Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion .github/workflows/be-cd.yml
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ jobs:
echo "${{ secrets.SSL_PRIVATE_KEY }}" > nginx/certs/private.key

# 인증서 폴더를 포함하여 압축
zip -r deploy.zip docker-compose.yml nginx/default.conf nginx/certs/
zip -r deploy.zip docker-compose.yml nginx/default.conf nginx/certs/ prometheus/
aws s3 cp deploy.zip s3://${{ secrets.S3_BUCKET_NAME }}/deploy.zip --sse AES256

# 5. SSM으로 EC2에 명령
Expand All @@ -92,6 +92,7 @@ jobs:
"echo \"DB_URL=${{ secrets.DB_URL }}\" >> .env",
"echo \"DB_USERNAME=${{ secrets.DB_USERNAME }}\" >> .env",
"echo \"DB_PASSWORD=${{ secrets.DB_PASSWORD }}\" >> .env",
"echo \"DB_HOST=${{ secrets.DB_HOST }}\" >> .env",
"echo \"GOOGLE_ID=${{ secrets.GOOGLE_ID }}\" >> .env",
"echo \"GOOGLE_SECRET=${{ secrets.GOOGLE_SECRET }}\" >> .env",
"echo \"JWT_SECRET=${{ secrets.JWT_SECRET }}\" >> .env",
Expand Down
24 changes: 23 additions & 1 deletion backend/src/main/resources/application-prod.yml
Original file line number Diff line number Diff line change
Expand Up @@ -65,4 +65,26 @@ gemini:
api:
key: ${GEMINI_API_KEY_SERVER}
model-name: gemini-3-flash-preview
lite-model-name: gemini-2.5-flash-lite
lite-model-name: gemini-2.5-flash-lite

management:
server:
port: 8081
endpoints:
web:
exposure:
include: health, metrics, prometheus
# Actuator에서 HTTP로 외부에 공개할 엔드포인트 목록
# health : 서버 및 의존성(DB, Redis 등) 상태 확인
# metrics : JVM, CPU, HTTP 요청 등 애플리케이션 메트릭 조회
# prometheus : Prometheus가 수집할 수 있는 메트릭 포맷 제공
metrics:
tags:
application: checkmate-be
endpoint:
health:
show-details: always
# health 엔드포인트에서 상세 정보 노출 여부 설정
# never : 상태(UP/DOWN)만 반환 (기본값)
# when-authorized : 인증된 사용자에게만 상세 정보 공개 <- 보통 운영에서
# always : 누구에게나 상세 상태 정보 공개
43 changes: 42 additions & 1 deletion docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ services:
ports:
- "8080:8080"
restart: always
networks:
- checkmate-net

nginx:
image: nginx:latest
Expand All @@ -18,4 +20,43 @@ services:
- ./nginx/certs:/etc/nginx/certs:ro
depends_on:
- backend
restart: always
restart: always
networks:
- checkmate-net

prometheus:
image: prom/prometheus:latest
extra_hosts:
- "db-server:${DB_HOST}"
- "redis-server:${REDIS_HOST}"
container_name: prometheus
restart: always
volumes:
- ./prometheus/prometheus.yml:/etc/prometheus/prometheus.yml
- prometheus-data:/prometheus
ports:
- "9090:9090"
networks:
- checkmate-net

grafana:
image: grafana/grafana:latest
container_name: grafana
restart: always
environment:
- GF_SERVER_ROOT_URL=https://api-check-mate.kro.kr/grafana/
- GF_SERVER_SERVE_FROM_SUB_PATH=true
ports:
- "3000:3000"
volumes:
- grafana-data:/var/lib/grafana
networks:
- checkmate-net

networks:
checkmate-net:
driver: bridge

volumes:
prometheus-data:
grafana-data:
23 changes: 23 additions & 0 deletions nginx/default.conf
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,29 @@ server {
proxy_set_header X-Forwarded-Proto $scheme;
}

location /grafana/ {
# allow 1.2.3.4; # 허용 IP 주소
# deny all;

proxy_pass http://grafana:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;

# 세션 유지를 위한 타임아웃
proxy_read_timeout 600s;
proxy_send_timeout 600s;

# Grafana가 내부적으로 리다이렉트 주소를 생성할 때 Nginx 주소를 쓰도록 강제
proxy_redirect off;

# 301 무한 루프 방지를 위한 추가 설정
proxy_http_version 1.1;
proxy_set_header Connection "";
}

location / {
# 도커 컴포즈 서비스명(backend)과 내부 포트(8080)
proxy_pass http://backend:8080;
Expand Down
16 changes: 16 additions & 0 deletions prometheus/prometheus.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
global:
scrape_interval: 5s

scrape_configs:
- job_name: 'checkmate-backend'
metrics_path: '/actuator/prometheus'
static_configs:
- targets: ['checkmate-be:8081']

- job_name: 'postgres'
static_configs:
- targets: ['db-server:9187']

- job_name: 'redis'
static_configs:
- targets: ['redis-server:9121']