# WebSocket Upgrade 헤더 맵 (Connection 헤더 정확한 전달) map $http_upgrade $connection_upgrade { default upgrade; '' close; } # HTTP 서버 (모바일 앱 접근용) server { listen 80; server_name _; root /usr/share/nginx/html; index index.html; # gzip 압축 gzip on; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; gzip_min_length 1000; # React Router를 위한 설정 location / { try_files $uri $uri/ /index.html; # index.html 캐시 방지 + ETag/Last-Modified 제거 location = /index.html { add_header Cache-Control "no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0"; add_header Pragma "no-cache"; add_header Expires "0"; etag off; if_modified_since off; add_header Last-Modified ""; } } # SSE 알림 구독 (버퍼링 비활성화 필수) location /api/notifications/subscribe { proxy_pass http://backend:8082/api/notifications/subscribe; proxy_http_version 1.1; proxy_set_header Connection ''; proxy_set_header Cache-Control 'no-cache'; proxy_set_header X-Accel-Buffering 'no'; proxy_buffering off; proxy_cache off; chunked_transfer_encoding on; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_connect_timeout 7d; proxy_send_timeout 7d; proxy_read_timeout 7d; add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Authorization' always; } # API 프록시 설정 (백엔드로 요청 전달) location /api/ { proxy_pass http://backend:8082/api/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # 타임아웃 설정 proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; # CORS 헤더 add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Authorization' always; # OPTIONS 요청 처리 if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Authorization'; add_header 'Access-Control-Max-Age' 1728000; add_header 'Content-Type' 'text/plain; charset=utf-8'; add_header 'Content-Length' 0; return 204; } } # WebSocket 프록시 (STOMP /ws, SockJS 하위경로, Native /ws/realtime 등 — URI 전체를 백엔드로 전달) location /ws { proxy_pass http://backend:8082; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # WebSocket 타임아웃 설정 (길게 유지) proxy_connect_timeout 7d; proxy_send_timeout 7d; proxy_read_timeout 7d; # CORS 헤더 add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept' always; } # Market Data WebSocket 프록시 (실시간 차트용 - Python Broadcast Server) location /market-data/ { proxy_pass http://market-data-broadcast:8000/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_cache_bypass $http_upgrade; proxy_buffering off; # WebSocket 타임아웃 설정 (길게 유지) proxy_connect_timeout 7d; proxy_send_timeout 7d; proxy_read_timeout 7d; # CORS 헤더 add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept' always; } # 정적 파일 캐싱 비활성화 (개발용) location ~* \.(js|css|map)$ { add_header Cache-Control "no-cache, no-store, must-revalidate"; add_header Pragma "no-cache"; add_header Expires "0"; etag off; } } # HTTPS 서버 server { listen 443 ssl http2; server_name _; # SSL 인증서 설정 ssl_certificate /etc/nginx/ssl/server.crt; ssl_certificate_key /etc/nginx/ssl/server.key; # SSL 보안 설정 ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; ssl_session_cache shared:SSL:10m; ssl_session_timeout 1d; root /usr/share/nginx/html; index index.html; # gzip 압축 gzip on; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; gzip_min_length 1000; # React Router를 위한 설정 location / { try_files $uri $uri/ /index.html; # index.html 캐시 방지 + ETag/Last-Modified 제거 (항상 최신 버전 제공) location = /index.html { add_header Cache-Control "no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0"; add_header Pragma "no-cache"; add_header Expires "0"; etag off; if_modified_since off; add_header Last-Modified ""; } } # AI Agent 프록시 (LangGraph 기반) location /api/agent/ { proxy_pass http://ai-agent:8000/; # AI Agent 서비스 proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_cache_bypass $http_upgrade; proxy_read_timeout 300s; proxy_connect_timeout 75s; proxy_buffering off; # 스트리밍 응답을 위해 버퍼링 비활성화 # CORS 헤더 추가 add_header 'Access-Control-Allow-Origin' '$http_origin' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always; add_header 'Access-Control-Allow-Credentials' 'true' always; # OPTIONS 요청 처리 (Preflight) if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' '$http_origin'; add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization'; add_header 'Access-Control-Max-Age' 1728000; add_header 'Content-Type' 'text/plain; charset=utf-8'; add_header 'Content-Length' 0; return 204; } } # WebSocket 프록시 (레거시 /api/ws → 백엔드 /ws 로 전달) location /api/ws { proxy_pass http://backend:8082/ws; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # WebSocket 타임아웃 설정 (길게 유지) proxy_connect_timeout 7d; proxy_send_timeout 7d; proxy_read_timeout 7d; # CORS 헤더 add_header 'Access-Control-Allow-Origin' '$http_origin' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always; add_header 'Access-Control-Allow-Credentials' 'true' always; } # SSE 알림 구독 (버퍼링 비활성화 필수) location /api/notifications/subscribe { proxy_pass http://backend:8082/api/notifications/subscribe; proxy_http_version 1.1; proxy_set_header Connection ''; proxy_set_header Cache-Control 'no-cache'; proxy_set_header X-Accel-Buffering 'no'; proxy_buffering off; proxy_cache off; chunked_transfer_encoding on; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_connect_timeout 7d; proxy_send_timeout 7d; proxy_read_timeout 7d; add_header 'Access-Control-Allow-Origin' '$http_origin' always; add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'Origin, X-Requested-With, Content-Type, Accept, Authorization' always; } # API 프록시 (Spring Boot 백엔드 - REST API) location /api/ { proxy_pass http://backend:8082/api/; # Docker 내부 네트워크 proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_cache_bypass $http_upgrade; proxy_read_timeout 300s; proxy_connect_timeout 75s; # CORS 헤더 추가 add_header 'Access-Control-Allow-Origin' '$http_origin' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always; add_header 'Access-Control-Allow-Credentials' 'true' always; # OPTIONS 요청 처리 (Preflight) if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' '$http_origin'; add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization'; add_header 'Access-Control-Max-Age' 1728000; add_header 'Content-Type' 'text/plain; charset=utf-8'; add_header 'Content-Length' 0; return 204; } } # WebSocket 프록시 (STOMP /ws, Native /ws/realtime — URI 전체 전달) location /ws { proxy_pass http://backend:8082; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # WebSocket 타임아웃 설정 (길게 유지) proxy_connect_timeout 7d; proxy_send_timeout 7d; proxy_read_timeout 7d; # CORS 헤더 add_header 'Access-Control-Allow-Origin' '$http_origin' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always; add_header 'Access-Control-Allow-Credentials' 'true' always; } # Market Data WebSocket 프록시 (실시간 차트용 - Python Broadcast Server) location /market-data/ { proxy_pass http://market-data-broadcast:8000/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # WebSocket 타임아웃 설정 (길게 유지) proxy_connect_timeout 7d; proxy_send_timeout 7d; proxy_read_timeout 7d; # CORS 헤더 add_header 'Access-Control-Allow-Origin' '$http_origin' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization' always; add_header 'Access-Control-Allow-Credentials' 'true' always; } # 정적 파일 캐싱 (개발 환경에서는 캐시 비활성화) location ~* \.(js|css|map)$ { add_header Cache-Control "no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0"; add_header Pragma "no-cache"; add_header Expires "0"; add_header X-Content-Type-Options "nosniff"; # ETag 비활성화 (캐시 우회) etag off; if_modified_since off; } # 이미지 및 폰트는 짧은 캐시 location ~* \.(png|jpg|jpeg|gif|ico|svg|woff|woff2)$ { expires 1h; add_header Cache-Control "public"; } }