인증서 정보를 가져올 수 없습니다.
SSL 인증서 현황
Let's Encrypt 인증서 유효기간
인증서 정보를 가져올 수 없습니다.
Nginx 설정 파일
/etc/nginx/conf.d/ (읽기 전용)
/etc/nginx/conf.d/blustar.conf
읽기 전용
###############################################################################
# BluStar 서비스 — Nginx 리버스 프록시 설정
#
# 도메인 → 포트/서비스 매핑:
# blustar.co.kr / www.blustar.co.kr → 21100 (Nextcloud, upstream)
# memo.blustar.co.kr → 58600 (Joplin 메모 서비스)
# dbadmin.blustar.co.kr:12600 → 19081 (phpMyAdmin)
# phpmyadmin.blustar.co.kr:12610 → 19080 (Adminer)
#
# SSL 인증서: Let's Encrypt (certbot 자동 갱신)
###############################################################################
# ─── Nextcloud 업스트림 정의 ────────────────────────────────────────────────
# Nextcloud Docker 컨테이너의 내부 포트 (127.0.0.1:21100)
upstream blustar_nextcloud_backend {
server 127.0.0.1:21100;
}
# ─── phpMyAdmin (비표준 포트 12600) ─────────────────────────────────────────
# 데이터베이스 관리 도구 — 내부망 또는 VPN 접속 권장
# Docker 컨테이너 포트 19081로 프록시
server {
listen 12600;
server_name dbadmin.blustar.co.kr;
location / { proxy_pass http://127.0.0.1:19081; }
}
# ─── Adminer (비표준 포트 12610) ────────────────────────────────────────────
# 경량 데이터베이스 관리 도구 — 내부망 또는 VPN 접속 권장
# Docker 컨테이너 포트 19080로 프록시
server {
listen 12610;
server_name phpmyadmin.blustar.co.kr;
location / { proxy_pass http://127.0.0.1:19080; }
}
# ─── HTTP → HTTPS 리다이렉트 (BluStar 도메인) ──────────────────────────────
# Certbot이 자동으로 관리하는 if 블록으로 HTTP(80) → HTTPS(443) 리다이렉트
server {
# Certbot 자동 관리 블록: memo.blustar.co.kr HTTP → HTTPS
if ($host = memo.blustar.co.kr) {
return 301 https://$host$request_uri;
} # managed by Certbot
# Certbot 자동 관리 블록: www.blustar.co.kr HTTP → HTTPS
if ($host = www.blustar.co.kr) {
return 301 https://$host$request_uri;
} # managed by Certbot
# Certbot 자동 관리 블록: blustar.co.kr HTTP → HTTPS
if ($host = blustar.co.kr) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name blustar.co.kr www.blustar.co.kr memo.blustar.co.kr;
# Let's Encrypt 인증서 갱신을 위한 ACME challenge 경로
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
# 기본 리다이렉트: 모든 HTTP 요청 → HTTPS
location / {
return 301 https://$host$request_uri;
}
}
# ─── Nextcloud (비표준 포트 21000) ──────────────────────────────────────────
# 레거시 포트 21000으로도 Nextcloud 접속 가능 (하위 호환성)
server {
listen 21000 ssl http2;
listen [::]:21000 ssl http2;
server_name blustar.co.kr www.blustar.co.kr;
ssl_certificate /etc/letsencrypt/live/blustar.co.kr/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/blustar.co.kr/privkey.pem; # managed by Certbot
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Nextcloud는 대용량 파일 업로드를 지원하므로 20GB까지 허용
client_max_body_size 20G;
location / {
proxy_pass http://blustar_nextcloud_backend;
}
}
# ─── Nextcloud (표준 포트 443) ──────────────────────────────────────────────
# https://blustar.co.kr 으로 포트 없이 바로 Nextcloud 접속 가능
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name blustar.co.kr www.blustar.co.kr;
ssl_certificate /etc/letsencrypt/live/blustar.co.kr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/blustar.co.kr/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 20G;
location / {
proxy_pass http://blustar_nextcloud_backend;
# 프록시 헤더: 원본 클라이언트 정보를 백엔드에 전달
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Nextcloud가 HTTPS 환경을 인식하도록 프로토콜/포트 헤더 설정
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
# WebDAV 등 대용량 동기화를 위한 긴 타임아웃 (1시간)
proxy_read_timeout 3600;
proxy_connect_timeout 60;
proxy_send_timeout 3600;
}
}
# ─── Joplin 메모 서비스 (memo.blustar.co.kr) ───────────────────────────────
# Joplin Server — 메모 동기화용 백엔드
# Docker 컨테이너 포트 58600으로 프록시
server {
listen 443 ssl http2;
server_name memo.blustar.co.kr;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# 메모에 첨부 파일 업로드를 위해 200MB 허용
client_max_body_size 200m;
location / {
proxy_pass http://192.168.0.52:58600;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
# Joplin 동기화는 시간이 걸릴 수 있으므로 긴 타임아웃 설정
proxy_read_timeout 3600;
proxy_connect_timeout 60;
proxy_send_timeout 3600;
}
ssl_certificate /etc/letsencrypt/live/memo.blustar.co.kr/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/memo.blustar.co.kr/privkey.pem; # managed by Certbot
}
# ─── AI Dashboard (ai.blustar.co.kr) ────────────────────────────────────────
# AI 대시보드 서비스 — 포트 33000으로 프록시
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ai.blustar.co.kr;
ssl_certificate /etc/letsencrypt/live/ai.blustar.co.kr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ai.blustar.co.kr/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 100m;
location / {
proxy_pass http://192.168.0.52:33000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_read_timeout 3600;
proxy_connect_timeout 60;
proxy_send_timeout 3600;
}
}
# ─── HTTP → HTTPS 리다이렉트 (AI Dashboard) ────────────────────────────────
server {
listen 80;
listen [::]:80;
server_name ai.blustar.co.kr;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
/etc/nginx/conf.d/busanstore.conf
읽기 전용
###############################################################################
# BusanStore 통합 스택 — Nginx 리버스 프록시 설정
#
# 도메인 → 포트 매핑:
# busanstore.com → 19000 (PC 웹)
# m.busanstore.com → 19010 (모바일 웹)
# websvc.busanstore.com → 19020 (WebView 콘텐츠)
# api.busanstore.com → 19040 (.NET 8 API)
# bus.busanstore.com → 19050 (BusWhere Node.js)
#
# 내부 백엔드 IP: 192.168.0.52 (Docker 호스트)
# SSL 인증서: Let's Encrypt (certbot 자동 갱신)
# DH 파라미터: /etc/ssl/certs/dhparam.pem (2048bit+)
#
# 변경 이력:
# 2026-02-21 www.busanstore.com 서브도메인 제거, 주석 보강
###############################################################################
