[deploy/#250] Nginx Docker 전환 및 Blue-Green 무중단 배포 구현

.github/workflows/cd.yml

@@ -86,15 +86,16 @@ jobs:
           host: ${{ secrets.EC2_HOST }}
           username: ${{ secrets.EC2_USERNAME }}
           key: ${{ secrets.EC2_SSH_KEY }}
-          source: "docker-compose.yml,deploy.sh"
+          source: "docker/,scripts/deploy.sh"
           target: "~/deploy/"
 
-      - name: Deploy with docker-compose
+      - name: Deploy with blue-green strategy
         uses: appleboy/ssh-action@v1.0.3
         with:
           host: ${{ secrets.EC2_HOST }}
           username: ${{ secrets.EC2_USERNAME }}
           key: ${{ secrets.EC2_SSH_KEY }}
+          command_timeout: 10m
           envs: >-
             DOCKER_IMAGE,BRANCH,SPRING_PROFILES_ACTIVE,DB_URL,DB_PASSWORD,REDIS_PASSWORD,
             DISCORD_WEBHOOK_URL,ANTHROPIC_API_KEY,OPENAI_API_KEY,
@@ -103,8 +104,8 @@ jobs:
             JWT_SECRET,JWT_REDIRECT_URI,SERVER_DOMAIN
           script: |
             cd ~/deploy
-            chmod +x deploy.sh
-            ./deploy.sh
+            chmod +x scripts/deploy.sh
+            ./scripts/deploy.sh
 
       - name: Health check
         run: |

Dockerfile

@@ -1,6 +1,8 @@
 # Java 17
 FROM eclipse-temurin:17-jdk
 
+RUN apt-get update && apt-get install -y curl && rm -rf /var/lib/apt/lists/*
+
 ARG JAR_FILE=build/libs/*.jar
 
 # jar 파일 복사

docker/docker-compose.blue.yml

@@ -0,0 +1,38 @@
+services:
+  app-blue:
+    image: ${DOCKER_IMAGE}:${BRANCH}
+    container_name: techfork-app-blue
+    restart: always
+    environment:
+      - JAVA_OPTS=-Xms2g -Xmx2g
+      - SPRING_PROFILES_ACTIVE=${SPRING_PROFILES_ACTIVE}
+      - DB_URL=${DB_URL}
+      - DB_USERNAME=techfork
+      - DB_PASSWORD=${DB_PASSWORD}
+      - REDIS_PASSWORD=${REDIS_PASSWORD}
+      - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}
+      - OPENAI_API_KEY=${OPENAI_API_KEY}
+      - DISCORD_WEBHOOK_URL=${DISCORD_WEBHOOK_URL}
+      - KAKAO_REST_API_KEY=${KAKAO_REST_API_KEY}
+      - KAKAO_CLIENT_SECRET=${KAKAO_CLIENT_SECRET}
+      - APPLE_TEAM_ID=${APPLE_TEAM_ID}
+      - APPLE_KEY_ID=${APPLE_KEY_ID}
+      - APPLE_CLIENT_ID=${APPLE_CLIENT_ID}
+      - APPLE_PRIVATE_KEY_PATH=keys/AuthKey_${APPLE_KEY_ID}.p8
+      - JWT_SECRET=${JWT_SECRET}
+      - JWT_REDIRECT_URI=${JWT_REDIRECT_URI}
+      - SERVER_DOMAIN=${SERVER_DOMAIN}
+    networks:
+      techfork-network:
+        aliases:
+          - app-blue
+    healthcheck:
+      test: ["CMD-SHELL", "curl -f http://localhost:8080/actuator/health || exit 1"]
+      interval: 10s
+      timeout: 5s
+      retries: 12
+      start_period: 30s
+
+networks:
+  techfork-network:
+    external: true

