SSL 인증서 현황
Let's Encrypt 인증서 유효기간
| 도메인 | 상태 | 발급일 | 만료일 | 남은 일수 | SAN | 작업 |
|---|---|---|---|---|---|---|
|
admin.dontory.com
|
유효 | 2026-02-18 17:04 | 2026-05-19 17:04 | 35일 |
admin.dontory.com
|
|
|
ai.blustar.co.kr
|
유효 | 2026-03-25 03:37 | 2026-06-23 03:37 | 70일 |
ai.blustar.co.kr
|
|
|
api.busanstore.com
|
유효 | 2026-02-21 11:04 | 2026-05-22 11:04 | 38일 |
api.busanstore.com
|
|
|
blustar.co.kr
|
유효 | 2026-03-07 11:13 | 2026-06-05 11:13 | 52일 |
blustar.co.kr
www.blustar.co.kr
|
|
|
bus.busanstore.com
|
유효 | 2026-02-21 11:04 | 2026-05-22 11:04 | 38일 |
bus.busanstore.com
|
|
|
busanstore.com
|
만료됨 | 2025-12-25 18:38 | 2026-03-25 18:38 | -20일 |
busanstore.com
www.busanstore.com
|
|
|
busanstore.com-0001
|
유효 | 2026-02-22 23:44 | 2026-05-23 23:44 | 39일 |
busanstore.com
|
|
|
cacaoapt.com
|
유효 | 2026-02-20 05:55 | 2026-05-21 05:55 | 37일 |
cacaoapt.com
www.cacaoapt.com
|
|
|
create.miniwindo.com
|
유효 | 2026-02-28 01:12 | 2026-05-29 01:12 | 44일 |
create.miniwindo.com
|
|
|
docs.miniwindo.co.kr
|
유효 | 2026-02-28 01:14 | 2026-05-29 01:14 | 44일 |
docs.miniwindo.co.kr
|
|
|
dontory.com
|
유효 | 2026-02-18 15:15 | 2026-05-19 15:15 | 35일 |
dontory.com
www.dontory.com
|
|
|
eyecode.co.kr
|
유효 | 2026-02-23 23:07 | 2026-05-24 23:07 | 40일 |
eyecode.co.kr
www.eyecode.co.kr
|
|
|
hansanmart.com
|
유효 | 2026-03-24 10:39 | 2026-06-22 10:39 | 69일 |
hansanmart.com
www.hansanmart.com
|
|
|
hansanmart.com-0001
|
유효 | 2026-02-23 23:07 | 2026-05-24 23:07 | 40일 |
hansanmart.com
|
|
|
hub.eyecode.co.kr
|
유효 | 2026-02-22 13:21 | 2026-05-23 13:21 | 39일 |
hub.eyecode.co.kr
|
|
|
kakaoapt.com
|
유효 | 2026-03-17 00:58 | 2026-06-15 00:58 | 61일 |
kakaoapt.com
www.kakaoapt.com
|
|
|
m.busanstore.com
|
유효 | 2026-02-21 11:03 | 2026-05-22 11:03 | 38일 |
m.busanstore.com
|
|
|
m.pluginmart.net
|
유효 | 2026-02-24 19:26 | 2026-05-25 19:26 | 41일 |
m.pluginmart.net
|
|
|
market.miniwindo.co.kr
|
유효 | 2026-03-03 13:59 | 2026-06-01 13:59 | 48일 |
market.miniwindo.co.kr
|
|
|
market.miniwindo.com
|
유효 | 2026-02-24 17:41 | 2026-05-25 17:41 | 41일 |
market.miniwindo.com
|
|
|
memo.blustar.co.kr
|
유효 | 2026-03-15 08:54 | 2026-06-13 08:54 | 60일 |
memo.blustar.co.kr
|
|
|
miniwindo.com
|
유효 | 2026-02-16 11:08 | 2026-05-17 11:08 | 33일 |
miniwindo.co.kr
miniwindo.com
www.miniwindo.co.kr
www.miniwindo.com
|
|
|
mobile.miniwindo.com
|
유효 | 2026-03-03 13:57 | 2026-06-01 13:57 | 48일 |
mobile.miniwindo.com
|
|
|
momoin.net
|
유효 | 2026-02-23 23:07 | 2026-05-24 23:07 | 40일 |
momoin.net
www.momoin.net
|
|
|
momoincafe.com
|
유효 | 2026-02-23 11:52 | 2026-05-24 11:52 | 40일 |
momoincafe.com
www.momoincafe.com
|
|
|
momoincafe.com-0001
|
유효 | 2026-02-22 13:41 | 2026-05-23 13:41 | 39일 |
momoincafe.com
|
|
|
news.timefood.co.kr
|
유효 | 2026-03-24 05:38 | 2026-06-22 05:38 | 69일 |
news.timefood.co.kr
|
|
|
passbook.timefood.co.kr
|
유효 | 2026-03-23 04:28 | 2026-06-21 04:28 | 68일 |
passbook.timefood.co.kr
|
|
|
phpmyadmin.blustar.co.kr
|
유효 | 2026-03-13 11:06 | 2026-06-11 11:06 | 58일 |
phpmyadmin.blustar.co.kr
|
|
|
pluginmart.net
|
유효 | 2026-02-23 23:08 | 2026-05-24 23:08 | 40일 |
pluginmart.net
|
|
|
promptitem.com
|
유효 | 2026-02-23 23:08 | 2026-05-24 23:08 | 40일 |
promptitem.com
www.promptitem.com
|
|
|
stock.miniwindo.co.kr
|
유효 | 2026-03-03 14:22 | 2026-06-01 14:22 | 48일 |
stock.miniwindo.co.kr
|
|
|
studio.miniwindo.com
|
유효 | 2026-02-23 12:36 | 2026-05-24 12:36 | 40일 |
studio.miniwindo.com
|
|
|
timefood.co.kr
|
유효 | 2026-02-24 10:54 | 2026-05-25 10:54 | 41일 |
timefood.co.kr
www.timefood.co.kr
|
|
|
tip.miniwindo.co.kr
|
유효 | 2026-02-28 01:00 | 2026-05-29 01:00 | 44일 |
docs.miniwindo.co.kr
tip.miniwindo.co.kr
|
|
|
tip.miniwindo.co.kr-0001
|
유효 | 2026-02-28 01:14 | 2026-05-29 01:14 | 44일 |
tip.miniwindo.co.kr
|
|
|
tip.miniwindo.com
|
유효 | 2026-02-24 17:41 | 2026-05-25 17:41 | 41일 |
tip.miniwindo.com
|
|
|
topcalc.net
|
유효 | 2026-03-04 16:03 | 2026-06-02 16:03 | 49일 |
api.topcalc.net
dev.topcalc.net
mcp.topcalc.net
topcalc.net
www.topcalc.net
|
|
|
websvc.busanstore.com
|
유효 | 2026-02-21 11:04 | 2026-05-22 11:04 | 38일 |
websvc.busanstore.com
|
|
|
www.busanstore.com
|
만료됨 | 2025-12-25 18:40 | 2026-03-25 18:40 | -20일 |
www.busanstore.com
|
|
Nginx 설정 파일
/etc/nginx/conf.d/ (읽기 전용)
/etc/nginx/conf.d/blustar.conf
읽기 전용
###############################################################################
# BluStar 서비스 — Nginx 리버스 프록시 설정
#
# 도메인 → 포트/서비스 매핑:
# blustar.co.kr / www.blustar.co.kr → 21100 (Nextcloud, upstream)
# memo.blustar.co.kr → 58600 (Joplin 메모 서비스)
# dbadmin.blustar.co.kr:12600 → 19081 (phpMyAdmin)
# phpmyadmin.blustar.co.kr:12610 → 19080 (Adminer)
#
# SSL 인증서: Let's Encrypt (certbot 자동 갱신)
###############################################################################