# ─── HTTP → HTTPS 리다이렉트 ────────────────────────────────────────────────
# 모든 busanstore 하위 도메인의 HTTP(80) 요청을 HTTPS(443)로 301 리다이렉트
# ACME challenge 경로는 certbot 인증서 갱신을 위해 예외 처리
server {
listen 80;
listen [::]:80;
server_name busanstore.com
m.busanstore.com
api.busanstore.com
bus.busanstore.com
websvc.busanstore.com;
# Let's Encrypt 인증서 갱신용 ACME challenge 경로
location /.well-known/acme-challenge/ {
root /var/www/html;
}
# 나머지 모든 요청 → HTTPS로 영구 리다이렉트
location / {
return 301 https://$host$request_uri;
}
}
# ─── busanstore.com → 19000 (PC 웹) ────────────────────────────────────────
# ASP.NET / Blazor 기반 PC 웹 프론트엔드
# 내부 Docker 컨테이너 포트 19000으로 프록시
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name busanstore.com;
# --- SSL 인증서 ---
ssl_certificate /etc/letsencrypt/live/busanstore.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/busanstore.com/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# --- SSL 프로토콜/암호화 ---
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# --- 보안 헤더 ---
add_header X-Frame-Options SAMEORIGIN; # 클릭재킹 방지 (같은 출처만 iframe 허용)
add_header X-Content-Type-Options nosniff; # MIME 스니핑 방지
location / {
proxy_pass http://192.168.0.52:19000;
proxy_redirect ~:(\d+)/ /; # 백엔드 포트 번호가 노출되지 않도록 리다이렉트 치환
# --- 프록시 헤더 (원본 클라이언트 정보 전달) ---
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# --- 성능 설정 ---
proxy_buffering off; # 스트리밍 응답을 위해 버퍼링 비활성화
proxy_request_buffering off; # 요청 본문 버퍼링 비활성화
proxy_http_version 1.1; # keep-alive 지원
}
}
# ─── m.busanstore.com → 19010 (모바일 웹) ──────────────────────────────────
# 모바일 전용 웹 프론트엔드 (반응형 또는 별도 모바일 UI)
# 내부 Docker 컨테이너 포트 19010으로 프록시
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name m.busanstore.com;
ssl_certificate /etc/letsencrypt/live/m.busanstore.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/m.busanstore.com/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://192.168.0.52:19010;
proxy_redirect ~:(\d+)/ /;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
}
}
# ─── websvc.busanstore.com → 19020 (WebView 콘텐츠) ────────────────────────
# 앱 내 WebView에서 로드하는 콘텐츠 서버
# 캐시를 완전히 비활성화하여 항상 최신 콘텐츠 제공
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name websvc.busanstore.com;
ssl_certificate /etc/letsencrypt/live/websvc.busanstore.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/websvc.busanstore.com/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header Cache-Control "no-cache, no-store, must-revalidate"; # 브라우저/CDN 캐시 완전 비활성화
location / {
proxy_pass http://192.168.0.52:19020;
proxy_redirect ~:(\d+)/ /;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# nginx 프록시 캐시도 비활성화
proxy_no_cache 1;
proxy_cache_bypass 1;
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
}
}
# ─── api.busanstore.com → 19040 (.NET 8 API) ──────────────────────────────
# BusanStore 백엔드 REST API (.NET 8 / Kestrel)
# 모바일 앱 및 웹 프론트엔드에서 호출하는 API 엔드포인트
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name api.busanstore.com;
ssl_certificate /etc/letsencrypt/live/api.busanstore.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.busanstore.com/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 10M; # API 요청 본문 최대 10MB (파일 업로드 등)
add_header X-Frame-Options DENY; # API는 iframe 삽입 완전 차단
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://192.168.0.52:19040;
proxy_redirect ~:(\d+)/ /;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 5s; # 백엔드 연결 타임아웃 5초
proxy_read_timeout 30s; # 응답 대기 타임아웃 30초
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
}
}
# ─── bus.busanstore.com → 19050 (BusWhere Node.js 백엔드) ──────────────────
# 부산 버스 실시간 위치 조회 서비스 (Node.js)
# 공공데이터 API를 호출하여 버스 도착 정보를 제공
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name bus.busanstore.com;
ssl_certificate /etc/letsencrypt/live/bus.busanstore.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/bus.busanstore.com/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 5M; # 요청 본문 최대 5MB
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://192.168.0.52:19050;
proxy_redirect ~:(\d+)/ /;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 5s; # 연결 타임아웃 5초
proxy_read_timeout 15s; # 읽기 타임아웃 15초 (버스 API는 빠른 응답 기대)
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
}
}
/etc/nginx/conf.d/default.conf
읽기 전용
###############################################################################
# 기타 도메인 모음 — Nginx 리버스 프록시 설정 (default.conf)
#
# 개별 conf 파일로 분리되지 않은 나머지 도메인들을 관리
#
# 도메인 → 포트/서비스 매핑:
# hansanmart.com / www.hansanmart.com → 53100 (한산마트, CORS 활성화)
# timefood.co.kr / www.timefood.co.kr → 7777 (타임푸드, 레거시 서버)
# kakaoapt.com → cacaoapt.com 리다이렉트 (도메인명 변경)
# cacaoapt.com / www.cacaoapt.com → 18100 (카카오아파트)
# admin.cacaoapt.com → 18100 (카카오아파트 관리자)
#
# 분리된 도메인 (별도 conf 파일):
# eyecode.co.kr, hub.eyecode.co.kr → eyecd.conf
# promptitem.com / dify.promptitem.com → promptitem.conf
#
# 내부 백엔드: 192.168.0.52 (Docker 호스트), 192.168.0.14 (레거시 서버)
###############################################################################
