diff --git a/.cursorignore b/.cursorignore index de10e694..f511eb9d 100644 --- a/.cursorignore +++ b/.cursorignore @@ -104,3 +104,6 @@ backups/sql/ !.cursor/ !AGENTS.md + +certs/ +log/ \ No newline at end of file diff --git a/.gitignore b/.gitignore index 7417d541..531906a1 100644 --- a/.gitignore +++ b/.gitignore @@ -36,3 +36,6 @@ tests/reports/ # Sauvegardes locales *.backup + +certs/ +log/ \ No newline at end of file diff --git a/BRANCHES_DOCKER_SUPPORT_V2.md b/BRANCHES_DOCKER_SUPPORT_V2.md deleted file mode 100644 index 71bb3975..00000000 --- a/BRANCHES_DOCKER_SUPPORT_V2.md +++ /dev/null @@ -1,128 +0,0 @@ -# 🌐 Branches Docker Support V2 - Résumé - -## 📋 Vue d'Ensemble - -Toutes les branches `docker-support-v2` ont été créées et poussées avec succès sur tous les projets 4NK. Ces branches contiennent le support Docker complet et les configurations nécessaires pour l'intégration avec `4NK_node`. - -## �� Projets Publiés - -### 1. **4NK_node** ✅ -- **Branche** : `docker-support-v2` -- **URL** : https://git.4nkweb.com/4nk/4NK_node/compare/main...docker-support-v2 -- **Contenu** : Architecture modulaire Docker complète -- **Status** : Publié et à jour - -### 2. **sdk_relay** ✅ -- **Branche** : `docker-support-v2` -- **URL** : https://git.4nkweb.com/4nk/sdk_relay/compare/main...docker-support-v2 -- **Contenu** : Support Docker avec blindbit et configuration réseau -- **Status** : Publié et à jour - -### 3. **sdk_signer** ✅ -- **Branche** : `docker-support-v2` -- **URL** : https://git.4nkweb.com/4nk/sdk_signer/compare/master...docker-support-v2 -- **Contenu** : Support Docker complet avec TypeScript -- **Status** : Publié et à jour - -### 4. **sdk_storage** ✅ -- **Branche** : `docker-support-v2` -- **URL** : https://git.4nkweb.com/4nk/sdk_storage/compare/master...docker-support-v2 -- **Contenu** : Support Docker avec Rust -- **Status** : Publié et à jour - -### 5. **ihm_client** ✅ -- **Branche** : `docker-support-v2` -- **URL** : https://git.4nkweb.com/4nk/ihm_client/compare/create-account...docker-support-v2 -- **Contenu** : Support Docker avec configuration des services locaux -- **Status** : Publié et à jour - -## 🔄 Workflow d'Intégration - -### **Automatisation du Build** -Le script `build_modules.sh` dans `4NK_node` a été mis à jour pour : - -1. **Récupérer automatiquement** le code depuis les branches `docker-support-v2` -2. **Mettre à jour** les dépôts locaux -3. **Copier** le code dans les modules Docker -4. **Construire** les images Docker - -### **Commandes de Build** -```bash -# Dans 4NK_node -./build_modules.sh -``` - -Le script va automatiquement : -- `git checkout docker-support-v2` dans chaque projet -- `git pull origin docker-support-v2` pour récupérer les dernières modifications -- Copier le code dans `modules/` -- Construire les images Docker - -## 📁 Structure des Branches - -### **Contenu Commun des Branches docker-support-v2** -- ✅ Support Docker complet -- ✅ Configurations réseau Docker -- ✅ Intégration avec la stack 4NK_node -- ✅ Corrections de compatibilité -- ✅ Scripts de déploiement Docker -- ✅ Documentation Docker - -### **Différences Spécifiques** -- **sdk_relay** : Support blindbit et configuration réseau avancée -- **sdk_signer** : Support TypeScript et WASM -- **sdk_storage** : Support Rust et base de données -- **ihm_client** : Interface utilisateur et configuration des services -- **4NK_node** : Orchestration complète et modules Docker - -## 🚀 Prochaines Étapes - -### **1. Test de l'Intégration** -```bash -# Dans 4NK_node -./build_modules.sh -./manage_services.sh start -``` - -### **2. Validation des Services** -```bash -# Vérifier le statut -./manage_services.sh status - -# Vérifier les logs -./manage_services.sh logs -``` - -### **3. Tests de Connectivité** -- Tester la communication entre tous les services -- Valider