diff --git a/CLOUD_SERVER_SETUP.md b/CLOUD_SERVER_SETUP.md index e50e8ed..307fa08 100644 --- a/CLOUD_SERVER_SETUP.md +++ b/CLOUD_SERVER_SETUP.md @@ -130,10 +130,15 @@ boto3, cryptography, Jinja2, jsonschema, fail2ban 등 시스템 레벨로 설치 # 1. TaxBaik 홈페이지 (taxbaik.com, www.taxbaik.com) server { - listen 80; server_name taxbaik.com www.taxbaik.com; client_max_body_size 512M; + + # /admin 하위 요청을 /taxbaik/admin 으로 리다이렉트하여 Blazor Base Path 대응 + location /admin { + return 301 $scheme://$host/taxbaik$request_uri; + } + # 루트 경로 요청을 /taxbaik 으로 프록싱하여 base href /taxbaik/ 에 대응 location / { proxy_pass http://127.0.0.1:5001/taxbaik/; @@ -159,11 +164,18 @@ server { proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 120s; } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/taxbaik.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/taxbaik.com/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + } # 2. Gitea (gitea.taxbaik.com) server { - listen 80; server_name gitea.taxbaik.com; client_max_body_size 512M; @@ -178,11 +190,17 @@ server { proxy_connect_timeout 300; proxy_send_timeout 300; } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/taxbaik.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/taxbaik.com/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + } # 3. QuantEngine (quant.taxbaik.com) server { - listen 80; server_name quant.taxbaik.com; location / { @@ -196,6 +214,57 @@ server { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/taxbaik.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/taxbaik.com/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} + +server { + if ($host = www.taxbaik.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + if ($host = taxbaik.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + server_name taxbaik.com www.taxbaik.com; + return 404; # managed by Certbot + + + + +} +server { + if ($host = gitea.taxbaik.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + server_name gitea.taxbaik.com; + return 404; # managed by Certbot + + +} +server { + if ($host = quant.taxbaik.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + server_name quant.taxbaik.com; + return 404; # managed by Certbot + + } ``` diff --git a/deploy/nginx-taxbaik-domains.conf b/deploy/nginx-taxbaik-domains.conf index 65124b0..f39b491 100644 --- a/deploy/nginx-taxbaik-domains.conf +++ b/deploy/nginx-taxbaik-domains.conf @@ -3,6 +3,12 @@ server { server_name taxbaik.com www.taxbaik.com; client_max_body_size 512M; + + # /admin 하위 요청을 /taxbaik/admin 으로 리다이렉트하여 Blazor Base Path 대응 + location /admin { + return 301 $scheme://$host/taxbaik$request_uri; + } + # 루트 경로 요청을 /taxbaik 으로 프록싱하여 base href /taxbaik/ 에 대응 location / { proxy_pass http://127.0.0.1:5001/taxbaik/;