# ─── HTTP → HTTPS 리다이렉트 (나머지 도메인 전체) ───────────────────────────
server {
if ($host = www.cacaoapt.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = cacaoapt.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name hansanmart.com www.hansanmart.com
timefood.co.kr www.timefood.co.kr
kakaoapt.com www.kakaoapt.com
cacaoapt.com www.cacaoapt.com admin.cacaoapt.com;
location / {
return 301 https://$host$request_uri;
}
}
# ─── hansanmart.com (한산마트) → 53100 ──────────────────────────────────────
# CORS 헤더가 설정되어 외부 도메인에서의 API 호출을 허용
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name hansanmart.com www.hansanmart.com;
ssl_certificate /etc/letsencrypt/live/hansanmart.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/hansanmart.com/privkey.pem; # managed by Certbot
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://192.168.0.52:53100;
proxy_redirect ~:(\d+)/ /;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS: 외부 도메인에서의 API 호출 허용
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
add_header Access-Control-Allow-Headers 'Origin, Authorization, Content-Type, X-Requested-With';
}
}
# ─── timefood.co.kr (타임푸드) → 7777 ──────────────────────────────────────
# 레거시 서버(192.168.0.14)에서 운영 중
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name timefood.co.kr www.timefood.co.kr;
ssl_certificate /etc/letsencrypt/live/timefood.co.kr/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/timefood.co.kr/privkey.pem; # managed by Certbot
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
#proxy_pass http://192.168.0.14:7777; # 레거시 서버
proxy_pass http://192.168.0.52:18320; # 레거시 서버
proxy_redirect ~:(\d+)/ /;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# ─── kakaoapt.com → cacaoapt.com 리다이렉트 ────────────────────────────────
# 도메인명 변경(kakao→cacao)으로 인한 301 영구 리다이렉트
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name kakaoapt.com www.kakaoapt.com;
ssl_certificate /etc/letsencrypt/live/kakaoapt.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/kakaoapt.com/privkey.pem;
return 301 https://cacaoapt.com$request_uri;
}
# ─── cacaoapt.com (카카오아파트) → 18100 ────────────────────────────────────
# admin.cacaoapt.com 서브도메인도 동일 서버 블록에서 처리
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name cacaoapt.com www.cacaoapt.com admin.cacaoapt.com;
ssl_certificate /etc/letsencrypt/live/cacaoapt.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/cacaoapt.com/privkey.pem; # managed by Certbot
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://192.168.0.52:17200;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_cookie_path / /;
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
absolute_redirect off;
}
}
/etc/nginx/conf.d/dontory.conf
읽기 전용
###############################################################################
# 돈토리 — Nginx 리버스 프록시 설정
#
# 도메인 → 포트 매핑:
# dontory.com / www.dontory.com → 16000 (돈토리 메인 사이트)
# admin.dontory.com → 16100 (돈토리 관리자 패널)
#
# 백엔드: 192.168.0.52 (Docker 호스트)
# CMS 기반 서비스로 파일 업로드를 위해 client_max_body_size 64M 설정
# proxy_redirect로 내부 URL이 외부에 노출되지 않도록 처리
###############################################################################
# ─── HTTP → HTTPS 리다이렉트 ────────────────────────────────────────────────
server {
listen 80;
listen [::]:80;
server_name dontory.com www.dontory.com admin.dontory.com;
location / {
return 301 https://$host$request_uri;
}
}
# ─── dontory.com (돈토리 메인) → 16000 ─────────────────────────────────────
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name dontory.com www.dontory.com;
ssl_certificate /etc/letsencrypt/live/dontory.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/dontory.com/privkey.pem; # managed by Certbot
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 64M; # 파일 업로드 최대 64MB
location / {
proxy_pass http://192.168.0.52:16000;
proxy_redirect http://192.168.0.52:16000/ https://dontory.com; # 내부 URL → 외부 URL 치환
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_cookie_path / /; # 쿠키 경로 재작성
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
absolute_redirect off; # 상대 경로 리다이렉트 사용
}
}
# ─── admin.dontory.com (돈토리 관리자) → 16100 ─────────────────────────────
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name admin.dontory.com;
ssl_certificate /etc/letsencrypt/live/admin.dontory.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/admin.dontory.com/privkey.pem; # managed by Certbot
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 64M;
location / {
proxy_pass http://192.168.0.52:16100;
proxy_redirect http://192.168.0.52:16100/ https://admin.dontory.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_cookie_path / /;
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
absolute_redirect off;
}
}
/etc/nginx/conf.d/eyecd.conf
읽기 전용
###############################################################################
# eyeCode 통합 스택 — Nginx 리버스 프록시 설정
#
# 도메인 → 포트 매핑:
# eyecode.co.kr / www.eyecode.co.kr → 15000 (회사홈페이지)
# hub.eyecode.co.kr → 15010 (개발관리허브, eyeCodeHub)
#
# 내부 백엔드 IP: 192.168.0.52 (Docker 호스트)
# SSL 인증서: Let's Encrypt (certbot 자동 갱신)
# DH 파라미터: /etc/ssl/certs/dhparam.pem (2048bit+)
#
# 설치: sudo cp eyecd.conf /etc/nginx/conf.d/eyecd.conf
# sudo nginx -t && sudo systemctl reload nginx
#
# 변경 이력:
# 2026-02-22 초기 작성 — eyeCode 통합 스택용
# eyecode.co.kr 을 default.conf → eyecd.conf 로 분리
# hub.eyecode.co.kr 신규 추가 (eyeCodeHub 개발관리허브)
###############################################################################