les configurations réseau -- Vérifier les health checks - -## 🔧 Maintenance - -### **Mise à Jour des Projets** -Pour mettre à jour un projet : -1. Modifier le code dans la branche `docker-support-v2` du projet -2. Commiter et pousser les modifications -3. Exécuter `./build_modules.sh` dans `4NK_node` -4. Redémarrer les services si nécessaire - -### **Synchronisation des Branches** -Toutes les branches `docker-support-v2` sont maintenant synchronisées et prêtes pour : -- Le développement continu -- L'intégration automatique -- Le déploiement Docker -- Les tests d'intégration - -## 📚 Documentation - -- **4NK_node** : [README_4NK_NODE.md](README_4NK_NODE.md) -- **Architecture** : Documentation complète de la structure modulaire -- **Workflow** : Guide d'intégration et de déploiement -- **Troubleshooting** : Solutions aux problèmes courants - ---- - -**Status** : ✅ **Toutes les branches docker-support-v2 sont créées et synchronisées** - -**Prochaine action recommandée** : Tester l'intégration complète avec `./build_modules.sh` diff --git a/build_modules.sh b/build_modules.sh index f7b56d63..74a9584d 100755 --- a/build_modules.sh +++ b/build_modules.sh @@ -1,25 +1,25 @@ #!/bin/bash -# Script de construction des modules 4NK_node +# Script de construction des modules 4NK_node et des projets 4NK_node set -e -echo "🏗️ Construction des modules 4NK_node..." +echo "🏗️ Construction des modules 4NK_node et projets 4NK_node..." # Fonction pour construire un module spécifique build_module() { local module_name="$1" local module_dir="modules/$module_name" - + if [ ! -d "$module_dir" ]; then echo "❌ Module $module_name non trouvé dans $module_dir" return 1 fi - + echo "🔨 Construction de $module_name..." - + # Construire l'image Docker docker build -t "4nk-node-$module_name:latest" "$module_dir" - + if [ $? -eq 0 ]; then echo "✅ Module $module_name construit avec succès" else @@ -28,25 +28,63 @@ build_module() { fi } +build_project() { + local project_name="$1" + local project_dir="projects/$project_name" + if [ ! -d "$project_dir" ]; then + echo "❌ Project $project_name non trouvé dans $project_dir" + return 1 + fi + echo "🔨 Construction de $project_name (project)..." + docker build -t "4nk-node-$project_name:latest" "$project_dir" + if [ $? -eq 0 ]; then + echo "✅ Project $project_name construit avec succès" + else + echo "❌ Échec de la construction du project $project_name" + return 1 + fi +} + # Construction de tous les modules si aucun argument n'est fourni if [ $# -eq 0 ]; then - echo "📦 Construction de tous les modules..." - - # Modules de base - build_module "tor" - build_module "bitcoin" - + echo "📦 Construction de tous les modules et projets..." + + # Modules de base (existence check pour éviter les erreurs sur des dépôts partiels) + if [ -d "modules/tor" ]; then + build_module "tor" + else + echo "⚠️ Tor module absent, skipping" + fi + + if [ -d "modules/bitcoin" ]; then + build_module "bitcoin" + else + echo "⚠️ Bitcoin module absent, skipping" + fi + # Modules applicatifs - build_module "blindbit" - build_module "sdk_relay1" - build_module "sdk_relay2" - build_module "sdk_relay3" - build_module "sdk_storage" - build_module "sdk_signer" - build_module "ihm_client" - - echo "🎉 Tous les modules ont été construits !" + if [ -d "modules/blindbit" ]; then build_module "blindbit"; else echo "⚠️ blindbit module absent"; fi + if [ -d "modules/sdk_relay1" ]; then build_module "sdk_relay1"; fi + if [ -d "modules/sdk_relay2" ]; then build_module "sdk_relay2"; fi + if [ -d "modules/sdk_relay3" ]; then build_module "sdk_relay3"; fi + if [ -d "modules/sdk_storage" ]; then build_module "sdk_storage"; fi + if [ -d "modules/sdk_signer" ]; then build_module "sdk_signer"; fi + if [ -d "modules/ihm_client" ]; then build_module "ihm_client"; fi + + # Projets