diff --git a/IA_agents/prompts/prompt-confs.md b/IA_agents/prompts/prompt-confs.md new file mode 100644 index 0000000..7aa9e8d --- /dev/null +++ b/IA_agents/prompts/prompt-confs.md @@ -0,0 +1,20 @@ +## Centralisation des configurations (confs) + +### Objectif +Centraliser toutes les configurations dans `4NK_env/confs//` et faire pointer directement les services vers ces chemins (sans liens symboliques). + +### État actuel +- Copie de `lecoffre_node/conf/**` vers `4NK_env/confs/lecoffre_node/**`. +- `lecoffre_node/docker-compose.yml` mis à jour pour monter les fichiers/dossiers depuis `4NK_env/confs/lecoffre_node/...` (bitcoin, relay, grafana, loki, promtail). +- Nginx: chemins absolus ajustés pour utiliser `4NK_env/confs/lecoffre_node/nginx/...`. + +### Tâches (TODO) +- Vérifier/compléter la migration des autres services si de nouvelles configs apparaissent. +- Éviter les symlinks: toujours référencer le chemin centralisé `4NK_env/confs//...` dans compose, Dockerfile, scripts, Nginx. +- Mettre à jour la documentation existante qui mentionnait `lecoffre_node/conf/**`. +- Adapter les scripts (`scripts/**`) qui manipulent encore `lecoffre_node/conf/**`. + +### Bonnes pratiques +- Conserver `confs/` hors du contrôle de versions sensible si nécessaire; veiller aux secrets. +- Utiliser des chemins absolus côté host pour les volumes afin d’éviter les ambiguïtés. +- Vérifier la lisibilité/permissions des fichiers montés (ro si possible). diff --git a/IA_agents/prompts/prompt-data.md b/IA_agents/prompts/prompt-data.md new file mode 100644 index 0000000..31d9f94 --- /dev/null +++ b/IA_agents/prompts/prompt-data.md @@ -0,0 +1,25 @@ +## Centralisation des données (data) + +### Objectif +Centraliser toutes les données applicatives dans `4NK_env/data//` pour simplifier la gestion, les sauvegardes et la supervision. + +### État actuel +- `lecoffre_node/data` → symlink vers `4NK_env/data/lecoffre_node` (temporaire pour continuité de service). + +### Cible +- Structure cible: `4NK_env/data//...` +- Tous les services et configurations référencent directement ces chemins centralisés (sans symlink). + +### Actions (TODO) +- Remplacer les liens symboliques par des chemins directs dans les configurations: + - docker-compose: volumes pointant vers `/home/debian/4NK_env/data/` + - Dockerfile/entrypoints: chemins de lecture/écriture adaptés + - Scripts: variables d’environnement/chemins mis à jour + - Applications: paramètres et `.env` alignés si des chemins étaient codés en dur +- Vérifier les permissions/ownership sur `4NK_env/data/**` (conteneurs non-root). +- Mettre à jour la documentation et tests impactés. + +### Bonnes pratiques +- Pas de liens symboliques pour la donnée persistée; préférer des références directes. +- Éviter d’intégrer `data/` au dépôt; conserver l’ignore dans `.gitignore`, `.cursorignore`, `.dockerignore`. +- Couvrir par une sauvegarde régulière via `scripts/backup_all.sh` (section data). diff --git a/IA_agents/prompts/prompt-deploy.md b/IA_agents/prompts/prompt-deploy.md index 04b9181..25baa7b 100644 --- a/IA_agents/prompts/prompt-deploy.md +++ b/IA_agents/prompts/prompt-deploy.md @@ -1,5 +1,17 @@ # Prompt de Déploiement LeCoffre Node +### Gestion des branches ext (submodules + repo racine) + +Script: `scripts/push-ext-commit.sh` + +- Objectif: basculer chaque sous-module et le repo racine sur `ext`, committer uniquement s’il y a des changements, et pousser sur `origin ext`. +- Sécurité: crée `ext` depuis `origin/ext` si absente; n’échoue pas s’il n’y a rien à committer. + +Usage: +```bash +bash /home/debian/4NK_env/scripts/push-ext-commit.sh +``` + Apprend et retient : `4NK_env/IA_agents/prompts/prompt-global.md`. --- diff --git a/IA_agents/prompts/prompt-logs.md b/IA_agents/prompts/prompt-logs.md index e18fcfe..de27c36 100644 --- a/IA_agents/prompts/prompt-logs.md +++ b/IA_agents/prompts/prompt-logs.md @@ -3,7 +3,7 @@ ### Centralisation des logs - Dossier central: `/home/debian/4NK_env/logs/` - Sous-dossiers standardisés par service: - - `nginx/`, `lecoffre-front/`, `ihm_client/`, `sdk_relay/`, `sdk_signer/`, `sdk_storage/`, `bitcoin/`, `blindbit/`, `miner/`, `tor/` + - `nginx/`, `lecoffre-front/`, `ihm_client/`, `sdk_relay/`, `sdk_storage/`, `bitcoin/`, `blindbit/`, `miner/`, `tor/` - Docker Compose monte chaque service avec un volume: `/home/debian/4NK_env/logs/:/var/log/` ### Instrumentation et propagation diff --git a/IA_agents/prompts/prompt-scripts.md b/IA_agents/prompts/prompt-scripts.md index 19979b7..a49f2ac 100644 --- a/IA_agents/prompts/prompt-scripts.md +++ b/IA_agents/prompts/prompt-scripts.md @@ -10,8 +10,6 @@ Uniformiser l’emplacement et l’usage des scripts d’exploitation pour tous ### État actuel - `lecoffre_node/scripts` → lien vers `4NK_env/scripts/lecoffre_node` -- `sdk_signer/scripts` → lien vers `4NK_env/scripts/sdk_signer` -- `sdk_signer/sdk_client/scripts` → lien vers `4NK_env/scripts/sdk_signer_sdk_client` ### Impacts et recommandations - Documentation: référencer préférentiellement `4NK_env/scripts//...`. diff --git a/IA_agents/prompts/prompt-start.md b/IA_agents/prompts/prompt-start.md index 026d5e9..b524b3b 100644 --- a/IA_agents/prompts/prompt-start.md +++ b/IA_agents/prompts/prompt-start.md @@ -12,7 +12,6 @@ Tous les documents des projets doivent être dans un dossier `4NK_env/docs/` ## Taches attendues - Tâches attendues, toutes obligatoires, pour tous les dossiers hors `4NK_env/data/`, `4NK_env/doc_api/`, `4NK_env/IA_agents/` et les dossiers cachés : * [ ] Vérifier et améliorer la conformité avec `4NK_env/IA_agents/prompts/prompt-logs.md` @@ -20,6 +19,8 @@ Tâches attendues, toutes obligatoires, pour tous les dossiers hors `4NK_env/dat * [ ] Vérifier et améliorer la conformité avec `4NK_env/IA_agents/prompts/prompt-confs.md` * [ ] Vérifier et améliorer la conformité avec `4NK_env/IA_agents/prompts/prompt-data.md` * [ ] Vérifier et améliorer la conformité avec `4NK_env/IA_agents/prompts/prompt-scripts.md` +* [ ] Vérifier et améliorer la conformité avec `4NK_env/IA_agents/prompts/prompt-tests.md` +* [ ] Vérifier et améliorer la conformité avec `4NK_env/IA_agents/prompts/prompt-docs.md` * [ ] Analyser le contexte technique et préciser les prérequis : projets, CI, variables d'environnement, documentation, code, configuration, logs, backup, synergie avec `4NK_env/lecoffre_node/` pour comprendre ce que cela fait. * [ ] Mettre à jour la documentation de l'architecture `4NK_env/docs/architecture/.md`. diff --git a/README.md b/README.md index e3b4227..7a016c4 100644 --- a/README.md +++ b/README.md @@ -112,6 +112,7 @@ cd lecoffre_node ./scripts/init-4nk-env-repo.sh # Initialiser le dépôt 4NK_env ./scripts/push-to-remote.sh # Pousser vers git.4nkweb.com ./scripts/setup-complete-env.sh # Configuration complète de l'environnement +./scripts/push-ext-commit.sh # Forcer travail sur ext (submodules + racine), commit/push si changements ``` ### Centralisation des scripts @@ -119,9 +120,6 @@ cd lecoffre_node - Les répertoires `scripts/` à la racine des sous‑projets sont désormais des liens symboliques pointant vers ces emplacements centralisés. - Exemples: - `lecoffre_node/scripts` → `4NK_env/scripts/lecoffre_node` - - `sdk_signer/scripts` → `4NK_env/scripts/sdk_signer` - - `sdk_signer/sdk_client/scripts` → `4NK_env/scripts/sdk_signer_sdk_client` - Impact: - Aucun changement pour les commandes existantes (`./scripts/...`) dans les projets: les liens symboliques assurent la compatibilité. - Référence recommandée dans la documentation: `4NK_env/scripts//...`. diff --git a/confs/lecoffre_node/README.md b/confs/lecoffre_node/README.md new file mode 100644 index 0000000..fc17ee1 --- /dev/null +++ b/confs/lecoffre_node/README.md @@ -0,0 +1,95 @@ +# Configuration Centralisée - LeCoffre Node + +Ce dossier contient toutes les configurations centralisées pour les services du projet LeCoffre Node. + +## Structure + +``` +conf/ +├── bitcoin/ # Configuration Bitcoin Signet +│ └── bitcoin.conf +├── relay/ # Configuration SDK Relay +│ └── sdk_relay.conf +├── nginx/ # Configurations Nginx (déjà existantes) +│ └── ... +├── ihm_client/ # Configuration IHM Client +│ └── nginx.dev.conf +├── lecoffre-front/ # Configuration LeCoffre Frontend +└── miner/ # Configuration du mineur +``` + +## Scripts de Gestion + +Les configurations et le déploiement sont gérés via des scripts centralisés : + +- `scripts/sync-configs.sh` : Synchronise toutes les configurations +- `scripts/startup-sequence.sh` : Script principal avec déploiement complet +- `scripts/pre-build.sh` : Prépare l'environnement avant build Docker + +## Avantages + +1. **Centralisation** : Toutes les configurations au même endroit +2. **Cohérence** : Gestion uniforme des paramètres +3. **Maintenance** : Modifications centralisées +4. **Versioning** : Suivi des changements de configuration +5. **Backup** : Sauvegarde centralisée + +## Utilisation + +### Synchronisation manuelle +```bash +# Synchroniser tous les projets +./scripts/sync-configs.sh + +# Synchroniser un projet spécifique +./scripts/sync-configs.sh ihm_client +``` + +### Déploiement complet +```bash +# Déployer tous les projets +./scripts/startup-sequence.sh deploy + +# Déployer un projet spécifique +./scripts/startup-sequence.sh deploy-project ihm_client + +# Déployer avec push des images Docker +PUSH_DOCKER_IMAGES=true ./scripts/startup-sequence.sh deploy +``` + +### Préparation avant build +```bash +# Préparer l'environnement avant build Docker +./scripts/pre-build.sh +``` + +### Commandes de maintenance +```bash +# Mettre à jour toutes les dépendances +./scripts/startup-sequence.sh update-deps + +# Vérifier les fichiers ignore +./scripts/startup-sequence.sh check-ignore + +# Nettoyer les fichiers non suivis +./scripts/startup-sequence.sh clean-untracked + +# Compiler tous les projets +./scripts/startup-sequence.sh compile-all + +# Exécuter tous les tests +./scripts/startup-sequence.sh test-all +``` + +### Modification d'une configuration +1. Éditer le fichier dans `conf/[service]/` +2. Synchroniser avec `./scripts/sync-configs.sh [service]` +3. Redémarrer le service concerné + +## Services Concernés + +- **Bitcoin Signet** : Configuration du nœud Bitcoin +- **SDK Relay** : Configuration du relais WebSocket +- **IHM Client** : Configuration Nginx pour l'interface client +- **LeCoffre Front/Back** : Configurations des services web +- **Mineur** : Configuration du minage Bitcoin diff --git a/confs/lecoffre_node/bitcoin/bitcoin.conf b/confs/lecoffre_node/bitcoin/bitcoin.conf new file mode 100644 index 0000000..8bca714 --- /dev/null +++ b/confs/lecoffre_node/bitcoin/bitcoin.conf @@ -0,0 +1,45 @@ +# Configuration globale +signet=1 +server=1 +datadir=/home/bitcoin/.bitcoin + +[signet] +daemon=0 +txindex=1 +upnp=1 +#debug=1 +#loglevel=debug +logthreadnames=1 +onion=tor:9050 +listenonion=1 +onlynet=onion + +# Paramètres RPC +rpcauth=bitcoin:c8ea921c7357bd6a5a8a7c43a12350a7$955e25b17672987b17c5a12f12cd8b9c1d38f0f86201c8cd47fc431f2e1c7956 +rpcallowip=0.0.0.0/0 +rpcworkqueue=32 +rpcthreads=4 +rpcdoccheck=1 + +# Paramètres ZMQ +zmqpubhashblock=tcp://0.0.0.0:29000 +zmqpubrawtx=tcp://0.0.0.0:29001 + +listen=1 +bind=0.0.0.0:38333 +rpcbind=0.0.0.0:38332 +rpcport=38332 +fallbackfee=0.0001 +blockfilterindex=1 +datacarriersize=205 +acceptnonstdtxn=1 +dustrelayfee=0.00000001 +minrelaytxfee=0.00000001 +prune=0 +signetchallenge=0020341c43803863c252df326e73574a27d7e19322992061017b0dc893e2eab90821 +wallet=mining +wallet=watchonly +maxtxfee=1 +addnode=tlv2yqamflv22vfdzy2hha2nwmt6zrwrhjjzz4lx7qyq7lyc6wfhabyd.onion +addnode=6xi33lwwslsx3yi3f7c56wnqtdx4v73vj2up3prrwebpwbz6qisnqbyd.onion +addnode=id7e3r3d2epen2v65jebjhmx77aimu7oyhcg45zadafypr4crqsytfid.onion \ No newline at end of file diff --git a/confs/lecoffre_node/grafana/dashboards/bitcoin-miner-detailed.json b/confs/lecoffre_node/grafana/dashboards/bitcoin-miner-detailed.json new file mode 100644 index 0000000..c8469f9 --- /dev/null +++ b/confs/lecoffre_node/grafana/dashboards/bitcoin-miner-detailed.json @@ -0,0 +1,399 @@ +{ + "annotations": { + "list": [] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": null, + "links": [], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "vis": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 0 + }, + "id": 1, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "editorMode": "code", + "expr": "sum(rate({container=\"signet_miner\"} |= \"Block mined\" [5m])) by (container)", + "queryType": "", + "refId": "A" + } + ], + "title": "Blocs Minés par Minute", + "type": "timeseries" + }, + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "vis": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 0 + }, + "id": 2, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "editorMode": "code", + "expr": "sum(rate({container=\"signet_miner\"} |= \"Hashrate\" [5m])) by (container)", + "queryType": "", + "refId": "A" + } + ], + "title": "Hashrate du Mineur", + "type": "timeseries" + }, + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 0, + "y": 8 + }, + "id": 3, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.0.0", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "editorMode": "code", + "expr": "count_over_time({container=\"signet_miner\"} |= \"ERROR\" [1h])", + "queryType": "", + "refId": "A" + } + ], + "title": "Erreurs du Mineur (1h)", + "type": "stat" + }, + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "vis": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 16, + "x": 8, + "y": 8 + }, + "id": 4, + "options": { + "legend": { + "displayMode": "list", + "placement": "right" + }, + "pieType": "pie", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "editorMode": "code", + "expr": "sum by (level) (count_over_time({container=\"signet_miner\"} | json | level != \"\" [1h]))", + "queryType": "", + "refId": "A" + } + ], + "title": "Distribution des Niveaux de Log", + "type": "piechart" + }, + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "fieldConfig": { + "defaults": { + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 16 + }, + "id": 5, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true + }, + "pluginVersion": "10.0.0", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "editorMode": "code", + "expr": "{container=\"signet_miner\"} |= \"Block mined\" | json | line_format \"{{.timestamp}} - Bloc {{.height}} miné - Hash: {{.hash}}\"", + "queryType": "", + "refId": "A" + } + ], + "title": "Historique des Blocs Minés", + "type": "table" + } + ], + "refresh": "5s", + "schemaVersion": 37, + "style": "dark", + "tags": [ + "bitcoin", + "miner", + "signet" + ], + "templating": { + "list": [] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Bitcoin Miner - Détails", + "uid": "bitcoin-miner-detailed", + "version": 1, + "weekStart": "" +} + diff --git a/confs/lecoffre_node/grafana/dashboards/bitcoin-miner.json b/confs/lecoffre_node/grafana/dashboards/bitcoin-miner.json new file mode 100644 index 0000000..ed0bd13 --- /dev/null +++ b/confs/lecoffre_node/grafana/dashboards/bitcoin-miner.json @@ -0,0 +1,160 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": null, + "links": [], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 0 + }, + "id": 1, + "options": { + "showTime": false, + "showLabels": false, + "showCommonLabels": false, + "wrapLogMessage": false, + "prettifyLogMessage": false, + "enableLogDetails": true, + "dedupStrategy": "none", + "sortOrder": "Descending" + }, + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "editorMode": "code", + "expr": "{job=\"bitcoin\"} |= \"block\" | logfmt", + "queryType": "", + "refId": "A" + } + ], + "title": "Bitcoin - Nouveaux Blocs", + "type": "logs" + }, + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 0 + }, + "id": 2, + "options": { + "showTime": false, + "showLabels": false, + "showCommonLabels": false, + "wrapLogMessage": false, + "prettifyLogMessage": false, + "enableLogDetails": true, + "dedupStrategy": "none", + "sortOrder": "Descending" + }, + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "editorMode": "code", + "expr": "{job=\"miner\"} |= \"mined\" | logfmt", + "queryType": "", + "refId": "A" + } + ], + "title": "Miner - Blocs Minés", + "type": "logs" + }, + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 8 + }, + "id": 3, + "options": { + "showTime": false, + "showLabels": false, + "showCommonLabels": false, + "wrapLogMessage": false, + "prettifyLogMessage": false, + "enableLogDetails": true, + "dedupStrategy": "none", + "sortOrder": "Descending" + }, + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "editorMode": "code", + "expr": "{job=~\"bitcoin|miner|blindbit\"} |= \"error\" | logfmt", + "queryType": "", + "refId": "A" + } + ], + "title": "Bitcoin/Miner/Blindbit - Erreurs", + "type": "logs" + } + ], + "refresh": "30s", + "schemaVersion": 36, + "style": "dark", + "tags": ["bitcoin", "miner", "blockchain"], + "templating": { + "list": [] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Bitcoin & Miner Monitoring", + "uid": "bitcoin-miner", + "version": 1, + "weekStart": "" +} diff --git a/confs/lecoffre_node/grafana/dashboards/bitcoin-services.json b/confs/lecoffre_node/grafana/dashboards/bitcoin-services.json new file mode 100644 index 0000000..2abf2d2 --- /dev/null +++ b/confs/lecoffre_node/grafana/dashboards/bitcoin-services.json @@ -0,0 +1,532 @@ +{ + "annotations": { + "list": [] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": null, + "links": [], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "vis": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 0 + }, + "id": 1, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "editorMode": "code", + "expr": "sum(rate({container=\"bitcoin-signet\"} |= \"UpdateTip\" [5m])) by (container)", + "queryType": "", + "refId": "A" + } + ], + "title": "Mises à Jour de la Chaîne Bitcoin", + "type": "timeseries" + }, + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "vis": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 0 + }, + "id": 2, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "editorMode": "code", + "expr": "sum(rate({container=\"blindbit-oracle\"} |= \"tweak\" [5m])) by (container)", + "queryType": "", + "refId": "A" + } + ], + "title": "Détection de Tweak (BlindBit)", + "type": "timeseries" + }, + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 6, + "x": 0, + "y": 8 + }, + "id": 3, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.0.0", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "editorMode": "code", + "expr": "count_over_time({container=\"bitcoin-signet\"} |= \"ERROR\" [1h])", + "queryType": "", + "refId": "A" + } + ], + "title": "Erreurs Bitcoin (1h)", + "type": "stat" + }, + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 6, + "x": 6, + "y": 8 + }, + "id": 4, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.0.0", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "editorMode": "code", + "expr": "count_over_time({container=\"blindbit-oracle\"} |= \"ERROR\" [1h])", + "queryType": "", + "refId": "A" + } + ], + "title": "Erreurs BlindBit (1h)", + "type": "stat" + }, + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 6, + "x": 12, + "y": 8 + }, + "id": 5, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.0.0", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "editorMode": "code", + "expr": "count_over_time({container=\"bitcoin-signet\"} |= \"New block\" [1h])", + "queryType": "", + "refId": "A" + } + ], + "title": "Nouveaux Blocs (1h)", + "type": "stat" + }, + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 6, + "x": 18, + "y": 8 + }, + "id": 6, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.0.0", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "editorMode": "code", + "expr": "count_over_time({container=\"blindbit-oracle\"} |= \"Silent payment\" [1h])", + "queryType": "", + "refId": "A" + } + ], + "title": "Silent Payments (1h)", + "type": "stat" + }, + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "fieldConfig": { + "defaults": { + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 12 + }, + "id": 7, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true + }, + "pluginVersion": "10.0.0", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "editorMode": "code", + "expr": "{container=~\"bitcoin-signet|blindbit-oracle\"} |= \"ERROR\" | line_format \"{{.timestamp}} - {{.container}} - {{.message}}\"", + "queryType": "", + "refId": "A" + } + ], + "title": "Erreurs Bitcoin Services", + "type": "table" + } + ], + "refresh": "5s", + "schemaVersion": 37, + "style": "dark", + "tags": [ + "bitcoin", + "signet", + "blindbit", + "oracle" + ], + "templating": { + "list": [] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Bitcoin Services - Monitoring", + "uid": "bitcoin-services", + "version": 1, + "weekStart": "" +} + diff --git a/confs/lecoffre_node/grafana/dashboards/frontend-services.json b/confs/lecoffre_node/grafana/dashboards/frontend-services.json new file mode 100644 index 0000000..262feb0 --- /dev/null +++ b/confs/lecoffre_node/grafana/dashboards/frontend-services.json @@ -0,0 +1,532 @@ +{ + "annotations": { + "list": [] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": null, + "links": [], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "vis": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 0 + }, + "id": 1, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "editorMode": "code", + "expr": "sum(rate({container=~\"lecoffre-front|ihm_client\"} |= \"GET\" [5m])) by (container)", + "queryType": "", + "refId": "A" + } + ], + "title": "Requêtes HTTP par Frontend", + "type": "timeseries" + }, + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "vis": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 0 + }, + "id": 2, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "editorMode": "code", + "expr": "sum(rate({container=\"ihm_client\"} |= \"vite\" [5m])) by (container)", + "queryType": "", + "refId": "A" + } + ], + "title": "Activité Vite (IHM Client)", + "type": "timeseries" + }, + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 6, + "x": 0, + "y": 8 + }, + "id": 3, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.0.0", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "editorMode": "code", + "expr": "count_over_time({container=\"lecoffre-front\"} |= \"ERROR\" [1h])", + "queryType": "", + "refId": "A" + } + ], + "title": "Erreurs LeCoffre Front (1h)", + "type": "stat" + }, + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 6, + "x": 6, + "y": 8 + }, + "id": 4, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.0.0", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "editorMode": "code", + "expr": "count_over_time({container=\"ihm_client\"} |= \"ERROR\" [1h])", + "queryType": "", + "refId": "A" + } + ], + "title": "Erreurs IHM Client (1h)", + "type": "stat" + }, + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 6, + "x": 12, + "y": 8 + }, + "id": 5, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.0.0", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "editorMode": "code", + "expr": "sum(count_over_time({container=~\"lecoffre-front|ihm_client\"} [1h]))", + "queryType": "", + "refId": "A" + } + ], + "title": "Total Logs Frontend (1h)", + "type": "stat" + }, + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 6, + "x": 18, + "y": 8 + }, + "id": 6, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.0.0", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "editorMode": "code", + "expr": "count_over_time({container=\"ihm_client\"} |= \"Pre-transform error\" [1h])", + "queryType": "", + "refId": "A" + } + ], + "title": "Erreurs Vite (1h)", + "type": "stat" + }, + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "fieldConfig": { + "defaults": { + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 12 + }, + "id": 7, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true + }, + "pluginVersion": "10.0.0", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "editorMode": "code", + "expr": "{container=~\"lecoffre-front|ihm_client\"} |= \"ERROR\" | line_format \"{{.timestamp}} - {{.container}} - {{.message}}\"", + "queryType": "", + "refId": "A" + } + ], + "title": "Erreurs Récentes Frontend", + "type": "table" + } + ], + "refresh": "5s", + "schemaVersion": 37, + "style": "dark", + "tags": [ + "frontend", + "lecoffre", + "ihm", + "client" + ], + "templating": { + "list": [] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Frontend Services - Monitoring", + "uid": "frontend-services", + "version": 1, + "weekStart": "" +} + diff --git a/confs/lecoffre_node/grafana/dashboards/lecoffre-overview.json b/confs/lecoffre_node/grafana/dashboards/lecoffre-overview.json new file mode 100644 index 0000000..9ecf781 --- /dev/null +++ b/confs/lecoffre_node/grafana/dashboards/lecoffre-overview.json @@ -0,0 +1,252 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": null, + "links": [], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "vis": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 0 + }, + "id": 1, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "editorMode": "code", + "expr": "sum by (service) (count_over_time({job=~\".*\"} |= \"error\" [5m]))", + "queryType": "", + "refId": "A" + } + ], + "title": "Erreurs par Service (5 dernières minutes)", + "type": "timeseries" + }, + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "vis": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 0 + }, + "id": 2, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "editorMode": "code", + "expr": "sum by (service) (count_over_time({job=~\".*\"} [5m]))", + "queryType": "", + "refId": "A" + } + ], + "title": "Volume de Logs par Service (5 dernières minutes)", + "type": "timeseries" + }, + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "gridPos": { + "h": 12, + "w": 24, + "x": 0, + "y": 8 + }, + "id": 3, + "options": { + "showTime": false, + "showLabels": false, + "showCommonLabels": false, + "wrapLogMessage": false, + "prettifyLogMessage": false, + "enableLogDetails": true, + "dedupStrategy": "none", + "sortOrder": "Descending" + }, + "title": "Logs d'Erreur - Tous Services", + "type": "logs" + } + ], + "refresh": "30s", + "schemaVersion": 36, + "style": "dark", + "tags": ["lecoffre", "monitoring"], + "templating": { + "list": [] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "LeCoffre Node - Vue d'ensemble", + "uid": "lecoffre-overview", + "version": 1, + "weekStart": "" +} diff --git a/confs/lecoffre_node/grafana/dashboards/sdk-services.json b/confs/lecoffre_node/grafana/dashboards/sdk-services.json new file mode 100644 index 0000000..112fa6a --- /dev/null +++ b/confs/lecoffre_node/grafana/dashboards/sdk-services.json @@ -0,0 +1,594 @@ +{ + "annotations": { + "list": [] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": null, + "links": [], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "vis": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 0, + "y": 0 + }, + "id": 1, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "editorMode": "code", + "expr": "sum(rate({container=~\"sdk_.*\"} |= \"message\" [5m])) by (container)", + "queryType": "", + "refId": "A" + } + ], + "title": "Messages par Service SDK", + "type": "timeseries" + }, + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "vis": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 8, + "y": 0 + }, + "id": 2, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "editorMode": "code", + "expr": "sum(rate({container=\"sdk_relay\"} |= \"transaction\" [5m])) by (container)", + "queryType": "", + "refId": "A" + } + ], + "title": "Transactions Relay", + "type": "timeseries" + }, + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "vis": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 16, + "y": 0 + }, + "id": 3, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "title": "Signatures Signer", + "type": "timeseries" + }, + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 6, + "x": 0, + "y": 8 + }, + "id": 4, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.0.0", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "editorMode": "code", + "expr": "count_over_time({container=\"sdk_relay\"} |= \"ERROR\" [1h])", + "queryType": "", + "refId": "A" + } + ], + "title": "Erreurs Relay (1h)", + "type": "stat" + }, + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 6, + "x": 6, + "y": 8 + }, + "id": 5, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.0.0", + "title": "Erreurs Signer (1h)", + "type": "stat" + }, + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 6, + "x": 12, + "y": 8 + }, + "id": 6, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.0.0", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "editorMode": "code", + "expr": "count_over_time({container=\"sdk_storage\"} |= \"ERROR\" [1h])", + "queryType": "", + "refId": "A" + } + ], + "title": "Erreurs Storage (1h)", + "type": "stat" + }, + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 6, + "x": 18, + "y": 8 + }, + "id": 7, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.0.0", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "editorMode": "code", + "expr": "sum(count_over_time({container=~\"sdk_.*\"} [1h]))", + "queryType": "", + "refId": "A" + } + ], + "title": "Total Logs SDK (1h)", + "type": "stat" + }, + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "fieldConfig": { + "defaults": { + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 12 + }, + "id": 8, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true + }, + "pluginVersion": "10.0.0", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "editorMode": "code", + "expr": "{container=~\"sdk_.*\"} |= \"ERROR\" | line_format \"{{.timestamp}} - {{.container}} - {{.message}}\"", + "queryType": "", + "refId": "A" + } + ], + "title": "Erreurs Récentes SDK", + "type": "table" + } + ], + "refresh": "5s", + "schemaVersion": 37, + "style": "dark", + "tags": [ + "sdk", + "relay", + "signer", + "storage" + ], + "templating": { + "list": [] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "SDK Services - Monitoring", + "uid": "sdk-services", + "version": 1, + "weekStart": "" +} diff --git a/confs/lecoffre_node/grafana/dashboards/services-overview.json b/confs/lecoffre_node/grafana/dashboards/services-overview.json new file mode 100644 index 0000000..b27238f --- /dev/null +++ b/confs/lecoffre_node/grafana/dashboards/services-overview.json @@ -0,0 +1,418 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": null, + "links": [], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "vis": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 0 + }, + "id": 1, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "title": "LeCoffre Backend - Volume Logs", + "type": "timeseries" + }, + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "vis": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 6, + "y": 0 + }, + "id": 2, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "editorMode": "code", + "expr": "sum by (service) (count_over_time({job=\"lecoffre-front\"} [5m]))", + "queryType": "", + "refId": "A" + } + ], + "title": "LeCoffre Frontend - Volume Logs", + "type": "timeseries" + }, + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "vis": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 12, + "y": 0 + }, + "id": 3, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "editorMode": "code", + "expr": "sum by (service) (count_over_time({job=\"ihm_client\"} [5m]))", + "queryType": "", + "refId": "A" + } + ], + "title": "IHM Client - Volume Logs", + "type": "timeseries" + }, + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "vis": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 18, + "y": 0 + }, + "id": 4, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "editorMode": "code", + "expr": "sum by (service) (count_over_time({job=\"sdk_relay\"} [5m]))", + "queryType": "", + "refId": "A" + } + ], + "title": "SDK Relay - Volume Logs", + "type": "timeseries" + }, + { + "datasource": { + "type": "loki", + "uid": "loki" + }, + "gridPos": { + "h": 12, + "w": 24, + "x": 0, + "y": 8 + }, + "id": 5, + "options": { + "showTime": false, + "showLabels": false, + "showCommonLabels": false, + "wrapLogMessage": false, + "prettifyLogMessage": false, + "enableLogDetails": true, + "dedupStrategy": "none", + "sortOrder": "Descending" + }, + "title": "Logs d'Erreur - Services Applications", + "type": "logs" + } + ], + "refresh": "30s", + "schemaVersion": 36, + "style": "dark", + "tags": ["services", "applications"], + "templating": { + "list": [] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Services Applications - Monitoring", + "uid": "services-overview", + "version": 1, + "weekStart": "" +} diff --git a/confs/lecoffre_node/grafana/grafana.ini b/confs/lecoffre_node/grafana/grafana.ini new file mode 100644 index 0000000..cc6efcf --- /dev/null +++ b/confs/lecoffre_node/grafana/grafana.ini @@ -0,0 +1,57 @@ +# Configuration Grafana avancée pour LeCoffre Node + +[server] +# URL publique de Grafana +root_url = https://dev4.4nkweb.com/grafana/ + +# Configuration de sécurité +enable_gzip = true +cert_file = +cert_key = +enforce_domain = false + +[security] +# Configuration de sécurité +admin_user = admin +admin_password = admin123 +secret_key = lecoffre_grafana_secret_key_2025 + +# Configuration des sessions +cookie_secure = true +cookie_samesite = strict + +[users] +# Configuration des utilisateurs +allow_sign_up = false +allow_org_create = false +auto_assign_org = true +auto_assign_org_id = 1 +auto_assign_org_role = Viewer + +[auth.anonymous] +# Accès anonyme désactivé pour la sécurité +enabled = false + +[dashboards] +# Configuration des dashboards +default_home_dashboard_path = /var/lib/grafana/dashboards/lecoffre-overview.json + +[unified_alerting] +# Configuration des alertes unifiées +enabled = true + +[log] +# Configuration des logs Grafana +mode = console +level = info +format = json + +[metrics] +# Métriques Prometheus +enabled = true +basic_auth_username = +basic_auth_password = + +[feature_toggles] +# Fonctionnalités activées +enable = traceqlEditor diff --git a/confs/lecoffre_node/grafana/provisioning/dashboards/dashboards.yml b/confs/lecoffre_node/grafana/provisioning/dashboards/dashboards.yml new file mode 100644 index 0000000..511c104 --- /dev/null +++ b/confs/lecoffre_node/grafana/provisioning/dashboards/dashboards.yml @@ -0,0 +1,12 @@ +apiVersion: 1 + +providers: + - name: 'LeCoffre Node Dashboards' + orgId: 1 + folder: 'LeCoffre Node' + type: file + disableDeletion: false + updateIntervalSeconds: 10 + allowUiUpdates: true + options: + path: /var/lib/grafana/dashboards diff --git a/confs/lecoffre_node/grafana/provisioning/datasources/loki.yml b/confs/lecoffre_node/grafana/provisioning/datasources/loki.yml new file mode 100644 index 0000000..e8e63e6 --- /dev/null +++ b/confs/lecoffre_node/grafana/provisioning/datasources/loki.yml @@ -0,0 +1,12 @@ +apiVersion: 1 + +datasources: + - name: Loki + type: loki + access: proxy + url: http://loki:3100 + uid: loki + isDefault: true + editable: true + jsonData: + maxLines: 1000 \ No newline at end of file diff --git a/confs/lecoffre_node/grafana/provisioning/datasources/loki.yml.bak b/confs/lecoffre_node/grafana/provisioning/datasources/loki.yml.bak new file mode 100644 index 0000000..1bbf4d0 --- /dev/null +++ b/confs/lecoffre_node/grafana/provisioning/datasources/loki.yml.bak @@ -0,0 +1,10 @@ +apiVersion: 1 + +datasources: + - name: Loki + type: loki + access: proxy + url: http://loki:3100 + uid: loki + isDefault: true + editable: true diff --git a/confs/lecoffre_node/ihm_client/nginx.dev.conf b/confs/lecoffre_node/ihm_client/nginx.dev.conf new file mode 100644 index 0000000..802fef5 --- /dev/null +++ b/confs/lecoffre_node/ihm_client/nginx.dev.conf @@ -0,0 +1,48 @@ +server { + listen 80; + server_name localhost; + + # Redirection des requêtes HTTP vers Vite + location / { + proxy_pass http://localhost:3003; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + } + + location /ws/ { + proxy_pass http://dev4.4nkweb.com:8090; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-NginX-Proxy true; + proxy_read_timeout 86400; + } + + location /storage/ { + rewrite ^/storage(/.