# ─── HTTP → HTTPS 리다이렉트 ────────────────────────────────────────────────
server {
listen 80;
listen [::]:80;
server_name eyecode.co.kr www.eyecode.co.kr
hub.eyecode.co.kr
gpu.eyecode.co.kr;
# Let's Encrypt 인증서 갱신용 ACME challenge 경로
location /.well-known/acme-challenge/ {
root /var/www/html;
}
# 나머지 모든 요청 → HTTPS로 영구 리다이렉트
location / {
return 301 https://$host$request_uri;
}
}
# ─── eyecode.co.kr (회사홈페이지) → 15000 ────────────────────────────────────
# eyeCode 공식 웹사이트 — Flask (eyecodehome)
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name eyecode.co.kr www.eyecode.co.kr;
# --- SSL 인증서 ---
ssl_certificate /etc/letsencrypt/live/eyecode.co.kr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/eyecode.co.kr/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# --- SSL 프로토콜/암호화 ---
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# --- 보안 헤더 ---
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://192.168.0.52:15000;
proxy_redirect ~:(\d+)/ /;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
}
}
# ─── hub.eyecode.co.kr (개발관리허브) → 15010 ────────────────────────────────
# eyeCodeHub — 프로젝트관리, SVN관리, 서비스개발 관리 도구
# Flask + Gunicorn (4 workers), WebSocket 지원
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name hub.eyecode.co.kr;
# --- SSL 인증서 ---
ssl_certificate /etc/letsencrypt/live/hub.eyecode.co.kr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/hub.eyecode.co.kr/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# --- SSL 프로토콜/암호화 ---
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# --- 보안 헤더 ---
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy "strict-origin-when-cross-origin";
# 파일 업로드 최대 50MB (SVN, 프로젝트 파일)
client_max_body_size 50M;
location / {
proxy_pass http://192.168.0.52:15010;
proxy_redirect ~:(\d+)/ /;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket 지원 (Flask-SocketIO)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_connect_timeout 60s;
proxy_read_timeout 120s;
proxy_send_timeout 120s;
proxy_buffering off;
proxy_request_buffering off;
}
}
# ─── gpu.eyecode.co.kr (GPU 서버) → 192.168.0.57 ────────────────────────────
# GpuHub API (포트 80) : /api/*, /swagger, /health, /mcp
# Ollama 직접 (포트 11434): /ollama/ — SSE 스트리밍 전용 경로
#
# 스트리밍 딜레이 해결 원칙:
# proxy_buffering off — nginx 응답 버퍼링 완전 해제
# X-Accel-Buffering: no — nginx 프록시 레이어 버퍼 우회 강제
# proxy_request_buffering off — 요청 본문도 버퍼 없이 바로 업스트림 전달
# Connection: "" — HTTP/1.1 keepalive (청크 전송 유지)
# chunked_transfer_encoding — ndjson / SSE 청크 그대로 클라이언트 전달
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name gpu.eyecode.co.kr;
# --- SSL 인증서 ---
ssl_certificate /etc/letsencrypt/live/gpu.eyecode.co.kr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/gpu.eyecode.co.kr/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# --- SSL 프로토콜/암호화 ---
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# --- 보안 헤더 (스트리밍 응답에도 유지) ---
add_header X-Frame-Options SAMEORIGIN always;
add_header X-Content-Type-Options nosniff always;
# 이미지/비전 업로드 최대 100MB
client_max_body_size 100M;
# CORS — API 브라우저/앱 클라이언트 허용
add_header Access-Control-Allow-Origin "*" always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, DELETE, PUT" always;
add_header Access-Control-Allow-Headers "Authorization, Content-Type, Accept, X-API-Key" always;
# OPTIONS preflight 즉시 응답
if ($request_method = OPTIONS) {
return 204;
}
# ── Swagger 리다이렉트 보정 ──────────────────────────────────────────────
location = /swagger {
return 301 /swagger/index.html;
}
# ── GpuHub API (ComfyUI·번역·GPU 상태·MCP) ──────────────────────────────
location / {
proxy_pass http://192.168.0.57:80;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
proxy_request_buffering off;
add_header X-Accel-Buffering no always;
proxy_connect_timeout 60s;
proxy_read_timeout 300s;
proxy_send_timeout 300s;
}
# ── Ollama 직접 스트리밍 — /ollama/ → :11434 ────────────────────────────
# 클라이언트가 stream:true 로 요청하면 ndjson 청크가 실시간 전달됨
# 사용:
# POST https://gpu.eyecode.co.kr/ollama/api/generate {"stream":true}
# POST https://gpu.eyecode.co.kr/ollama/api/chat {"stream":true}
# GET https://gpu.eyecode.co.kr/ollama/api/tags
location /ollama/ {
proxy_pass http://192.168.0.57:11434/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Connection "";
# 스트리밍 핵심 설정
proxy_buffering off;
proxy_request_buffering off;
proxy_cache off;
add_header X-Accel-Buffering no always;
# AI 생성 최대 대기 (긴 문서·코드 생성 대비)
proxy_connect_timeout 30s;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
# ndjson 청크 즉시 flush
proxy_ignore_headers Cache-Control Expires;
chunked_transfer_encoding on;
}
# ── OpenAI 호환 스트리밍 — /v1/ → Ollama :11434/v1/ ────────────────────
# OpenAI SDK / LangChain 등 표준 클라이언트 연결용
# 사용:
# base_url = "https://gpu.eyecode.co.kr/v1"
# POST /v1/chat/completions {"stream":true}
location /v1/ {
proxy_pass http://192.168.0.57:11434/v1/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
proxy_request_buffering off;
proxy_cache off;
add_header X-Accel-Buffering no always;
proxy_connect_timeout 30s;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
chunked_transfer_encoding on;
