첫 커밋: 로컬 프로젝트 업로드

2026-06-10 15:51:34 +09:00
commit 6a8dbeb2e9
1211 changed files with 312864 additions and 0 deletions
--- a/baron-sso/gateway/Dockerfile
+++ b/baron-sso/gateway/Dockerfile
@@ -0,0 +1,6 @@
+FROM nginx:alpine
+
+COPY nginx.conf /etc/nginx/conf.d/default.conf
+
+EXPOSE 5000
+CMD ["nginx", "-g", "daemon off;"]
--- a/baron-sso/gateway/entrypoint.sh
+++ b/baron-sso/gateway/entrypoint.sh
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+# 대상 호스트와 포트가 준비될 때까지 대기하는 함수
+wait_for_host() {
+  host=$1
+  port=$2
+  name=$3
+  
+  echo "Waiting for $name ($host:$port)..."
+  
+  # 최대 30초 동안 대기
+  count=0
+  until nc -z $host $port || [ $count -eq 30 ]; do
+    sleep 1
+    count=$((count + 1))
+  done
+
+  if [ $count -eq 30 ]; then
+    echo "Timeout waiting for $name"
+  else
+    echo "$name is ready!"
+  fi
+}
+
+# 백엔드와 유저프론트 대기 (Oathkeeper는 인프라 레벨이므로 함께 뜰 가능성이 높지만 안전을 위해 포함)
+wait_for_host "baron_backend" 3000 "Backend"
+wait_for_host "baron_userfront" 5000 "UserFront"
+wait_for_host "oathkeeper" 4455 "Oathkeeper"
+
+echo "All dependencies are up. Starting Nginx..."
+exec nginx -g 'daemon off;'
--- a/baron-sso/gateway/nginx.conf
+++ b/baron-sso/gateway/nginx.conf
@@ -0,0 +1,116 @@
+# ISO8601 시간을 "YYYY-MM-DD HH:mm:ss" 형식으로 변환
+map $time_iso8601 $time_custom {
+    "~^(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})" "$1-$2-$3 $4:$5:$6";
+}
+
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    '' close;
+}
+
+# Go slog 포맷과 맞춘 JSON 액세스 로그
+log_format json_combined escape=json
+    '{'
+    '"time":"$time_custom",'
+    '"level":"INFO",'
+    '"msg":"http_access",'
+    '"svc":"baron-gateway",'
+    '"status":$status,'
+    '"method":"$request_method",'
+    '"path":"$request_uri",'
+    '"latency":"${request_time}s",'
+    '"ip":"$remote_addr",'
+    '"forwarded_for":"$http_x_forwarded_for",'
+    '"user_agent":"$http_user_agent"'
+    '}';
+
+server {
+    listen 5000;
+    client_header_buffer_size 16k;
+    large_client_header_buffers 4 64k;
+    include /etc/nginx/mime.types;
+    types {
+        application/javascript mjs;
+    }
+
+    resolver 127.0.0.11 valid=10s ipv6=off;
+    set $backend_upstream http://baron_backend:3000;
+    set $userfront_upstream http://baron_userfront:5000;
+    set $oathkeeper_upstream http://oathkeeper:4455;
+    
+    error_log /dev/stderr warn;
+    access_log /var/log/nginx/access.log json_combined;
+
+    # 안정성 튜닝
+    client_max_body_size 10m;
+    keepalive_timeout 65;
+
+    # --- Backend API Proxy ---
+    location /api {
+        proxy_pass $backend_upstream;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    # --- Ory Stack Proxy (via Oathkeeper) ---
+    # Kratos Public API
+    location /auth {
+        proxy_pass $oathkeeper_upstream;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    # Hydra Public API
+    location /oidc {
+        proxy_pass $oathkeeper_upstream;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    # --- 내부 웹앱 프록시 (초기에는 Private Net 내부에서만 운영) ---
+    # AdminFront (Vite Dev Server or Nginx)
+    # location /admin {
+    #     proxy_pass http://baron_adminfront:5173;
+    #     proxy_set_header Host $host;
+    #     proxy_set_header X-Real-IP $remote_addr;
+    #     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    #     proxy_set_header X-Forwarded-Proto $scheme;
+    #
+    #     # WebSocket 지원 (Vite HMR)
+    #     proxy_http_version 1.1;
+    #     proxy_set_header Upgrade $http_upgrade;
+    #     proxy_set_header Connection "upgrade";
+    # }
+
+    # DevFront (Vite Dev Server or Nginx)
+    # location /dev {
+    #     proxy_pass http://baron_devfront:5173;
+    #     proxy_set_header Host $host;
+    #     proxy_set_header X-Real-IP $remote_addr;
+    #     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    #     proxy_set_header X-Forwarded-Proto $scheme;
+    #
+    #     # WebSocket 지원 (Vite HMR)
+    #     proxy_http_version 1.1;
+    #     proxy_set_header Upgrade $http_upgrade;
+    #     proxy_set_header Connection "upgrade";
+    # }
+
+    # --- UserFront 정적 파일 프록시 ---
+    location / {
+        proxy_pass $userfront_upstream;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+    }
+}