# ─── Nextcloud 업스트림 정의 ────────────────────────────────────────────────
# Nextcloud Docker 컨테이너의 내부 포트 (127.0.0.1:21100)
upstream blustar_nextcloud_backend {
server 127.0.0.1:21100;
}
# ─── phpMyAdmin (비표준 포트 12600) ─────────────────────────────────────────
# 데이터베이스 관리 도구 — 내부망 또는 VPN 접속 권장
# Docker 컨테이너 포트 19081로 프록시
server {
listen 12600;
server_name dbadmin.blustar.co.kr;
location / { proxy_pass http://127.0.0.1:19081; }
}
# ─── Adminer (비표준 포트 12610) ────────────────────────────────────────────
# 경량 데이터베이스 관리 도구 — 내부망 또는 VPN 접속 권장
# Docker 컨테이너 포트 19080로 프록시
server {
listen 12610;
server_name phpmyadmin.blustar.co.kr;
location / { proxy_pass http://127.0.0.1:19080; }
}
# ─── HTTP → HTTPS 리다이렉트 (BluStar 도메인) ──────────────────────────────
# Certbot이 자동으로 관리하는 if 블록으로 HTTP(80) → HTTPS(443) 리다이렉트
server {
# Certbot 자동 관리 블록: memo.blustar.co.kr HTTP → HTTPS
if ($host = memo.blustar.co.kr) {
return 301 https://$host$request_uri;
} # managed by Certbot
# Certbot 자동 관리 블록: www.blustar.co.kr HTTP → HTTPS
if ($host = www.blustar.co.kr) {
return 301 https://$host$request_uri;
} # managed by Certbot
# Certbot 자동 관리 블록: blustar.co.kr HTTP → HTTPS
if ($host = blustar.co.kr) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name blustar.co.kr www.blustar.co.kr memo.blustar.co.kr;
# Let's Encrypt 인증서 갱신을 위한 ACME challenge 경로
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
# 기본 리다이렉트: 모든 HTTP 요청 → HTTPS
location / {
return 301 https://$host$request_uri;
}
}
# ─── Nextcloud (비표준 포트 21000) ──────────────────────────────────────────
# 레거시 포트 21000으로도 Nextcloud 접속 가능 (하위 호환성)
server {
listen 21000 ssl http2;
listen [::]:21000 ssl http2;
server_name blustar.co.kr www.blustar.co.kr;
ssl_certificate /etc/letsencrypt/live/blustar.co.kr/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/blustar.co.kr/privkey.pem; # managed by Certbot
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Nextcloud는 대용량 파일 업로드를 지원하므로 20GB까지 허용
client_max_body_size 20G;
location / {
proxy_pass http://blustar_nextcloud_backend;
}
}
# ─── Nextcloud (표준 포트 443) ──────────────────────────────────────────────
# https://blustar.co.kr 으로 포트 없이 바로 Nextcloud 접속 가능
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name blustar.co.kr www.blustar.co.kr;
ssl_certificate /etc/letsencrypt/live/blustar.co.kr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/blustar.co.kr/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 20G;
location / {
proxy_pass http://blustar_nextcloud_backend;
# 프록시 헤더: 원본 클라이언트 정보를 백엔드에 전달
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Nextcloud가 HTTPS 환경을 인식하도록 프로토콜/포트 헤더 설정
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
# WebDAV 등 대용량 동기화를 위한 긴 타임아웃 (1시간)
proxy_read_timeout 3600;
proxy_connect_timeout 60;
proxy_send_timeout 3600;
}
}
# ─── Joplin 메모 서비스 (memo.blustar.co.kr) ───────────────────────────────
# Joplin Server — 메모 동기화용 백엔드
# Docker 컨테이너 포트 58600으로 프록시
server {
listen 443 ssl http2;
server_name memo.blustar.co.kr;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# 메모에 첨부 파일 업로드를 위해 200MB 허용
client_max_body_size 200m;
location / {
proxy_pass http://192.168.0.52:58600;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
# Joplin 동기화는 시간이 걸릴 수 있으므로 긴 타임아웃 설정
proxy_read_timeout 3600;
proxy_connect_timeout 60;
proxy_send_timeout 3600;
}
ssl_certificate /etc/letsencrypt/live/memo.blustar.co.kr/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/memo.blustar.co.kr/privkey.pem; # managed by Certbot
}
# ─── AI Dashboard (ai.blustar.co.kr) ────────────────────────────────────────
# AI 대시보드 서비스 — 포트 33000으로 프록시
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ai.blustar.co.kr;
ssl_certificate /etc/letsencrypt/live/ai.blustar.co.kr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ai.blustar.co.kr/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 100m;
location / {
proxy_pass http://127.0.0.1:33000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_read_timeout 3600;
proxy_connect_timeout 60;
proxy_send_timeout 3600;
}
}
# ─── HTTP → HTTPS 리다이렉트 (AI Dashboard) ────────────────────────────────
server {
listen 80;
listen [::]:80;
server_name ai.blustar.co.kr;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
/etc/nginx/conf.d/busanstore.conf
읽기 전용
###############################################################################