docker/docker-compose.green.yml

@@ -0,0 +1,38 @@
+services:
+  app-green:
+    image: ${DOCKER_IMAGE}:${BRANCH}
+    container_name: techfork-app-green
+    restart: always
+    environment:
+      - JAVA_OPTS=-Xms2g -Xmx2g
+      - SPRING_PROFILES_ACTIVE=${SPRING_PROFILES_ACTIVE}
+      - DB_URL=${DB_URL}
+      - DB_USERNAME=techfork
+      - DB_PASSWORD=${DB_PASSWORD}
+      - REDIS_PASSWORD=${REDIS_PASSWORD}
+      - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}
+      - OPENAI_API_KEY=${OPENAI_API_KEY}
+      - DISCORD_WEBHOOK_URL=${DISCORD_WEBHOOK_URL}
+      - KAKAO_REST_API_KEY=${KAKAO_REST_API_KEY}
+      - KAKAO_CLIENT_SECRET=${KAKAO_CLIENT_SECRET}
+      - APPLE_TEAM_ID=${APPLE_TEAM_ID}
+      - APPLE_KEY_ID=${APPLE_KEY_ID}
+      - APPLE_CLIENT_ID=${APPLE_CLIENT_ID}
+      - APPLE_PRIVATE_KEY_PATH=keys/AuthKey_${APPLE_KEY_ID}.p8
+      - JWT_SECRET=${JWT_SECRET}
+      - JWT_REDIRECT_URI=${JWT_REDIRECT_URI}
+      - SERVER_DOMAIN=${SERVER_DOMAIN}
+    networks:
+      techfork-network:
+        aliases:
+          - app-green
+    healthcheck:
+      test: ["CMD-SHELL", "curl -f http://localhost:8080/actuator/health || exit 1"]
+      interval: 10s
+      timeout: 5s
+      retries: 12
+      start_period: 30s
+
+networks:
+  techfork-network:
+    external: true

docker-compose.yml → docker/docker-compose.infra.yml

@@ -1,42 +1,7 @@
 services:
-  app:
-    image: ${DOCKER_IMAGE}:${BRANCH}
-    container_name: tech-fork-app
-    restart: always
-    ports:
-      - "8080:8080"
-    environment:
-      - JAVA_OPTS=-Xms2g -Xmx2g
-      - SPRING_PROFILES_ACTIVE=${SPRING_PROFILES_ACTIVE}
-      - DB_URL=${DB_URL}
-      - DB_USERNAME=techfork
-      - DB_PASSWORD=${DB_PASSWORD}
-      - REDIS_PASSWORD=${REDIS_PASSWORD}
-      - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}
-      - OPENAI_API_KEY=${OPENAI_API_KEY}
-      - DISCORD_WEBHOOK_URL=${DISCORD_WEBHOOK_URL}
-      - KAKAO_REST_API_KEY=${KAKAO_REST_API_KEY}
-      - KAKAO_CLIENT_SECRET=${KAKAO_CLIENT_SECRET}
-      - APPLE_TEAM_ID=${APPLE_TEAM_ID}
-      - APPLE_KEY_ID=${APPLE_KEY_ID}
-      - APPLE_CLIENT_ID=${APPLE_CLIENT_ID}
-      - APPLE_PRIVATE_KEY_PATH=keys/AuthKey_${APPLE_KEY_ID}.p8
-      - JWT_SECRET=${JWT_SECRET}
-      - JWT_REDIRECT_URI=${JWT_REDIRECT_URI}
-      - SERVER_DOMAIN=${SERVER_DOMAIN}
-    networks:
-      - app-network
-    depends_on:
-      mysql:
-        condition: service_healthy
-      redis:
-        condition: service_started
-      elasticsearch:
-        condition: service_healthy
-
   mysql:
     image: mysql:8.0
-    container_name: tech-fork-mysql
+    container_name: techfork-mysql
     restart: always
     ports:
       - "3306:3306"
@@ -53,21 +18,23 @@ services:
     volumes:
       - mysql-data:/var/lib/mysql
     networks:
-      - app-network
+      techfork-network:
+        aliases:
+          - mysql
     healthcheck:
-      test: [ "CMD", "mysqladmin", "ping", "-h", "localhost" ]
+      test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
       interval: 10s
       timeout: 5s
       retries: 5
 
