nginx.past.conf

# 과거에 nginx 80포트로는 프론트 웹 서버 연결이 잘 되었던 nginx 설정 파일.
# 전체 적으로
# # Add CORS headers
#             add_header 'Access-Control-Allow-Origin' '*';
#             add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
#             add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization';
# 이 코드 들이 필요 없는거 같긴함.

events { }

http {
    resolver 127.0.0.11 valid=30s;  # Use Docker's built-in DNS

    limit_req_zone $binary_remote_addr zone=ip_limit:10m rate=30r/s;

    # 브라우저에서 403이 발생한다면 backend에서 cors 처리를 해보자.
    server {
        listen 80; # Set the port on which Nginx will receive requests
        server_name 43.202.1.52;

        # Proxy HTTP requests to the React application directly
        location / {
            proxy_pass http://43.202.1.52:5173/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
# Add CORS headers
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization';
        }

        # Redirect HTTP /api requests to HTTPS
        location /api {
            return 301 https://$host$request_uri;
        }
    }

    upstream steach-server {
        # real
        server 43.202.1.52:8080; # Set the port used by the steach-server application
        server 127.0.0.1:65535 backup;  # Dummy server
    }

    upstream steach-front {
        server localhost:5173; # Set the port used by the steach-front application
        server 127.0.0.1:65535 backup;  # Dummy server
    }

    server {
        listen 443 ssl;
        server_name 43.202.1.52;

        ssl_certificate /etc/letsencrypt/live/43.202.1.52/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/43.202.1.52/privkey.pem;

        index index.html;
        error_page 404 /index.html;

        location / {
            # 여기에 https를 하면 안됨.
            # 왜냐면 현재 같은 aws 서버 내에서 통신을 하는데 https를 할 이유가 없다.
            # 그런데 이거 때문에 502 BAD GATEWAY 까지 할 일이 있나??
            proxy_pass http://43.202.1.52:5173/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            try_files $uri /index.html;
            proxy_ssl_protocols TLSv1.2 TLSv1.3;
            proxy_ssl_ciphers HIGH:!aNULL:!MD5;
# Add CORS headers
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization';

            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }

        location /api {
            proxy_pass http://steach-server;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;

# Add CORS headers
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization';
        }

        location ~ ^/api/v1/(lectures/final/|check/server) {
            limit_req zone=ip_limit nodelay;
            limit_req_status 429;

            proxy_pass http://steach-server;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;

# Add CORS headers
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization';
            }
        }

    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';
    access_log /var/log/nginx/access.log main;
    error_log /var/log/nginx/error.log;

    log_format custom_log_format '$remote_addr - $remote_user [$time_local] "$request" '
                                 'limit_req_status=$limit_req_status $status '
                                 '"$http_referer" "$http_user_agent"';
    access_log /var/log/nginx/access.log custom_log_format;
}