Merge pull request #136 from prgrms-web-devcourse-final-project/feat/#135

[Deploy] 수동 배포 환경 구성

Author: Creamcheesepie

.dockerignore

@@ -0,0 +1,52 @@
+# =========================
+# Git
+# =========================
+.git
+.gitignore
+.gitattributes
+
+# =========================
+# Gradle
+# =========================
+.gradle
+build/
+
+# (gradle-wrapper는 Dockerfile에서 필요)
+!gradle/wrapper/gradle-wrapper.jar
+
+# =========================
+# IDE
+# =========================
+.idea
+*.iml
+*.ipr
+*.iws
+.vscode
+*.swp
+*.swo
+*~
+
+# =========================
+# OS
+# =========================
+.DS_Store
+Thumbs.db
+
+# =========================
+# Logs
+# =========================
+*.log
+
+# =========================
+# Test (이미지에 필요 없음)
+# =========================
+src/test
+
+# =========================
+# Environment / Secrets
+# =========================
+.env
+.env.*
+*.pem
+*.key
+*.crt

Dockerfile

@@ -0,0 +1,51 @@
+# =========================
+# Stage 1: Build
+# =========================
+FROM gradle:8.5-jdk21 AS builder
+WORKDIR /app
+
+# Gradle 캐시 최적화
+COPY build.gradle.kts settings.gradle.kts ./
+COPY gradle ./gradle
+
+# Download dependencies (cached layer)
+RUN gradle dependencies --no-daemon || true
+
+# 소스 복사 및 빌드
+COPY src ./src
+
+# Build application
+RUN gradle bootJar --no-daemon -x test
+
+# =========================
+# Stage 2: Runtime
+# =========================
+FROM eclipse-temurin:21-jre-alpine
+WORKDIR /app
+
+# Timezone 설정
+ENV TZ=Asia/Seoul
+
+# 보안: non-root 유저
+RUN addgroup -S spring && adduser -S spring -G spring
+USER spring:spring
+
+# JAR 복사
+COPY --from=builder /app/build/libs/*.jar app.jar
+
+# 포트
+EXPOSE 8080
+
+# Docker 헬스체크 (ALB 헬스체크와 동일 경로)
+HEALTHCHECK --interval=30s --timeout=3s --start-period=40s --retries=3 \
+  CMD wget --no-verbose --tries=1 --spider http://localhost:8080/actuator/health || exit 1
+
+# 실행
+ENTRYPOINT ["java", \
+  "-XX:+UseContainerSupport", \
+  "-Xms128m", \
+  "-Xmx256m", \
+  "-Duser.timezone=Asia/Seoul", \
+  "-Djava.security.egd=file:/dev/./urandom", \
+  "-jar", \
+  "app.jar"]

build.gradle.kts

@@ -1,5 +1,3 @@
-import org.gradle.kotlin.dsl.implementation
-
 plugins {
     java
     id("org.springframework.boot") version "3.5.8"
@@ -75,6 +73,8 @@ dependencies {
 
     // Spotify
     implementation("se.michaelthelin.spotify:spotify-web-api-java:8.4.1")
+
+    implementation("org.springframework.boot:spring-boot-starter-actuator")
 }
 
 tasks.withType<Test> {

src/main/java/com/back/web7_9_codecrete_be/global/security/SecurityConfig.java

@@ -1,7 +1,7 @@
 package com.back.web7_9_codecrete_be.global.security;
 
-import com.back.web7_9_codecrete_be.domain.auth.service.TokenService;
-import lombok.RequiredArgsConstructor;
+import java.util.List;
+
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
@@ -14,87 +14,90 @@
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 
-import java.util.List;
+import com.back.web7_9_codecrete_be.domain.auth.service.TokenService;
+
+import lombok.RequiredArgsConstructor;
 
 @Configuration
 @RequiredArgsConstructor
 public class SecurityConfig {
 
-    private final JwtTokenProvider jwtTokenProvider;
-    private final JwtProperties jwtProperties;
-    private final CustomUserDetailService customUserDetailService;
-    private final TokenService tokenService;
+	private final JwtTokenProvider jwtTokenProvider;
+	private final JwtProperties jwtProperties;
+	private final CustomUserDetailService customUserDetailService;
+	private final TokenService tokenService;
 
-    @Bean
-    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+	@Bean
+	public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 
-        http
-                .csrf(csrf -> csrf.disable())
-                .cors(Customizer.withDefaults())
+		http
+			.csrf(csrf -> csrf.disable())
+			.cors(Customizer.withDefaults())
 
-                // 기본 로그인 폼 비활성화
-                .formLogin(form -> form.disable())
+			// 기본 로그인 폼 비활성화
+			.formLogin(form -> form.disable())
 
-                // HTTP Basic 인증 비활성화
-                .httpBasic(basic -> basic.disable())
+			// HTTP Basic 인증 비활성화
+			.httpBasic(basic -> basic.disable())
 
-                // H2 Console 설정
-                .headers(headers -> headers.frameOptions(frame -> frame.disable()))
+			// H2 Console 설정
+			.headers(headers -> headers.frameOptions(frame -> frame.disable()))
 
-                // 세션 관리 설정 - Stateless
-                .sessionManagement((session) -> session
-                        .sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+			// 세션 관리 설정 - Stateless
+			.sessionManagement((session) -> session
+				.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
 