*)$ $1 break; + proxy_pass http://localhost:8080; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + } + + location /api/ { + proxy_pass http://localhost:8091; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # CORS headers + add_header Access-Control-Allow-Origin "*" always; + add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, DELETE" always; + add_header Access-Control-Allow-Headers "Authorization,Content-Type,Accept,X-Requested-With" always; + } +} \ No newline at end of file diff --git a/confs/lecoffre_node/logrotate/bitcoin.conf b/confs/lecoffre_node/logrotate/bitcoin.conf new file mode 100644 index 0000000..6e9fa88 --- /dev/null +++ b/confs/lecoffre_node/logrotate/bitcoin.conf @@ -0,0 +1,13 @@ +logs/bitcoin/*.log { + daily + missingok + rotate 7 + compress + delaycompress + notifempty + create 644 root root + postrotate + # Redémarrer le service si nécessaire + docker restart bitcoin 2>/dev/null || true + endscript +} diff --git a/confs/lecoffre_node/logrotate/blindbit.conf b/confs/lecoffre_node/logrotate/blindbit.conf new file mode 100644 index 0000000..95e960c --- /dev/null +++ b/confs/lecoffre_node/logrotate/blindbit.conf @@ -0,0 +1,13 @@ +logs/blindbit/*.log { + daily + missingok + rotate 7 + compress + delaycompress + notifempty + create 644 root root + postrotate + # Redémarrer le service si nécessaire + docker restart blindbit 2>/dev/null || true + endscript +} diff --git a/confs/lecoffre_node/logrotate/ihm_client.conf b/confs/lecoffre_node/logrotate/ihm_client.conf new file mode 100644 index 0000000..c9409ad --- /dev/null +++ b/confs/lecoffre_node/logrotate/ihm_client.conf @@ -0,0 +1,13 @@ +logs/ihm_client/*.log { + daily + missingok + rotate 7 + compress + delaycompress + notifempty + create 644 root root + postrotate + # Redémarrer le service si nécessaire + docker restart ihm_client 2>/dev/null || true + endscript +} diff --git a/confs/lecoffre_node/logrotate/lecoffre-front.conf b/confs/lecoffre_node/logrotate/lecoffre-front.conf new file mode 100644 index 0000000..ea628b6 --- /dev/null +++ b/confs/lecoffre_node/logrotate/lecoffre-front.conf @@ -0,0 +1,13 @@ +logs/lecoffre-front/*.log { + daily + missingok + rotate 7 + compress + delaycompress + notifempty + create 644 root root + postrotate + # Redémarrer le service si nécessaire + docker restart lecoffre-front 2>/dev/null || true + endscript +} diff --git a/confs/lecoffre_node/logrotate/miner.conf b/confs/lecoffre_node/logrotate/miner.conf new file mode 100644 index 0000000..ed4374f --- /dev/null +++ b/confs/lecoffre_node/logrotate/miner.conf @@ -0,0 +1,13 @@ +logs/miner/*.log { + daily + missingok + rotate 7 + compress + delaycompress + notifempty + create 644 root root + postrotate + # Redémarrer le service si nécessaire + docker restart miner 2>/dev/null || true + endscript +} diff --git a/confs/lecoffre_node/logrotate/nginx.conf b/confs/lecoffre_node/logrotate/nginx.conf new file mode 100644 index 0000000..d36f8a3 --- /dev/null +++ b/confs/lecoffre_node/logrotate/nginx.conf @@ -0,0 +1,13 @@ +logs/nginx/*.log { + daily + missingok + rotate 7 + compress + delaycompress + notifempty + create 644 root root + postrotate + # Redémarrer le service si nécessaire + docker restart nginx 2>/dev/null || true + endscript +} diff --git a/confs/lecoffre_node/logrotate/sdk_relay.conf b/confs/lecoffre_node/logrotate/sdk_relay.conf new file mode 100644 index 0000000..ef677bb --- /dev/null +++ b/confs/lecoffre_node/logrotate/sdk_relay.conf @@ -0,0 +1,13 @@ +logs/sdk_relay/*.log { + daily + missingok + rotate 7 + compress + delaycompress + notifempty + create 644 root root + postrotate + # Redémarrer le service si nécessaire + docker restart sdk_relay 2>/dev/null || true + endscript +} diff --git a/confs/lecoffre_node/logrotate/sdk_storage.conf b/confs/lecoffre_node/logrotate/sdk_storage.conf new file mode 100644 index 0000000..8d84d09 --- /dev/null +++ b/confs/lecoffre_node/logrotate/sdk_storage.conf @@ -0,0 +1,13 @@ +logs/sdk_storage/*.log { + daily + missingok + rotate 7 + compress + delaycompress + notifempty + create 644 root root + postrotate + # Redémarrer le service si nécessaire + docker restart sdk_storage 2>/dev/null || true + endscript +} diff --git a/confs/lecoffre_node/logrotate/tor.conf b/confs/lecoffre_node/logrotate/tor.conf new file mode 100644 index 0000000..d821318 --- /dev/null +++ b/confs/lecoffre_node/logrotate/tor.conf @@ -0,0 +1,13 @@ +logs/tor/*.log { + daily + missingok + rotate 7 + compress + delaycompress + notifempty + create 644 root root + postrotate + # Redémarrer le service si nécessaire + docker restart tor 2>/dev/null || true + endscript +} diff --git a/confs/lecoffre_node/loki/loki-config.yaml b/confs/lecoffre_node/loki/loki-config.yaml new file mode 100644 index 0000000..f1bf1dd --- /dev/null +++ b/confs/lecoffre_node/loki/loki-config.yaml @@ -0,0 +1,76 @@ +auth_enabled: false + +server: + http_listen_port: 3100 + grpc_listen_port: 9096 + http_listen_address: 0.0.0.0 + grpc_listen_address: 0.0.0.0 + +common: + instance_addr: 0.0.0.0 + path_prefix: /loki + storage: + filesystem: + chunks_directory: /loki/chunks + rules_directory: /loki/rules + replication_factor: 1 + ring: + kvstore: + store: inmemory + +schema_config: + configs: + - from: 2020-10-24 + store: tsdb + object_store: filesystem + schema: v13 + index: + prefix: index_ + period: 24h + +ruler: + alertmanager_url: http://localhost:9093 + +# Configuration de l'ingester - SEULEMENT le paramètre crucial +ingester: + lifecycler: + min_ready_duration: 5s # Réduit le délai de 15s à 5s + +# Configuration des limites +limits_config: + reject_old_samples: true + reject_old_samples_max_age: 168h + max_cache_freshness_per_query: 10m + split_queries_by_interval: 15m + max_query_parallelism: 32 + max_streams_per_user: 0 + max_line_size: 256000 + ingestion_rate_mb: 16 + ingestion_burst_size_mb: 32 + per_stream_rate_limit: 3MB + per_stream_rate_limit_burst: 15MB + max_entries_limit_per_query: 5000 + max_query_series: 500 + max_query_length: 721h + cardinality_limit: 100000 + max_streams_matchers_per_query: 1000 + max_concurrent_tail_requests: 10 + +# Configuration du storage +storage_config: + tsdb_shipper: + active_index_directory: /loki/tsdb-index + cache_location: /loki/tsdb-cache + filesystem: + directory: /loki/chunks + +# Configuration du compactor +compactor: + working_directory: /loki/compactor + compaction_interval: 10m + retention_enabled: false + delete_request_store: filesystem + +# Analytics désactivés +analytics: + reporting_enabled: false \ No newline at end of file diff --git a/confs/lecoffre_node/monitoring.conf b/confs/lecoffre_node/monitoring.conf new file mode 100644 index 0000000..b478228 --- /dev/null +++ b/confs/lecoffre_node/monitoring.conf @@ -0,0 +1,30 @@ +# Configuration centralisée du monitoring LeCoffre Node +# Généré automatiquement le $(date) + +[monitoring] +# Services de monitoring +grafana_port=3000 +loki_port=3100 +promtail_enabled=true + +[grafana] +admin_user=admin +admin_password=admin123 +root_url=https://dev4.4nkweb.com/grafana/ +dashboard_home=lecoffre-overview + +[logs] +# Configuration des logs +log_retention_days=30 +log_rotation=daily +log_compression=true + +[services] +# Services surveillés +services=bitcoin,blindbit,sdk_relay,,sdk_storagelecoffre-front,ihm_client,tor,miner + +[alerts] +# Configuration des alertes +error_threshold=10 +warning_threshold=5 +alert_email= diff --git a/confs/lecoffre_node/nginx/assets/favicon.ico b/confs/lecoffre_node/nginx/assets/favicon.ico new file mode 100644 index 0000000..1ddbac5 Binary files /dev/null and b/confs/lecoffre_node/nginx/assets/favicon.ico differ diff --git a/confs/lecoffre_node/nginx/dev4.4nkweb.com-http.conf b/confs/lecoffre_node/nginx/dev4.4nkweb.com-http.conf new file mode 100644 index 0000000..6a7d847 --- /dev/null +++ b/confs/lecoffre_node/nginx/dev4.4nkweb.com-http.conf @@ -0,0 +1,15 @@ +# HTTP server for ACME and redirect to HTTPS +server { + listen 80 default_server; + server_name _; + + # ACME HTTP-01 challenges + location /.well-known/acme-challenge/ { + root /var/www/letsencrypt; + } + + # Redirection vers HTTPS pour toutes les autres requêtes + location / { + return 301 https://$server_name$request_uri; + } +} diff --git a/confs/lecoffre_node/nginx/dev4.4nkweb.com-https.conf b/confs/lecoffre_node/nginx/dev4.4nkweb.com-https.conf new file mode 100644 index 0000000..df5f4b3 --- /dev/null +++ b/confs/lecoffre_node/nginx/dev4.4nkweb.com-https.conf @@ -0,0 +1,263 @@ +# Configuration HTTPS pour dev4.4nkweb.com +server { + listen 443 ssl; + http2 on; + server_name dev4.4nkweb.com; + + include /home/debian/4NK_env/lecoffre_node/conf/nginx/logging.conf; + + # Certificats SSL + ssl_certificate /etc/letsencrypt/live/dev4.4nkweb.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/dev4.4nkweb.com/privkey.pem; + + # Configuration SSL + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; + ssl_prefer_server_ciphers off; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + + # Headers de sécurité + add_header Strict-Transport-Security "max-age=63072000" always; + add_header X-Frame-Options DENY always; + add_header X-Content-Type-Options nosniff always; + add_header X-XSS-Protection "1; mode=block" always; + + # Grafana - Interface de monitoring (DOIT être avant location /) + location /grafana/ { + proxy_pass http://localhost:3005/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # Configuration spécifique pour Grafana + proxy_set_header X-Grafana-Org-Id 1; + + # Support des WebSockets pour les live updates + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + # Timeouts + proxy_connect_timeout 60s; + proxy_send_timeout 60s; + proxy_read_timeout 60s; + + # Buffer settings + proxy_buffering off; + proxy_request_buffering off; + } + + # Loki API - API de logs (DOIT être avant location /) + location /loki/ { + proxy_pass http://localhost:3100/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # CORS pour les requêtes depuis Grafana + add_header Access-Control-Allow-Origin *; + add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; + add_header Access-Control-Allow-Headers "Content-Type, Authorization"; + + if ($request_method = 'OPTIONS') { + return 204; + } + } + + # Page de statut des services (DOIT être avant location /) + location /status { + # Redirection vers /status/ + return 301 /status/; + } + + location /status/ { + # Serveur statique pour la page HTML + alias /var/www/lecoffre/status/; + index index.html; + try_files $uri $uri/ /status/index.html; + + # Headers de sécurité + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-XSS-Protection "1; mode=block" always; + + # Cache pour les assets statiques + location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ { + expires 1h; + add_header Cache-Control "public, immutable"; + } + } + + # API de statut des services (DOIT être avant location /) + location /status/api { + proxy_pass http://localhost:3006/api; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # CORS pour les requêtes AJAX + add_header Access-Control-Allow-Origin *; + add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; + add_header Access-Control-Allow-Headers "Content-Type, Authorization"; + + # Timeouts + proxy_connect_timeout 10s; + proxy_send_timeout 10s; + proxy_read_timeout 10s; + + if ($request_method = 'OPTIONS') { + return 204; + } + } + + # API backend - route /back/ vers /api/ du backend + location ~* ^/back/(.*)$ { + proxy_pass http://localhost:8080/api/$1; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_buffering off; + } + + # API direct - route /api/ vers le backend + # Autorisations CORS dynamiques pour origines connues + set $cors_origin ""; + if ($http_origin ~* ^(http://local\.4nkweb\.com:3000|https://dev4\.4nkweb\.com)$) { + set $cors_origin $http_origin; + } + + location /api/ { + # CORS pour développement local Next.js + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Credentials; + proxy_hide_header Access-Control-Allow-Headers; + proxy_hide_header Access-Control-Allow-Methods; + + if ($request_method = OPTIONS) { + add_header Access-Control-Allow-Origin $cors_origin always; + add_header Access-Control-Allow-Credentials "true" always; + add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; + add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; + return 204; + } + + add_header Access-Control-Allow-Origin $cors_origin always; + add_header Access-Control-Allow-Credentials "true" always; + add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; + add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; + + proxy_set_header X-Request-ID $x_request_id; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_pass http://dev3.4nkweb.com:8080/api/; + include /etc/nginx/proxy_params; + proxy_read_timeout 300; + proxy_connect_timeout 300; + proxy_send_timeout 300; + } + + # WebSocket relay (sdk_relay) + location /ws/ { + proxy_pass http://localhost:8090/; + proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key; + proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version; + proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol; + proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 86400; + } + + # API de transfert de fonds + location /api/v1/funds/ { + proxy_pass http://dev3.4nkweb.com:8080/api/v1/funds/; + include /etc/nginx/proxy_params; + proxy_read_timeout 300; + proxy_connect_timeout 300; + proxy_send_timeout 300; + } + + # favicon + location = /favicon.ico { + root /home/debian/4NK_env/lecoffre_node/conf/nginx/assets; + try_files /favicon.ico =404; + } + + # blindbit + location /blindbit/ { + proxy_pass http://localhost:8000/; + include /etc/nginx/proxy_params; + } + + # lecoffre-front - Application LeCoffre + location = /lecoffre { return 301 /lecoffre/; } + location ^~ /lecoffre/ { + # ensure no redirect here; only proxy to Next + add_header Cache-Control "no-store, no-cache, must-revalidate, max-age=0" always; + add_header Pragma "no-cache" always; + add_header Expires "-1" always; + proxy_hide_header ETag; + proxy_hide_header Last-Modified; + rewrite ^/lecoffre/(.*)$ /$1 break; + proxy_pass http://localhost:3004; + include /etc/nginx/proxy_params; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header X-Request-ID $x_request_id; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_read_timeout 300; + proxy_send_timeout 300; + proxy_connect_timeout 300; + } + # HMR dev front + location ^~ /lecoffre-hmr/ { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + rewrite ^/lecoffre-hmr/(.*)$ /lecoffre/$1 break; + proxy_pass http://localhost:3000; + } + + + # ihm_client (root) - DOIT être en dernier + + # Next.js assets for lecoffre-front + location ^~ /_next/ { + proxy_pass http://localhost:3004/_next/; + include /etc/nginx/proxy_params; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 300; + add_header Cache-Control "public, max-age=31536000, immutable"; + } + + location / { + proxy_pass http://localhost:3003; + include /etc/nginx/proxy_params; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 300; + } +} diff --git a/confs/lecoffre_node/nginx/dev4.4nkweb.com-https.conf.bak.1758553408 b/confs/lecoffre_node/nginx/dev4.4nkweb.com-https.conf.bak.1758553408 new file mode 100644 index 0000000..fba0fc3 --- /dev/null +++ b/confs/lecoffre_node/nginx/dev4.4nkweb.com-https.conf.bak.1758553408 @@ -0,0 +1,236 @@ +# Configuration HTTPS pour dev4.4nkweb.com +server { + listen 443 ssl http2; + server_name dev4.4nkweb.com; + + # Certificats SSL + ssl_certificate /etc/letsencrypt/live/dev4.4nkweb.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/dev4.4nkweb.com/privkey.pem; + + # Configuration SSL + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; + ssl_prefer_server_ciphers off; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + + # Headers de sécurité + add_header Strict-Transport-Security "max-age=63072000" always; + add_header X-Frame-Options DENY always; + add_header X-Content-Type-Options nosniff always; + add_header X-XSS-Protection "1; mode=block" always; + + # Grafana - Interface de monitoring (DOIT être avant location /) + location /grafana/ { + proxy_pass http://localhost:3005/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # Configuration spécifique pour Grafana + proxy_set_header X-Grafana-Org-Id 1; + + # Support des WebSockets pour les live updates + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + # Timeouts + proxy_connect_timeout 60s; + proxy_send_timeout 60s; + proxy_read_timeout 60s; + + # Buffer settings + proxy_buffering off; + proxy_request_buffering off; + } + + # Loki API - API de logs (DOIT être avant location /) + location /loki/ { + proxy_pass http://localhost:3100/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # CORS pour les requêtes depuis Grafana + add_header Access-Control-Allow-Origin *; + add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; + add_header Access-Control-Allow-Headers "Content-Type, Authorization"; + + if ($request_method = 'OPTIONS') { + return 204; + } + } + + # Page de statut des services (DOIT être avant location /) + location /status { + # Redirection vers /status/ + return 301 /status/; + } + + location /status/ { + # Serveur statique pour la page HTML + alias /var/www/lecoffre/status/; + index index.html; + try_files $uri $uri/ /status/index.html; + + # Headers de sécurité + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-XSS-Protection "1; mode=block" always; + + # Désactiver le cache côté client + add_header Cache-Control "no-store, no-cache, must-revalidate, max-age=0" always; + add_header Pragma "no-cache" always; + expires -1; + + # Cache pour les assets statiques + location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ { + expires 1h; + add_header Cache-Control "public, immutable"; + } + } + + # API de statut des services (DOIT être avant location /) + location /status/api { + proxy_pass http://localhost:3006/api; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # CORS pour les requêtes AJAX + add_header Access-Control-Allow-Origin *; + add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; + add_header Access-Control-Allow-Headers "Content-Type, Authorization"; + + # Désactiver le cache proxy/client + proxy_no_cache 1; + proxy_cache_bypass 1; + add_header Cache-Control "no-store, no-cache, must-revalidate, max-age=0" always; + add_header Pragma "no-cache" always; + + # Timeouts + proxy_connect_timeout 10s; + proxy_send_timeout 10s; + proxy_read_timeout 10s; + + if ($request_method = 'OPTIONS') { + return 204; + } + } + + # API backend - route /back/ vers /api/ du backend + location ~* ^/back/(.*)$ { + proxy_pass http://localhost:8080/api/$1; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_buffering off; + } + + # API direct - route /api/ vers le backend + # Autorisations CORS dynamiques pour origines connues + set $cors_origin ""; + if ($http_origin ~* ^(http://local\.4nkweb\.com:3000|https://dev4\.4nkweb\.com)$) { + set $cors_origin $http_origin; + } + + location /api/ { + # CORS pour développement local Next.js + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Credentials; + proxy_hide_header Access-Control-Allow-Headers; + proxy_hide_header Access-Control-Allow-Methods; + + if ($request_method = OPTIONS) { + add_header Access-Control-Allow-Origin $cors_origin always; + add_header Access-Control-Allow-Credentials "true" always; + add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; + add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; + return 204; + } + + add_header Access-Control-Allow-Origin $cors_origin always; + add_header Access-Control-Allow-Credentials "true" always; + add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; + add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; + + proxy_pass http://localhost:8080/api/; + include /etc/nginx/proxy_params; + proxy_read_timeout 300; + proxy_connect_timeout 300; + proxy_send_timeout 300; + } + + # WebSocket relay (sdk_relay) + location /ws/ { + proxy_pass http://localhost:8090/; + proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key; + proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version; + proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol; + proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 86400; + } + + # API de transfert de fonds + location /api/v1/funds/ { + proxy_pass http://localhost:8080/api/v1/funds/; + include /etc/nginx/proxy_params; + proxy_read_timeout 300; + proxy_connect_timeout 300; + proxy_send_timeout 300; + } + + # favicon + location = /favicon.ico { + root /home/debian/lecoffre_node/conf/nginx/assets; + try_files /favicon.ico =404; + } + + # blindbit + location /blindbit/ { + proxy_pass http://localhost:8000/; + include /etc/nginx/proxy_params; + } + + # lecoffre-front - Application LeCoffre + # Forcer le trailing slash pour éviter les redirections et erreurs 500 côté Next.js + location = /lecoffre { + return 301 /lecoffre/; + } + + location ^~ /lecoffre/ { + # Déléguer la gestion du basePath à Next.js + proxy_pass http://localhost:3004; + include /etc/nginx/proxy_params; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 300; + proxy_send_timeout 300; + proxy_connect_timeout 300; + } + + # ihm_client (root) - DOIT être en dernier + location / { + proxy_pass http://localhost:3003; + include /etc/nginx/proxy_params; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 300; + } +} \ No newline at end of file diff --git a/confs/lecoffre_node/nginx/dev4.4nkweb.com.conf b/confs/lecoffre_node/nginx/dev4.4nkweb.com.conf new file mode 100644 index 0000000..e26ac3d --- /dev/null +++ b/confs/lecoffre_node/nginx/dev4.4nkweb.com.conf @@ -0,0 +1,258 @@ +# HTTP server for ACME and redirect to HTTPS +server { + listen 80; + server_name dev4.4nkweb.com http://dev4.4nkweb.com; + + # ACME HTTP-01 challenges + location /.well-known/acme-challenge/ { + root /var/www/letsencrypt; + } + + # Redirection vers HTTPS pour toutes les autres requêtes + location / { + return 301 https://$server_name$request_uri; + } + + # API backend - route /back/ vers /api/ du backend + location ~* ^/back/(.*)$ { + proxy_pass http://localhost:8080/api/$1; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_buffering off; + } + + # API direct - route /api/ vers le backend + # Autorisations CORS dynamiques pour origines connues + set $cors_origin ""; + if ($http_origin ~* ^(http://local\.4nkweb\.com:3000|https://dev4\.4nkweb\.com)$) { + set $cors_origin $http_origin; + } + + location /api/ { + # CORS pour développement local Next.js + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Credentials; + proxy_hide_header Access-Control-Allow-Headers; + proxy_hide_header Access-Control-Allow-Methods; + + if ($request_method = OPTIONS) { + add_header Access-Control-Allow-Origin $cors_origin always; + add_header Access-Control-Allow-Credentials "true" always; + add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; + add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; + return 204; + } + + add_header Access-Control-Allow-Origin $cors_origin always; + add_header Access-Control-Allow-Credentials "true" always; + add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; + add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; + + proxy_pass http://localhost:8080/api/; + include /etc/nginx/proxy_params; + proxy_read_timeout 300; + proxy_connect_timeout 300; + proxy_send_timeout 300; + } + + # Compat: certains clients appellent /apiv1 -> réécriture vers /api/v1 + location ~* ^/apiv1/(.