diff --git a/IA_agents/prompts/prompt-deploy/scripts/quick-health-check.sh b/IA_agents/prompts/prompt-deploy/scripts/quick-health-check.sh index 304e8a8..18c5152 100644 --- a/IA_agents/prompts/prompt-deploy/scripts/quick-health-check.sh +++ b/IA_agents/prompts/prompt-deploy/scripts/quick-health-check.sh @@ -15,3 +15,4 @@ exec "$CHECK" + diff --git a/scripts/push_modules.sh b/scripts/push_modules.sh index 666e533..1e94a25 100644 --- a/scripts/push_modules.sh +++ b/scripts/push_modules.sh @@ -87,3 +87,4 @@ main() { } main "$@" + diff --git a/scripts/safe-clean-configs.sh b/scripts/safe-clean-configs.sh new file mode 100644 index 0000000..8bb9f15 --- /dev/null +++ b/scripts/safe-clean-configs.sh @@ -0,0 +1,85 @@ +#!/usr/bin/env sh +set -euo pipefail + +# Safe cleaner for local .env and config files in project/module trees. +# - DRY-RUN by default (shows actions) +# - Use --apply to actually delete +# - Never touches: +# - 4NK_modules/4NK_vault (kept) +# - blindbit-oracle (external dep images) +# - rust-silentPayments (external dep) +# - projects/lecoffre/lecoffre_node/confs (centralized confs) + +ROOT="/home/debian/4NK_env" +CENTRAL_CONFS="$ROOT/projects/lecoffre/lecoffre_node/confs" + +APPLY=0 +[ "${1-}" = "--apply" ] && APPLY=1 + +info() { printf "%s\n" "$*"; } +warn() { printf "[WARN] %s\n" "$*"; } +error() { printf "[ERR] %s\n" "$*" 1>&2; } + +# Candidates to remove (relative globs) in repos (non-central) +# We only remove if the corresponding central conf exists. + +# Map: repo_dir|local_path|central_path +map_entry() { + repo="$1"; local_p="$2"; central_p="$3"; + # Skip if repo does not exist + [ -e "$repo" ] || return 0 + if [ -e "$repo/$local_p" ]; then + if [ -e "$CENTRAL_CONFS/$central_p" ]; then + if [ $APPLY -eq 1 ]; then + info "[DEL] $repo/$local_p (central: $central_p present)" + rm -f "$repo/$local_p" || true + else + info "[DRY] would delete: $repo/$local_p (central OK: $central_p)" + fi + else + warn "central missing for $repo/$local_p → expected: $CENTRAL_CONFS/$central_p" + fi + fi +} + +main() { + info "Central confs: $CENTRAL_CONFS" + [ -d "$CENTRAL_CONFS" ] || warn "central confs directory missing: $CENTRAL_CONFS" + + # lecoffre-front: remove local .env if any; runtime env via compose + map_entry "$ROOT/lecoffre-front" ".env" "lecoffre-front/.env" + + # ihm_client: remove local .env + map_entry "$ROOT/ihm_client" ".env" "ihm_client/.env" + + # sdk_relay: remove local .env and sdk_relay.conf (use central) + map_entry "$ROOT/sdk_relay" ".env" "sdk_relay/.env" + map_entry "$ROOT/sdk_relay" "sdk_relay.conf" "relay/sdk_relay.conf" + + # sdk_storage: remove local .env + map_entry "$ROOT/sdk_storage" ".env" "sdk_storage/.env" + + # 4NK_certificator: remove local config.toml (keep example) + map_entry "$ROOT/4NK_certificator" "config.toml" "4nk_certificator/certificator.toml" + + # 4NK_web_status: remove local .env if any (status API reads env at runtime) + map_entry "$ROOT/4NK_modules/4NK_web_status" ".env" "monitoring/.env" + + # 4NK_miner: remove local .env if any (already cleaned miner.env earlier) + map_entry "$ROOT/4NK_modules/4NK_miner" ".env" "lecoffre_node/.env" + + # Projects nested: avoid touching central confs; warn only + for f in "$ROOT"/projects/lecoffre/lecoffre_node/*/*.env; do + [ -e "$f" ] || continue + warn "local env in projects tree: $f (not deleting; central expected in $CENTRAL_CONFS)" + done + + if [ $APPLY -eq 0 ]; then + info "\nRun with --apply to delete the [DRY] listed files." + else + info "\n[OK] Deletions applied." + fi +} + +main "$@" + diff --git a/tmp/nginx/assets/favicon.ico b/tmp/nginx/assets/favicon.ico deleted file mode 100644 index 1ddbac5..0000000 Binary files a/tmp/nginx/assets/favicon.ico and /dev/null differ diff --git a/tmp/nginx/dev4.4nkweb.com-http.conf b/tmp/nginx/dev4.4nkweb.com-http.conf deleted file mode 100644 index 6a7d847..0000000 --- a/tmp/nginx/dev4.4nkweb.com-http.conf +++ /dev/null @@ -1,15 +0,0 @@ -# HTTP server for ACME and redirect to HTTPS -server { - listen 80 default_server; - server_name _; - - # ACME HTTP-01 challenges - location /.well-known/acme-challenge/ { - root /var/www/letsencrypt; - } - - # Redirection vers HTTPS pour toutes les autres requêtes - location / { - return 301 https://$server_name$request_uri; - } -} diff --git a/tmp/nginx/dev4.4nkweb.com-https.conf b/tmp/nginx/dev4.4nkweb.com-https.conf deleted file mode 100644 index 7406527..0000000 --- a/tmp/nginx/dev4.4nkweb.com-https.conf +++ /dev/null @@ -1,263 +0,0 @@ -# Configuration HTTPS pour dev4.4nkweb.com -server { - listen 443 ssl; - http2 on; - server_name dev4.4nkweb.com; - - include /home/debian/4NK_env/confs/lecoffre_node/nginx/logging.conf; - - # Certificats SSL - ssl_certificate /etc/letsencrypt/live/dev4.4nkweb.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/dev4.4nkweb.com/privkey.pem; - - # Configuration SSL - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; - ssl_prefer_server_ciphers off; - ssl_session_cache shared:SSL:10m; - ssl_session_timeout 10m; - - # Headers de sécurité - add_header Strict-Transport-Security "max-age=63072000" always; - add_header X-Frame-Options DENY always; - add_header X-Content-Type-Options nosniff always; - add_header X-XSS-Protection "1; mode=block" always; - - # Grafana - Interface de monitoring (DOIT être avant location /) - location /grafana/ { - proxy_pass http://localhost:3005/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # Configuration spécifique pour Grafana - proxy_set_header X-Grafana-Org-Id 1; - - # Support des WebSockets pour les live updates - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - # Timeouts - proxy_connect_timeout 60s; - proxy_send_timeout 60s; - proxy_read_timeout 60s; - - # Buffer settings - proxy_buffering off; - proxy_request_buffering off; - } - - # Loki API - API de logs (DOIT être avant location /) - location /loki/ { - proxy_pass http://localhost:3100/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # CORS pour les requêtes depuis Grafana - add_header Access-Control-Allow-Origin *; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - add_header Access-Control-Allow-Headers "Content-Type, Authorization"; - - if ($request_method = 'OPTIONS') { - return 204; - } - } - - # Page de statut des services (DOIT être avant location /) - location /status { - # Redirection vers /status/ - return 301 /status/; - } - - location /status/ { - # Serveur statique pour la page HTML - alias /var/www/lecoffre/status/; - index index.html; - try_files $uri $uri/ /status/index.html; - - # Headers de sécurité - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Cache pour les assets statiques - location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ { - expires 1h; - add_header Cache-Control "public, immutable"; - } - } - - # API de statut des services (DOIT être avant location /) - location /status/api { - proxy_pass http://localhost:3006/api; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # CORS pour les requêtes AJAX - add_header Access-Control-Allow-Origin *; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - add_header Access-Control-Allow-Headers "Content-Type, Authorization"; - - # Timeouts - proxy_connect_timeout 10s; - proxy_send_timeout 10s; - proxy_read_timeout 10s; - - if ($request_method = 'OPTIONS') { - return 204; - } - } - - # API backend - route /back/ vers /api/ du backend - location ~* ^/back/(.*)$ { - proxy_pass http://localhost:8080/api/$1; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_buffering off; - } - - # API direct - route /api/ vers le backend - # Autorisations CORS dynamiques pour origines connues - set $cors_origin ""; - if ($http_origin ~* ^(http://local\.4nkweb\.com:3000|https://dev4\.4nkweb\.com)$) { - set $cors_origin $http_origin; - } - - location /api/ { - # CORS pour développement local Next.js - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Credentials; - proxy_hide_header Access-Control-Allow-Headers; - proxy_hide_header Access-Control-Allow-Methods; - - if ($request_method = OPTIONS) { - add_header Access-Control-Allow-Origin $cors_origin always; - add_header Access-Control-Allow-Credentials "true" always; - add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; - add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; - return 204; - } - - add_header Access-Control-Allow-Origin $cors_origin always; - add_header Access-Control-Allow-Credentials "true" always; - add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; - add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; - - proxy_set_header X-Request-ID $x_request_id; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host; - proxy_pass http://dev3.4nkweb.com:8080/api/; - include /etc/nginx/proxy_params; - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_send_timeout 300; - } - - # WebSocket relay (sdk_relay) - location /ws/ { - proxy_pass http://localhost:8090/; - proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key; - proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version; - proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol; - proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 86400; - } - - # API de transfert de fonds - location /api/v1/funds/ { - proxy_pass http://dev3.4nkweb.com:8080/api/v1/funds/; - include /etc/nginx/proxy_params; - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_send_timeout 300; - } - - # favicon - location = /favicon.ico { - root /home/debian/4NK_env/confs/lecoffre_node/nginx/assets; - try_files /favicon.ico =404; - } - - # blindbit - location /blindbit/ { - proxy_pass http://localhost:8000/; - include /etc/nginx/proxy_params; - } - - # lecoffre-front - Application LeCoffre - location = /lecoffre { return 301 /lecoffre/; } - location ^~ /lecoffre/ { - # ensure no redirect here; only proxy to Next - add_header Cache-Control "no-store, no-cache, must-revalidate, max-age=0" always; - add_header Pragma "no-cache" always; - add_header Expires "-1" always; - proxy_hide_header ETag; - proxy_hide_header Last-Modified; - rewrite ^/lecoffre/(.*)$ /$1 break; - proxy_pass http://localhost:3004; - include /etc/nginx/proxy_params; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header X-Request-ID $x_request_id; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host; - proxy_read_timeout 300; - proxy_send_timeout 300; - proxy_connect_timeout 300; - } - # HMR dev front - location ^~ /lecoffre-hmr/ { - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - rewrite ^/lecoffre-hmr/(.*)$ /lecoffre/$1 break; - proxy_pass http://localhost:3000; - } - - - # ihm_client (root) - DOIT être en dernier - - # Next.js assets for lecoffre-front - location ^~ /_next/ { - proxy_pass http://localhost:3004/_next/; - include /etc/nginx/proxy_params; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 300; - add_header Cache-Control "public, max-age=31536000, immutable"; - } - - location / { - proxy_pass http://localhost:3003; - include /etc/nginx/proxy_params; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 300; - } -} diff --git a/tmp/nginx/logging.conf b/tmp/nginx/logging.conf deleted file mode 100644 index 2ccba34..0000000 --- a/tmp/nginx/logging.conf +++ /dev/null @@ -1,39 +0,0 @@ -# Logging configuration for lecoffre front - -log_format lecoffre_json escape=json - '{' - '"time":"$time_iso8601",' - '"request_id":"$request_id",' - '"remote_addr":"$remote_addr",' - '"host":"$host",' - '"method":"$request_method",' - '"uri":"$uri",' - '"args":"$args",' - '"status":$status,' - '"bytes":$body_bytes_sent,' - '"referer":"$http_referer",' - '"user_agent":"$http_user_agent",' - '"request_time":$request_time,' - '"upstream_addr":"$upstream_addr",' - '"upstream_status":"$upstream_status",' - '"upstream_connect_time":"$upstream_connect_time",' - '"upstream_header_time":"$upstream_header_time",' - '"upstream_response_time":"$upstream_response_time",' - '"x_forwarded_for":"$http_x_forwarded_for"' - '}'; - -# Default access and error logs for the front site -access_log /home/debian/4NK_env/logs/nginx/lecoffre_front_access.log lecoffre_json; -error_log /home/debian/4NK_env/logs/nginx/lecoffre_front_error.log warn; - -# Map incoming X-Request-ID or generate one -map $http_x_request_id $x_request_id { - default $http_x_request_id; - "" $request_id; -} - -# These