# BusanStore 통합 스택 — Nginx 리버스 프록시 설정
#
# 도메인 → 포트 매핑:
# busanstore.com → 19000 (PC 웹)
# m.busanstore.com → 19010 (모바일 웹)
# websvc.busanstore.com → 19020 (WebView 콘텐츠)
# api.busanstore.com → 19040 (.NET 8 API)
# bus.busanstore.com → 19050 (BusWhere Node.js)
#
# 내부 백엔드 IP: 192.168.0.52 (Docker 호스트)
# SSL 인증서: Let's Encrypt (certbot 자동 갱신)
# DH 파라미터: /etc/ssl/certs/dhparam.pem (2048bit+)
#
# 변경 이력:
# 2026-02-21 www.busanstore.com 서브도메인 제거, 주석 보강
###############################################################################
# ─── HTTP → HTTPS 리다이렉트 ────────────────────────────────────────────────
# 모든 busanstore 하위 도메인의 HTTP(80) 요청을 HTTPS(443)로 301 리다이렉트
# ACME challenge 경로는 certbot 인증서 갱신을 위해 예외 처리
server {
listen 80;
listen [::]:80;
server_name busanstore.com
m.busanstore.com
api.busanstore.com
bus.busanstore.com
websvc.busanstore.com;
# Let's Encrypt 인증서 갱신용 ACME challenge 경로
location /.well-known/acme-challenge/ {
root /var/www/html;
}
# 나머지 모든 요청 → HTTPS로 영구 리다이렉트
location / {
return 301 https://$host$request_uri;
}
}
# ─── busanstore.com → 19000 (PC 웹) ────────────────────────────────────────
# ASP.NET / Blazor 기반 PC 웹 프론트엔드
# 내부 Docker 컨테이너 포트 19000으로 프록시
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name busanstore.com;
# --- SSL 인증서 ---
ssl_certificate /etc/letsencrypt/live/busanstore.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/busanstore.com/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# --- SSL 프로토콜/암호화 ---
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# --- 보안 헤더 ---
add_header X-Frame-Options SAMEORIGIN; # 클릭재킹 방지 (같은 출처만 iframe 허용)
add_header X-Content-Type-Options nosniff; # MIME 스니핑 방지
location / {
proxy_pass http://192.168.0.52:19000;
proxy_redirect ~:(\d+)/ /; # 백엔드 포트 번호가 노출되지 않도록 리다이렉트 치환
# --- 프록시 헤더 (원본 클라이언트 정보 전달) ---
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# --- 성능 설정 ---
proxy_buffering off; # 스트리밍 응답을 위해 버퍼링 비활성화
proxy_request_buffering off; # 요청 본문 버퍼링 비활성화
proxy_http_version 1.1; # keep-alive 지원
}
}
# ─── m.busanstore.com → 19010 (모바일 웹) ──────────────────────────────────
# 모바일 전용 웹 프론트엔드 (반응형 또는 별도 모바일 UI)
# 내부 Docker 컨테이너 포트 19010으로 프록시
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name m.busanstore.com;
ssl_certificate /etc/letsencrypt/live/m.busanstore.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/m.busanstore.com/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://192.168.0.52:19010;
proxy_redirect ~:(\d+)/ /;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
}
}
# ─── websvc.busanstore.com → 19020 (WebView 콘텐츠) ────────────────────────
# 앱 내 WebView에서 로드하는 콘텐츠 서버
# 캐시를 완전히 비활성화하여 항상 최신 콘텐츠 제공
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name websvc.busanstore.com;
ssl_certificate /etc/letsencrypt/live/websvc.busanstore.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/websvc.busanstore.com/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header Cache-Control "no-cache, no-store, must-revalidate"; # 브라우저/CDN 캐시 완전 비활성화
location / {
proxy_pass http://192.168.0.52:19020;
proxy_redirect ~:(\d+)/ /;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# nginx 프록시 캐시도 비활성화
proxy_no_cache 1;
proxy_cache_bypass 1;
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
}
}
# ─── api.busanstore.com → 19040 (.NET 8 API) ──────────────────────────────
# BusanStore 백엔드 REST API (.NET 8 / Kestrel)
# 모바일 앱 및 웹 프론트엔드에서 호출하는 API 엔드포인트
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name api.busanstore.com;
ssl_certificate /etc/letsencrypt/live/api.busanstore.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.busanstore.com/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 10M; # API 요청 본문 최대 10MB (파일 업로드 등)
add_header X-Frame-Options DENY; # API는 iframe 삽입 완전 차단
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://192.168.0.52:19040;
proxy_redirect ~:(\d+)/ /;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 5s; # 백엔드 연결 타임아웃 5초
proxy_read_timeout 30s; # 응답 대기 타임아웃 30초
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
}
}
# ─── bus.busanstore.com → 19050 (BusWhere Node.js 백엔드) ──────────────────
# 부산 버스 실시간 위치 조회 서비스 (Node.js)
# 공공데이터 API를 호출하여 버스 도착 정보를 제공
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name bus.busanstore.com;
ssl_certificate /etc/letsencrypt/live/bus.busanstore.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/bus.busanstore.com/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 5M; # 요청 본문 최대 5MB
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://192.168.0.52:19050;
proxy_redirect ~:(\d+)/ /;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 5s; # 연결 타임아웃 5초
proxy_read_timeout 15s; # 읽기 타임아웃 15초 (버스 API는 빠른 응답 기대)
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
}
}
/etc/nginx/conf.d/default.conf
읽기 전용
###############################################################################
