-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
22 changed files
with
592 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
name: Genetic | ||
|
||
on: | ||
push: | ||
branches: | ||
- genetic | ||
|
||
jobs: | ||
deploy: | ||
timeout-minutes: 10 | ||
runs-on: ubuntu-latest | ||
env: | ||
NGINX_CONF: genetic.conf | ||
MODULE_NAME: hyunsub-genetic | ||
WORKING_DIR: ~/apps/hyunsub-genetic | ||
|
||
steps: | ||
- uses: actions/checkout@v2 | ||
- uses: szenius/set-timezone@v1.0 | ||
with: | ||
timezoneLinux: "Asia/Seoul" | ||
- uses: actions/setup-java@v2 | ||
with: | ||
java-version: '17' | ||
distribution: 'adopt' | ||
- uses: actions/cache@v2 | ||
with: | ||
path: | | ||
~/.gradle/caches | ||
~/.gradle/wrapper | ||
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle', '**/gradle-wrapper.properties') }} | ||
restore-keys: | | ||
${{ runner.os }}-gradle- | ||
- run: ./gradlew :${{ env.MODULE_NAME }}:bootJar | ||
- run: > | ||
rm -f ~/.gradle/caches/modules-2/modules-2.lock; | ||
rm -f ~/.gradle/caches/modules-2/gc.properties; | ||
- run: echo "JAR_FILE_NAME=$(ls -1 ${{ env.MODULE_NAME }}/build/libs | grep -v plain)" >> $GITHUB_ENV | ||
- uses: appleboy/scp-action@master | ||
with: | ||
host: ${{ secrets.HOST }} | ||
username: ${{ secrets.USERNAME }} | ||
password: ${{ secrets.PASSWORD }} | ||
port: ${{ secrets.PORT }} | ||
source: "${{ env.MODULE_NAME }}/build/libs/${{ env.JAR_FILE_NAME }}" | ||
target: ${{ env.WORKING_DIR }} | ||
strip_components: 3 | ||
- uses: appleboy/scp-action@master | ||
with: | ||
host: ${{ secrets.HOST }} | ||
username: ${{ secrets.USERNAME }} | ||
password: ${{ secrets.PASSWORD }} | ||
port: ${{ secrets.PORT }} | ||
source: "${{ env.MODULE_NAME }}/etc/run.sh" | ||
target: ${{ env.WORKING_DIR }} | ||
strip_components: 2 | ||
- uses: appleboy/scp-action@master | ||
with: | ||
host: ${{ secrets.HOST }} | ||
username: ${{ secrets.USERNAME }} | ||
password: ${{ secrets.PASSWORD }} | ||
port: ${{ secrets.PORT }} | ||
source: "${{ env.MODULE_NAME }}/etc/${{ env.NGINX_CONF }}" | ||
target: "/etc/nginx/conf.d" | ||
strip_components: 2 | ||
- uses: appleboy/ssh-action@master | ||
with: | ||
host: ${{ secrets.HOST }} | ||
username: ${{ secrets.USERNAME }} | ||
password: ${{ secrets.PASSWORD }} | ||
port: ${{ secrets.PORT }} | ||
script: > | ||
sudo nginx -s reload; | ||
cd ${{ env.WORKING_DIR }}; | ||
rm -f ${{ env.MODULE_NAME }}.jar; | ||
ln -s ${{ env.JAR_FILE_NAME }} ${{ env.MODULE_NAME }}.jar; | ||
ls -1tr *.jar | head -n -6 | xargs -d '\n' rm -f --; | ||
chmod +x run.sh; | ||
./run.sh; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,109 @@ | ||
server { | ||
listen 80; | ||
server_name local-genetic.hyunsub.kim; | ||
|
||
location / { | ||
return 301 https://$server_name$request_uri; | ||
} | ||
} | ||
|
||
server { | ||
listen 443 ssl http2; | ||
server_name local-genetic.hyunsub.kim; | ||
error_page 401 /unauthorized; | ||
client_max_body_size 1024M; | ||
|
||
ssl_certificate /etc/nginx/cert/hyunsub.fullchain.pem; | ||
ssl_certificate_key /etc/nginx/cert/hyunsub.privkey.pem; | ||
|
||
## WEB ================================ | ||
location ~* \.(ico|css|js|map|json|png)$ { | ||
proxy_pass http://host.docker.internal:3000; | ||
