[Network] nginx reverse proxy, redirect 적용

환경 : ec2 (ubuntu 18.04), spring boot, nginx/1.14.0(ubuntu), certbot으로 domain https 인증서 발급

 

certbot https 인증서 발급 참고 블로그

https://junho85.pe.kr/2048

 

- sudo mkdir /var/log/nginx/proxy/          # log, error 파일용 디렉토리

- sudo vi /etc/nginx/proxy_params 아래 코드 작성

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;

client_max_body_size 256M;
client_body_buffer_size 1m;

proxy_buffering on;
proxy_buffers 256 16k;
proxy_buffer_size 128k;
proxy_busy_buffers_size 256k;

proxy_temp_file_write_size 256k;
proxy_max_temp_file_size 1024m;

proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_intercept_errors on;

 

sudi vi /etc/nginx/nginx.conf 안에
http {
    server_names hash_bucke_size64; #주석 제거
}

---

 

- sudo vi /etc/nginx/sites-available/{domain} 아래 코드 작성  {domain} : example.co.kr(com, site, ...)

server {
    listen 80;

    server_name {domain} www.{domain};

    access_log /var/log/nginx/proxy/access.log;
    error_log /var/log/nginx/proxy/error.log;
    return 301 https://{domain}$request_uri;    # 80번 포트요청은 443으로 redirect
}

server {
    listen 443 ssl;

    server_name {domain};

    ssl_certificate /etc/letsencrypt/live/{domain}/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/{domain}/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    access_log /var/log/nginx/proxy/access.log;
    error_log /var/log/nginx/proxy/error.log;

    location / {
        include /etc/nginx/proxy_params;
        proxy_pass http://localhost:8080; #요청 
    }
}

 

sudo ln -s /etc/nginx/sites-available/{domain} /etc/nginx/sites-enabled/ 명령어로 심 링크 설정

 

sudo rm /etc/nginx/sites-available/default

sudo rm /etc/nginx/sites-enabled/default 

 

sudo nginx -t

sudo service nginx reload 후 jar 파일 실행

 

참고

https://community.letsencrypt.org/t/nginx-certbot-redirect-https-www-to-https/142678

https://velog.io/@u-nij/Spring-Boot-Nginx-%EC%97%B0%EB%8F%99%ED%95%B4%EC%84%9C-%EB%B0%B0%ED%8F%AC%ED%95%98%EA%B8%B0