![[팀 08] 사이코](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F95482992-37b2-4340-9a70-77909ee02ece%2F%25E1%2584%258E%25E1%2585%25A5%25E1%2586%25AF%25E1%2584%2589%25E1%2585%25AE.jpg?table=block&id=0de3b72d-52fa-4b81-ac88-2a87252cc0a4&cache=v2)
배포 로그
GitAction yml 작성
.github/workflows/deploy.yml
name: Deploy on: push: branches: - release env: S3_BUCKET_NAME: bid-market-deploy-bucket RESOURCE_PATH: ./src/main/resources/application.yaml CODE_DEPLOY_APPLICATION_NAME: bidmarket-app CODE_DEPLOY_DEPLOYMENT_GROUP_NAME: bidmarket-deploy-gp jobs: build: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v2 - name: Set up JDK 11 uses: actions/setup-java@v1 with: java-version: 11 - name: Set yaml file uses: microsoft/variable-substitution@v1 with: files: ${{ env.RESOURCE_PATH }} env: spring.datasource.url: ${{secrets.RDS_URL}} spring.datasource.username: ${{secrets.RDS_USERNAME}} spring.datasource.password: ${{secrets.RDS_PASSWORD}} spring.security.oauth2.client.registration.google.client-id: ${{secrets.GOOGLE_CLIENT_ID}} spring.security.oauth2.client.registration.google.client-secret: ${{secrets.GOOGLE_CLIENT_SECRET}} jwt.client-secret: ${{secrets.JWT_TOKEN_SECRET}} - name: Grant execute permission for gradlew run: chmod +x ./gradlew shell: bash - name: Build with Gradle run: ./gradlew build shell: bash - name: Make zip file run: zip -r ./$GITHUB_SHA.zip . shell: bash - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v1 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: ${{ secrets.AWS_REGION }} - name: Upload to S3 run: aws s3 cp --region ap-northeast-2 ./$GITHUB_SHA.zip s3://$S3_BUCKET_NAME/$GITHUB_SHA.zip - name: Code Deploy run: | aws deploy create-deployment \ --deployment-config-name CodeDeployDefault.AllAtOnce \ --application-name ${{ env.CODE_DEPLOY_APPLICATION_NAME }} \ --deployment-group-name ${{ env.CODE_DEPLOY_DEPLOYMENT_GROUP_NAME }} \ --s3-location bucket=$S3_BUCKET_NAME,bundleType=zip,key=$GITHUB_SHA.zip
배포 스크립트 작성
/scripts/gh_deploy.sh
#!/bin/bash PROJECT_NAME="bid_market" JAR_PATH="/home/ubuntu/$PROJECT_NAME/build/libs/*.jar" DEPLOY_PATH="/home/ubuntu/$PROJECT_NAME/" DEPLOY_LOG_PATH="/home/ubuntu/$PROJECT_NAME/deploy.log" DEPLOY_ERR_LOG_PATH="/home/ubuntu/$PROJECT_NAME/deploy_err.log" APPLICATION_LOG_PATH="/home/ubuntu/$PROJECT_NAME/application.log" BUILD_JAR=$(ls $JAR_PATH) JAR_NAME=$(basename $BUILD_JAR) echo "===== 배포 시작 : $(date +%c) =====" >> $DEPLOY_LOG_PATH echo "> build 파일명: $JAR_NAME" >> $DEPLOY_LOG_PATH echo "> build 파일 복사" >> $DEPLOY_LOG_PATH cp $BUILD_JAR $DEPLOY_PATH echo "> 현재 동작중인 어플리케이션 pid 체크" >> $DEPLOY_LOG_PATH CURRENT_PID=$(sudo pgrep -f $JAR_NAME) if [ -z $CURRENT_PID ] then echo "> 현재 동작중인 어플리케이션 존재 X" >> $DEPLOY_LOG_PATH else echo "> 현재 동작중인 어플리케이션 존재 O" >> $DEPLOY_LOG_PATH echo "> 현재 동작중인 어플리케이션 강제 종료 진행" >> $DEPLOY_LOG_PATH echo "> kill -9 $CURRENT_PID" >> $DEPLOY_LOG_PATH sudo kill -9 $CURRENT_PID fi DEPLOY_JAR=$DEPLOY_PATH$JAR_NAME echo "> DEPLOY_JAR 배포" >> $DEPLOY_LOG_PATH sudo nohup java -jar -Dspring.profiles.active=local $DEPLOY_JAR --server.port=8080 >> $APPLICATION_LOG_PATH 2> $DEPLOY_ERR_LOG_PATH & sleep 3 echo "> 배포 종료 : $(date +%c)" >> $DEPLOY_LOG_PATH
AWS 인스턴스 생성
- 인스턴스에 Codedeploy IAM역할 부여
- 인스턴스에 보안그룹 설정 (포트 확인)
- 인스턴스에 Codedeploy 에이전트 설치
- 인스턴스에 java설치
- 인스턴스 탄력적 IP 설정
Codedeploy
Codedeploy 배포그룹, 애플리케이션 네임 깃 액션이랑 일치하는지 확인
- Ubuntu 22.04 버전으로 설치하였을 경우
- Codedeploy 앱, 배포그룹이 gitaction과 일치하는지 확인
- Codedeploy 배포 진행
가비아도메인 발급
- 도메인 구매
- 가비아도메인 DNS 전파 기다림(30분)
- 가비아도메인 관리탭에서 DNS 레코드 추가(인스턴스 IP와 연결)
nginx 설치
sudo apt-get update sudo apt install nginx -y nginx -v sudo service nginx status
certbot 설치 및 ssl 인증서 발급
# 설치 sudo add-apt-repository ppa:certbot/certbot$ sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install python-certbot-nginx -y sudo certbot certonly --nginx -d {도메인 명} # SSL 생성 확인(4개의 .pem, 1개의 readme) ls -al /etc/letsencrypt/live/example.com # 인증서 자동갱신 설정 sudo certbot renew --dry-run
nginx 설정
- cd /etc/nginx/sites-available
- 기존에 있던 default 파일을 제거하고
/etc/nginx/sites-available/{도메인 이름}에 해당하는 파일 생성
server { listen 80; server_name bidmarket-api.shop www.bidmarket-api.shop; return 301 https://bidmarket-api.shop$request_uri; } server { listen 443 ssl http2; server_name bidmarket-api.shop www.bidmarket-api.shop; ssl_certificate /etc/letsencrypt/live/bidmarket-api.shop/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/bidmarket-api.shop/privkey.pem; location / { proxy_pass http://localhost:8080; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } }
#nginx 문법 확인 sudo nginx -t