access_log off; | ||
} | ||
|
||
location / { | ||
add_header Last-Modified ""; | ||
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; | ||
if_modified_since off; | ||
expires off; | ||
etag off; | ||
|
||
auth_request /auth; | ||
auth_request_set $x_redirect_url $upstream_http_x_redirect_url; | ||
|
||
proxy_pass http://host.docker.internal:3000; | ||
} | ||
## ================================ | ||
|
||
## API ================================ | ||
location /api { | ||
auth_request /auth; | ||
auth_request_set $x_auth_failed $upstream_http_x_auth_failed; | ||
auth_request_set $x_hyunsub_auth $upstream_http_x_hyunsub_auth; | ||
|
||
proxy_pass http://host.docker.internal:7011; | ||
proxy_set_header X-Hyunsub-Auth $x_hyunsub_auth; | ||
proxy_set_header X-Original-IP $remote_addr; | ||
proxy_set_header X-Original-URL $scheme://$http_host$request_uri$is_args$args; | ||
} | ||
|
||
location /socket { | ||
auth_request /auth; | ||
auth_request_set $x_auth_failed $upstream_http_x_auth_failed; | ||
auth_request_set $x_hyunsub_auth $upstream_http_x_hyunsub_auth; | ||
|
||
proxy_pass http://host.docker.internal:7011; | ||
proxy_set_header X-Hyunsub-Auth $x_hyunsub_auth; | ||
proxy_set_header X-Original-IP $remote_addr; | ||
proxy_set_header X-Original-URL $scheme://$http_host$request_uri$is_args$args; | ||
|
||
proxy_http_version 1.1; | ||
proxy_set_header Upgrade $http_upgrade; | ||
proxy_set_header Connection 'upgrade'; | ||
proxy_set_header Host $host; | ||
proxy_cache_bypass $http_upgrade; | ||
} | ||
|
||
location = /health-check { | ||
proxy_pass http://host.docker.internal:7011; | ||
proxy_set_header X-Original-IP $remote_addr; | ||
} | ||
## ================================ | ||
|
||
## AUTH ================================ | ||
location = /auth { | ||
internal; | ||
proxy_pass https://auth.hyunsub.kim/api/v1/nginx/auth; | ||
proxy_pass_request_body off; | ||
proxy_set_header Content-Length ''; | ||
proxy_set_header X-Original-IP $remote_addr; | ||
proxy_set_header X-Original-URL $scheme://$http_host$request_uri$is_args$args; | ||
proxy_set_header X-Original-Method $request_method; | ||
} | ||
|
||
location /unauthorized { | ||
default_type 'application/json'; | ||
internal; | ||
|
||
if ($x_redirect_url) { | ||
return 307 $x_redirect_url; | ||
} | ||
if ($x_auth_failed) { | ||
return 401 $x_auth_failed; | ||
} | ||
return 500 'unexpected nginx error'; | ||
} | ||
## ================================ | ||
|
||
# for react dev | ||
location ~ ^/(ws|sockjs-node) { | ||
access_log off; | ||
proxy_pass http://host.docker.internal:3000; | ||
proxy_http_version 1.1; | ||
proxy_set_header Upgrade $http_upgrade; | ||
proxy_set_header Connection 'upgrade'; | ||
proxy_set_header Host $host; | ||
proxy_cache_bypass $http_upgrade; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,103 @@ | ||
server { | ||
listen 80; | ||
server_name genetic.hyunsub.kim; | ||
|
||
location / { | ||
return 301 https://$server_name$request_uri; | ||
} | ||
} | ||
|
||
server { | ||
listen 443 ssl http2; | ||
server_name genetic.hyunsub.kim; | ||
error_page 401 /unauthorized; | ||
client_max_body_size 1024M; | ||
|
||
access_log /var/log/nginx/genetic/genetic.access.log main; | ||
