배포 환경 개편

.github/workflows/deploy.yml

@@ -1,56 +1,40 @@
-name: Deploy to Prod via Bastion
+name: Deploy to EC2 on main merge
 
 on:
   pull_request:
     types: [closed]
-    branches: [main]
+    branches:
+      - main
 
 jobs:
   deploy:
     if: github.event.pull_request.merged == true
     runs-on: ubuntu-latest
 
     steps:
-      - name: Checkout
+      - name: Checkout code
         uses: actions/checkout@v3
 
       - name: Build JAR
         run: ./gradlew clean build -x test
 
-      - name: Setup SSH known_hosts
-        run: |
-          mkdir -p ~/.ssh
-          ssh-keyscan -H ${{ secrets.BASTION_IP }} >> ~/.ssh/known_hosts || true
-          ssh-keyscan -H ${{ secrets.PROD_IP }} >> ~/.ssh/known_hosts || true
-          chmod 644 ~/.ssh/known_hosts
-
-      - name: Setup SSH Agent (Bastion + Prod Key 등록)
-        uses: webfactory/[email protected]
+      - name: Upload JAR to EC2
+        uses: appleboy/[email protected]
         with:
-          ssh-private-key: |
-            ${{ secrets.BASTION_SSH_PRIVATE_KEY }}
-            ${{ secrets.PROD_SSH_PRIVATE_KEY }}
-
-      - name: Test SSH to Bastion
-        run: ssh -o StrictHostKeyChecking=no ${{ secrets.SSH_USER }}@${{ secrets.BASTION_IP }} hostname
-
-      - name: Test SSH to Prod via Bastion
-        run: |
-          ssh -o "ProxyCommand=ssh -W %h:%p -o StrictHostKeyChecking=no ${{ secrets.SSH_USER }}@${{ secrets.BASTION_IP }}" \
-              -o StrictHostKeyChecking=no \
-              ${{ secrets.SSH_USER }}@${{ secrets.PROD_IP }} hostname
-
-      - name: Transfer JAR to Prod via Bastion
-        run: |
-          scp -o "ProxyCommand=ssh -W %h:%p -o StrictHostKeyChecking=no ${{ secrets.SSH_USER }}@${{ secrets.BASTION_IP }}" \
-              build/libs/busan-0.0.1-SNAPSHOT.jar \
-              ${{ secrets.SSH_USER }}@${{ secrets.PROD_IP }}:/home/ubuntu/app/jar/app.jar
-
-      - name: Trigger Deployment
-        run: |
-          ssh -o "ProxyCommand=ssh -W %h:%p -o StrictHostKeyChecking=no ${{ secrets.SSH_USER }}@${{ secrets.BASTION_IP }}" \
-              -o StrictHostKeyChecking=no \
-              ${{ secrets.SSH_USER }}@${{ secrets.PROD_IP }} << 'EOF'
-                cd /home/ubuntu/app
-                ./switch.sh
-          EOF
+          host: ${{ secrets.EC2_HOST }}
+          username: ubuntu
+          key: ${{ secrets.EC2_SSH_KEY }}
+          source: build/libs/*.jar
+          target: /home/ubuntu/app/app.jar
+
+      - name: SSH and deploy Docker container
+        uses: appleboy/[email protected]
+        with:
+          host: ${{ secrets.EC2_HOST }}
+          username: ubuntu
+          key: ${{ secrets.EC2_SSH_KEY }}
+          script: |
+            docker pull your-docker-image:latest || true
+            docker stop myapp || true
+            docker rm myapp || true
+            docker run -d --name myapp --env-file /home/ubuntu/app/.env -p 8080:8080 openjdk:17-jdk java -jar /home/ubuntu/app/app.jar

docker-compose.yml

@@ -0,0 +1,25 @@
+version: "3.8"
+
+services:
+  app:
+    container_name: spring-app
+    build:
+      context: .
+      dockerfile: Dockerfile
+    ports:
+      - "8080:8080"
+    env_file:
+      - .env
+    restart: always
+
+  nginx:
+    image: nginx:alpine
+    container_name: nginx-proxy
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./nginx/nginx.conf:/etc/nginx/nginx.conf
+    depends_on:
+      - app
+    restart: always

nginx/app.conf

@@ -1,12 +1,27 @@
-upstream backend {
-    server 127.0.0.1:8081;  # switch.sh에서 8082로 전환됨
-}
-
-server {
-    listen 80;
-    location / {
-        proxy_pass http://backend;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
+events {}
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+    sendfile        on;
+
+    server {
+        listen 80;
+        server_name _;
+
+        location / {
+            proxy_pass http://spring-app:8080;
+            proxy_http_version 1.1;
+
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+
+            # optional: for WebSocket or SSE
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+        }
+
     }
 }