# 기타 도메인 모음 — Nginx 리버스 프록시 설정 (default.conf)
#
# 개별 conf 파일로 분리되지 않은 나머지 도메인들을 관리
#
# 도메인 → 포트/서비스 매핑:
# hansanmart.com / www.hansanmart.com → 53100 (한산마트, CORS 활성화)
# promptitem.com / www.promptitem.com → 51400 (프롬프트아이템, 레거시 서버)
# timefood.co.kr / www.timefood.co.kr → 7777 (타임푸드, 레거시 서버)
# kakaoapt.com → cacaoapt.com 리다이렉트 (도메인명 변경)
# cacaoapt.com / www.cacaoapt.com → 18100 (카카오아파트)
# admin.cacaoapt.com → 18100 (카카오아파트 관리자)
#
# 분리된 도메인 (별도 conf 파일):
# eyecode.co.kr, hub.eyecode.co.kr → eyecd.conf
#
# 내부 백엔드: 192.168.0.52 (Docker 호스트), 192.168.0.14 (레거시 서버)
###############################################################################
# ─── HTTP → HTTPS 리다이렉트 (나머지 도메인 전체) ───────────────────────────
# eyecode.co.kr 은 eyecd.conf 로 분리됨 (2026-02-22)
server {
if ($host = www.cacaoapt.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = cacaoapt.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name hansanmart.com www.hansanmart.com
promptitem.com www.promptitem.com
timefood.co.kr www.timefood.co.kr
kakaoapt.com www.kakaoapt.com
cacaoapt.com www.cacaoapt.com admin.cacaoapt.com;
location / {
return 301 https://$host$request_uri;
}
}
# ─── hansanmart.com (한산마트) → 53100 ──────────────────────────────────────
# CORS 헤더가 설정되어 외부 도메인에서의 API 호출을 허용
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name hansanmart.com www.hansanmart.com;
ssl_certificate /etc/letsencrypt/live/hansanmart.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/hansanmart.com/privkey.pem; # managed by Certbot
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://192.168.0.52:53100;
proxy_redirect ~:(\d+)/ /;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS: 외부 도메인에서의 API 호출 허용
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
add_header Access-Control-Allow-Headers 'Origin, Authorization, Content-Type, X-Requested-With';
}
}
# ─── promptitem.com (프롬프트아이템) → 51400 ───────────────────────────────
# 레거시 서버(192.168.0.14)에서 운영 중
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name promptitem.com www.promptitem.com;
ssl_certificate /etc/letsencrypt/live/promptitem.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/promptitem.com/privkey.pem; # managed by Certbot
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:18400; # Docker 컨테이너 (ppitem_web)
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# ─── timefood.co.kr (타임푸드) → 7777 ──────────────────────────────────────
# 레거시 서버(192.168.0.14)에서 운영 중
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name timefood.co.kr www.timefood.co.kr;
ssl_certificate /etc/letsencrypt/live/timefood.co.kr/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/timefood.co.kr/privkey.pem; # managed by Certbot
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
#proxy_pass http://192.168.0.14:7777; # 레거시 서버
proxy_pass http://192.168.0.52:18320; # 레거시 서버
proxy_redirect ~:(\d+)/ /;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# ─── kakaoapt.com → cacaoapt.com 리다이렉트 ────────────────────────────────
# 도메인명 변경(kakao→cacao)으로 인한 301 영구 리다이렉트
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name kakaoapt.com www.kakaoapt.com;
ssl_certificate /etc/letsencrypt/live/kakaoapt.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/kakaoapt.com/privkey.pem;
return 301 https://cacaoapt.com$request_uri;
}
# ─── cacaoapt.com (카카오아파트) → 18100 ────────────────────────────────────
# admin.cacaoapt.com 서브도메인도 동일 서버 블록에서 처리
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name cacaoapt.com www.cacaoapt.com admin.cacaoapt.com;
ssl_certificate /etc/letsencrypt/live/cacaoapt.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/cacaoapt.com/privkey.pem; # managed by Certbot
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://192.168.0.52:17200;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_cookie_path / /;
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
absolute_redirect off;
}
}
# ─── topcalc api 포트 브리지: 18310 → 18300 ─────────────────────────────────
# api.topcalc.net의 proxy_pass 18310/api를 topcalc 컨테이너(18300)의 /api로 포워딩
server {
listen 18310;
listen [::]:18310;
server_name _;
location / {
proxy_pass http://127.0.0.1:18300;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
/etc/nginx/conf.d/dontory.conf
읽기 전용
###############################################################################
# 돈토리 — Nginx 리버스 프록시 설정
#
# 도메인 → 포트 매핑:
# dontory.com / www.dontory.com → 16000 (돈토리 메인 사이트)
# admin.dontory.com → 16100 (돈토리 관리자 패널)
#
# 백엔드: 192.168.0.52 (Docker 호스트)
# CMS 기반 서비스로 파일 업로드를 위해 client_max_body_size 64M 설정
# proxy_redirect로 내부 URL이 외부에 노출되지 않도록 처리
###############################################################################
# ─── HTTP → HTTPS 리다이렉트 ────────────────────────────────────────────────
server {
listen 80;
listen [::]:80;
server_name dontory.com www.dontory.com admin.dontory.com;
location / {
return 301 https://$host$request_uri;
}
}
# ─── dontory.com (돈토리 메인) → 16000 ─────────────────────────────────────
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name dontory.com www.dontory.com;
ssl_certificate /etc/letsencrypt/live/dontory.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/dontory.com/privkey.pem; # managed by Certbot
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 64M; # 파일 업로드 최대 64MB
location / {
proxy_pass http://192.168.0.52:16000;
proxy_redirect http://192.168.0.52:16000/ https://dontory.com; # 내부 URL → 외부 URL 치환
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_cookie_path / /; # 쿠키 경로 재작성
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
absolute_redirect off; # 상대 경로 리다이렉트 사용
}
}
# ─── admin.dontory.com (돈토리 관리자) → 16100 ─────────────────────────────
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name admin.dontory.com;
ssl_certificate /etc/letsencrypt/live/admin.dontory.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/admin.dontory.com/privkey.pem; # managed by Certbot
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 64M;
location / {
proxy_pass http://192.168.0.52:16100;
proxy_redirect http://192.168.0.52:16100/ https://admin.dontory.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_cookie_path / /;
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
absolute_redirect off;
}
}
/etc/nginx/conf.d/eyecd.conf
읽기 전용
###############################################################################
# eyeCode 통합 스택 — Nginx 리버스 프록시 설정
#
# 도메인 → 포트 매핑:
# eyecode.co.kr / www.eyecode.co.kr → 15000 (회사홈페이지)
# hub.eyecode.co.kr → 15010 (개발관리허브, eyeCodeHub)
#
# 내부 백엔드 IP: 192.168.0.52 (Docker 호스트)
# SSL 인증서: Let's Encrypt (certbot 자동 갱신)
# DH 파라미터: /etc/ssl/certs/dhparam.pem (2048bit+)
#
# 설치: sudo cp eyecd.conf /etc/nginx/conf.d/eyecd.conf
# sudo nginx -t && sudo systemctl reload nginx
#
# 변경 이력:
# 2026-02-22 초기 작성 — eyeCode 통합 스택용
# eyecode.co.kr 을 default.conf → eyecd.conf 로 분리
# hub.eyecode.co.kr 신규 추가 (eyeCodeHub 개발관리허브)
###############################################################################
# ─── HTTP → HTTPS 리다이렉트 ────────────────────────────────────────────────
server {
listen 80;
listen [::]:80;
server_name eyecode.co.kr www.eyecode.co.kr
hub.eyecode.co.kr;
# Let's Encrypt 인증서 갱신용 ACME challenge 경로
location /.well-known/acme-challenge/ {
root /var/www/html;
}
# 나머지 모든 요청 → HTTPS로 영구 리다이렉트
location / {
return 301 https://$host$request_uri;
}
}
# ─── eyecode.co.kr (회사홈페이지) → 15000 ────────────────────────────────────
# eyeCode 공식 웹사이트 — Flask (eyecodehome)
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name eyecode.co.kr www.eyecode.co.kr;
# --- SSL 인증서 ---
ssl_certificate /etc/letsencrypt/live/eyecode.co.kr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/eyecode.co.kr/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# --- SSL 프로토콜/암호화 ---
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# --- 보안 헤더 ---
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://192.168.0.52:15000;
proxy_redirect ~:(\d+)/ /;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
}
}
# ─── hub.eyecode.co.kr (개발관리허브) → 15010 ────────────────────────────────
# eyeCodeHub — 프로젝트관리, SVN관리, 서비스개발 관리 도구
# Flask + Gunicorn (4 workers), WebSocket 지원
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name hub.eyecode.co.kr;
# --- SSL 인증서 ---
ssl_certificate /etc/letsencrypt/live/hub.eyecode.co.kr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/hub.eyecode.co.kr/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# --- SSL 프로토콜/암호화 ---
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# --- 보안 헤더 ---
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy "strict-origin-when-cross-origin";
# 파일 업로드 최대 50MB (SVN, 프로젝트 파일)
client_max_body_size 50M;
location / {
proxy_pass http://192.168.0.52:15010;
proxy_redirect ~:(\d+)/ /;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket 지원 (Flask-SocketIO)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_connect_timeout 60s;
proxy_read_timeout 120s;
proxy_send_timeout 120s;
proxy_buffering off;
proxy_request_buffering off;
}
}
/etc/nginx/conf.d/miniwindo.conf
읽기 전용
# miniwindo 도메인 기반 리버스 프록시 설정 (HTTPS)
# 포트 80: HTTP → HTTPS 리다이렉트
# 포트 443: HTTPS 서빙
# ── miniwindo.studio (12010) - 메인 YouTube 스튜디오 ───────────────
server {
listen 80;
