# ISO8601 시간을 "YYYY-MM-DD HH:mm:ss" 형식으로 변환 map $time_iso8601 $time_custom { "~^(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})" "$1-$2-$3 $4:$5:$6"; } log_format json_combined escape=json '{' '"time":"$time_custom",' '"level":"INFO",' '"msg":"http_access",' '"svc":"baron-gateway",' '"status":$status,' '"method":"$request_method",' '"path":"$request_uri",' '"latency":"${request_time}s",' '"ip":"$remote_addr",' '"forwarded_for":"$http_x_forwarded_for",' '"user_agent":"$http_user_agent"' '}'; server { listen 5000; client_header_buffer_size 16k; large_client_header_buffers 4 64k; include /etc/nginx/mime.types; types { application/javascript mjs; } resolver 127.0.0.11 valid=10s ipv6=off; set $backend_upstream http://backend:23000; set $userfront_upstream http://userfront:5000; set $oathkeeper_upstream http://oathkeeper:4455; error_log /dev/stderr warn; access_log /var/log/nginx/access.log json_combined; # --- CRITICAL: OIDC & OAuth2 (Must be at the TOP with ^~ to prevent falling through to /) --- # Discovery Document location ^~ /.well-known/openid-configuration { proxy_pass $oathkeeper_upstream; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # OAuth2 Auth/Token Endpoints (Standard) location ^~ /oauth2/ { proxy_pass $oathkeeper_upstream; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # OAuth2 Auth/Token Endpoints (Localized - /ko/oauth2) location ^~ /ko/oauth2/ { rewrite ^/ko/oauth2/(.*)$ /oauth2/$1 break; proxy_pass $oathkeeper_upstream; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # OAuth2 Auth/Token Endpoints (Localized - /en/oauth2) location ^~ /en/oauth2/ { rewrite ^/en/oauth2/(.*)$ /oauth2/$1 break; proxy_pass $oathkeeper_upstream; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # OIDC Endpoints (Localized - /ko/oidc, /en/oidc) location ^~ /ko/oidc/ { rewrite ^/ko/oidc/(.*)$ /oidc/$1 last; } location ^~ /en/oidc/ { rewrite ^/en/oidc/(.*)$ /oidc/$1 last; } # --- Other Services --- location /api { proxy_pass $backend_upstream; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /auth { proxy_pass $oathkeeper_upstream; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /oidc { rewrite ^/oidc/(.*)$ /$1 break; proxy_pass $oathkeeper_upstream; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # --- Default: UserFront --- location / { proxy_pass $userfront_upstream; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } }