diff --git a/bootstrap/app.php b/bootstrap/app.php index f5ec713..c474e56 100644 --- a/bootstrap/app.php +++ b/bootstrap/app.php @@ -3,28 +3,42 @@ use Illuminate\Foundation\Application; use Illuminate\Foundation\Configuration\Exceptions; use Illuminate\Foundation\Configuration\Middleware; +use Illuminate\Support\Facades\Route; return Application::configure(basePath: dirname(__DIR__)) + // (A) Routing: 도메인별 라우트 분리 ->withRouting( - web: __DIR__.'/../routes/web.php', + web: __DIR__.'/../routes/web.php', // 공용(가능하면 최소화) commands: __DIR__.'/../routes/console.php', health: '/up', + then: function () { + Route::middleware('web') + ->domain('four.syye.net') + ->group(base_path('routes/site.php')); + + Route::middleware('web') + ->domain('shot.syye.net') + ->group(base_path('routes/admin.php')); + }, ) + + // (B) Middleware: Reverse Proxy/Host 신뢰 정책 ->withMiddleware(function (Middleware $middleware): void { - // NAS reverse proxy / 로드밸런서 뒤에서 HTTPS를 올바르게 인식하게 함 $middleware->trustProxies(at: [ - '192.168.100.0/24', // NAS/내부 대역 (필요시 조정) + '192.168.100.0/24', '127.0.0.0/8', '10.0.0.0/8', '172.16.0.0/12', ]); - // Host header 공격 방지: 우리 도메인만 허용 $middleware->trustHosts(at: [ 'four.syye.net', 'shot.syye.net', ]); }) + ->withExceptions(function (Exceptions $exceptions): void { // - })->create(); + }) + + ->create(); diff --git a/routes/admin.php b/routes/admin.php new file mode 100644 index 0000000..c4d963b --- /dev/null +++ b/routes/admin.php @@ -0,0 +1,6 @@ +name('admin.home'); diff --git a/routes/site.php b/routes/site.php new file mode 100644 index 0000000..b2112df --- /dev/null +++ b/routes/site.php @@ -0,0 +1,6 @@ +name('site.home');