Team-DoubleO · Bumnote · Dec 23, 2025 · Dec 23, 2025 · Dec 23, 2025 · Dec 23, 2025
diff --git a/.github/workflows/CD.yml b/.github/workflows/CD.yml
@@ -28,6 +28,7 @@ jobs:
           cp nginx/nginx-prod.conf deploy-files/
           cp nginx/nginx-cert-setup.conf deploy-files/
           cp docker-compose.yml deploy-files/
+          cp src/main/resources/prometheus.yml deploy-files/
           cp .env deploy-files/
 
       - name: 필요한 파일들을 EC2 서버로 전송

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -45,6 +45,8 @@ services:
       - ./data/certbot/www:/var/www/certbot
     depends_on:
       - spots-app
+      - prometheus
+      - grafana
     networks:
       - spots-net
     restart: always
@@ -99,6 +101,7 @@ services:
 
 volumes:
   dbdata:
+  grafana-storage:
   certbot_data:
 
 networks:

diff --git a/nginx/nginx-prod.conf b/nginx/nginx-prod.conf
@@ -108,8 +108,8 @@ server {
     listen 443 ssl http2;
     server_name prometheus.sspots.site;
 
-    ssl_certificate /etc/letsencrypt/live/prometheus.sspots.site/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/prometheus.sspots.site/privkey.pem;
+    ssl_certificate /etc/letsencrypt/live/sspots.site/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/sspots.site/privkey.pem;
 
     ssl_protocols TLSv1.2 TLSv1.3;
     ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384;
@@ -136,8 +136,8 @@ server {
     listen 443 ssl http2;
     server_name grafana.sspots.site;
 
-    ssl_certificate /etc/letsencrypt/live/grafana.sspots.site/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/grafana.sspots.site/privkey.pem;
+    ssl_certificate /etc/letsencrypt/live/sspots.site/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/sspots.site/privkey.pem;
 
     ssl_protocols TLSv1.2 TLSv1.3;
     ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384;

diff --git a/scripts/deploy.sh b/scripts/deploy.sh
@@ -25,6 +25,14 @@ WHITELIST_FILE="$NGINX_CONF_DIR/allowed_ips.rules"
 DISK_WARN_THRESHOLD=80
 DISK_CLEAN_THRESHOLD=90
 
+REQUIRED_DOMAINS=(
+  sspots.site
+  www.sspots.site
+  api.sspots.site
+  grafana.sspots.site
+  prometheus.sspots.site
+)
+
 send_discord() {
   local TITLE="$1"
   local BODY="$2"
@@ -139,20 +147,25 @@ sudo mkdir -p ./data/certbot/conf
 sudo mkdir -p ./data/certbot/www
 
 check_certificate() {
-    # sudo 권한으로 파일 존재 확인
     if sudo [ -f "$CERT_FILE_PATH" ]; then
         echo "기존 SSL 인증서를 찾았습니다: $CERT_FILE_PATH"
 
-        # sudo 권한으로 openssl 실행
-        if sudo openssl x509 -checkend 2592000 -noout -in "$CERT_FILE_PATH" > /dev/null 2>&1; then
-            echo "인증서가 유효합니다. (30일 이상 남음)"
-            return 0
-        else
-            echo "인증서가 30일 이내에 만료됩니다. 갱신이 필요합니다."
+        if ! sudo openssl x509 -checkend 2592000 -noout -in "$CERT_FILE_PATH" > /dev/null 2>&1; then
+            echo "❌ 인증서가 30일 이내에 만료됩니다."
             return 1
         fi
+
+        echo "✔ 인증서 유효 기간 정상"
+
+        if ! check_certificate_domains; then
+            echo "❌ 인증서에 필요한 도메인이 모두 포함되어 있지 않습니다."
+            return 1
+        fi
+
+        echo "✅ 인증서 유효 + 도메인 구성 정상"
+        return 0
     else
-        echo "SSL 인증서가 존재하지 않습니다."
+        echo "❌ SSL 인증서가 존재하지 않습니다."
         return 1
     fi
 }