error_log /var/log/nginx/genetic/genetic.error.log; | ||
|
||
ssl_certificate /etc/letsencrypt/live/hyunsub.kim/fullchain.pem; | ||
ssl_certificate_key /etc/letsencrypt/live/hyunsub.kim/privkey.pem; | ||
|
||
## WEB ================================ | ||
location ~* \.(ico|css|js|map|json|png)$ { | ||
root /home/hyunsub/html/hyunsub-apps-react/genetic; | ||
access_log off; | ||
} | ||
|
||
location / { | ||
add_header Last-Modified ""; | ||
add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; | ||
if_modified_since off; | ||
expires off; | ||
etag off; | ||
|
||
auth_request /auth; | ||
auth_request_set $x_redirect_url $upstream_http_x_redirect_url; | ||
|
||
root /home/hyunsub/html/hyunsub-apps-react/genetic; | ||
index index.html index.htm; | ||
try_files $uri $uri/ /index.html; | ||
} | ||
## ================================ | ||
|
||
## API ================================ | ||
location /api { | ||
auth_request /auth; | ||
auth_request_set $x_auth_failed $upstream_http_x_auth_failed; | ||
auth_request_set $x_hyunsub_auth $upstream_http_x_hyunsub_auth; | ||
|
||
proxy_pass http://localhost:7011; | ||
proxy_set_header X-Hyunsub-Auth $x_hyunsub_auth; | ||
proxy_set_header X-Original-IP $remote_addr; | ||
proxy_set_header X-Original-URL $scheme://$http_host$request_uri$is_args$args; | ||
} | ||
|
||
location /socket { | ||
auth_request /auth; | ||
auth_request_set $x_auth_failed $upstream_http_x_auth_failed; | ||
auth_request_set $x_hyunsub_auth $upstream_http_x_hyunsub_auth; | ||
|
||
proxy_pass http://localhost:7011; | ||
proxy_set_header X-Hyunsub-Auth $x_hyunsub_auth; | ||
proxy_set_header X-Original-IP $remote_addr; | ||
proxy_set_header X-Original-URL $scheme://$http_host$request_uri$is_args$args; | ||
|
||
proxy_http_version 1.1; | ||
proxy_set_header Upgrade $http_upgrade; | ||
proxy_set_header Connection 'upgrade'; | ||
proxy_set_header Host $host; | ||
proxy_cache_bypass $http_upgrade; | ||
} | ||
|
||
location = /health-check { | ||
proxy_pass http://localhost:7011; | ||
proxy_set_header X-Original-IP $remote_addr; | ||
} | ||
## ================================ | ||
|
||
## AUTH ================================ | ||
location = /auth { | ||
internal; | ||
proxy_pass https://auth.hyunsub.kim/api/v1/nginx/auth; | ||
proxy_pass_request_body off; | ||
proxy_set_header Content-Length ''; | ||
proxy_set_header X-Original-IP $remote_addr; | ||
proxy_set_header X-Original-URL $scheme://$http_host$request_uri$is_args$args; | ||
proxy_set_header X-Original-Method $request_method; | ||
} | ||
|
||
location /unauthorized { | ||
default_type 'application/json'; | ||
internal; | ||
|
||
if ($x_redirect_url) { | ||
return 307 $x_redirect_url; | ||
} | ||
if ($x_auth_failed) { | ||
return 401 $x_auth_failed; | ||
} | ||
return 500 'unexpected nginx error'; | ||
} | ||
## ================================ | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
PID=`ps -ef | grep java | grep hyunsub-genetic | awk '{print $2}'` | ||
if [ ! -z $PID ]; then | ||
echo "* kill $PID" | ||
kill -9 $PID | ||
fi | ||
|
||
nohup java -Dspring.profiles.active=prod -jar hyunsub-genetic.jar > nohup.out 2>&1 < /dev/null & | ||
echo "* new $!" |
Oops, something went wrong.