server_name miniwindo.studio studio.miniwindo.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name miniwindo.studio studio.miniwindo.com;
ssl_certificate /etc/letsencrypt/live/studio.miniwindo.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/studio.miniwindo.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
access_log /var/log/nginx/miniwindo-studio-access.log combined;
error_log /var/log/nginx/miniwindo-studio-error.log warn;
location / {
proxy_pass http://127.0.0.1:12010;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
}
# ── create.miniwindo.com (12110) - 크리에이터 스튜디오 ──────────────
server {
listen 80;
server_name create.miniwindo.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name create.miniwindo.com;
ssl_certificate /etc/letsencrypt/live/create.miniwindo.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/create.miniwindo.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
access_log /var/log/nginx/miniwindo-create-access.log combined;
error_log /var/log/nginx/miniwindo-create-error.log warn;
client_max_body_size 500m;
# HLS 스트리밍
location /hls/ {
alias /work/miniwindo/asset/hls/;
add_header Cache-Control "no-cache, no-store, must-revalidate";
add_header Pragma "no-cache";
add_header Expires "0";
add_header Access-Control-Allow-Origin "*";
add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Range";
types {
application/vnd.apple.mpegurl m3u8;
video/mp2t ts;
}
add_header Accept-Ranges bytes;
}
location /asset/ {
alias /work/miniwindo/asset/;
add_header Access-Control-Allow-Origin "*";
add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS";
add_header Accept-Ranges bytes;
types {
video/mp4 mp4;
image/png png;
image/jpeg jpg jpeg;
image/webp webp;
}
}
location / {
proxy_pass http://127.0.0.1:12110;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
}
# ── miniwindo.com (12030) - 메인 홈페이지 ─────────────────────────
server {
listen 80;
server_name miniwindo.com www.miniwindo.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name miniwindo.com www.miniwindo.com;
ssl_certificate /etc/letsencrypt/live/miniwindo.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/miniwindo.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
access_log /var/log/nginx/miniwindo-home-access.log combined;
error_log /var/log/nginx/miniwindo-home-error.log warn;
location / {
proxy_pass http://127.0.0.1:12030;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
}
# ── tip.miniwindo.com (12040) - 팁 커뮤니티 ───────────────────────
server {
listen 80;
server_name tip.miniwindo.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name tip.miniwindo.com;
ssl_certificate /etc/letsencrypt/live/tip.miniwindo.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tip.miniwindo.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
access_log /var/log/nginx/miniwindo-tip-access.log combined;
error_log /var/log/nginx/miniwindo-tip-error.log warn;
location / {
proxy_pass http://127.0.0.1:12040;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
}
# ── market.miniwindo.com (12050) - 마켓플레이스 ─────────────────────
server {
listen 80;
server_name market.miniwindo.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name market.miniwindo.com;
ssl_certificate /etc/letsencrypt/live/market.miniwindo.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/market.miniwindo.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
access_log /var/log/nginx/miniwindo-market-access.log combined;
error_log /var/log/nginx/miniwindo-market-error.log warn;
location / {
proxy_pass http://127.0.0.1:12050;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
}
/etc/nginx/conf.d/momoin.conf
읽기 전용
###############################################################################
# 모모인 / 모모인카페 — Nginx 리버스 프록시 설정
#
# 도메인 → 포트 매핑:
# momoin.net / www.momoin.net → 5501 (모모인 웹)
# momoincafe.com / www.momoincafe.com → 5501 (모모인카페 — 동일 백엔드)
# cloud.momoincafe.com → 5501 (클라우드 접속용 별칭)
#
# 백엔드: 192.168.0.52:5501 (Docker 컨테이너)
# 두 도메인이 같은 백엔드(5501)를 공유하지만 Host 헤더로 구분 가능
###############################################################################
# ─── HTTP → HTTPS 리다이렉트 ────────────────────────────────────────────────
server {
listen 80;
listen [::]:80;
server_name momoin.net www.momoin.net
momoincafe.com www.momoincafe.com cloud.momoincafe.com;
location / {
return 301 https://$host$request_uri;
}
}
# ─── momoin.net (모모인 메인) → 5501 ───────────────────────────────────────
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name momoin.net www.momoin.net;
ssl_certificate /etc/letsencrypt/live/momoin.net/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/momoin.net/privkey.pem; # managed by Certbot
