softeerbootcamp-7th · jho7535 · Feb 18, 2026 · Feb 16, 2026 · Feb 16, 2026 · Feb 16, 2026
diff --git a/.github/workflows/be-cd.yml b/.github/workflows/be-cd.yml
@@ -70,7 +70,7 @@ jobs:
           echo "${{ secrets.SSL_PRIVATE_KEY }}" > nginx/certs/private.key
 
           # 인증서 폴더를 포함하여 압축
-          zip -r deploy.zip docker-compose.yml nginx/default.conf nginx/certs/
+          zip -r deploy.zip docker-compose.yml nginx/default.conf nginx/certs/ prometheus/
           aws s3 cp deploy.zip s3://${{ secrets.S3_BUCKET_NAME }}/deploy.zip --sse AES256
 
       # 5. SSM으로 EC2에 명령
@@ -92,6 +92,7 @@ jobs:
            "echo \"DB_URL=${{ secrets.DB_URL }}\" >> .env",
            "echo \"DB_USERNAME=${{ secrets.DB_USERNAME }}\" >> .env",
            "echo \"DB_PASSWORD=${{ secrets.DB_PASSWORD }}\" >> .env",
+           "echo \"DB_HOST=${{ secrets.DB_HOST }}\" >> .env",
            "echo \"GOOGLE_ID=${{ secrets.GOOGLE_ID }}\" >> .env",
            "echo \"GOOGLE_SECRET=${{ secrets.GOOGLE_SECRET }}\" >> .env",
            "echo \"JWT_SECRET=${{ secrets.JWT_SECRET }}\" >> .env",

diff --git a/backend/src/main/resources/application-prod.yml b/backend/src/main/resources/application-prod.yml
@@ -65,4 +65,26 @@ gemini:
   api:
     key: ${GEMINI_API_KEY_SERVER}
   model-name: gemini-3-flash-preview
-  lite-model-name: gemini-2.5-flash-lite
+  lite-model-name: gemini-2.5-flash-lite
+
+management:
+  server:
+    port: 8081
+  endpoints:
+    web:
+      exposure:
+        include: health, metrics, prometheus
+        # Actuator에서 HTTP로 외부에 공개할 엔드포인트 목록
+        # health      : 서버 및 의존성(DB, Redis 등) 상태 확인
+        # metrics     : JVM, CPU, HTTP 요청 등 애플리케이션 메트릭 조회
+        # prometheus  : Prometheus가 수집할 수 있는 메트릭 포맷 제공
+  metrics:
+    tags:
+      application: checkmate-be
+  endpoint:
+    health:
+      show-details: always
+      # health 엔드포인트에서 상세 정보 노출 여부 설정
+      # never           : 상태(UP/DOWN)만 반환 (기본값)
+      # when-authorized : 인증된 사용자에게만 상세 정보 공개 <- 보통 운영에서
+      # always          : 누구에게나 상세 상태 정보 공개
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -6,6 +6,8 @@ services:
     ports:
       - "8080:8080"
     restart: always
+    networks:
+      - checkmate-net
 
   nginx:
     image: nginx:latest
@@ -18,4 +20,43 @@ services:
       - ./nginx/certs:/etc/nginx/certs:ro
     depends_on:
       - backend
-    restart: always
+    restart: always
+    networks:
+      - checkmate-net
+
+  prometheus:
+    image: prom/prometheus:latest
+    extra_hosts:
+      - "db-server:${DB_HOST}"
+      - "redis-server:${REDIS_HOST}"
+    container_name: prometheus
+    restart: always
+    volumes:
+      - ./prometheus/prometheus.yml:/etc/prometheus/prometheus.yml
+      - prometheus-data:/prometheus
+    ports:
+      - "9090:9090"
+    networks:
+      - checkmate-net
+
+  grafana:
+    image: grafana/grafana:latest
+    container_name: grafana
+    restart: always
+    environment:
+      - GF_SERVER_ROOT_URL=https://api-check-mate.kro.kr/grafana/
+      - GF_SERVER_SERVE_FROM_SUB_PATH=true
+    ports:
+      - "3000:3000"
+    volumes:
+      - grafana-data:/var/lib/grafana
+    networks:
+      - checkmate-net
+
+networks:
+  checkmate-net:
+    driver: bridge
+
+volumes:
+  prometheus-data:
+  grafana-data:
diff --git a/nginx/default.conf b/nginx/default.conf
@@ -42,6 +42,29 @@ server {
             proxy_set_header X-Forwarded-Proto $scheme;
     }
 
+    location /grafana/ {
+        # allow 1.2.3.4; # 허용 IP 주소
+        # deny all;
+
+        proxy_pass http://grafana:3000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+        proxy_set_header X-Forwarded-Port 443;
+
+        # 세션 유지를 위한 타임아웃
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+
+        # Grafana가 내부적으로 리다이렉트 주소를 생성할 때 Nginx 주소를 쓰도록 강제
+        proxy_redirect off;
+
+        # 301 무한 루프 방지를 위한 추가 설정
+        proxy_http_version 1.1;
+        proxy_set_header Connection "";
+    }
+
     location / {
         # 도커 컴포즈 서비스명(backend)과 내부 포트(8080)
         proxy_pass http://backend:8080;

diff --git a/prometheus/prometheus.yml b/prometheus/prometheus.yml
@@ -0,0 +1,16 @@
+global:
+  scrape_interval: 5s
+
+scrape_configs:
+  - job_name: 'checkmate-backend'
+    metrics_path: '/actuator/prometheus'
+    static_configs:
+      - targets: ['checkmate-be:8081']
+
+  - job_name: 'postgres'
+    static_configs:
+      - targets: ['db-server:9187']
+
+  - job_name: 'redis'
+    static_configs:
+      - targets: ['redis-server:9121']