headers should be set in each proxy location of the vhost -# proxy_set_header X-Request-ID $x_request_id; -# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -# proxy_set_header X-Forwarded-Proto $scheme; -# proxy_set_header X-Forwarded-Host $host; diff --git a/tmp/nginx_removed_20250929085641/local.4nkweb.com.conf b/tmp/nginx_removed_20250929085641/local.4nkweb.com.conf deleted file mode 100755 index fb6b90b..0000000 --- a/tmp/nginx_removed_20250929085641/local.4nkweb.com.conf +++ /dev/null @@ -1,9 +0,0 @@ -server { - listen 80; - server_name local.4nkweb.com; - - # HTTP only: pas de redirection HTTPS, pas d'HSTS - location / { - return 302 http://local.4nkweb.com:3000$request_uri; - } -} diff --git a/tmp/nginx_removed_20250929085641/ssl-dev4.4nkweb.com.conf.bak_20250917_072943 b/tmp/nginx_removed_20250929085641/ssl-dev4.4nkweb.com.conf.bak_20250917_072943 deleted file mode 100755 index abef143..0000000 --- a/tmp/nginx_removed_20250929085641/ssl-dev4.4nkweb.com.conf.bak_20250917_072943 +++ /dev/null @@ -1,31 +0,0 @@ -server { - listen 443 ssl http2; - server_name dev4.4nkweb.com; - ssl_certificate /etc/letsencrypt/live/dev4.4nkweb.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/dev4.4nkweb.com/privkey.pem; - include /etc/nginx/proxy_params; - location /lecoffre/ { - proxy_pass http://127.0.0.2:3004/; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Prefix /lecoffre; - } - - location / { - proxy_pass http://127.0.0.1:3003; - include /etc/nginx/proxy_params; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 300; - } - - location /lecoffre/_next/ { - proxy_read_timeout 300; - } - location /_next/ { - proxy_pass http://127.0.0.2:3004/_next/; - proxy_read_timeout 300; - } -} diff --git a/tmp/nginx_removed_20250929085641/ssl-dev4.4nkweb.com.conf.disabled b/tmp/nginx_removed_20250929085641/ssl-dev4.4nkweb.com.conf.disabled deleted file mode 100755 index fdd7143..0000000 --- a/tmp/nginx_removed_20250929085641/ssl-dev4.4nkweb.com.conf.disabled +++ /dev/null @@ -1,93 +0,0 @@ -server { - listen 443 ssl http2; - server_name dev4.4nkweb.com; - ssl_certificate /etc/letsencrypt/live/dev4.4nkweb.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/dev4.4nkweb.com/privkey.pem; - include /etc/nginx/proxy_params; - - # API backend - route /back/ vers /api/ du backend - location ~* ^/back/(.*)$ { - proxy_pass http://127.0.0.1:8080/api/$1; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_buffering off; - } - - # API direct - route /api/ vers le backend - location /api/ { - proxy_pass http://127.0.0.1:8080/api/; - include /etc/nginx/proxy_params; - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_send_timeout 300; - } - # Root → ihm_client - location / { - proxy_pass http://127.0.0.1:3003; - include /etc/nginx/proxy_params; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 300; - } - - # lecoffre-front (préserver le préfixe) - location = /lecoffre { - proxy_pass http://127.0.0.2:3004; - include /etc/nginx/proxy_params; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Prefix /lecoffre; - proxy_read_timeout 300; - } - location /lecoffre/ { - proxy_pass http://127.0.0.2:3004; - include /etc/nginx/proxy_params; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Prefix /lecoffre; - proxy_read_timeout 300; - } - - # Next.js assets sous basePath - location /lecoffre/_next/webpack-hmr { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto https; - proxy_buffering off; - proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr; - proxy_read_timeout 600s; - } - location /lecoffre/_next/ { - proxy_pass http://127.0.0.2:3004/lecoffre/_next/; - include /etc/nginx/proxy_params; - proxy_read_timeout 300; - } - - # signer (sdk_signer) avec support WebSocket - location /signer/ { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto https; - proxy_pass http://127.0.0.1:3001/; - proxy_read_timeout 600s; - proxy_buffering off; - } - - # Next.js assets au root si nécessaire - location /_next/ { - proxy_pass http://127.0.0.2:3004/_next/; - include /etc/nginx/proxy_params; - proxy_read_timeout 300; - } -}