*)$ { + # CORS pour compatibilité + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Credentials; + proxy_hide_header Access-Control-Allow-Headers; + proxy_hide_header Access-Control-Allow-Methods; + + if ($request_method = OPTIONS) { + add_header Access-Control-Allow-Origin $cors_origin always; + add_header Access-Control-Allow-Credentials "true" always; + add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; + add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; + return 204; + } + + add_header Access-Control-Allow-Origin $cors_origin always; + add_header Access-Control-Allow-Credentials "true" always; + add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; + add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; + + proxy_pass http://localhost:8080/api/v1/$1; + include /etc/nginx/proxy_params; + proxy_read_timeout 300; + proxy_connect_timeout 300; + proxy_send_timeout 300; + } + + # WebSocket relay (sdk_relay) + location /ws/ { + proxy_pass http://localhost:8090/; + proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key; + proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version; + proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol; + proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 300; + } + + # API de transfert de fonds + location /api/v1/funds/ { + proxy_pass http://localhost:8080/api/v1/funds/; + include /etc/nginx/proxy_params; + proxy_read_timeout 300; + proxy_connect_timeout 300; + proxy_send_timeout 300; + } + + # Grafana - Interface de monitoring (DOIT être avant location /) + location /grafana/ { + proxy_pass http://localhost:3005/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # Configuration spécifique pour Grafana + proxy_set_header X-Grafana-Org-Id 1; + + # Support des WebSockets pour les live updates + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + # Timeouts + proxy_connect_timeout 60s; + proxy_send_timeout 60s; + proxy_read_timeout 60s; + + # Buffer settings + proxy_buffering off; + proxy_request_buffering off; + } + + # Loki API - API de logs (DOIT être avant location /) + location /loki/ { + proxy_pass http://localhost:3100/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # CORS pour les requêtes depuis Grafana + add_header Access-Control-Allow-Origin *; + add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; + add_header Access-Control-Allow-Headers "Content-Type, Authorization"; + + if ($request_method = 'OPTIONS') { + return 204; + } + } + + # Page de statut des services (DOIT être avant location /) + location /status { + # Redirection vers /status/ + return 301 /status/; + } + + location /status/ { + # Serveur statique pour la page HTML + alias /var/www/lecoffre/status/; + index index.html; + try_files $uri $uri/ /status/index.html; + + # Headers de sécurité + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-XSS-Protection "1; mode=block" always; + + # Cache pour les assets statiques + location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ { + expires 1h; + add_header Cache-Control "public, immutable"; + } + } + + # API de statut des services (DOIT être avant location /) + location /status/api { + proxy_pass http://localhost:3006/api; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # CORS pour les requêtes AJAX + add_header Access-Control-Allow-Origin *; + add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; + add_header Access-Control-Allow-Headers "Content-Type, Authorization"; + + # Timeouts + proxy_connect_timeout 10s; + proxy_send_timeout 10s; + proxy_read_timeout 10s; + + if ($request_method = 'OPTIONS') { + return 204; + } + } + + # ihm_client (root) - DOIT être en dernier + location / { + proxy_pass http://localhost:3003; + include /etc/nginx/proxy_params; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 300; + } + + # favicon + location = /favicon.ico { + root /home/debian/4NK_env/lecoffre_node/conf/nginx/assets; + try_files /favicon.ico =404; + access_log off; + expires 30d; + } + + # lecoffre frontend + location = /lecoffre { + proxy_pass http://127.0.0.2:3004/lecoffre; + include /etc/nginx/proxy_params; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + } + + location /lecoffre/ { + proxy_pass http://127.0.0.2:3004/lecoffre/; + include /etc/nginx/proxy_params; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 300; + } + + # Next.js assets + location /_next/ { + proxy_pass http://127.0.0.2:3004/_next/; + include /etc/nginx/proxy_params; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + } + + # blindbit + location /blindbit/ { + proxy_pass http://localhost:8000/; + include /etc/nginx/proxy_params; + } + +} diff --git a/confs/lecoffre_node/nginx/grafana.conf b/confs/lecoffre_node/nginx/grafana.conf new file mode 100644 index 0000000..c3753bb --- /dev/null +++ b/confs/lecoffre_node/nginx/grafana.conf @@ -0,0 +1,49 @@ +# Configuration Nginx pour Grafana +server { + listen 80; + server_name dev4.4nkweb.com; + + # Proxy pour Grafana + location /grafana/ { + proxy_pass http://127.0.0.1:3005/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # Configuration spécifique pour Grafana + proxy_set_header X-Grafana-Org-Id 1; + + # Support des WebSockets pour les live updates + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + # Timeouts + proxy_connect_timeout 60s; + proxy_send_timeout 60s; + proxy_read_timeout 60s; + + # Buffer settings + proxy_buffering off; + proxy_request_buffering off; + } + + # Proxy pour Loki (API) + location /loki/ { + proxy_pass http://127.0.0.1:3100/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # CORS pour les requêtes depuis Grafana + add_header Access-Control-Allow-Origin *; + add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; + add_header Access-Control-Allow-Headers "Content-Type, Authorization"; + + if ($request_method = 'OPTIONS') { + return 204; + } + } +} diff --git a/confs/lecoffre_node/nginx/logging.conf b/confs/lecoffre_node/nginx/logging.conf new file mode 100644 index 0000000..2ccba34 --- /dev/null +++ b/confs/lecoffre_node/nginx/logging.conf @@ -0,0 +1,39 @@ +# Logging configuration for lecoffre front + +log_format lecoffre_json escape=json + '{' + '"time":"$time_iso8601",' + '"request_id":"$request_id",' + '"remote_addr":"$remote_addr",' + '"host":"$host",' + '"method":"$request_method",' + '"uri":"$uri",' + '"args":"$args",' + '"status":$status,' + '"bytes":$body_bytes_sent,' + '"referer":"$http_referer",' + '"user_agent":"$http_user_agent",' + '"request_time":$request_time,' + '"upstream_addr":"$upstream_addr",' + '"upstream_status":"$upstream_status",' + '"upstream_connect_time":"$upstream_connect_time",' + '"upstream_header_time":"$upstream_header_time",' + '"upstream_response_time":"$upstream_response_time",' + '"x_forwarded_for":"$http_x_forwarded_for"' + '}'; + +# Default access and error logs for the front site +access_log /home/debian/4NK_env/logs/nginx/lecoffre_front_access.log lecoffre_json; +error_log /home/debian/4NK_env/logs/nginx/lecoffre_front_error.log warn; + +# Map incoming X-Request-ID or generate one +map $http_x_request_id $x_request_id { + default $http_x_request_id; + "" $request_id; +} + +# These headers should be set in each proxy location of the vhost +# proxy_set_header X-Request-ID $x_request_id; +# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +# proxy_set_header X-Forwarded-Proto $scheme; +# proxy_set_header X-Forwarded-Host $host; diff --git a/confs/lecoffre_node/nginx/nginx.conf b/confs/lecoffre_node/nginx/nginx.conf new file mode 100644 index 0000000..726a64b --- /dev/null +++ b/confs/lecoffre_node/nginx/nginx.conf @@ -0,0 +1,470 @@ +user www-data; +worker_processes auto; +pid /app/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 1024; + use epoll; + multi_accept on; +} + +http { + # Configuration de base + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + server_tokens off; + + # MIME types + include /etc/nginx/mime.types; + default_type application/octet-stream; + + # Logging + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /app/logs/nginx/access.log main; + error_log /app/logs/nginx/error.log warn; + + # Gzip compression + gzip on; + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_types + text/plain + text/css + text/xml + text/javascript + application/json + application/javascript + application/xml+rss + application/atom+xml + image/svg+xml; + + # Rate limiting + limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s; + limit_req_zone $binary_remote_addr zone=login:10m rate=1r/s; + + # Upstream servers + + upstream lecoffre_frontend { + server localhost:3004; + keepalive 32; + } + + upstream ihm_client { + server localhost:3003; + keepalive 32; + } + + upstream grafana { + server localhost:3005; + keepalive 32; + } + + upstream loki { + server localhost:3100; + keepalive 32; + } + + upstream status_api { + server localhost:3006; + keepalive 32; + } + + upstream sdk_relay { + server localhost:8090; + keepalive 32; + } + + upstream blindbit { + server localhost:8000; + keepalive 32; + } + + # Serveur principal HTTP (port 80) + server { + listen 80 default_server; + listen [::]:80 default_server; + server_name _; + + # Redirection automatique vers HTTPS si disponible + return 301 https://$host$request_uri; + } + + # Serveur HTTPS (port 443) + server { + listen 443 ssl http2 default_server; + listen [::]:443 ssl http2 default_server; + server_name _; + + # Certificats SSL (auto-signés pour le développement) + ssl_certificate /app/ssl/nginx-selfsigned.crt; + ssl_certificate_key /app/ssl/nginx-selfsigned.key; + + # Configuration SSL + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; + ssl_prefer_server_ciphers off; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + + # Headers de sécurité + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-XSS-Protection "1; mode=block" always; + add_header Referrer-Policy "strict-origin-when-cross-origin" always; + + # Page de statut des services + location /status/ { + alias /var/www/lecoffre/status/; + index index.html; + try_files $uri $uri/ /status/index.html; + + location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ { + expires 1h; + add_header Cache-Control "public, immutable"; + } + } + + # API de statut des services + location /status/api { + limit_req zone=api burst=20 nodelay; + proxy_pass http://status_api/api; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # CORS + add_header Access-Control-Allow-Origin *; + add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; + add_header Access-Control-Allow-Headers "Content-Type, Authorization"; + + if ($request_method = 'OPTIONS') { + return 204; + } + } + + # Grafana - Interface de monitoring + location /grafana/ { + proxy_pass http://grafana/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Grafana-Org-Id 1; + + # WebSocket support + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + proxy_connect_timeout 60s; + proxy_send_timeout 60s; + proxy_read_timeout 60s; + proxy_buffering off; + proxy_request_buffering off; + } + + # Loki API - API de logs + location /loki/ { + limit_req zone=api burst=10 nodelay; + proxy_pass http://loki/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # CORS pour Grafana + add_header Access-Control-Allow-Origin *; + add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; + add_header Access-Control-Allow-Headers "Content-Type, Authorization"; + + if ($request_method = 'OPTIONS') { + return 204; + } + } + + # API backend - routes /back/ vers /api/ + location ~* ^/back/(.