#24 1) 프로메테우스 설정 추가 수정 및 시큐리티 설정 추가

f-lab-edu · Sep 10, 2024 · 57f3a60 · 57f3a60
1 parent 499971b
commit 57f3a60
Show file tree

Hide file tree

Showing 5 changed files with 28 additions and 18 deletions.
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,5 +1,3 @@
-version: '3.8'
-
 services:
   db:
     container_name: vintage-community-db
@@ -15,7 +13,8 @@ services:
 
   vintage-community-blue:
     container_name: vintage-community-blue
-    image: zero0zone/vintage:latest
+    image: zero0zone/vintage:latest-amd64
+    pull_policy: always
     depends_on:
       - db
     environment:
@@ -29,7 +28,8 @@ services:
 
   vintage-community-green:
     container_name: vintage-community-green
-    image: zero0zone/vintage:latest
+    image: zero0zone/vintage:latest-amd64
+    pull_policy: always
     depends_on:
       - db
     environment:

diff --git a/prometheus.yml b/prometheus.yml
@@ -7,5 +7,7 @@ scrape_configs:
       - targets: ['localhost:9090']
 
   - job_name: 'vintage-community-app'
+    metrics_path: '/actuator/prometheus'
     static_configs:
       - targets: ['vintage-community-blue:8080', 'vintage-community-green:8080']
+    honor_labels: true
diff --git a/src/main/java/com/zerozone/vintage/config/SecurityConfig.java b/src/main/java/com/zerozone/vintage/config/SecurityConfig.java
@@ -7,7 +7,6 @@
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
-import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.context.SecurityContextHolderStrategy;
 import org.springframework.security.web.SecurityFilterChain;
@@ -28,10 +27,13 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         return http
                 .csrf(csrf -> csrf
                         .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
-                        .ignoringRequestMatchers(new AntPathRequestMatcher("/api/account/email-verification", "POST")
-                                                )
+                        .ignoringRequestMatchers(new AntPathRequestMatcher("/api/account/email-verification", "POST"),
+                                                 new AntPathRequestMatcher("/actuator/**")
+                        )
                 )
                 .authorizeHttpRequests((authorizeRequests) -> authorizeRequests
+                        .requestMatchers("/actuator/prometheus", "/actuator/health").permitAll()
+                        .requestMatchers("/actuator/**").permitAll()
                          .requestMatchers("/account", "/api/account/account", "/email-verification",
                                           "/checked-email", "/email-verification-success").permitAll()
                          .requestMatchers("/").permitAll()
@@ -40,7 +42,6 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                                          "/swagger-resources/**", "/configuration/ui", "/configuration/security",
                                          "/swagger-ui/**", "/webjars/**", "/swagger-ui.html").permitAll()
                          .requestMatchers(GET, "/profile/*").permitAll()
-                         .requestMatchers("/actuator/**").permitAll()
                          .requestMatchers(HttpMethod.POST, "/api/account/email-verification").permitAll()
                         .anyRequest().authenticated() // 그외는 로그인 해야만 접근 가능
                 )
@@ -54,6 +55,7 @@ public WebSecurityCustomizer webSecurityCustomizer() {
         return (web) -> web.ignoring()
                 .requestMatchers("/node_modules/**")
                 .requestMatchers("/uploaded-profile-images/**")
+                .requestMatchers("/actuator/**")
                 .requestMatchers(PathRequest.toStaticResources().atCommonLocations());
     }
 

diff --git a/src/main/resources/application-dev.properties b/src/main/resources/application-dev.properties
@@ -15,23 +15,27 @@ spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
 # google email SMTP setting has been moved to the email properties file.
 # application-email.properties
 
-# Set schema initialization mode.
-spring.sql.init.mode=always
-# Specify the schema script location.
-spring.sql.init.schema-locations=classpath:schema.sql
+# Disable schema.sql initialization
+# spring.sql.init.mode=always
+# spring.sql.init.schema-locations=classpath:schema.sql
+ spring.sql.init.mode=never
+
 # Set the script to run after Hibernate initialization.
-spring.jpa.defer-datasource-initialization=true
+spring.jpa.defer-datasource-initialization=false
 
 # Enable logging for SQL initialization
 logging.level.org.springframework.jdbc.datasource.init.ScriptUtils=DEBUG
 logging.level.org.springframework.jdbc.datasource.init.DataSourceInitializer=DEBUG
+logging.level.org.springframework.web=DEBUG
+logging.level.org.springframework.security=DEBUG
 
 #spring Metrics
 management.endpoints.web.exposure.include=prometheus
 management.endpoints.enabled-by-default=true
 management.prometheus.metrics.export.enabled=true
+management.endpoints.web.base-path=/actuator
 
 # Thymeleaf cache setting
 spring.thymeleaf.cache=false
 spring.thymeleaf.prefix=classpath:/templates/
-spring.thymeleaf.suffix=.html
+spring.thymeleaf.suffix=.html
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
@@ -19,19 +19,21 @@ logging.level.org.hibernate.SQL=DEBUG
 logging.level.org.hibernate.type.descriptor.sql.BasicBinder=TRACE
 
 # Web host
-app.host=http://localhost:8080
+#app.host=http://localhost:8080
+app.host=${APP_HOST:http://localhost:8080}
 
 # Setting the schema initialization mode
-spring.sql.init.mode=always
+#spring.sql.init.mode=always
 # Setting the schema script location
-spring.sql.init.schema-locations=classpath:schema-h2.sql
+#spring.sql.init.schema-locations=classpath:schema-h2.sql
 # Setting the script to run after Hibernate initialization
-spring.jpa.defer-datasource-initialization=true
+#spring.jpa.defer-datasource-initialization=true
 
 #spring Metrics
 management.endpoints.web.exposure.include=prometheus
 management.endpoints.enabled-by-default=true
 management.prometheus.metrics.export.enabled=true
+management.endpoints.web.base-path=/actuator
 
 # Include google email SMTP setting
 spring.profiles.group.dev=email