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://192.168.0.52:17000;
proxy_redirect ~:(\d+)/ /;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
}
}
# ─── momoincafe.com (모모인카페) → 5501 ────────────────────────────────────
# momoin.net과 동일한 백엔드를 사용 (Host 헤더로 사이트 구분)
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name momoincafe.com www.momoincafe.com;
ssl_certificate /etc/letsencrypt/live/momoincafe.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/momoincafe.com/privkey.pem; # managed by Certbot
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://192.168.0.52:5501;
proxy_redirect ~:(\d+)/ /;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
}
}
/etc/nginx/conf.d/pluginmart.conf
읽기 전용
###############################################################################
# PluginMart — Nginx 리버스 프록시 설정
#
# 도메인:
# pluginmart.net / www.pluginmart.net → frontend-web (127.0.0.1:18120)
# m.pluginmart.net → frontend-mobile (127.0.0.1:18130)
#
# 공통 라우팅:
# /api/* /auth/* → pluginmart-backend (127.0.0.1:18110)
# /uploads/* → pluginmart-minio (127.0.0.1:18170)
#
# SSL: Let's Encrypt — certbot 자동 갱신
# DH: /etc/ssl/certs/dhparam.pem
###############################################################################
# ─── HTTP → HTTPS 리다이렉트 ─────────────────────────────────────────────────
server {
listen 80;
listen [::]:80;
server_name pluginmart.net www.pluginmart.net m.pluginmart.net;
# Let's Encrypt ACME challenge (certbot --webroot)
location /.well-known/acme-challenge/ {
root /var/www/html;
}
location / {
return 301 https://$host$request_uri;
}
}
# ─── www.pluginmart.net → apex 리다이렉트 ────────────────────────────────────
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.pluginmart.net;
ssl_certificate /etc/letsencrypt/live/pluginmart.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/pluginmart.net/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
return 301 https://pluginmart.net$request_uri;
}
# ─── pluginmart.net (PC 웹) → frontend-web (18120) ───────────────────────────
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name pluginmart.net;
ssl_certificate /etc/letsencrypt/live/pluginmart.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/pluginmart.net/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 100M;
# ── Backend API ─────────────────────────────────────────────────────────
location ~ ^/(api|auth)/ {
proxy_pass http://127.0.0.1:18110;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 60s;
}
# ── MinIO 파일 서빙 ──────────────────────────────────────────────────────
location /uploads/ {
proxy_pass http://127.0.0.1:18170/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
}
# ── PC 웹 프론트엔드 ──────────────────────────────────────────────────────
location / {
proxy_pass http://127.0.0.1:18120;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 60s;
}
}
# ─── m.pluginmart.net (모바일) → frontend-mobile (18130) ─────────────────────
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name m.pluginmart.net;
ssl_certificate /etc/letsencrypt/live/m.pluginmart.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/m.pluginmart.net/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 100M;
# ── Backend API ─────────────────────────────────────────────────────────
location ~ ^/(api|auth)/ {
proxy_pass http://127.0.0.1:18110;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 60s;
}
# ── MinIO 파일 서빙 ──────────────────────────────────────────────────────
location /uploads/ {
proxy_pass http://127.0.0.1:18170/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
}
# ── 모바일 프론트엔드 ─────────────────────────────────────────────────────
location / {
proxy_pass http://127.0.0.1:18130;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 60s;
}
}
/etc/nginx/conf.d/timefood.conf
읽기 전용
###############################################################################
# timefood.co.kr — Nginx 리버스 프록시 설정
#
# 도메인 → 포트 매핑:
# passbook.timefood.co.kr → 17200 (파생상품투자권유자문인력 공부앱)
# news.timefood.co.kr → 11800 (Docker Newsbot)
###############################################################################
upstream newsbot_backend {
server localhost:11800;
}
# ─── HTTP → HTTPS 리다이렉트 (passbook) ────────────────────────────────────
server {
listen 80;
listen [::]:80;
server_name passbook.timefood.co.kr;
location / {
return 301 https://$host$request_uri;
}
}
# ─── passbook.timefood.co.kr → 17200 ────────────────────────────────────────
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name passbook.timefood.co.kr;
ssl_certificate /etc/letsencrypt/live/passbook.timefood.co.kr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/passbook.timefood.co.kr/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 10M;
gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml text/javascript;
gzip_min_length 1000;
location / {
proxy_pass http://127.0.0.1:17200;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 60s;
proxy_connect_timeout 10s;
}
}
# ─── HTTP → HTTPS 리다이렉트 (news) ─────────────────────────────────────────
server {
listen 80;
listen [::]:80;
server_name news.timefood.co.kr;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$server_name$request_uri;
}
}
# ─── news.timefood.co.kr → localhost:11800 (Docker) ────────────────────────
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name news.timefood.co.kr;
ssl_certificate /etc/letsencrypt/live/news.timefood.co.kr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/news.timefood.co.kr/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options DENY;
add_header X-XSS-Protection "1; mode=block";
access_log /var/log/nginx/news.timefood.co.kr_access.log;
error_log /var/log/nginx/news.timefood.co.kr_error.log;
location / {
proxy_pass http://newsbot_backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_buffering off;
proxy_request_buffering off;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
proxy_pass http://newsbot_backend;
expires 1y;
add_header Cache-Control "public, immutable";
}
}
/etc/nginx/conf.d/topcalc.conf
읽기 전용
###############################################################################
# TopCalc — Nginx 리버스 프록시 설정
#
# 도메인 → 포트 매핑:
# topcalc.net / www.topcalc.net → 18300 (TopCalc 웹 앱)
# api.topcalc.net → 18350 (TopCalc REST API)
#
# 백엔드: 192.168.0.52:18300 (Docker 컨테이너)
# 정적 파일 캐시 제어 추가 (CSS/JS no-cache, 이미지 5분 캐시)
###############################################################################
# ─── HTTP → HTTPS 리다이렉트 ────────────────────────────────────────────────
server {
listen 80;
listen [::]:80;
server_name topcalc.net www.topcalc.net api.topcalc.net dev.topcalc.net mcp.topcalc.net;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
# ─── topcalc.net (TopCalc 웹 앱) → 18300 ──────────────────────────────────
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name topcalc.net www.topcalc.net;
ssl_certificate /etc/letsencrypt/live/topcalc.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/topcalc.net/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Static files with cache control
location ~ ^/static/.*\.(css|js)$ {
proxy_pass http://192.168.0.52:18300;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CSS and JS: no cache (force revalidation)
add_header Cache-Control "no-cache, no-store, must-revalidate, max-age=0" always;
add_header Pragma "no-cache" always;
add_header Expires "0" always;
proxy_buffering off;
proxy_http_version 1.1;
}
location ~ ^/static/.*\.(png|jpg|jpeg|gif|svg|ico|webp|woff|woff2|ttf|eot)$ {
proxy_pass http://192.168.0.52:18300;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Images and fonts: short cache (5 minutes)
add_header Cache-Control "public, max-age=300, must-revalidate" always;
proxy_buffering off;
proxy_http_version 1.1;
}
location /static/ {
proxy_pass http://192.168.0.52:18300;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_http_version 1.1;
}
location / {
proxy_pass http://192.168.0.52:18300;
proxy_redirect ~:(\d+)/ /;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
}
}
# ─── api.topcalc.net (TopCalc API) → 18350 ────────────────────────────────
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name api.topcalc.net;
ssl_certificate /etc/letsencrypt/live/topcalc.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/topcalc.net/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://192.168.0.52:18350;
proxy_redirect ~:(\d+)/ /;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
}
}
# ─── dev.topcalc.net → 18330 ────────────────────────────────────────────────
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name dev.topcalc.net;
ssl_certificate /etc/letsencrypt/live/topcalc.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/topcalc.net/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://192.168.0.52:18330;
proxy_redirect ~:(\d+)/ /;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
}
}
# ─── mcp.topcalc.net → 18340 ────────────────────────────────────────────────
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mcp.topcalc.net;
ssl_certificate /etc/letsencrypt/live/topcalc.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/topcalc.net/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://192.168.0.52:18340;
proxy_redirect ~:(\d+)/ /;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
}
}
인증서 갱신 중...