
           source: "./docs/infra-config/config.alloy"
           target: "/home/${{ secrets.DEV_USERNAME }}/solid-connection-dev/"
 
-      - name: Run docker compose
+      - name: Copy nginx config to remote
+        uses: appleboy/scp-action@master
+        with:
+          host: ${{ secrets.DEV_HOST }}
+          username: ${{ secrets.DEV_USERNAME }}
+          key: ${{ secrets.DEV_PRIVATE_KEY }}
+          source: "./docs/infra-config/nginx.dev.conf"
+          target: "/home/${{ secrets.DEV_USERNAME }}/solid-connection-dev/nginx"
+          rename: "default.conf"
+
+      - name: Run docker compose and apply nginx config
         uses: appleboy/ssh-action@master
         with:
           host: ${{ secrets.DEV_HOST }}
           username: ${{ secrets.DEV_USERNAME }}
           key: ${{ secrets.DEV_PRIVATE_KEY }}
           script_stop: true
           script: |
+            sudo cp /home/${{ secrets.DEV_USERNAME }}/solid-connection-dev/nginx/default.conf /etc/nginx/conf.d/default.conf
+            sudo nginx -t
+            sudo nginx -s reload
+
             cd /home/${{ secrets.DEV_USERNAME }}/solid-connection-dev
-            docker compose down
+            docker compose -f docker-compose.dev.yml down
             docker compose -f docker-compose.dev.yml up -d --build

.github/workflows/prod-cd.yml

@@ -71,14 +71,28 @@ jobs:
         source: "./docs/infra-config/config.alloy"
         target: "/home/${{ secrets.USERNAME }}/solid-connect-server/"
 
-    - name: Run docker compose
+    - name: Copy nginx config to remote
+      uses: appleboy/scp-action@master
+      with:
+        host: ${{ secrets.HOST }}
+        username: ${{ secrets.USERNAME }}
+        key: ${{ secrets.PRIVATE_KEY }}
+        source: "./docs/infra-config/nginx.prod.conf"
+        target: "/home/${{ secrets.USERNAME }}/solid-connection-prod/nginx"
+        rename: "default.conf"
+
+    - name: Run docker compose and apply nginx config
       uses: appleboy/ssh-action@master
       with:
         host: ${{ secrets.HOST }}
         username: ${{ secrets.USERNAME }}
         key: ${{ secrets.PRIVATE_KEY }}
         script_stop: true
         script: |
+          sudo cp /home/${{ secrets.USERNAME }}/solid-connection-prod/nginx/default.conf /etc/nginx/conf.d/default.conf
+          sudo nginx -t
+          sudo nginx -s reload
+          
           cd /home/${{ secrets.USERNAME }}/solid-connect-server
-          docker compose down
+          docker compose -f docker-compose.prod.yml down
           docker compose -f docker-compose.prod.yml up -d --build

docs/infra-config/nginx.conf docs/infra-config/nginx.dev.confdocs/infra-config/nginx.conf renamed to docs/infra-config/nginx.dev.conf

@@ -1,5 +1,6 @@
 server {
     listen 80;
+    server_name api.stage.solid-connection.com;
 
 # http를 사용하는 경우 주석 해제
 #    location / {
@@ -17,9 +18,10 @@ server {
 
 server {
     listen 443 ssl;
+    server_name api.stage.solid-connection.com;
 
-    ssl_certificate /etc/letsencrypt/live/api.solid-connection.com/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/api.solid-connection.com/privkey.pem;
+    ssl_certificate /etc/letsencrypt/live/api.stage.solid-connection.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/api.stage.solid-connection.com/privkey.pem;
     client_max_body_size 10M;
 
     ssl_protocols TLSv1.2 TLSv1.3;
@@ -31,10 +33,13 @@ server {
     ssl_stapling_verify on;
 
     location / {
-        proxy_pass http://solid-connection-server:8080;
+        proxy_pass http://localhost:8080;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
     }
-}
+}

docs/infra-config/nginx.prod.conf

@@ -0,0 +1,36 @@
+server {
+    listen 80;
+    server_name api.solid-connection.com;
+
+    location / {
+            return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl;
+    server_name api.solid-connection.com;
+
+    ssl_certificate /etc/letsencrypt/live/api.solid-connection.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/api.solid-connection.com/privkey.pem;
+    client_max_body_size 10M;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on; # 클라이언트 보다 서버의 암호화 알고리즘을 우선하도록 설정
+    ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256";
+    ssl_session_cache shared:SSL:10m; # SSL 세션 캐시 설정
+    ssl_session_timeout 10m;
+    ssl_stapling on; # OCSP 스테이플링 활성화
+    ssl_stapling_verify on;
+
+    location / {
+        proxy_pass http://127.0.0.1:8080;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+}

…ocket/WebSocketStompIntegrationTest.java …on/websocket/WebSocketHandshakeTest.javasrc/test/java/com/example/solidconnection/websocket/WebSocketStompIntegrationTest.java renamed to src/test/java/com/example/solidconnection/websocket/WebSocketHandshakeTest.java src/test/java/com/example/solidconnection/websocket/WebSocketStompIntegrationTest.java renamed to src/test/java/com/example/solidconnection/websocket/WebSocketHandshakeTest.java

@@ -30,8 +30,8 @@
 import org.springframework.web.socket.sockjs.client.WebSocketTransport;
 
 @TestContainerSpringBootTest
-@DisplayName("WebSocket/STOMP 통합 테스트")
-class WebSocketStompIntegrationTest {
+@DisplayName("WebSocket Handshake 테스트")
+class WebSocketHandshakeTest {
 
     @LocalServerPort
     private int port;
@@ -47,7 +47,7 @@ class WebSocketStompIntegrationTest {
 
     @BeforeEach
     void setUp() {
-        this.url = String.format("ws://localhost:%d/connect", port);
+        this.url = String.format("http://localhost:%d/connect", port);
         List<Transport> transports = List.of(new WebSocketTransport(new StandardWebSocketClient()));
         this.stompClient = new WebSocketStompClient(new SockJsClient(transports));
         this.stompClient.setMessageConverter(new MappingJackson2MessageConverter());