}
# ── AIProxy — RAG 메모리 + 난이도 라우터 + think=false 주입 ─────────────
# 모든 대화를 비동기 임베딩하여 기억하고, 유사 대화 RAG 컨텍스트 주입
# 사용:
# POST https://gpu.eyecode.co.kr/ai/api/chat (Ollama 스트리밍)
# POST https://gpu.eyecode.co.kr/ai/api/generate
# POST https://gpu.eyecode.co.kr/ai/v1/chat/completions (OpenAI 호환)
# GET https://gpu.eyecode.co.kr/ai/memory/recent
# GET https://gpu.eyecode.co.kr/ai/memory/search?q=...
location /ai/ {
proxy_pass http://127.0.0.1:8766/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
proxy_request_buffering off;
proxy_cache off;
add_header X-Accel-Buffering no always;
proxy_connect_timeout 30s;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
chunked_transfer_encoding on;
}
}
/etc/nginx/conf.d/mbc.conf
읽기 전용
###############################################################################
# MBC 명함관리시스템 — Nginx 리버스 프록시 설정
#
# 서비스 구성:
# 프론트엔드 (Vue.js/nginx) → Docker 컨테이너 포트 40100
# 백엔드 API (Spring Boot) → Docker 컨테이너 포트 40110
#
# 접근 방식:
# HTTP : http://192.168.0.52:40100 (Docker 포트 직접 접근, nginx 불필요)
# 도메인 : 아래 server_name 에 도메인 설정 후 SSL 추가 가능
#
# 백엔드: 192.168.0.52 (Docker 호스트)
###############################################################################
# ─── HTTP (도메인 없이 내부망 직접 접근용) ────────────────────────────────
server {
listen 80;
listen [::]:80;
server_name mbc.local; # 실제 도메인으로 교체하세요
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
# HTTPS 사용 시 아래 주석 해제, 위 location 블록 유지
# return 301 https://$host$request_uri;
# HTTP 직접 서비스 시 아래 블록 활성화
location / {
proxy_pass http://192.168.0.52:40100;
proxy_redirect ~:(\d+)/ /;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_buffering off;
}
}
# ─── HTTPS (도메인 + SSL 인증서 준비 후 활성화) ───────────────────────────
# server {
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
# server_name mbc.example.com;
#
# ssl_certificate /etc/letsencrypt/live/mbc.example.com/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/mbc.example.com/privkey.pem;
# ssl_dhparam /etc/ssl/certs/dhparam.pem;
# ssl_protocols TLSv1.2 TLSv1.3;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
#
# # 프론트엔드 (Vue SPA)
# location / {
# proxy_pass http://192.168.0.52:40100;
# proxy_redirect ~:(\d+)/ /;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_http_version 1.1;
# proxy_buffering off;
# }
# }
/etc/nginx/conf.d/miniwindo.conf
읽기 전용
# =============================================================================
# miniwindo 전체 도메인 리버스 프록시 설정
# =============================================================================
#
# ## 도메인 구분
#
# | 도메인 | 역할 |
# |--------------|---------------------------------------------|
# | miniwindo.com | 영상 분석·제작 서비스 (PC / 모바일) |
# | miniwindo.co.kr | 콘텐츠 서비스 허브 (기업·노하우·증시·상품몰) |
#
# =============================================================================
# ## miniwindo.com — 영상 분석 및 제작 서비스
# =============================================================================
#
# ### 인증서
# - 이름: miniwindo.com (통합)
# - 경로: /etc/letsencrypt/live/miniwindo.com/
# - 도메인: miniwindo.com, www.miniwindo.com, studio, create, mobile
# - 만료: 2026-08-23
#
# ### 서비스 목록
# | 도메인 | 포트 | 서비스 |
# |--------------------------|-------|-------------------------|
# | miniwindo.com | 12030 | 메인 홈페이지 |
# | www.miniwindo.com | 12030 | 메인 홈페이지 (www) |
# | studio.miniwindo.com | 12010 | YouTube 스튜디오 |
# | create.miniwindo.com | 12110 | 크리에이터 스튜디오 |
# | mobile.miniwindo.com | 12140 | 모바일 앱 서비스 |
# | tip.miniwindo.com | 12040 | 팁 커뮤니티 (자체 cert) |
# | market.miniwindo.com | 12050 | 마켓플레이스 (자체 cert)|
#
# =============================================================================
# ## miniwindo.co.kr — 콘텐츠 서비스
# =============================================================================
#
# ### 인증서
# - 이름: miniwindo.co.kr (통합)
# - 경로: /etc/letsencrypt/live/miniwindo.co.kr/
# - 도메인: miniwindo.co.kr, biz, stock, market(.co.kr)
# - 만료: 2026-08-23
#
# ### 서비스 목록
# | 도메인 | 포트 | 서비스 |
# |-----------------------------|-------|--------------------------------|
# | miniwindo.co.kr | — | 콘텐츠 허브 링크 페이지 (정적) |
# | biz.miniwindo.co.kr | 12160 | 기업정보 서비스 |
# | stock.miniwindo.co.kr | 12150 | 증시정보 |
# | market.miniwindo.co.kr | 12050 | 오프라인 상품몰 |
#
# =============================================================================
###############################################################################
# [1] miniwindo.com — 메인 홈페이지 (포트 12030)
###############################################################################
server {
listen 80;
server_name miniwindo.com www.miniwindo.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name miniwindo.com www.miniwindo.com;
ssl_certificate /etc/letsencrypt/live/miniwindo.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/miniwindo.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
access_log /var/log/nginx/miniwindo-home-access.log combined;
error_log /var/log/nginx/miniwindo-home-error.log warn;
location / {
proxy_pass http://127.0.0.1:12030;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
}
###############################################################################
# [2] studio.miniwindo.com — YouTube 스튜디오 (포트 12010)
###############################################################################
server {
listen 80;
server_name studio.miniwindo.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name studio.miniwindo.com;
ssl_certificate /etc/letsencrypt/live/miniwindo.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/miniwindo.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
access_log /var/log/nginx/miniwindo-studio-access.log combined;
error_log /var/log/nginx/miniwindo-studio-error.log warn;
location / {
proxy_pass http://127.0.0.1:12010;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
}
###############################################################################
# [3] create.miniwindo.com — 크리에이터 스튜디오 (포트 12110)
###############################################################################
server {
listen 80;
server_name create.miniwindo.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name create.miniwindo.com;
ssl_certificate /etc/letsencrypt/live/miniwindo.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/miniwindo.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
access_log /var/log/nginx/miniwindo-create-access.log combined;
error_log /var/log/nginx/miniwindo-create-error.log warn;
client_max_body_size 500m;
# HLS 스트리밍
location /hls/ {
alias /work/miniwindo/asset/hls/;
add_header Cache-Control "no-cache, no-store, must-revalidate";
add_header Pragma "no-cache";
add_header Expires "0";
add_header Access-Control-Allow-Origin "*";
add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Range";
types {
application/vnd.apple.mpegurl m3u8;
video/mp2t ts;
}
add_header Accept-Ranges bytes;
}
location /asset/ {
alias /work/miniwindo/asset/;
add_header Access-Control-Allow-Origin "*";
add_header Access-Control-Allow-Methods "GET, HEAD, OPTIONS";
add_header Accept-Ranges bytes;
types {
video/mp4 mp4;
image/png png;
image/jpeg jpg jpeg;
image/webp webp;
}
}
location / {
proxy_pass http://127.0.0.1:12110;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
}
###############################################################################
# [4] mobile.miniwindo.com — 모바일 앱 서비스 (포트 12140)
###############################################################################
server {
listen 80;
server_name mobile.miniwindo.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name mobile.miniwindo.com;
ssl_certificate /etc/letsencrypt/live/miniwindo.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/miniwindo.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