-                // Authorization 설정
-                .authorizeHttpRequests(auth -> auth
-                        .requestMatchers(
-                                "/api/v1/auth/**",      // 로그인/회원가입은 허용
-                                "/v3/api-docs/**",       // Swagger
-                                "/swagger-ui/**",         // Swagger UI
-                                "/h2-console/**",       // H2 Console
-                                "/api/v1/location/**",      //location 정보 조회 도메인(임시)
-                                "/api/v1/concerts/**",     // concert 정보 조회 도메인
-                                "/api/v1/artists/**"    // artist 정보 저장 도메인(임시)
-                        ).permitAll()
+			// Authorization 설정
+			.authorizeHttpRequests(auth -> auth
+				.requestMatchers(
+					"/actuator/**",
+					"/api/v1/auth/**",      // 로그인/회원가입은 허용
+					"/v3/api-docs/**",       // Swagger
+					"/swagger-ui/**",         // Swagger UI
+					"/h2-console/**",       // H2 Console
+					"/api/v1/location/**",      //location 정보 조회 도메인(임시)
+					"/api/v1/concerts/**",     // concert 정보 조회 도메인
+					"/api/v1/artists/**"    // artist 정보 저장 도메인(임시)
+				).permitAll()
 
-                        // ADMIN 전용
-                        .requestMatchers("/api/v1/admin/**").hasRole("ADMIN")
+				// ADMIN 전용
+				.requestMatchers("/api/v1/admin/**").hasRole("ADMIN")
 
-                        // USER, ADMIN 허용
-                        .requestMatchers("/api/v1/users/**").hasAnyRole("USER", "ADMIN")
+				// USER, ADMIN 허용
+				.requestMatchers("/api/v1/users/**").hasAnyRole("USER", "ADMIN")
 
-                        .anyRequest().authenticated()
-                )
+				.anyRequest().authenticated()
+			)
 
-                .addFilterBefore(
-                        new JwtAuthenticationFilter(jwtTokenProvider, jwtProperties, tokenService),
-                        UsernamePasswordAuthenticationFilter.class
-                );
+			.addFilterBefore(
+				new JwtAuthenticationFilter(jwtTokenProvider, jwtProperties, tokenService),
+				UsernamePasswordAuthenticationFilter.class
+			);
 
-        return http.build();
-    }
+		return http.build();
+	}
 
-    @Bean
-    public AuthenticationManager authenticationManager(AuthenticationConfiguration configuration) throws Exception {
-        return configuration.getAuthenticationManager();
-    }
+	@Bean
+	public AuthenticationManager authenticationManager(AuthenticationConfiguration configuration) throws Exception {
+		return configuration.getAuthenticationManager();
+	}
 
-    // CORS 설정(로컬 프론트 통신 허용)
-    @Bean
-    public UrlBasedCorsConfigurationSource corsConfigurationSource() {
-        CorsConfiguration configuration =new CorsConfiguration();
+	// CORS 설정(로컬 프론트 통신 허용)
+	@Bean
+	public UrlBasedCorsConfigurationSource corsConfigurationSource() {
+		CorsConfiguration configuration = new CorsConfiguration();
 
-        configuration.setAllowedOrigins(List.of("http://localhost:3000","https://web-6-7-codecrete-fe.vercel.app", "https://www.naeconcertbutakhae.shop"));
-        configuration.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"));
+		configuration.setAllowedOrigins(List.of("http://localhost:3000", "https://web-6-7-codecrete-fe.vercel.app", "https://www.naeconcertbutakhae.shop"));
+		configuration.setAllowedMethods(List.of("GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"));
 
-        configuration.setAllowedHeaders(List.of("*"));
+		configuration.setAllowedHeaders(List.of("*"));
 
-        //쿠키 자동으로 넘어가게 설정
-        configuration.setAllowCredentials(true);
+		//쿠키 자동으로 넘어가게 설정
+		configuration.setAllowCredentials(true);
 
-        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-        source.registerCorsConfiguration("/api/**", configuration);
+		UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+		source.registerCorsConfiguration("/api/**", configuration);
 
-        return source;
-    }
+		return source;
+	}
 }

src/main/resources/application-prod.yml

@@ -0,0 +1,47 @@
+server:
+  tomcat:
+    max-threads: 30
+    accept-count: 100
+
+spring:
+  config:
+    activate:
+      on-profile: prod
+
+  data:
+    redis:
+      host: ${SPRING_REDIS_HOST}
+      port: ${SPRING_REDIS_PORT}
+
+  datasource:
+    url: ${DATABASE_URL}
+    username: ${DB_USERNAME}
+    password: ${DB_PASSWORD}
+    driver-class-name: com.mysql.cj.jdbc.Driver
+    hikari:
+      maximum-pool-size: 8
+      minimum-idle: 4
+      connection-timeout: 30000
+      max-lifetime: 1800000
+
+  jpa:
+    hibernate:
+      ddl-auto: none
+    show-sql: false
+
+logging:
+  level:
+    org.hibernate.SQL: WARN
+
+management:
+  endpoints:
+    web:
+      exposure:
+        include: health
+  endpoint:
+    health:
+      show-details: always
+
+  observations:
+    key-values:
+      env: prod