diff --git a/conf/nginx.conf.exemple b/conf/nginx.conf.exemple deleted file mode 100644 index d74cef9e..00000000 --- a/conf/nginx.conf.exemple +++ /dev/null @@ -1,320 +0,0 @@ -# Configuration Nginx pour 4NK_node sur l'hôte Debian -# Reverse proxy et équilibreur de charge pour tous les services Docker - -# Configuration globale -user www-data; -worker_processes auto; -error_log /var/log/nginx/4nk-node-error.log notice; -pid /var/run/nginx.pid; - -events { - worker_connections 1024; - use epoll; - multi_accept on; -} - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - # Logging spécifique à 4NK_node - log_format 4nk_main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for" ' - 'upstream: $upstream_addr'; - - access_log /var/log/nginx/4nk-node-access.log 4nk_main; - - # Performance - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - types_hash_max_size 2048; - client_max_body_size 100M; - - # Gzip compression - gzip on; - gzip_vary on; - gzip_min_length 1024; - gzip_proxied any; - gzip_comp_level 6; - gzip_types - text/plain - text/css - text/xml - text/javascript - application/json - application/javascript - application/xml+rss - application/atom+xml - image/svg+xml; - - # Rate limiting - limit_req_zone $binary_remote_addr zone=4nk_api:10m rate=10r/s; - limit_req_zone $binary_remote_addr zone=4nk_login:10m rate=1r/s; - - # Upstream servers - ports Docker exposés sur l'hôte - upstream bitcoin_rpc { - server 127.0.0.1:38332; - keepalive 32; - } - - upstream bitcoin_p2p { - server 127.0.0.1:38333; - keepalive 32; - } - - upstream blindbit_api { - server 127.0.0.1:8000; - keepalive 32; - } - - upstream sdk_storage_api { - server 127.0.0.1:8081; - keepalive 32; - } - - upstream sdk_relay1_api { - server 127.0.0.1:8090; - keepalive 32; - } - - upstream sdk_relay2_api { - server 127.0.0.1:8092; - keepalive 32; - } - - upstream sdk_relay3_api { - server 127.0.0.1:8094; - keepalive 32; - } - - upstream sdk_signer_api { - server 127.0.0.1:9090; - keepalive 32; - } - - upstream ihm_client_web { - server 127.0.0.1:3003; - keepalive 32; - } - - upstream ihm_client_http { - server 127.0.0.1:8080; - keepalive 32; - } - - upstream grafana_dashboard { - server 127.0.0.1:3000; - keepalive 32; - } - - upstream loki_api { - server 127.0.0.1:3100; - keepalive 32; - } - - # Le coffre services (backend/frontend) - upstream coffre_backend { - server 127.0.0.1:8082; - keepalive 32; - } - upstream coffre_front { - server 127.0.0.1:8083; - keepalive 32; - } - - # Main server block - server { - listen 80; - server_name 4nk-node.local localhost; - - # Security headers - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-XSS-Protection "1; mode=block" always; - add_header X-Content-Type-Options "nosniff" always; - add_header Referrer-Policy "no-referrer-when-downgrade" always; - add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always; - - # Health check endpoint - location /health { - access_log off; - return 200 "4NK Node healthy\n"; - add_header Content-Type text/plain; - } - - # Bitcoin RPC (JSON-RPC) - location /bitcoin/rpc/ { - limit_req zone=4nk_api burst=20 nodelay; - - proxy_pass http://bitcoin_rpc/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # Bitcoin RPC specific - proxy_connect_timeout 30s; - proxy_send_timeout 30s; - proxy_read_timeout 30s; - } - - # Bitcoin P2P (port 38333) - location /bitcoin/p2p/ { - proxy_pass http://bitcoin_p2p/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - - # BlindBit API - location /blindbit/ { - limit_req zone=4nk_api burst=20 nodelay; - - proxy_pass http://blindbit_api/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_connect_timeout 30s; - proxy_send_timeout 30s; - proxy_read_timeout 30s; - } - - # SDK Storage API - location /storage/ { - limit_req zone=4nk_api burst=20 nodelay; - - proxy_pass