access_log /var/log/nginx/miniwindo-mobile-access.log combined;
error_log /var/log/nginx/miniwindo-mobile-error.log warn;
location / {
proxy_pass http://127.0.0.1:12140;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
}
###############################################################################
# [5] tip.miniwindo.com — 팁 커뮤니티 (포트 12040)
# cert: /etc/letsencrypt/live/tip.miniwindo.com/ (자체 인증서)
###############################################################################
server {
listen 80;
server_name tip.miniwindo.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name tip.miniwindo.com;
ssl_certificate /etc/letsencrypt/live/tip.miniwindo.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tip.miniwindo.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
access_log /var/log/nginx/miniwindo-tip-access.log combined;
error_log /var/log/nginx/miniwindo-tip-error.log warn;
location / {
proxy_pass http://127.0.0.1:12040;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
}
###############################################################################
# [6] market.miniwindo.com — 마켓플레이스 (포트 12050)
# cert: /etc/letsencrypt/live/market.miniwindo.com/ (자체 인증서)
###############################################################################
server {
listen 80;
server_name market.miniwindo.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name market.miniwindo.com;
ssl_certificate /etc/letsencrypt/live/market.miniwindo.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/market.miniwindo.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
access_log /var/log/nginx/miniwindo-market-access.log combined;
error_log /var/log/nginx/miniwindo-market-error.log warn;
location / {
proxy_pass http://127.0.0.1:12050;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
}
# =============================================================================
# miniwindo.co.kr 콘텐츠 서비스 영역
# =============================================================================
###############################################################################
# [7] miniwindo.co.kr — 콘텐츠 허브 메인 (정적 랜딩 페이지)
###############################################################################
server {
listen 80;
server_name miniwindo.co.kr;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name miniwindo.co.kr;
ssl_certificate /etc/letsencrypt/live/miniwindo.co.kr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/miniwindo.co.kr/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
access_log /var/log/nginx/miniwindo-co-kr-access.log combined;
error_log /var/log/nginx/miniwindo-co-kr-error.log warn;
root /var/www/miniwindo.co.kr;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
}
###############################################################################
# [8] biz.miniwindo.co.kr — 기업정보 서비스 (포트 12160)
###############################################################################
server {
listen 80;
server_name biz.miniwindo.co.kr;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name biz.miniwindo.co.kr;
ssl_certificate /etc/letsencrypt/live/miniwindo.co.kr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/miniwindo.co.kr/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
access_log /var/log/nginx/miniwindo-biz-access.log combined;
error_log /var/log/nginx/miniwindo-biz-error.log warn;
location / {
proxy_pass http://127.0.0.1:12160;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
}
###############################################################################
# [9] stock.miniwindo.co.kr — 증시정보 서비스 (포트 12150)
###############################################################################
server {
listen 80;
server_name stock.miniwindo.co.kr;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name stock.miniwindo.co.kr;
ssl_certificate /etc/letsencrypt/live/miniwindo.co.kr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/miniwindo.co.kr/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
access_log /var/log/nginx/miniwindo-stock-access.log combined;
error_log /var/log/nginx/miniwindo-stock-error.log warn;
location / {
proxy_pass http://127.0.0.1:12150;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
}
###############################################################################
# [10] market.miniwindo.co.kr — 오프라인 상품몰 (포트 12050)
###############################################################################
server {
listen 80;
server_name market.miniwindo.co.kr;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name market.miniwindo.co.kr;
ssl_certificate /etc/letsencrypt/live/miniwindo.co.kr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/miniwindo.co.kr/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
access_log /var/log/nginx/miniwindo-market-co-kr-access.log combined;
error_log /var/log/nginx/miniwindo-market-co-kr-error.log warn;
location / {
proxy_pass http://127.0.0.1:12050;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
}
}
/etc/nginx/conf.d/miniwindow.conf
읽기 전용
# =============================================================================
# miniwindow.co.kr — mall.kidkids.net 리다이렉트
# =============================================================================
###############################################################################
# miniwindow.co.kr HTTP — HTTPS로 리다이렉트
###############################################################################
server {
listen 80;
server_name miniwindow.co.kr;
return 301 https://mall.kidkids.net/html/brand_view.htm?company_id=8967;
}
###############################################################################
# miniwindow.co.kr HTTPS — mall.kidkids.net으로 리다이렉트
###############################################################################
server {
listen 443 ssl http2;
server_name miniwindow.co.kr;
ssl_certificate /etc/letsencrypt/live/miniwindow.co.kr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/miniwindow.co.kr/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
return 301 https://mall.kidkids.net/html/brand_view.htm?company_id=8967;
}
}
###############################################################################
# news.miniwindow.co.kr — MiniWindo News Shorts 관리자 (Docker: miniwindow-news-web)
# 컨테이너 published 포트 127.0.0.1:12080 으로 리버스 프록시
###############################################################################
server {
listen 80;
server_name news.miniwindow.co.kr;
client_max_body_size 200m; # 영상/에셋 업로드 여유
location / {
proxy_pass http://127.0.0.1:12080;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Blazor Server / Hangfire 실시간 통신용 WebSocket
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300s;
}
}
/etc/nginx/conf.d/momoin.conf
읽기 전용
###############################################################################
# 모모인 허브 — Nginx 리버스 프록시 설정
#
# 도메인 → 포트 매핑:
# momoin.net / www.momoin.net → 17000 (C# ASP.NET Hub)
# api.momoin.net → 17030 (C# REST API)
# mcp.momoin.net → 17040 (C# MCP Server)
# momoincafe.com / www.momoincafe.com → 5501 (모모인카페)
# ai.momoincafe.com → 33950 (n8n 워크플로우)
###############################################################################
# ─── HTTP → HTTPS 리다이렉트 ────────────────────────────────────────────────
server {
listen 80;
listen [::]:80;
server_name momoin.net www.momoin.net
api.momoin.net
mcp.momoin.net
momoincafe.com www.momoincafe.com
ai.momoincafe.com;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
# ─── momoin.net (C# Hub) → 17000 ───────────────────────────────────────────
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name momoin.net www.momoin.net;