   redis:
     image: redis:7-alpine
-    container_name: tech-fork-redis
+    container_name: techfork-redis
     restart: always
     ports:
       - "6379:6379"
     command:
-      redis-server 
+      redis-server
       --requirepass ${REDIS_PASSWORD}
       --maxmemory 1gb
       --maxmemory-policy allkeys-lru
@@ -76,14 +43,16 @@ services:
       --rename-command KEYS ""
       --rename-command FLUSHALL ""
       --rename-command FLUSHDB ""
-    networks:
-      - app-network
     volumes:
       - redis-data:/data
+    networks:
+      techfork-network:
+        aliases:
+          - redis
 
   elasticsearch:
     image: docker.elastic.co/elasticsearch/elasticsearch:8.18.0
-    container_name: tech-fork-elasticsearch
+    container_name: techfork-elasticsearch
     restart: always
     ports:
       - "9200:9200"
@@ -92,10 +61,12 @@ services:
       - discovery.type=single-node
       - xpack.security.enabled=false
       - "ES_JAVA_OPTS=-Xms8g -Xmx8g"
-    networks:
-      - app-network
     volumes:
       - elasticsearch-data:/usr/share/elasticsearch/data
+    networks:
+      techfork-network:
+        aliases:
+          - elasticsearch
     ulimits:
       memlock:
         soft: -1
@@ -104,15 +75,29 @@ services:
         soft: 65536
         hard: 65536
     healthcheck:
-      test: [ "CMD-SHELL", "curl -f http://localhost:9200/_cluster/health || exit 1" ]
+      test: ["CMD-SHELL", "curl -f http://localhost:9200/_cluster/health || exit 1"]
       interval: 10s
       timeout: 5s
       retries: 30
       start_period: 60s
 
+  nginx:
+    image: nginx:stable-alpine
+    container_name: techfork-nginx
+    restart: always
+    ports:
+      - "80:80"
+    volumes:
+      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
+      - ./nginx/conf.d:/etc/nginx/conf.d:ro
+    networks:
+      techfork-network:
+        aliases:
+          - nginx
+
 networks:
-  app-network:
-    driver: bridge
+  techfork-network:
+    external: true
 
 volumes:
   mysql-data:

docker/nginx/conf.d/default.conf

@@ -0,0 +1,45 @@
+# Cloudflare Real IP
+set_real_ip_from 173.245.48.0/20;
+set_real_ip_from 103.21.244.0/22;
+set_real_ip_from 103.22.200.0/22;
+set_real_ip_from 103.31.4.0/22;
+set_real_ip_from 141.101.64.0/18;
+set_real_ip_from 108.162.192.0/18;
+set_real_ip_from 190.93.240.0/20;
+set_real_ip_from 188.114.96.0/20;
+set_real_ip_from 197.234.240.0/22;
+set_real_ip_from 198.41.128.0/17;
+set_real_ip_from 162.158.0.0/15;
+set_real_ip_from 104.16.0.0/13;
+set_real_ip_from 104.24.0.0/14;
+set_real_ip_from 172.64.0.0/13;
+set_real_ip_from 131.0.72.0/22;
+real_ip_header CF-Connecting-IP;
+
+server {
+    listen 80;
+    server_name _;
+
+    client_max_body_size 10M;
+
+    access_log /var/log/nginx/tech-fork-access.log;
+    error_log /var/log/nginx/tech-fork-error.log;
+
+    location / {
+        proxy_pass http://springapp;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        proxy_connect_timeout 60s;
+        proxy_send_timeout 60s;
+        proxy_read_timeout 60s;
+    }
+
+    location /nginx-health {
+        access_log off;
+        return 200 "ok";
+        add_header Content-Type text/plain;
+    }
+}

docker/nginx/conf.d/upstream.conf

@@ -0,0 +1,3 @@
+upstream springapp {
+    server techfork-app-blue:8080 fail_timeout=0;
+}

docker/nginx/nginx.conf

@@ -0,0 +1,25 @@
+worker_processes auto;
+error_log /var/log/nginx/error.log warn;
+pid /tmp/nginx.pid;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+                    '$status $body_bytes_sent "$http_referer" '
+                    '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log /var/log/nginx/access.log main;
+
+    sendfile on;
+    tcp_nopush on;
+    keepalive_timeout 65;
+    gzip on;
+
+    include /etc/nginx/conf.d/*.conf;
+}