✅ 1. nginx/default.conf (리버스 프록시 + HTTPS 설정용)

nginx/default.conf 파일을 다음처럼 만들어주세요:


server {
    listen 80;
    server_name howtoeat.ai.kr www.howtoeat.ai.kr;

    location /.well-known/acme-challenge/ {
        root /var/lib/letsencrypt/;
    }

    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl;
    server_name howtoeat.ai.kr www.howtoeat.ai.kr;

    ssl_certificate /etc/letsencrypt/live/howtoeat.ai.kr/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/howtoeat.ai.kr/privkey.pem;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;

    location /api/ {
        rewrite ^/api(/.*)$ $1 break;
        proxy_pass <http://backend:8080/>;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }

    location / {
        proxy_pass <http://frontend:3000/>;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

✅ 2. 완성된 docker-compose.yml

당신의 기존 구성에 nginx + certbot 서비스, 볼륨만 추가된 완전 버전입니다:


version: '3.8'

services:
  backend:
    image: jay1261/howtoeat-back:latest
    container_name: backend
    ports:
      - "8080:8080"
    environment:
      DATASOURCE_URL: jdbc:mysql://howtoeat.ctsu8qq6enj7.ap-northeast-2.rds.amazonaws.com:3306/howtoeat
      DATASOURCE_USERNAME: root
      DATASOURCE_PASSWORD: ekdhf1234
    restart: always
    networks:
      - app-network

  frontend:
    image: jay1261/howtoeat-front:latest
    container_name: frontend
    ports:
      - "3000:3000"
    environment:
      - REACT_APP_BACKEND_URL=http://backend:8080
    depends_on:
      - backend
    restart: always
    networks:
      - app-network

  nginx:
    image: nginx:latest
    container_name: nginx
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx/default.conf:/etc/nginx/conf.d/default.conf
      - certbot-etc:/etc/letsencrypt
      - certbot-var:/var/lib/letsencrypt
    depends_on:
      - frontend
      - backend
    networks:
      - app-network

  certbot:
    image: certbot/certbot
    container_name: certbot
    volumes:
      - certbot-etc:/etc/letsencrypt
      - certbot-var:/var/lib/letsencrypt
    command: certonly --webroot --webroot-path=/var/lib/letsencrypt \\
             --email [email protected] --agree-tos --no-eff-email \\
             -d howtoeat.ai.kr -d www.howtoeat.ai.kr
    networks:
      - app-network

networks:
  app-network:
    driver: bridge

volumes:
  certbot-etc:
  certbot-var:

▶️ 3. 실행 순서


# 1. 컨테이너 빌드 및 실행 (nginx 포함)
docker-compose up -d nginx

# 2. 인증서 발급 (certbot은 한 번만 실행하면 됨)
docker-compose run --rm certbot

# 3. 전체 재시작해서 HTTPS 적용
docker-compose down
docker-compose up -d

인증서 자동 갱신

crontab -e

스크린샷 2025-07-08 오후 5.42.50.png

맨 아래 줄 추가:

0 4 * * * docker-compose run --rm certbot renew --webroot -w /var/lib/letsencrypt && docker-compose restart nginx
시간 설정 의미
0 4 * * * 매일 새벽 4시에 실행
docker-compose run ... 인증서 만료 여부 확인 후 필요 시 갱신
&& docker-compose restart nginx 갱신되면 nginx 자동 재시작