ssl_certificate /etc/letsencrypt/live/momoin.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/momoin.net/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 20m;
location / {
proxy_pass http://127.0.0.1:17000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_cache_bypass $http_upgrade;
}
}
# ─── api.momoin.net (C# REST API) → 17030 ──────────────────────────────────
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name api.momoin.net;
ssl_certificate /etc/letsencrypt/live/api.momoin.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.momoin.net/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 50m;
# CORS headers for Flutter app
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type' always;
location / {
if ($request_method = OPTIONS) {
return 204;
}
proxy_pass http://127.0.0.1:17030;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_http_version 1.1;
proxy_read_timeout 120s;
}
}
# ─── mcp.momoin.net (C# MCP Server) → 17040 ───────────────────────────────
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mcp.momoin.net;
ssl_certificate /etc/letsencrypt/live/mcp.momoin.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mcp.momoin.net/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 10m;
location / {
proxy_pass http://127.0.0.1:17040;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_http_version 1.1;
}
}
# ─── momoincafe.com → 5501 ─────────────────────────────────────────────────
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name momoincafe.com www.momoincafe.com;
ssl_certificate /etc/letsencrypt/live/momoincafe.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/momoincafe.com/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://192.168.0.52:5501;
proxy_redirect ~:(\d+)/ /;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_http_version 1.1;
}
}
# ─── ai.momoincafe.com (n8n) → 33950 ───────────────────────────────────────
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ai.momoincafe.com;
ssl_certificate /etc/letsencrypt/live/ai.momoincafe.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ai.momoincafe.com/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 50m;
location / {
proxy_pass http://127.0.0.1:33950;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 3600;
proxy_send_timeout 3600;
proxy_buffering off;
}
}
/etc/nginx/conf.d/pluginmart.conf
읽기 전용
###############################################################################
# PluginMart — Nginx 리버스 프록시 설정
#
# 도메인:
# pluginmart.net / www.pluginmart.net → frontend-web (127.0.0.1:18120)
# m.pluginmart.net → frontend-mobile (127.0.0.1:18130)
#
# 공통 라우팅:
# /api/* /auth/* → pluginmart-backend (127.0.0.1:18110)
# /uploads/* → pluginmart-minio (127.0.0.1:18170)
#
# SSL: Let's Encrypt — certbot 자동 갱신
# DH: /etc/ssl/certs/dhparam.pem
###############################################################################
# ─── HTTP → HTTPS 리다이렉트 ─────────────────────────────────────────────────
server {
listen 80;
listen [::]:80;
server_name pluginmart.net www.pluginmart.net m.pluginmart.net;
# Let's Encrypt ACME challenge (certbot --webroot)
location /.well-known/acme-challenge/ {
root /var/www/html;
}
location / {
return 301 https://$host$request_uri;
}
}
# ─── www.pluginmart.net → apex 리다이렉트 ────────────────────────────────────
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.pluginmart.net;
ssl_certificate /etc/letsencrypt/live/pluginmart.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/pluginmart.net/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
return 301 https://pluginmart.net$request_uri;
}
# ─── pluginmart.net (PC 웹) → frontend-web (18120) ───────────────────────────
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name pluginmart.net;
ssl_certificate /etc/letsencrypt/live/pluginmart.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/pluginmart.net/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 100M;
# ── Streaming SSE endpoints (no buffering) ──────────────────────────────
location ~ ^/api/v1/services/[^/]+/stream$ {
proxy_pass http://127.0.0.1:18110;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_cache off;
proxy_read_timeout 120s;
add_header X-Accel-Buffering no;
}
# ── Backend API ─────────────────────────────────────────────────────────
location ~ ^/(api|auth)/ {
proxy_pass http://127.0.0.1:18110;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 60s;
}
# ── MinIO 파일 서빙 ──────────────────────────────────────────────────────
location /uploads/ {
proxy_pass http://127.0.0.1:18170/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
}
# ── PC 웹 프론트엔드 ──────────────────────────────────────────────────────
location / {
proxy_pass http://127.0.0.1:18120;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 60s;
}
}
# ─── m.pluginmart.net (모바일) → frontend-mobile (18130) ─────────────────────
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name m.pluginmart.net;
ssl_certificate /etc/letsencrypt/live/m.pluginmart.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/m.pluginmart.net/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 100M;
# ── Streaming SSE endpoints ──────────────────────────────────────────────
location ~ ^/api/v1/services/[^/]+/stream$ {
proxy_pass http://127.0.0.1:18110;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_cache off;
proxy_read_timeout 120s;
add_header X-Accel-Buffering no;
}
# ── Backend API ─────────────────────────────────────────────────────────
location ~ ^/(api|auth)/ {
proxy_pass http://127.0.0.1:18110;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 60s;
}
# ── MinIO 파일 서빙 ──────────────────────────────────────────────────────
location /uploads/ {
proxy_pass http://127.0.0.1:18170/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
}
# ── 모바일 프론트엔드 ─────────────────────────────────────────────────────
location / {
proxy_pass http://127.0.0.1:18130;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 60s;
}
}
# ─── ai.pluginmart.net → ComfyUI (192.168.0.57:8188) ────────────────────────
server {
listen 80;
listen [::]:80;
server_name ai.pluginmart.net;
location /.well-known/acme-challenge/ {
root /var/www/html;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ai.pluginmart.net;
ssl_certificate /etc/letsencrypt/live/ai.pluginmart.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ai.pluginmart.net/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 500M;
location /ws {
proxy_pass http://192.168.0.57:8188;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_read_timeout 3600s;
}
location / {
proxy_pass http://192.168.0.57:8188;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_upgrade;
proxy_read_timeout 300s;
proxy_buffering off;
}
}
/etc/nginx/conf.d/promptitem.conf
읽기 전용
###############################################################################
# promptitem.com 서비스 — Nginx 리버스 프록시 설정
#
# promptitem.com / www.promptitem.com → 18400 (프롬프트아이템)
# dify.promptitem.com → 33700/33701 (Dify AI 플랫폼)
###############################################################################
# ─── HTTP → HTTPS 리다이렉트 ────────────────────────────────────────────────
server {
listen 80;
listen [::]:80;
server_name promptitem.com www.promptitem.com dify.promptitem.com bnk.promptitem.com;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
# ─── promptitem.com (프롬프트아이템) → 18400 ────────────────────────────────
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name promptitem.com www.promptitem.com;