nouvellement ajoutés (Le coffre) + # Le coffre-back et le coffre-front dans 4NK_node/projects + if [ -d "projects/lecoffre-back" ]; then build_project "lecoffre-back"; else echo "⚠️ lecoffre-back project absent"; fi + if [ -d "projects/lecoffre-front" ]; then build_project "lecoffre-front"; else echo "⚠️ lecoffre-front project absent"; fi + + echo "🎉 Tous les modules et projets ont été construits !" else - # Construction d'un module spécifique - build_module "$1" + # Construction d'un module ou d'un projet spécifique + if [ -d "modules/$1" ]; then + build_module "$1" + elif [ -d "projects/$1" ]; then + build_project "$1" + else + echo "Module ou projet inconnu: $1" + exit 1 + fi fi diff --git a/conf/install-nginx-host.sh b/conf/install-nginx-host.sh new file mode 100755 index 00000000..adfc69b2 --- /dev/null +++ b/conf/install-nginx-host.sh @@ -0,0 +1,85 @@ +#!/bin/bash +# Script d'installation de Nginx sur l'hôte Debian pour 4NK_node +# Auteur: Assistant IA +# Date: $(date) + +set -e + +echo "🚀 Installation et configuration de Nginx sur l'hôte Debian pour 4NK_node..." + +# Vérifier que nous sommes root ou avec sudo +if [ "$EUID" -ne 0 ]; then + echo "❌ Ce script doit être exécuté avec les privilèges root (sudo)" + exit 1 +fi + +# Mettre à jour les paquets +echo "📦 Mise à jour des paquets système..." +apt update + +# Installer Nginx +echo "📦 Installation de Nginx..." +apt install -y nginx + +# Créer le répertoire de logs spécifique à 4NK_node +echo "📁 Création des répertoires de logs..." +mkdir -p /var/log/nginx/4nk-node +chown www-data:www-data /var/log/nginx/4nk-node + +# Sauvegarder la configuration par défaut +echo "💾 Sauvegarde de la configuration par défaut..." +cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.backup.$(date +%Y%m%d_%H%M%S) + +# Copier notre configuration personnalisée +echo "📋 Installation de la configuration 4NK_node..." +cp nginx.conf /etc/nginx/nginx.conf + +# Tester la configuration +echo "🔍 Test de la configuration Nginx..." +nginx -t + +if [ $? -eq 0 ]; then + echo "✅ Configuration Nginx valide" + + # Redémarrer Nginx + echo "🔄 Redémarrage de Nginx..." + systemctl restart nginx + + # Vérifier le statut + echo "📊 Statut de Nginx:" + systemctl status nginx --no-pager -l + + # Activer au démarrage + echo "🚀 Activation de Nginx au démarrage..." + systemctl enable nginx + + echo "" + echo "✅ Nginx installé et configuré avec succès !" + echo "" + echo "🌐 Accès aux services via Nginx:" + echo " - Interface principale: http://localhost/" + echo " - Bitcoin RPC: http://localhost/bitcoin/rpc/" + echo " - BlindBit API: http://localhost/blindbit/" + echo " - SDK Storage: http://localhost/storage/" + echo " - SDK Relays: http://localhost/relay1/, /relay2/, /relay3/" + echo " - SDK Signer: http://localhost/signer/" + echo " - IHM Client: http://localhost/ihm/" + echo " - Grafana: http://localhost/grafana/" + echo " - Loki: http://localhost/loki/" + echo "" + echo "📝 Logs Nginx:" + echo " - Accès: /var/log/nginx/4nk-node-access.log" + echo " - Erreurs: /var/log/nginx/4nk-node-error.log" + echo "" + echo "🔧 Commandes utiles:" + echo " - Redémarrer: sudo systemctl restart nginx" + echo " - Statut: sudo systemctl status nginx" + echo " - Logs en temps réel: sudo tail -f /var/log/nginx/4nk-node-access.log" + echo "" + echo "⚠️ Assurez-vous que tous les services Docker 4NK_node sont démarrés" + echo " avant d'utiliser Nginx comme reverse proxy." + +else + echo "❌ Configuration Nginx invalide. Vérifiez le fichier nginx.conf" + exit 1 +fi diff --git a/conf/lecoffre-back-mini_env.conf b/conf/lecoffre-back-mini_env.conf new file mode 100644 index 00000000..12dfbc58 --- /dev/null +++ b/conf/lecoffre-back-mini_env.conf @@ -0,0 +1,48 @@ +# Configuration OVH +OVH_APP_KEY=5ab0709bbb65ef26 +OVH_APP_SECRET=de1fac1779d707d263a611a557cd5766 +OVH_CONSUMER_KEY=5fe817829b8a9c780cfa2354f8312ece +OVH_SMS_SERVICE_NAME=sms-tt802880-1 + +# Configuration SMS Factor +SMS_FACTOR_TOKEN=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI4NzgzNiIsImlhdCI6MTcwMTMzOTY1Mi45NDUzOH0.GNoqLb5MDBWuniNlQjbr1PKolwxGqBZe_tf4IMObvHw + +#Configuration Mailchimp +MAILCHIMP_API_KEY=md-VVfaml-ApIV4nsGgaJKl0A +MAILCHIMP_KEY=3fa54304bc766dfd0b8043a827b28a3a-us17 +MAILCHIMP_LIST_ID=a48d9ad852 + +#Configuration Stripe +STRIPE_SECRET_KEY=sk_test_51OwKmMP5xh1u9BqSeFpqw0Yr15hHtFsh0pvRGaE0VERhlYtvw33ND1qiGA6Dy1DPmmV61B6BqIimlhuv7bwElhjF00PLQwD60n +STRIPE_WEBHOOK_SECRET= +STRIPE_STANDARD_SUBSCRIPTION_PRICE_ID=price_1P66fuP5xh1u9BqSHj0O6Uy3 +STRIPE_STANDARD_ANNUAL_SUBSCRIPTION_PRICE_ID=price_1P9NsRP5xh1u9BqSFgkUDbQY +STRIPE_UNLIMITED_SUBSCRIPTION_PRICE_ID=price_1P66RqP5xh1u9BqSuUzkQNac +STRIPE_UNLIMITED_ANNUAL_SUBSCRIPTION_PRICE_ID=price_1P9NpKP5xh1u9BqSApFogvUB + +# Configuration serveur +APP_HOST=http://localhost +PORT=8080 + +# Configuration front-end +NEXT_PUBLIC_4NK_URL=https://dev3.4nkweb.com +NEXT_PUBLIC_FRONT_APP_HOST=http://localhost:3000 +NEXT_PUBLIC_IDNOT_BASE_URL=https://qual-connexion.idnot.fr +NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=/IdPOAuth2/authorize/idnot_idp_v1 +NEXT_PUBLIC_IDNOT_CLIENT_ID=4501646203F3EF67 +NEXT_PUBLIC_BACK_API_PROTOCOL=http +NEXT_PUBLIC_BACK_API_HOST=localhost +BACK_API_PORT=8080 +BACK_API_ROOT_URL=/api +BACK_API_VERSION=/v1 + +# Configuration idnot +IDNOT_ANNUARY_BASE_URL='https://qual-api.notaires.fr/annuaire' +IDNOT_API_KEY='ba557f84-0bf6-4dbf-844f-df2767555e3e' + +# Configuration PostgreSQL +DB_HOST=miniback-postgres +DB_PORT=5432 +DB_NAME=miniback +DB_USER=miniback +DB_PASSWORD=minibackpassword diff --git a/conf/lecoffre-front_env.conf b/conf/lecoffre-front_env.conf new file mode 100644 index 00000000..1c8f7b22 --- /dev/null +++ b/conf/lecoffre-front_env.conf @@ -0,0 +1,17 @@ +# Configuration IHM_client +NEXT_PUBLIC_4NK_URL="http://localhost:3003" + +# Configuration lecoffre-front +NEXT_PUBLIC_FRONT_APP_HOST="http://localhost:3000" + +# Configuration IDNOT +NEXT_PUBLIC_IDNOT_BASE_URL="https://qual-connexion.idnot.fr" +NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT="/IdPOAuth2/authorize/idnot_idp_v1" +NEXT_PUBLIC_IDNOT_CLIENT_ID="4501646203F3EF67" + +# Configuration mini-back +NEXT_PUBLIC_BACK_API_PROTOCOL=http:// +NEXT_PUBLIC_BACK_API_HOST=localhost +NEXT_PUBLIC_BACK_API_PORT=8080 +NEXT_PUBLIC_BACK_API_ROOT_URL=/api +NEXT_PUBLIC_BACK_API_VERSION=/v1 \ No newline at end of file diff --git a/conf/miniback_env.conf b/conf/miniback_env.conf new file mode 100644 index 00000000..ce6e7963 --- /dev/null +++ b/conf/miniback_env.conf @@ -0,0 +1,55 @@ +# Configuration OVH +OVH_APP_KEY=5ab0709bbb65ef26 +OVH_APP_SECRET=de1fac1779d707d263a611a557cd5766 +OVH_CONSUMER_KEY=5fe817829b8a9c780cfa2354f8312ece +OVH_SMS_SERVICE_NAME=sms-tt802880-1 + +# Configuration SMS Factor +SMS_FACTOR_TOKEN=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI4NzgzNiIsImlhdCI6MTcwMTMzOTY1Mi45NDUzOH0.GNoqLb5MDBWuniNlQjbr1PKolwxGqBZe_tf4IMObvHw + +#Configuration Mailchimp +MAILCHIMP_API_KEY=md-VVfaml-ApIV4nsGgaJKl0A +MAILCHIMP_KEY=3fa54304bc766dfd0b8043a827b28a3a-us17 +MAILCHIMP_LIST_ID=a48d9ad852 + +#Configuration Stripe +STRIPE_SECRET_KEY=sk_test_51OwKmMP5xh1u9BqSeFpqw0Yr15hHtFsh0pvRGaE0VERhlYtvw33ND1qiGA6Dy1DPmmV61B6BqIimlhuv7bwElhjF00PLQwD60n +STRIPE_WEBHOOK_SECRET= +STRIPE_STANDARD_SUBSCRIPTION_PRICE_ID=price_1P66fuP5xh1u9BqSHj0O6Uy3 +STRIPE_STANDARD_ANNUAL_SUBSCRIPTION_PRICE_ID=price_1P9NsRP5xh1u9BqSFgkUDbQY +STRIPE_UNLIMITED_SUBSCRIPTION_PRICE_ID=price_1P66RqP5xh1u9BqSuUzkQNac +STRIPE_UNLIMITED_ANNUAL_SUBSCRIPTION_PRICE_ID=price_1P9NpKP5xh1u9BqSApFogvUB + +# Configuration serveur +APP_HOST=http://localhost +PORT=8080 + +# Configuration front-end +# url locale IHM_client +NEXT_PUBLIC_4NK_URL=https://dev3.4nkweb.com + +# url locale lecoffre-front +NEXT_PUBLIC_FRONT_APP_HOST=http://localhost:3000 + +# IDNOT +NEXT_PUBLIC_IDNOT_BASE_URL=https://qual-connexion.idnot.fr +NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=/IdPOAuth2/authorize/idnot_idp_v1 +NEXT_PUBLIC_IDNOT_CLIENT_ID=4501646203F3EF67 +NEXT_PUBLIC_BACK_API_PROTOCOL=http + +# Configuration mini-back +NEXT_PUBLIC_BACK_API_HOST=localhost +BACK_API_PORT=8080 +BACK_API_ROOT_URL=/api +BACK_API_VERSION=/v1 + +# Configuration idnot +IDNOT_ANNUARY_BASE_URL='https://qual-api.notaires.fr/annuaire' +IDNOT_API_KEY='ba557f84-0bf6-4dbf-844f-df2767555e3e' + +# Configuration PostgreSQL +DB_HOST=miniback-postgres +DB_PORT=5432 +DB_NAME=miniback +DB_USER=miniback +DB_PASSWORD=minibackpassword \ No newline at end of file diff --git a/conf/nginx.conf b/conf/nginx.conf index c0d6c50e..d74cef9e 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,80 +1,320 @@ -# Configuration Nginx Reverse Proxy - Module 4NK_node +# Configuration Nginx pour 4NK_node sur l'hôte Debian +# Reverse proxy et équilibreur de charge pour tous les services Docker + +# Configuration globale +user www-data; +worker_processes auto; +error_log /var/log/nginx/4nk-node-error.log notice; +pid /var/run/nginx.pid; events { worker_connections 1024; + use epoll; + multi_accept on; } http { - include /etc/nginx/mime.types; - default_type application/octet-stream; + include /etc/nginx/mime.types; + default_type application/octet-stream; - # Logs centralisés - access_log /var/log/nginx/access.log; - error_log /var/log/nginx/error.log; + # Logging spécifique à 4NK_node + log_format 4nk_main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for" ' + 'upstream: $upstream_addr'; + + access_log /var/log/nginx/4nk-node-access.log 4nk_main; + + # Performance + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + client_max_body_size 100M; # Gzip compression gzip on; - gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + gzip_vary on; + gzip_min_length 1024; + gzip_proxied any; + gzip_comp_level 6; + gzip_types + text/plain + text/css + text/xml + text/javascript + application/json + application/javascript + application/xml+rss + application/atom+xml + image/svg+xml; - # DNS Docker interne - resolver 127.0.0.11 ipv6=off valid=30s; + # Rate limiting + limit_req_zone $binary_remote_addr zone=4nk_api:10m rate=10r/s; + limit_req_zone $binary_remote_addr zone=4nk_login:10m rate=1r/s; - # HTTP server only (no TLS) + # Upstream servers - ports Docker exposés sur l'hôte + upstream bitcoin_rpc { + server 127.0.0.1:38332; + keepalive 32; + } + + upstream bitcoin_p2p { + server 127.0.0.1:38333; + keepalive 32; + } + + upstream blindbit_api { + server 127.0.0.1:8000; + keepalive 32; + } + + upstream sdk_storage_api { + server 127.0.0.1:8081; + keepalive 32; + } + + upstream sdk_relay1_api { + server 127.0.0.1:8090; + keepalive 32; + } + + upstream sdk_relay2_api { + server 127.0.0.1:8092; + keepalive 32; + } + + upstream sdk_relay3_api { + server 127.0.0.1:8094; + keepalive 32; + } + + upstream sdk_signer_api { + server 127.0.0.1:9090; + keepalive 32; + } + + upstream ihm_client_web { + server 127.0.0.1:3003; + keepalive 32; + } + + upstream ihm_client_http { + server 127.0.0.1:8080; + keepalive 32; + } + + upstream grafana_dashboard { + server 127.0.0.1:3000; + keepalive 32; + } + + upstream loki_api { + server 127.0.0.1:3100; + keepalive 32; + } + + # Le coffre services (backend/frontend) + upstream coffre_backend { + server 127.0.0.1:8082; + keepalive 32; + } + upstream coffre_front { + server 127.0.0.1:8083; + keepalive 32; + } + + # Main server block server { listen 80; - server_name _; + server_name 4nk-node.local localhost; - # IHM Client statique sur /secure_id - location /secure_id/ { - alias /usr/share/nginx/html/secure_id/; - try_files $uri $uri/ /secure_id/index.html; - add_header Cache-Control "no-store"; - } - - # (pas d'API HTTP pour les relays) - - # SDK Relay 1 WebSocket - location /ws/relay1/ { - proxy_pass http://4nk-sdk-relay1:8090/; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - - # SDK Storage: route vers /health OK (200); racine renvoie 404 - set $storage http://4nk-sdk-storage:8081/health; - location /api/storage/ { - proxy_pass $storage; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - - # (pas d'API HTTP pour le signer) - - # SDK Signer WebSocket - set $signer_ws http://4nk-sdk-signer:9090; - location /ws/signer/ { - proxy_pass $signer_ws/; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } + # Security headers + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-XSS-Protection "1; mode=block" always; + add_header X-Content-Type-Options "nosniff" always; + add_header Referrer-Policy "no-referrer-when-downgrade" always; + add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always; # Health check endpoint location /health { access_log off; - return 200 "healthy\n"; + return 200 "4NK Node healthy\n"; add_header Content-Type text/plain; } + + # Bitcoin RPC (JSON-RPC) + location /bitcoin/rpc/ { + limit_req zone=4nk_api burst=20 nodelay; + + proxy_pass http://bitcoin_rpc/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # Bitcoin RPC specific + proxy_connect_timeout 30s; + proxy_send_timeout 30s; + proxy_read_timeout 30s; + } + + # Bitcoin P2P (port 38333) + location /bitcoin/p2p/ { + proxy_pass http://bitcoin_p2p/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + # BlindBit API + location /blindbit/ { + limit_req zone=4nk_api burst=20 nodelay; + + proxy_pass http://blindbit_api/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_connect_timeout 30s; + proxy_send_timeout 30s; + proxy_read_timeout 30s; + } + + # SDK Storage API + location /storage/ { + limit_req zone=4nk_api burst=20 nodelay; + + proxy_pass http://sdk_storage_api/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + # SDK Relay APIs + location /relay1/ { + limit_req zone=4nk_api burst=20 nodelay; + proxy_pass http://sdk_relay1_api/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location /relay2/ { + limit_req zone=4nk_api burst=20 nodelay; + proxy_pass http://sdk_relay2_api/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location /relay3/ { + limit_req zone=4nk_api burst=20 nodelay; + proxy_pass http://sdk_relay3_api/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + # SDK Signer API + location /signer/ { + limit_req zone=4nk_api burst=20 nodelay; + proxy_pass http://sdk_signer_api/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + # IHM Client Web (React) + location /ihm/ { + proxy_pass http://ihm_client_web/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # WebSocket support + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + + # IHM Client HTTP + location /ihm-http/ { + proxy_pass http://ihm_client_http/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + # Grafana Dashboard + location /grafana/ { + proxy_pass http://grafana_dashboard/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # Grafana specific + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + + # Loki API (logs) + location /loki/ { + limit_req zone=4nk_api burst=20 nodelay; + proxy_pass http://loki_api/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + # Default route - IHM Client + location / { + proxy_pass http://ihm_client_web/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # WebSocket support + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + + # Error pages + error_page 404 /404.html; + error_page 500 502 503 504 /50x.html; + + location = /50x.html { + root /usr/share/nginx/html; + } } + + # HTTPS server (commented out - uncomment and configure