http://sdk_storage_api/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - - # SDK Relay APIs - location /relay1/ { - limit_req zone=4nk_api burst=20 nodelay; - proxy_pass http://sdk_relay1_api/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /relay2/ { - limit_req zone=4nk_api burst=20 nodelay; - proxy_pass http://sdk_relay2_api/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - - location /relay3/ { - limit_req zone=4nk_api burst=20 nodelay; - proxy_pass http://sdk_relay3_api/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - - # SDK Signer API - location /signer/ { - limit_req zone=4nk_api burst=20 nodelay; - proxy_pass http://sdk_signer_api/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - - # IHM Client Web (React) - location /ihm/ { - proxy_pass http://ihm_client_web/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # WebSocket support - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } - - # IHM Client HTTP - location /ihm-http/ { - proxy_pass http://ihm_client_http/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - - # Grafana Dashboard - location /grafana/ { - proxy_pass http://grafana_dashboard/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # Grafana specific - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } - - # Loki API (logs) - location /loki/ { - limit_req zone=4nk_api burst=20 nodelay; - proxy_pass http://loki_api/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - - # Default route - IHM Client - location / { - proxy_pass http://ihm_client_web/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # WebSocket support - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } - - # Error pages - error_page 404 /404.html; - error_page 500 502 503 504 /50x.html; - - location = /50x.html { - root /usr/share/nginx/html; - } - } - - # HTTPS server (commented out - uncomment and configure SSL for production) - # server { - # listen 443 ssl http2; - # server_name 4nk-node.local; - # - # ssl_certificate /etc/ssl/certs/4nk-node.crt; - # ssl_certificate_key /etc/ssl/private/4nk-node.key; - # ssl_protocols TLSv1.2 TLSv1.3; - # ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384; - # ssl_prefer_server_ciphers off; - # - # # Same location blocks as HTTP server - # # ... (copy from above) - # } -} diff --git a/conf/restart_config.conf.exemple b/conf/restart_config.conf.exemple deleted file mode 100644 index 64eeff34..00000000 --- a/conf/restart_config.conf.exemple +++ /dev/null @@ -1,32 +0,0 @@ -NETWORK_NAME="4nk_network" -TOR_IMAGE="4nk-node-tor:docker-support-v2" -BITCOIN_IMAGE="4nk-node-bitcoin:docker-support-v2" -BLINDBIT_IMAGE="4nk-node-blindbit:docker-support-v2" -RELAY_IMAGE="4nk-node-sdk_relay1:docker-support-v2" - -BITCOIN_VOLUME="bitcoin_data" -BLINDBIT_VOLUME="blindbit_data" -RELAY_1_VOLUME="sdk_relay_1_data" -RELAY_2_VOLUME="sdk_relay_2_data" -RELAY_3_VOLUME="sdk_relay_3_data" - -TOR_PORTS=("9050:9050" "9051:9051") -BITCOIN_PORTS=("38333:38333" "18443:18443" "29000:29000") -BLINDBIT_PORTS=("8000:8000") -RELAY_1_PORTS=("8090:8090" "8091:8091") -RELAY_2_PORTS=("8092:8090" "8093:8091") -RELAY_3_PORTS=("8094:8090" "8095:8091") - -BITCOIN_CONF="$PROJECT_DIR/conf/bitcoin.conf" -BLINDBIT_CONF="$PROJECT_DIR/conf/blindbit.toml" -RELAY_1_CONF="$PROJECT_DIR/conf/sdk_relay1.conf" -RELAY_2_CONF="$PROJECT_DIR/conf/sdk_relay2.conf" -RELAY_3_CONF="$PROJECT_DIR/conf/sdk_relay3.conf" -EXTERNAL_NODES_CONF="$PROJECT_DIR/sdk_relay/external_nodes.conf" - -COMMON_ENV=( - "RUST_LOG=debug,bitcoincore_rpc=trace" - "HOME=/home/bitcoin" - "BITCOIN_COOKIE_PATH=/home/bitcoin/.bitcoin/signet/.cookie" - "ENABLE_SYNC_TEST=1" -) diff --git a/docker-compose.yml b/docker-compose.yml index af773d94..fcbc9f46 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -277,6 +277,21 @@ services: ipv4_address: 172.20.0.33 restart: unless-stopped + nginx: + image: nginx:1.25 + container_name: 4nk-nginx + hostname: nginx.4nk.local + ports: + - "80:80" + volumes: + - ./conf/nginx/nginx.conf:/etc/nginx/nginx.conf:ro + - ./conf/nginx/sites-enabled:/etc/nginx/sites-enabled:ro + - ./log/nginx:/var/log/nginx + networks: + 4nk_network: + ipv4_address: 172.20.0.40 + restart: unless-stopped + volumes: miniback_pg_data: diff --git a/docs/USAGE.md b/docs/USAGE.md index cd6c4da3..6d18a6e3 100644 --- a/docs/USAGE.md +++ b/docs/USAGE.md @@ -2,10 +2,37 @@ ## Prérequis +- Docker et docker compose installés +- Nginx utilisé via le service `nginx` de l'orchestrateur + ## Installation locale +- Cloner le dépôt et se placer à la racine +- Vérifier la présence des répertoires `modules/` et `projects/` avec `conf/`, `data/`, `logs/`, `scripts/` +- Vérifier la disponibilité des images taggées `:dev` (en cours de création) ou utiliser des tags stables le cas échéant + ## Démarrage +- Démarrer la stack applicative : `docker compose up -d` +- Démarrer la stack de monitoring (Loki/Promtail/Grafana) si souhaité : `docker compose -f log-monitoring.yml up -d` +- Accéder aux services via Nginx : + - IHM: `http://localhost/` + - Blindbit: `http://localhost/blindbit/` + - SDK Storage: `http://localhost/sdk_storage/` + - Relais HTTP: `http://localhost/relay1/`, `/relay2/`, `/relay3/` + - Relais WebSocket: `ws://localhost/relay1/ws/` (idem `relay2`, `relay3`) + - Signer WS: `ws://localhost/signer/ws/`; HTTP: `http://localhost/signer/` + - Coffre front: `http://localhost/coffre/` + ## Commandes utiles +- Mettre à jour les images: `docker compose pull` +- Voir les logs Nginx: `tail -f log/nginx/4nk_node.access.log` +- Voir les logs des services (montés): `tail -f modules//logs/*` +- Logs Promtail/Loki/Grafana: voir `log/` et `log-monitoring.yml` + ## Dépannage + +- Vérifier les hostnames Docker internes (DNS du réseau `4nk_network`): voir `docker-compose.yml` +- Les tags `:dev` sont en cours de création; en cas d’indisponibilité, utiliser des tags stables temporaires +- Conf Tor: `modules/tor/conf/tor.conf` est montée si l'image Tor supporte `/etc/tor/torrc` \ No newline at end of file diff --git a/scripts/build_all_images.sh b/scripts/build_all_images.sh deleted file mode 100755 index e93ad2cf..00000000 --- a/scripts/build_all_images.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail - -BASE_DIR="/home/debian/code/4NK_dev/4NK_node" - -echo "Building all local Docker images from Dockerfiles under modules/ and projects/ ..." -while IFS= read -r df; do - dir=$(dirname "$df") - rel=${dir#"$BASE_DIR/"} - img_tag="4nk-node-"$(echo "$rel" | tr '/' '-')":latest" - echo "Building $img_tag from $dir" - # signer image will always be built - docker build -t "$img_tag" "$dir" -done < <(find "$BASE_DIR" -name Dockerfile -print) - -echo "All images built." diff --git a/scripts/build_modules.sh b/scripts/build_modules.sh deleted file mode 100755 index 74a9584d..00000000 --- a/scripts/build_modules.sh +++ /dev/null @@ -1,90 +0,0 @@ -#!/bin/bash - -# Script de construction des modules 4NK_node et des projets 4NK_node -set -e - -echo "🏗️ Construction des modules 4NK_node et projets 4NK_node..." - -# Fonction pour construire un module spécifique -build_module() { - local module_name="$1" - local module_dir="modules/$module_name" - - if [ ! -d "$module_dir" ]; then - echo "❌ Module $module_name non trouvé dans $module_dir" - return 1 - fi - - echo "🔨 Construction de $module_name..." - - # Construire l'image Docker - docker build -t "4nk-node-$module_name:latest" "$module_dir" - - if [ $? -eq 0 ]; then - echo "✅ Module $module_name construit avec succès" - else - echo "❌ Échec de la construction du module $module_name" - return 1 - fi -} - -build_project() { - local project_name="$1" - local project_dir="projects/$project_name" - if [ ! -d "$project_dir" ]; then - echo "❌ Project $project_name non trouvé dans $project_dir" - return 1 - fi - echo "🔨 Construction de $project_name (project)..." - docker build -t "4nk-node-$project_name:latest" "$project_dir" - if [ $? -eq 0 ]; then - echo "✅ Project $project_name construit avec succès" - else - echo "❌ Échec de la construction du project $project_name" - return 1 - fi -} - -# Construction de tous les modules si aucun argument n'est fourni -if [ $# -eq 0 ]; then - echo "📦 Construction de tous les modules et projets..." - - # Modules de base (existence check pour éviter les erreurs sur des dépôts partiels) - if [ -d "modules/tor" ]; then - build_module "tor" - else - echo "⚠️ Tor module absent, skipping" - fi - - if [ -d "modules/bitcoin" ]; then - build_module "bitcoin" - else - echo "⚠️ Bitcoin module absent, skipping" - fi - - # Modules applicatifs - if [ -d "modules/blindbit" ]; then build_module "blindbit"; else echo "⚠️ blindbit module absent"; fi - if [ -d "modules/sdk_relay1" ]; then build_module "sdk_relay1"; fi - if [ -d "modules/sdk_relay2" ]; then build_module "sdk_relay2"; fi - if [ -d "modules/sdk_relay3" ]; then build_module "sdk_relay3"; fi - if [ -d "modules/sdk_storage" ]; then build_module "sdk_storage"; fi - if [ -d "modules/sdk_signer" ]; then build_module "sdk_signer"; fi - if [ -d "modules/ihm_client" ]; then build_module "ihm_client"; fi - - # Projets nouvellement ajoutés (Le coffre) - # Le coffre-back et le coffre-front dans 4NK_node/projects - if [ -d "projects/lecoffre-back" ]; then build_project "lecoffre-back"; else echo "⚠️ lecoffre-back project absent"; fi - if [ -d "projects/lecoffre-front" ]; then build_project "lecoffre-front"; else echo "⚠️ lecoffre-front project absent"; fi - - echo "🎉 Tous les modules et projets ont été construits !" -else - # Construction d'un module ou d'un projet spécifique - if [ -d "modules/$1" ]; then - build_module "$1" - elif [ -d "projects/$1" ]; then - build_project "$1" - else - echo "Module ou projet inconnu: $1" - exit 1 - fi -fi diff --git a/scripts/disable_nginx_docker.sh b/scripts/disable_nginx_docker.sh deleted file mode 100755 index 4be0fa32..00000000 --- a/scripts/disable_nginx_docker.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash -set -euo pipefail - -# Désactiver l'exécution de nginx docker -CONTAINER_NAME="4nk-nginx" - -# Arrêter et supprimer le conteneur s'il est présent -if docker ps -a --format '{{.Names}}' | grep -q "^${CONTAINER_NAME}$"; then - echo "Arrêt et suppression du conteneur Docker '$CONTAINER_NAME'..." - docker rm -f "$CONTAINER_NAME" >/dev/null 2>&1 || true - docker stop "$CONTAINER_NAME" >/dev/null 2>&1 || true -else - echo "Aucun conteneur '$CONTAINER_NAME' trouvé; pas d'action nécessaire." -fi - -echo "Désactivation Nginx Docker terminée." diff --git a/scripts/pull_repos_in_order.sh b/scripts/pull_repos_in_order.sh deleted file mode 100755 index 159fd67d..00000000 --- a/scripts/pull_repos_in_order.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail - -# Pull repos in a defined order to prepare images for docker-compose -BASE_DIR="/home/debian/code/4NK_dev/4NK_node" - -ORDER=( - modules/tor - modules/bitcoin-core - modules/blindbit-oracle - modules/sp-client - modules/sdk_common - modules/sdk_client - modules/sdk_relay - modules/sdk_storage - modules/sdk_signer_client - modules/sdk_signer - modules/ihm_client - modules/4NK_template - projects/lecoffre-back-mini - projects/lecoffre-front -) - -echo "=== Pull order start ===" -for path in "${ORDER[@]}"; do - full_path="$BASE_DIR/$path" - if [ -d "$full_path" ]; then - echo "-> pulling $path" - (cd "$full_path" && git fetch --all --prune || true && git reset --hard origin/docker-support-v2 || true) - else - echo "-- skipping missing path $path" - fi -done -echo "=== Pull order finished ===" - -