*)$ { + limit_req zone=api burst=20 nodelay; + proxy_pass http://lecoffre_backend/api/$1; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_buffering off; + } + + # API direct - routes /api/ + location /api/ { + limit_req zone=api burst=20 nodelay; + + # CORS dynamique + set $cors_origin ""; + if ($http_origin ~* ^(http://localhost:3000|http://local\.4nkweb\.com:3000|https://dev4\.4nkweb\.com)$) { + set $cors_origin $http_origin; + } + + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Credentials; + proxy_hide_header Access-Control-Allow-Headers; + proxy_hide_header Access-Control-Allow-Methods; + + if ($request_method = OPTIONS) { + add_header Access-Control-Allow-Origin $cors_origin always; + add_header Access-Control-Allow-Credentials "true" always; + add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; + add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; + return 204; + } + + add_header Access-Control-Allow-Origin $cors_origin always; + add_header Access-Control-Allow-Credentials "true" always; + add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; + add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; + + proxy_pass http://lecoffre_backend/api/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 300; + proxy_connect_timeout 300; + proxy_send_timeout 300; + } + + # WebSocket relay (sdk_relay) + location /ws/ { + proxy_pass http://sdk_relay/; + proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key; + proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version; + proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol; + proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 86400; + } + + # API de transfert de fonds + location /api/v1/funds/ { + limit_req zone=api burst=5 nodelay; + proxy_pass http://lecoffre_backend/api/v1/funds/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 300; + proxy_connect_timeout 300; + proxy_send_timeout 300; + } + + # favicon + location = /favicon.ico { + root /var/www/lecoffre/assets; + try_files /favicon.ico =404; + } + + # blindbit + location /blindbit/ { + proxy_pass http://blindbit/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + # LeCoffre Front - Application principale + # Redirige /lecoffre -> /lecoffre/ + location = /lecoffre { + return 301 /lecoffre/; + } + location /lecoffre/ { + proxy_pass http://lecoffre_frontend/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 300; + + # Configuration spécifique pour Next.js + proxy_buffering off; + proxy_request_buffering off; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + } + + # ihm_client (root) - DOIT être en dernier + location / { + proxy_pass http://ihm_client; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 300; + } + } + # API de statut des services + location /status/api { + limit_req zone=api burst=20 nodelay; + proxy_pass http://status_api/api; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # CORS + add_header Access-Control-Allow-Origin *; + add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; + add_header Access-Control-Allow-Headers "Content-Type, Authorization"; + + if ($request_method = 'OPTIONS') { + return 204; + } + } + + # Grafana - Interface de monitoring + location /grafana/ { + proxy_pass http://grafana/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Grafana-Org-Id 1; + + # WebSocket support + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + proxy_connect_timeout 60s; + proxy_send_timeout 60s; + proxy_read_timeout 60s; + proxy_buffering off; + proxy_request_buffering off; + } + + # API backend - routes /back/ vers /api/ + location ~* ^/back/(.*)$ { + limit_req zone=api burst=20 nodelay; + proxy_pass http://lecoffre_backend/api/$1; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_buffering off; + } + + # API direct - routes /api/ + location /api/ { + limit_req zone=api burst=20 nodelay; + + # CORS dynamique pour développement local + set $cors_origin ""; + if ($http_origin ~* ^(http://local\.4nkweb\.com:3000|http://localhost:3000|https://dev4\.4nkweb\.com)$) { + set $cors_origin $http_origin; + } + + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Credentials; + proxy_hide_header Access-Control-Allow-Headers; + proxy_hide_header Access-Control-Allow-Methods; + + if ($request_method = OPTIONS) { + add_header Access-Control-Allow-Origin $cors_origin always; + add_header Access-Control-Allow-Credentials "true" always; + add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; + add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; + return 204; + } + + add_header Access-Control-Allow-Origin $cors_origin always; + add_header Access-Control-Allow-Credentials "true" always; + add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; + add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; + + proxy_pass http://lecoffre_backend/api/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 300; + proxy_connect_timeout 300; + proxy_send_timeout 300; + } + + # WebSocket relay (sdk_relay) + location /ws/ { + proxy_pass http://sdk_relay/; + proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key; + proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version; + proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol; + proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 86400; + } + + # LeCoffre Front - Application principale + # Redirige /lecoffre -> /lecoffre/ + location = /lecoffre { + return 301 /lecoffre/; + } + location /lecoffre/ { + proxy_pass http://lecoffre_frontend/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 300; + + # Configuration spécifique pour Next.js + proxy_buffering off; + proxy_request_buffering off; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + } + + # ihm_client (root) - DOIT être en dernier + location / { + proxy_pass http://ihm_client; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 300; + } + } +} diff --git a/confs/lecoffre_node/nginx_backups_host/dev4.4nkweb.com-http.conf b/confs/lecoffre_node/nginx_backups_host/dev4.4nkweb.com-http.conf new file mode 100755 index 0000000..804d8a0 --- /dev/null +++ b/confs/lecoffre_node/nginx_backups_host/dev4.4nkweb.com-http.conf @@ -0,0 +1,15 @@ +# HTTP server for ACME and redirect to HTTPS +server { + listen 80; + server_name dev4.4nkweb.com; + + # ACME HTTP-01 challenges + location /.well-known/acme-challenge/ { + root /var/www/letsencrypt; + } + + # Redirection vers HTTPS pour toutes les autres requêtes + location / { + return 301 https://$server_name$request_uri; + } +} diff --git a/confs/lecoffre_node/nginx_backups_host/dev4.4nkweb.com-https.conf b/confs/lecoffre_node/nginx_backups_host/dev4.4nkweb.com-https.conf new file mode 100644 index 0000000..4ee02e3 --- /dev/null +++ b/confs/lecoffre_node/nginx_backups_host/dev4.4nkweb.com-https.conf @@ -0,0 +1,226 @@ +# Configuration HTTPS pour dev4.4nkweb.com +server { + listen 443 ssl http2; + server_name dev4.4nkweb.com; + + # Certificats SSL + ssl_certificate /etc/letsencrypt/live/dev4.4nkweb.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/dev4.4nkweb.com/privkey.pem; + + # Configuration SSL + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; + ssl_prefer_server_ciphers off; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + + # Headers de sécurité + add_header Strict-Transport-Security "max-age=63072000" always; + add_header X-Frame-Options DENY always; + add_header X-Content-Type-Options nosniff always; + add_header X-XSS-Protection "1; mode=block" always; + + # Grafana - Interface de monitoring (DOIT être avant location /) + location /grafana/ { + proxy_pass http://localhost:3005/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # Configuration spécifique pour Grafana + proxy_set_header X-Grafana-Org-Id 1; + + # Support des WebSockets pour les live updates + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + # Timeouts + proxy_connect_timeout 60s; + proxy_send_timeout 60s; + proxy_read_timeout 60s; + + # Buffer settings + proxy_buffering off; + proxy_request_buffering off; + } + + # Loki API - API de logs (DOIT être avant location /) + location /loki/ { + proxy_pass http://localhost:3100/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # CORS pour les requêtes depuis Grafana + add_header Access-Control-Allow-Origin *; + add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; + add_header Access-Control-Allow-Headers "Content-Type, Authorization"; + + if ($request_method = 'OPTIONS') { + return 204; + } + } + + # Page de statut des services (DOIT être avant location /) + location /status { + # Redirection vers /status/ + return 301 /status/; + } + + location /status/ { + # Serveur statique pour la page HTML + alias /var/www/lecoffre/status/; + index index.html; + try_files $uri $uri/ /status/index.html; + + # Headers de sécurité + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-XSS-Protection "1; mode=block" always; + + # Cache pour les assets statiques + location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ { + expires 1h; + add_header Cache-Control "public, immutable"; + } + } + + # API de statut des services (DOIT être avant location /) + location /status/api { + proxy_pass http://localhost:3006/api; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # CORS pour les requêtes AJAX + add_header Access-Control-Allow-Origin *; + add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; + add_header Access-Control-Allow-Headers "Content-Type, Authorization"; + + # Timeouts + proxy_connect_timeout 10s; + proxy_send_timeout 10s; + proxy_read_timeout 10s; + + if ($request_method = 'OPTIONS') { + return 204; + } + } + + # API backend - route /back/ vers /api/ du backend + location ~* ^/back/(.*)$ { + proxy_pass http://localhost:8080/api/$1; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_buffering off; + } + + # API direct - route /api/ vers le backend + # Autorisations CORS dynamiques pour origines connues + set $cors_origin ""; + if ($http_origin ~* ^(http://local\.4nkweb\.com:3000|https://dev4\.4nkweb\.com)$) { + set $cors_origin $http_origin; + } + + location /api/ { + # CORS pour développement local Next.js + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Credentials; + proxy_hide_header Access-Control-Allow-Headers; + proxy_hide_header Access-Control-Allow-Methods; + + if ($request_method = OPTIONS) { + add_header Access-Control-Allow-Origin $cors_origin always; + add_header Access-Control-Allow-Credentials "true" always; + add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; + add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; + return 204; + } + + add_header Access-Control-Allow-Origin $cors_origin always; + add_header Access-Control-Allow-Credentials "true" always; + add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; + add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; + + proxy_pass http://dev3.4nkweb.com:8080/api/; + include /etc/nginx/proxy_params; + proxy_read_timeout 300; + proxy_connect_timeout 300; + proxy_send_timeout 300; + } + + # WebSocket relay (sdk_relay) + location /ws/ { + proxy_pass http://localhost:8090/; + proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key; + proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version; + proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol; + proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 86400; + } + + # API de transfert de fonds + location /api/v1/funds/ { + proxy_pass http://dev3.4nkweb.com:8080/api/v1/funds/; + include /etc/nginx/proxy_params; + proxy_read_timeout 300; + proxy_connect_timeout 300; + proxy_send_timeout 300; + } + + # favicon + location = /favicon.ico { + root /home/debian/4NK_env/lecoffre_node/conf/nginx/assets; + try_files /favicon.ico =404; + } + + # blindbit + location /blindbit/ { + proxy_pass http://localhost:8000/; + include /etc/nginx/proxy_params; + } + + # lecoffre-front - Application LeCoffre + location = /lecoffre { return 301 /lecoffre/; } + location ^~ /lecoffre/ { + # ensure no redirect here; only proxy to Next + add_header Cache-Control "no-store, no-cache, must-revalidate, max-age=0" always; + add_header Pragma "no-cache" always; + add_header Expires "-1" always; + proxy_hide_header ETag; + proxy_hide_header Last-Modified; + proxy_pass http://localhost:3004; + include /etc/nginx/proxy_params; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 300; + proxy_send_timeout 300; + proxy_connect_timeout 300; + } + + # ihm_client (root) - DOIT être en dernier + location / { + proxy_pass http://localhost:3003; + include /etc/nginx/proxy_params; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 300; + } +} diff --git a/confs/lecoffre_node/nginx_backups_host/grafana.conf b/confs/lecoffre_node/nginx_backups_host/grafana.conf new file mode 100755 index 0000000..c3753bb --- /dev/null +++ b/confs/lecoffre_node/nginx_backups_host/grafana.conf @@ -0,0 +1,49 @@ +# Configuration Nginx pour Grafana +server { + listen 80; + server_name dev4.4nkweb.com; + + # Proxy pour Grafana + location /grafana/ { + proxy_pass http://127.0.0.1:3005/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # Configuration spécifique pour Grafana + proxy_set_header X-Grafana-Org-Id 1; + + # Support des WebSockets pour les live updates + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + # Timeouts + proxy_connect_timeout 60s; + proxy_send_timeout 60s; + proxy_read_timeout 60s; + + # Buffer settings + proxy_buffering off; + proxy_request_buffering off; + } + + # Proxy pour Loki (API) + location /loki/ { + proxy_pass http://127.0.0.1:3100/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # CORS pour les requêtes depuis Grafana + add_header Access-Control-Allow-Origin *; + add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; + add_header Access-Control-Allow-Headers "Content-Type, Authorization"; + + if ($request_method = 'OPTIONS') { + return 204; + } + } +} diff --git a/confs/lecoffre_node/nginx_backups_host/local.4nkweb.com-3000.conf b/confs/lecoffre_node/nginx_backups_host/local.4nkweb.com-3000.conf new file mode 100755 index 0000000..a4ea511 --- /dev/null +++ b/confs/lecoffre_node/nginx_backups_host/local.4nkweb.com-3000.conf @@ -0,0 +1,64 @@ +server { + listen 0.0.0.0:3000; + listen [::]:3000; + server_name local.4nkweb.com; + + # HTTP pur: pas de HTTPS ni HSTS + + # Favicon + location = /favicon.ico { + root /home/debian/lecoffre_node/conf/nginx/assets; + } + + # Compat: callback ID.not sans basePath (toutes variantes et querystring) + location /authorized-client { + proxy_pass http://127.0.0.2:3004/lecoffre/authorized-client; + include /etc/nginx/proxy_params; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-Prefix /lecoffre; + proxy_read_timeout 300; + } + + # Entrée sans slash + location = /lecoffre { + proxy_pass http://127.0.0.2:3004; + include /etc/nginx/proxy_params; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-Prefix /lecoffre; + proxy_read_timeout 300; + } + + # BasePath /lecoffre + location /lecoffre/ { + proxy_pass http://127.0.0.2:3004; + include /etc/nginx/proxy_params; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-Prefix /lecoffre; + proxy_read_timeout 300; + } + + # HMR (si utilisé en local) + location /lecoffre/_next/webpack-hmr { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_buffering off; + proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr; + proxy_read_timeout 600s; + } + + # Assets Next.js + location ~* ^(/_next/static/|/lecoffre/_next/static/|/.+\.(?:css|js|png|jpg|jpeg|gif|svg|ico|webp|woff2?))$ { + expires 7d; + add_header Cache-Control "public, max-age=604800, immutable" always; + proxy_pass http://127.0.0.2:3004$request_uri; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_read_timeout 300; + } +} diff --git a/confs/lecoffre_node/nginx_backups_host/local.4nkweb.com.conf b/confs/lecoffre_node/nginx_backups_host/local.4nkweb.com.conf new file mode 100755 index 0000000..fb6b90b --- /dev/null +++ b/confs/lecoffre_node/nginx_backups_host/local.4nkweb.com.conf @@ -0,0 +1,9 @@ +server { + listen 80; + server_name local.4nkweb.com; + + # HTTP only: pas de redirection HTTPS, pas d'HSTS + location / { + return 302 http://local.4nkweb.com:3000$request_uri; + } +} diff --git a/confs/lecoffre_node/nginx_backups_host/nginx.conf b/confs/lecoffre_node/nginx_backups_host/nginx.conf new file mode 100755 index 0000000..68a8fd4 --- /dev/null +++ b/confs/lecoffre_node/nginx_backups_host/nginx.conf @@ -0,0 +1,84 @@ +user www-data; +worker_processes auto; +worker_cpu_affinity auto; +pid /run/nginx.pid; +error_log /var/log/nginx/error.log; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 768; + # multi_accept on; +} + +http { + + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + types_hash_max_size 2048; + server_tokens off; # Recommended practice is to turn this off + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # SSL Settings + ## + + ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3 (POODLE), TLS 1.0, 1.1 + ssl_prefer_server_ciphers off; # Don't force server cipher order. + + ## + # Logging Settings + ## + + access_log /var/log/nginx/access.log; + + ## + # Gzip Settings + ## + + gzip on; + + # gzip_vary on; + # gzip_proxied any; + # gzip_comp_level 6; + # gzip_buffers 16 8k; + # gzip_http_version 1.1; + # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} + + +#mail { +# # See sample authentication script at: +# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript +# +# # auth_http localhost/auth.php; +# # pop3_capabilities "TOP" "USER"; +# # imap_capabilities "IMAP4rev1" "UIDPLUS"; +# +# server { +# listen localhost:110; +# protocol pop3; +# proxy on; +# } +# +# server { +# listen localhost:143; +# protocol imap; +# proxy on; +# } +#} diff --git a/confs/lecoffre_node/promtail/promtail.yml b/confs/lecoffre_node/promtail/promtail.yml new file mode 100644 index 0000000..05d943f --- /dev/null +++ b/confs/lecoffre_node/promtail/promtail.yml @@ -0,0 +1,107 @@ +server: + http_listen_port: 9080 + grpc_listen_port: 0 + +positions: + filename: /tmp/positions.yaml + +clients: + - url: http://loki:3100/loki/api/v1/push + +scrape_configs: + # Bitcoin Signet Logs + - job_name: bitcoin + static_configs: + - targets: + - localhost + labels: + job: bitcoin + service: bitcoin-signet + __path__: /home/debian/4NK_env/logs/bitcoin/*.log + + # Blindbit Oracle Logs + - job_name: blindbit + static_configs: + - targets: + - localhost + labels: + job: blindbit + service: blindbit-oracle + __path__: /home/debian/4NK_env/logs/blindbit/*.log + + # SDK Relay Logs + - job_name: sdk_relay + static_configs: + - targets: + - localhost + labels: + job: sdk_relay + service: sdk_relay + __path__: /home/debian/4NK_env/logs/sdk_relay/*.log + + # SDK Storage Logs + - job_name: sdk_storage + static_configs: + - targets: + - localhost + labels: + job: sdk_storage + service: sdk_storage + __path__: /home/debian/4NK_env/logs/sdk_storage/*.log + + # LeCoffre Frontend Logs + - job_name: lecoffre-front + static_configs: + - targets: + - localhost + labels: + job: lecoffre-front + service: lecoffre-front + __path__: /home/debian/4NK_env/logs/lecoffre-front/*.log + + # IHM Client Logs + - job_name: ihm_client + static_configs: + - targets: + - localhost + labels: + job: ihm_client + service: ihm_client + __path__: /home/debian/4NK_env/logs/ihm_client/*.log + + # Miner Logs + - job_name: miner + static_configs: + - targets: + - localhost + labels: + job: miner + service: signet_miner + __path__: /home/debian/4NK_env/logs/miner/*.log + + # Tor Logs + - job_name: tor + static_configs: + - targets: + - localhost + labels: + job: tor + service: tor-proxy + __path__: /home/debian/4NK_env/logs/tor/*.log + + # Docker Container Logs + - job_name: docker + docker_sd_configs: + - host: unix:///var/run/docker.sock + refresh_interval: 5s + filters: + - name: label + values: ["com.centurylinklabs.watchtower.enable=true"] + relabel_configs: + - source_labels: ['__meta_docker_container_name'] + regex: '/?(.*)' + target_label: 'container_name' + - source_labels: ['__meta_docker_container_log_stream'] + target_label: 'logstream' + - source_labels: ['__meta_docker_container_label_logging_job_name'] + target_label: 'job' diff --git a/confs/lecoffre_node/relay/sdk_relay.conf b/confs/lecoffre_node/relay/sdk_relay.conf new file mode 100644 index 0000000..7b0c1bd --- /dev/null +++ b/confs/lecoffre_node/relay/sdk_relay.conf @@ -0,0 +1,11 @@ +core_url=http://bitcoin:38332 +ws_url=0.0.0.0:8090 +wallet_name=default +network=signet +blindbit_url=http://blindbit-oracle:8000 +zmq_url=tcp://bitcoin:29000 +storage=https://dev4.4nkweb.com/storage +data_dir=/app/.4nk +bitcoin_data_dir=/app/.bitcoin +bootstrap_url= +bootstrap_faucet=false diff --git a/confs/lecoffre_node/supervisor/supervisord.conf b/confs/lecoffre_node/supervisor/supervisord.conf new file mode 100644 index 0000000..b4b99e7 --- /dev/null +++ b/confs/lecoffre_node/supervisor/supervisord.conf @@ -0,0 +1,51 @@ +[supervisord] +nodaemon=true +user=root +logfile=/var/log/supervisor/supervisord.log +pidfile=/var/run/supervisord.pid +childlogdir=/var/log/supervisor + +[unix_http_server] +file=/var/run/supervisor.sock +chmod=0700 + +[supervisorctl] +serverurl=unix:///var/run/supervisor.sock + +[rpcinterface:supervisor] +supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface + +[program:nginx] +command=/usr/sbin/nginx -g "daemon off;" +autostart=true +autorestart=true +stderr_logfile=/var/log/supervisor/nginx.err.log +stdout_logfile=/var/log/supervisor/nginx.out.log +user=root + +[program:docker-compose] +command=/app/scripts/startup.sh +directory=/app +autostart=true +autorestart=true +stderr_logfile=/var/log/supervisor/docker-compose.err.log +stdout_logfile=/var/log/supervisor/docker-compose.out.log +user=appuser +environment=HOME="/app" + +[program:cron] +command=/usr/sbin/cron -f +autostart=true +autorestart=true +stderr_logfile=/var/log/supervisor/cron.err.log +stdout_logfile=/var/log/supervisor/cron.out.log +user=root + +[program:logrotate] +command=/usr/sbin/logrotate /etc/logrotate.d/lecoffre +autostart=true +autorestart=false +startsecs=0 +exitcodes=0 +user=root + diff --git a/confs/lecoffre_node/tor/torrc b/confs/lecoffre_node/tor/torrc new file mode 100644 index 0000000..79d7018 --- /dev/null +++ b/confs/lecoffre_node/tor/torrc @@ -0,0 +1,21 @@ +# Configuration Tor pour LeCoffre Node +# Écoute sur 127.0.0.1 pour la sécurité + +# Port SOCKS pour les connexions sortantes +SOCKSPort 127.0.0.1:9050 + +# Port de contrôle (désactivé pour la sécurité) +# ControlPort 127.0.0.1:9051 + +# Configuration de base +Log notice file /var/log/tor/tor.log +DataDirectory /var/lib/tor + +# Configuration réseau +ClientOnly 1 +SafeLogging 1 +WarnUnsafeSocks 1 + +# Désactiver les services cachés +HiddenServiceDir /var/lib/tor/hidden_service/ +HiddenServicePort 80 127.0.0.1:80 diff --git a/ihm_client b/ihm_client index 33853c7..390015e 160000 --- a/ihm_client +++ b/ihm_client @@ -1 +1 @@ -Subproject commit 33853c7a6af1bd4a59d3cf4e70057859e1df5406 +Subproject commit 390015e82366bf2ffb23cbd32063e1849bf5d1d1 diff --git a/lecoffre-front b/lecoffre-front index db6ee4e..c130e2d 160000 --- a/lecoffre-front +++ b/lecoffre-front @@ -1 +1 @@ -Subproject commit db6ee4e5e803666ba1117fdf092f3b0f4561c8cf +Subproject commit c130e2d588409ffb9cd242d0212efb51cba467a0 diff --git a/lecoffre_node b/lecoffre_node index 30eb038..e7ce3b2 160000 --- a/lecoffre_node +++ b/lecoffre_node @@ -1 +1 @@ -Subproject commit 30eb0380791e3a8c5635bef8461342008d1f3770 +Subproject commit e7ce3b2a3ed26664a32eba8a9d9a7cea07a7632c diff --git a/scripts/push-ext-commit.sh b/scripts/push-ext-commit.sh new file mode 100755 index 0000000..c3e91e0 --- /dev/null +++ b/scripts/push-ext-commit.sh @@ -0,0 +1,56 @@ +#!/usr/bin/env bash +set -euo pipefail + +echo "[push-ext-commit] Ensure all submodules on ext, commit if needed, push ext" + +# Work from repo root +ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" +cd "$ROOT_DIR" + +# Update submodules metadata (non-recursive update of refs; content is already cloned) +git submodule init >/dev/null 2>&1 || true + +git submodule foreach --recursive ' + set -e + echo "[submodule] Enter: $name ($path)" + git fetch origin ext || true + if ! git rev-parse --verify ext >/dev/null 2>&1; then + if git show-ref --verify --quiet refs/remotes/origin/ext; then + git switch -C ext origin/ext + else + git switch -C ext + fi + else + git switch ext + fi + git pull --ff-only || true + git add -A + if ! git diff --cached --quiet; then + git commit -m "auto_clea" + git push -u origin ext || true + else + echo "[submodule] No changes to commit" + fi +' + +echo "[root] Process root repository" +git fetch origin ext || true +if ! git rev-parse --verify ext >/dev/null 2>&1; then + if git show-ref --verify --quiet refs/remotes/origin/ext; then + git switch -C ext origin/ext + else + git switch -C ext + fi +else + git switch ext +fi +git pull --ff-only || true +git add -A +if ! git diff --cached --quiet; then + git commit -m "auto_clea" + git push -u origin ext +else + echo "[root] No changes to commit" +fi + +echo "[push-ext-commit] Done." diff --git a/sdk_relay b/sdk_relay index 0fc246b..c00a17a 160000 --- a/sdk_relay +++ b/sdk_relay @@ -1 +1 @@ -Subproject commit 0fc246bedbb24c94cd90618e9fdd236ebeb66d84 +Subproject commit c00a17a5c605ead2f8be158c95a57cbc7d832959 diff --git a/sdk_storage b/sdk_storage index 5543f20..8fd81ea 160000 --- a/sdk_storage +++ b/sdk_storage @@ -1 +1 @@ -Subproject commit 5543f20820cd2e0680aaece63bd88c91bde1dfce +Subproject commit 8fd81ea3aa48a49f4b24c56cc64dc8e53764efb4