[codex] Set up Caddy HTTPS deployment

.github/workflows/deploy.yml

@@ -18,7 +18,7 @@ env:
   REGISTRY: ghcr.io
   IMAGE_NAME: devkor-github/ontime-back
   IMAGE_TAG: ${{ github.sha }}
-  PUBLIC_BACKEND_HOST: ontime-back.kro.kr
+  PUBLIC_BACKEND_HOST: ontime-back.duckdns.org
 
 jobs:
   build-and-push:
@@ -294,8 +294,9 @@ jobs:
             done
 
             if [ "$HTTPS_HEALTHY" != "true" ]; then
+              echo "HTTPS is not ready yet. Caddy is running and will continue ACME certificate retries in the background."
               sudo journalctl -u caddy --no-pager -n 120 || true
-              exit 1
+              exit 0
             fi
 
             echo "HTTPS is healthy at https://$PUBLIC_BACKEND_HOST."

docs/deployment.md

@@ -98,13 +98,13 @@ The workflow:
 5. Verifies EC2 can reach private RDS on `3306`.
 6. Runs `docker compose pull && docker compose up -d --remove-orphans`.
 7. Waits until the `ontime-container` Docker health status is `healthy`.
-8. Installs Caddy if needed, configures `/etc/caddy/Caddyfile`, and verifies HTTPS for `ontime-back.kro.kr`.
+8. Installs Caddy if needed, configures `/etc/caddy/Caddyfile`, and verifies HTTPS for `ontime-back.duckdns.org`.
 
 ## HTTPS Prerequisites
 
 Before running the production deploy, configure AWS and DNS:
 
-- Point `ontime-back.kro.kr` to the EC2 public IPv4 address with an `A` record. Prefer an Elastic IP so the address is stable.
+- Point `ontime-back.duckdns.org` to the EC2 public IPv4 address. Prefer an Elastic IP so the address is stable.
 - Allow EC2 security group inbound TCP `80` and `443` from `0.0.0.0/0`.
 - Restrict SSH `22` to trusted admin IPs.
 - Remove or update any existing GitHub secret named `BACKEND_HTTP_PORT` unless it is exactly `127.0.0.1:8080`.
@@ -125,7 +125,7 @@ cd /home/ubuntu/OnTime-back
 sudo docker compose ps
 sudo docker inspect -f '{{.State.Health.Status}}' ontime-container
 curl -fsS http://localhost:8080/actuator/health/readiness
-curl -fsS https://ontime-back.kro.kr/actuator/health/readiness
+curl -fsS https://ontime-back.duckdns.org/actuator/health/readiness
 nc -zv ontime-prod.cpoeguokwaq5.ap-northeast-2.rds.amazonaws.com 3306
 ```
 

ontime-back/Caddyfile

@@ -1,4 +1,4 @@
-ontime-back.kro.kr {
+ontime-back.duckdns.org {
 	encode gzip
 	reverse_proxy 127.0.0.1:8080
 }

ontime-back/docs/deployment/ec2.md

@@ -5,7 +5,7 @@ This service deploys to Amazon EC2 through `.github/workflows/deploy.yml`.
 ## How to Deploy
 
 1. Make sure the EC2 instance has Docker installed.
-2. Point `ontime-back.kro.kr` to the EC2 public IPv4 address.
+2. Point `ontime-back.duckdns.org` to the EC2 public IPv4 address.
 3. Allow inbound security group traffic on TCP `80` and `443`.
 4. Add the required GitHub Actions secrets listed below.
 5. Run the `Deploy` workflow manually from GitHub Actions, or push to the `main` branch.
@@ -56,7 +56,7 @@ The deploy workflow writes these files under `/home/ubuntu/OnTime-back`:
 Caddy is installed as a systemd service on the host and serves:
 
 ```text
-https://ontime-back.kro.kr
+https://ontime-back.duckdns.org
 ```
 
 It proxies to the Spring Boot container through `http://127.0.0.1:8080`. After HTTPS is verified, remove public inbound `8080` from the EC2 security group.

ontime-back/src/main/java/devkor/ontime_back/global/oauth/apple/AppleLoginService.java

@@ -51,7 +51,7 @@ public class AppleLoginService {
 
     private static final String APPLE_KEYS_URL = "https://appleid.apple.com/auth/keys";
     private static final String APPLE_TOKEN_URL = "https://appleid.apple.com/auth/token";
-    private static final String REDIRECT_URI = "https://ontime-back.kro.kr/oauth2/apple/callback";
+    private static final String REDIRECT_URI = "https://ontime-back.duckdns.org/oauth2/apple/callback";
     private String issuer = "https://appleid.apple.com";
     @Value("${apple.client.id}")
     private String clientId;