ci: 2024-03-03 배포

Dockerfile

@@ -5,8 +5,8 @@ ENV PNPM_HOME="/root/.local/share/pnpm"
 ENV PATH="${PATH}:${PNPM_HOME}"
 ENV PYTHONUNBUFFERED=1
 RUN apk add --update --no-cache python3 && ln -sf python3 /usr/bin/python
-RUN python3 -m ensurepip
-RUN pip3 install --no-cache --upgrade pip setuptools
+RUN python3 -m venv .venv
+RUN . .venv/bin/activate && pip3 install --no-cache --upgrade pip setuptools
 RUN apk add --no-cache make
 RUN apk add build-base
 RUN npm install --global pnpm
@@ -29,4 +29,3 @@ RUN pnpm -r run build
 RUN rm -rf /app/.pnpm-store
 
 WORKDIR /app/backend
-

backend/src/app.ts

@@ -18,7 +18,6 @@ import { createExpressEndpoints } from '@ts-rest/express';
 
 import router from '~/v1/routes';
 import routerV2 from '~/v2/routes';
-import lusca from "lusca";
 import session from 'express-session';
 import * as crypto from "crypto";
 import { morganMiddleware } from './logger';
@@ -40,7 +39,6 @@ app.use(morganMiddleware);
 app.use(cookieParser(
   secret,
 ));
-app.use(lusca.csrf());
 app.use(passport.initialize());
 app.use(express.urlencoded({ extended: true }));
 app.use(express.json());

backend/src/v1/routes/users.routes.ts

@@ -407,7 +407,7 @@ export const router = Router();
  *                    example: []
  */
 router
-  .get('/search', getRateLimiter, authValidate(roleSet.librarian), search)
+  .get('/search', getRateLimiter, authValidate(roleSet.service), search)
   .post('/create', create)
   .patch('/update/:id', cudRateLimiter, authValidate(roleSet.librarian), update)
   .patch('/myupdate', cudRateLimiter, authValidate(roleSet.all), myupdate)

docker-compose.yaml

@@ -6,8 +6,11 @@ services:
     container_name: nginx
     volumes:
       - ./nginx/conf.d:/etc/nginx/conf.d
+      - ./build:/usr/share/nginx/html/
+      - /etc/letsencrypt:/etc/letsencrypt
     ports:
       - 80:80
+      - 443:443
 
   database:
     platform: linux/x86_64

nginx/conf.d/default.conf

@@ -1,7 +1,6 @@
 server {
     listen       80;
-    #listen  [::]:443;
-    server_name  server.42library.kr;
+    server_name  42library.kr;
 
     #access_log  /var/log/nginx/host.access.log  main;
 
@@ -27,6 +26,13 @@ server {
            proxy_set_header X-Forwarded-Proto $scheme;
     }
 
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+
+        try_files $uri $uri/ /index.html;
+    }
+
     #error_page  404              /404.html;
 
     # redirect server error pages to the static page /50x.html
@@ -35,27 +41,4 @@ server {
     location = /50x.html {
         root   /usr/share/nginx/html;
     }
-
-    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
-    #
-    #location ~ \.php$ {
-    #    proxy_pass   http://127.0.0.1;
-    #}
-
-    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
-    #
-    #location ~ \.php$ {
-    #    root           html;
-    #    fastcgi_pass   127.0.0.1:9000;
-    #    fastcgi_index  index.php;
-    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
-    #    include        fastcgi_params;
-    #}
-
-    # deny access to .htaccess files, if Apache's document root
-    # concurs with nginx's one
-    #
-    #location ~ /\.ht {
-    #    deny  all;
-    #}
 }

scripts/letsencrypt.sh

@@ -0,0 +1,2 @@
+#!/bin/sh
+echo "Starting letsencrypt.sh"