ssl_certificate /etc/letsencrypt/live/promptitem.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/promptitem.com/privkey.pem; # managed by Certbot
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 100M;
location / {
proxy_pass http://127.0.0.1:18400;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# ─── dify.promptitem.com (Dify AI 플랫폼) ───────────────────────────────────
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name dify.promptitem.com;
ssl_certificate /etc/letsencrypt/live/dify.promptitem.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dify.promptitem.com/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 15m;
location /console/api {
proxy_pass http://127.0.0.1:33701;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 3600;
proxy_send_timeout 3600;
}
location /api {
proxy_pass http://127.0.0.1:33701;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 3600;
proxy_send_timeout 3600;
}
location /v1 {
proxy_pass http://127.0.0.1:33701;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 3600;
proxy_send_timeout 3600;
}
location /files {
proxy_pass http://127.0.0.1:33701;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 3600;
proxy_send_timeout 3600;
}
location / {
proxy_pass http://127.0.0.1:33700;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 3600;
proxy_send_timeout 3600;
}
}
# ─── bnk.promptitem.com (BNK 시너지허브) → 11700 ───────────────────────────
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name bnk.promptitem.com;
ssl_certificate /etc/letsencrypt/live/bnk.promptitem.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/bnk.promptitem.com/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 200M;
location / {
proxy_pass http://127.0.0.1:11700;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
proxy_send_timeout 300;
}
}
/etc/nginx/conf.d/timefood.conf
읽기 전용
###############################################################################
# timefood.co.kr — Nginx 리버스 프록시 설정
#
# 도메인 → 포트 매핑:
# passbook.timefood.co.kr → 17200 (파생상품투자권유자문인력 공부앱)
# news.timefood.co.kr → 11800 (Docker Newsbot)
###############################################################################
upstream newsbot_backend {
server localhost:11800;
}
# ─── HTTP → HTTPS 리다이렉트 (passbook) ────────────────────────────────────
server {
listen 80;
listen [::]:80;
server_name passbook.timefood.co.kr;
location / {
return 301 https://$host$request_uri;
}
}
# ─── passbook.timefood.co.kr → 17200 ────────────────────────────────────────
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name passbook.timefood.co.kr;
ssl_certificate /etc/letsencrypt/live/passbook.timefood.co.kr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/passbook.timefood.co.kr/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 10M;
gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml text/javascript;
gzip_min_length 1000;
location / {
proxy_pass http://127.0.0.1:17200;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 60s;
proxy_connect_timeout 10s;
}
}
# ─── HTTP → HTTPS 리다이렉트 (news) ─────────────────────────────────────────
server {
listen 80;
listen [::]:80;
server_name news.timefood.co.kr;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$server_name$request_uri;
}
}
# ─── news.timefood.co.kr → localhost:11800 (Docker) ────────────────────────
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name news.timefood.co.kr;
ssl_certificate /etc/letsencrypt/live/news.timefood.co.kr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/news.timefood.co.kr/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options DENY;
add_header X-XSS-Protection "1; mode=block";
access_log /var/log/nginx/news.timefood.co.kr_access.log;
error_log /var/log/nginx/news.timefood.co.kr_error.log;
location / {
proxy_pass http://newsbot_backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_buffering off;
proxy_request_buffering off;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
proxy_pass http://newsbot_backend;
expires 1y;
add_header Cache-Control "public, immutable";
}
}
/etc/nginx/conf.d/topcalc.conf
읽기 전용
###############################################################################
# TopCalc - Nginx 리버스 프록시 설정
# [2026-06-08] 전체 교체: topcalc2nd → topcalc (운영)
#
# www.topcalc.net → 18300 (C# ASP.NET Core, 운영)
# topcalc.net → www.topcalc.net 301 리다이렉트 (SEO)
# api.topcalc.net → 18320 (계산기 REST API)
# mcp.topcalc.net → 18330 (MCP 계산 허브)
# m.topcalc.net → www.topcalc.net 301 리다이렉트 (모바일 통합)
###############################################################################
# HTTP → HTTPS 리다이렉트
server {
listen 80;
listen [::]:80;
server_name topcalc.net www.topcalc.net m.topcalc.net api.topcalc.net mcp.topcalc.net;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
# topcalc.net → www.topcalc.net 리다이렉트 (SEO: www가 주 도메인)
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name topcalc.net;
ssl_certificate /etc/letsencrypt/live/topcalc.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/topcalc.net/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
return 301 https://www.topcalc.net$request_uri;
}
# m.topcalc.net → www.topcalc.net 리다이렉트 (모바일 통합)
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name m.topcalc.net;
ssl_certificate /etc/letsencrypt/live/topcalc.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/topcalc.net/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
return 301 https://www.topcalc.net$request_uri;
}
# www.topcalc.net → 18300 (운영 웹)
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.topcalc.net;
ssl_certificate /etc/letsencrypt/live/topcalc.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/topcalc.net/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location ~ ^/static/.*\.(css|js)$ {
proxy_pass http://192.168.0.52:18300;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Cache-Control "no-cache, no-store, must-revalidate, max-age=0" always;
proxy_buffering off;
proxy_http_version 1.1;
}
location ~ ^/static/.*\.(png|jpg|jpeg|gif|svg|ico|webp|woff|woff2|ttf|eot)$ {
proxy_pass http://192.168.0.52:18300;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header Cache-Control "public, max-age=300, must-revalidate" always;
proxy_buffering off;
proxy_http_version 1.1;
}
location / {
proxy_pass http://192.168.0.52:18300;
proxy_redirect ~:(\d+)/ /;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
}
}
# api.topcalc.net → 18320 (계산기 REST API)
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name api.topcalc.net;
ssl_certificate /etc/letsencrypt/live/topcalc.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/topcalc.net/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://192.168.0.52:18320;
proxy_redirect ~:(\d+)/ /;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
}
}
# mcp.topcalc.net → 18330 (MCP 계산 허브)
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mcp.topcalc.net;
ssl_certificate /etc/letsencrypt/live/topcalc.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/topcalc.net/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location /mcp {
proxy_pass http://192.168.0.52:18330;
proxy_http_version 1.1;
proxy_set_header Connection '';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_cache off;
proxy_read_timeout 86400s;
chunked_transfer_encoding on;
}
location / {
proxy_pass http://192.168.0.52:18330;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
proxy_read_timeout 180s;
add_header Access-Control-Allow-Origin $http_origin always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
add_header Access-Control-Allow-Headers "Content-Type, Authorization" always;
}
}
인증서 갱신 중...