From d1e5a25c062a3719a553ca2669206e6b571bb146 Mon Sep 17 00:00:00 2001 From: jjoonleo Date: Fri, 8 May 2026 17:36:11 +0900 Subject: [PATCH 1/2] Allow deploy while Caddy waits for certificate --- .github/workflows/deploy.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 56a0ac3..78dec6f 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -294,8 +294,9 @@ jobs: done if [ "$HTTPS_HEALTHY" != "true" ]; then + echo "HTTPS is not ready yet. Caddy is running and will continue ACME certificate retries in the background." sudo journalctl -u caddy --no-pager -n 120 || true - exit 1 + exit 0 fi echo "HTTPS is healthy at https://$PUBLIC_BACKEND_HOST." From c4144b524a05c592f9e33053aad6e1d94bdfbe05 Mon Sep 17 00:00:00 2001 From: jjoonleo Date: Fri, 8 May 2026 17:48:54 +0900 Subject: [PATCH 2/2] Switch HTTPS host to DuckDNS --- .github/workflows/deploy.yml | 2 +- docs/deployment.md | 6 +++--- ontime-back/Caddyfile | 2 +- ontime-back/docs/deployment/ec2.md | 4 ++-- .../ontime_back/global/oauth/apple/AppleLoginService.java | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 78dec6f..33e06e4 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -18,7 +18,7 @@ env: REGISTRY: ghcr.io IMAGE_NAME: devkor-github/ontime-back IMAGE_TAG: ${{ github.sha }} - PUBLIC_BACKEND_HOST: ontime-back.kro.kr + PUBLIC_BACKEND_HOST: ontime-back.duckdns.org jobs: build-and-push: diff --git a/docs/deployment.md b/docs/deployment.md index 51311fd..4d1f565 100644 --- a/docs/deployment.md +++ b/docs/deployment.md @@ -98,13 +98,13 @@ The workflow: 5. Verifies EC2 can reach private RDS on `3306`. 6. Runs `docker compose pull && docker compose up -d --remove-orphans`. 7. Waits until the `ontime-container` Docker health status is `healthy`. -8. Installs Caddy if needed, configures `/etc/caddy/Caddyfile`, and verifies HTTPS for `ontime-back.kro.kr`. +8. Installs Caddy if needed, configures `/etc/caddy/Caddyfile`, and verifies HTTPS for `ontime-back.duckdns.org`. ## HTTPS Prerequisites Before running the production deploy, configure AWS and DNS: -- Point `ontime-back.kro.kr` to the EC2 public IPv4 address with an `A` record. Prefer an Elastic IP so the address is stable. +- Point `ontime-back.duckdns.org` to the EC2 public IPv4 address. Prefer an Elastic IP so the address is stable. - Allow EC2 security group inbound TCP `80` and `443` from `0.0.0.0/0`. - Restrict SSH `22` to trusted admin IPs. - Remove or update any existing GitHub secret named `BACKEND_HTTP_PORT` unless it is exactly `127.0.0.1:8080`. @@ -125,7 +125,7 @@ cd /home/ubuntu/OnTime-back sudo docker compose ps sudo docker inspect -f '{{.State.Health.Status}}' ontime-container curl -fsS http://localhost:8080/actuator/health/readiness -curl -fsS https://ontime-back.kro.kr/actuator/health/readiness +curl -fsS https://ontime-back.duckdns.org/actuator/health/readiness nc -zv ontime-prod.cpoeguokwaq5.ap-northeast-2.rds.amazonaws.com 3306 ``` diff --git a/ontime-back/Caddyfile b/ontime-back/Caddyfile index d50a28d..194917b 100644 --- a/ontime-back/Caddyfile +++ b/ontime-back/Caddyfile @@ -1,4 +1,4 @@ -ontime-back.kro.kr { +ontime-back.duckdns.org { encode gzip reverse_proxy 127.0.0.1:8080 } diff --git a/ontime-back/docs/deployment/ec2.md b/ontime-back/docs/deployment/ec2.md index 62762e7..2c713bc 100644 --- a/ontime-back/docs/deployment/ec2.md +++ b/ontime-back/docs/deployment/ec2.md @@ -5,7 +5,7 @@ This service deploys to Amazon EC2 through `.github/workflows/deploy.yml`. ## How to Deploy 1. Make sure the EC2 instance has Docker installed. -2. Point `ontime-back.kro.kr` to the EC2 public IPv4 address. +2. Point `ontime-back.duckdns.org` to the EC2 public IPv4 address. 3. Allow inbound security group traffic on TCP `80` and `443`. 4. Add the required GitHub Actions secrets listed below. 5. Run the `Deploy` workflow manually from GitHub Actions, or push to the `main` branch. @@ -56,7 +56,7 @@ The deploy workflow writes these files under `/home/ubuntu/OnTime-back`: Caddy is installed as a systemd service on the host and serves: ```text -https://ontime-back.kro.kr +https://ontime-back.duckdns.org ``` It proxies to the Spring Boot container through `http://127.0.0.1:8080`. After HTTPS is verified, remove public inbound `8080` from the EC2 security group. diff --git a/ontime-back/src/main/java/devkor/ontime_back/global/oauth/apple/AppleLoginService.java b/ontime-back/src/main/java/devkor/ontime_back/global/oauth/apple/AppleLoginService.java index 340cb40..cdd642f 100644 --- a/ontime-back/src/main/java/devkor/ontime_back/global/oauth/apple/AppleLoginService.java +++ b/ontime-back/src/main/java/devkor/ontime_back/global/oauth/apple/AppleLoginService.java @@ -51,7 +51,7 @@ public class AppleLoginService { private static final String APPLE_KEYS_URL = "https://appleid.apple.com/auth/keys"; private static final String APPLE_TOKEN_URL = "https://appleid.apple.com/auth/token"; - private static final String REDIRECT_URI = "https://ontime-back.kro.kr/oauth2/apple/callback"; + private static final String REDIRECT_URI = "https://ontime-back.duckdns.org/oauth2/apple/callback"; private String issuer = "https://appleid.apple.com"; @Value("${apple.client.id}") private String clientId;