SSL for production) + # server { + # listen 443 ssl http2; + # server_name 4nk-node.local; + # + # ssl_certificate /etc/ssl/certs/4nk-node.crt; + # ssl_certificate_key /etc/ssl/private/4nk-node.key; + # ssl_protocols TLSv1.2 TLSv1.3; + # ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384; + # ssl_prefer_server_ciphers off; + # + # # Same location blocks as HTTP server + # # ... (copy from above) + # } } diff --git a/docker-compose.yml b/docker-compose.yml index 50941482..abeed44f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -193,10 +193,54 @@ services: retries: 3 start_period: 40s + miniback-postgres: + image: postgres:15 + container_name: miniback-postgres + environment: + - POSTGRES_USER=miniback + - POSTGRES_PASSWORD=minibackpassword + - POSTGRES_DB=miniback + volumes: + - miniback_pg_data:/var/lib/postgresql/data + networks: + - 4nk_network + restart: unless-stopped + ports: + - "5432:5432" + + miniback: + image: 4nk-node-miniback:latest + container_name: miniback + env_file: + - ./conf/miniback_env.conf + depends_on: + - miniback-postgres + networks: + - 4nk_network + restart: unless-stopped + volumes: + - ./logs/miniback:/logs + - ./conf/miniback_env.conf:/app/.env:ro + + coffre_front: + image: lecoffre-front:latest + container_name: coffre-front + networks: + - 4nk_network + restart: unless-stopped + + coffre_back_mini: + image: lecoffre-back-mini:latest + container_name: coffre-back-mini + networks: + - 4nk_network + restart: unless-stopped + volumes: tor_data: bitcoin_data: sdk_signer_data: + miniback_pg_data: networks: 4nk_network: diff --git a/docs/nginx-host-setup.md b/docs/nginx-host-setup.md new file mode 100644 index 00000000..29758746 --- /dev/null +++ b/docs/nginx-host-setup.md @@ -0,0 +1,253 @@ +# Configuration Nginx sur l'hôte Debian pour 4NK_node + +## Vue d'ensemble + +Cette configuration installe Nginx directement sur l'hôte Debian pour servir de reverse proxy vers tous les services Docker 4NK_node. Cela permet d'avoir un point d'entrée unique et une meilleure gestion des accès. + +## Architecture + +``` +Internet/Client → Nginx (hôte:80) → Services Docker 4NK_node +``` + +## Services exposés via Nginx + +| Route | Service | Port Docker | Description | +|-------|---------|-------------|-------------| +| `/` | IHM Client Web | 3003 | Interface principale React | +| `/bitcoin/rpc/` | Bitcoin Core | 38332 | API JSON-RPC Bitcoin | +| `/bitcoin/p2p/` | Bitcoin Core | 38333 | Port P2P Bitcoin | +| `/blindbit/` | BlindBit | 8000 | API BlindBit | +| `/storage/` | SDK Storage | 8081 | API de stockage | +| `/relay1/` | SDK Relay 1 | 8090 | API Relay 1 | +| `/relay2/` | SDK Relay 2 | 8092 | API Relay 2 | +| `/relay3/` | SDK Relay 3 | 8094 | API Relay 3 | +| `/signer/` | SDK Signer | 9090 | API de signature | +| `/ihm/` | IHM Client | 3003 | Interface web | +| `/ihm-http/` | IHM Client | 8080 | Interface HTTP | +| `/grafana/` | Grafana | 3000 | Dashboard de monitoring | +| `/loki/` | Loki | 3100 | API de logs | + +## Installation + +### Prérequis + +- Debian avec accès root/sudo +- Services Docker 4NK_node démarrés +- Port 80 disponible + +### Installation automatique + +```bash +cd 4NK_dev/4NK_node/conf +sudo ./install-nginx-host.sh +``` + +### Installation manuelle + +1. **Installer Nginx** + ```bash + sudo apt update + sudo apt install -y nginx + ``` + +2. **Configurer les logs** + ```bash + sudo mkdir -p /var/log/nginx/4nk-node + sudo chown www-data:www-data /var/log/nginx/4nk-node + ``` + +3. **Installer la configuration** + ```bash + sudo cp nginx.conf /etc/nginx/nginx.conf + sudo nginx -t + sudo systemctl restart nginx + sudo systemctl enable nginx + ``` + +## Configuration + +### Fichier principal + +- **Fichier**: `conf/nginx.conf` +- **Emplacement système**: `/etc/nginx/nginx.conf` + +### Caractéristiques + +- **Rate limiting**: 10 req/s pour les APIs, 1 req/s pour les connexions +- **Gzip compression**: Optimisé pour les réponses HTTP +- **Security headers**: Protection XSS, CSRF, etc. +- **WebSocket support**: Pour les services temps réel +- **Health check**: Endpoint `/health` pour la surveillance + +### Logs + +- **Accès**: `/var/log/nginx/4nk-node-access.log` +- **Erreurs**: `/var/log/nginx/4nk-node-error.log` +- **Format**: Logs détaillés avec upstream information + +## Utilisation + +### Test de connectivité + +```bash +# Test du health check +curl http://localhost/health + +# Test Bitcoin RPC +curl -X POST http://localhost/bitcoin/rpc/ \ + -H "Content-Type: application/json" \ + -d '{"jsonrpc": "1.0", "id": "test", "method": "getblockchaininfo", "params": []}' + +# Test BlindBit +curl http://localhost/blindbit/health +``` + +### Monitoring + +```bash +# Statut du service +sudo systemctl status nginx + +# Logs en temps réel +sudo tail -f /var/log/nginx/4nk-node-access.log + +# Logs d'erreurs +sudo tail -f /var/log/nginx/4nk-node-error.log +``` + +## Sécurité + +### Headers de sécurité + +- `X-Frame-Options: SAMEORIGIN` +- `X-XSS-Protection: 1; mode=block` +- `X-Content-Type-Options: nosniff` +- `Referrer-Policy: no-referrer-when-downgrade` +- `Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline'` + +### Rate Limiting + +- **APIs**: 10 requêtes par seconde avec burst de 20 +- **Connexions**: 1 requête par seconde avec burst de 5 + +### Accès réseau + +- **Écoute**: Port 80 sur toutes les interfaces +- **Upstream**: Connexions locales vers les ports Docker exposés + +## Dépannage + +### Problèmes courants + +1. **Port 80 déjà utilisé** + ```bash + sudo netstat -tlnp | grep :80 + sudo systemctl stop apache2 # Si Apache est installé + ``` + +2. **Configuration invalide** + ```bash + sudo nginx -t + sudo nginx -T | grep -A 10 -B 10 "error" + ``` + +3. **Permissions de logs** + ```bash + sudo chown -R www-data:www-data /var/log/nginx/4nk-node + sudo chmod 755 /var/log/nginx/4nk-node + ``` + +4. **Services Docker non accessibles** + ```bash + # Vérifier que les services écoutent + sudo netstat -tlnp | grep -E "(38332|8000|8081|8090|9090|3003)" + + # Vérifier les conteneurs Docker + docker ps + ``` + +### Logs de débogage + +```bash +# Activer le mode debug temporairement +sudo nginx -g "error_log /var/log/nginx/debug.log debug;" + +# Redémarrer et vérifier +sudo systemctl restart nginx +sudo tail -f /var/log/nginx/debug.log +``` + +## Maintenance + +### Mise à jour de la configuration + +```bash +# Sauvegarder l'ancienne +sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.backup.$(date +%Y%m%d_%H%M%S) + +# Installer la nouvelle +sudo cp nginx.conf /etc/nginx/nginx.conf + +# Tester et redémarrer +sudo nginx -t && sudo systemctl reload nginx +``` + +### Rotation des logs + +```bash +# Créer un script de rotation personnalisé +sudo tee /etc/logrotate.d/4nk-node-nginx << EOF +/var/log/nginx/4nk-node-*.log { + daily + missingok + rotate 52 + compress + delaycompress + notifempty + create 644 www-data www-data + postrotate + systemctl reload nginx + endscript +} +EOF +``` + +## Intégration avec le monitoring + +### Grafana + +- **URL**: `http://localhost/grafana/` +- **Datasource**: Loki configuré automatiquement +- **Dashboard**: 4NK Node Overview disponible + +### Loki + +- **URL**: `http://localhost/loki/` +- **Logs Nginx**: Intégrés via Promtail +- **Requêtes**: LogQL pour analyser les accès + +## Support et développement + +### Ajout de nouveaux services + +1. Ajouter l'upstream dans la section `upstream` +2. Créer la location block correspondante +3. Tester la configuration : `sudo nginx -t` +4. Recharger : `sudo systemctl reload nginx` + +### Configuration HTTPS + +1. Obtenir les certificats SSL +2. Décommenter la section HTTPS dans `nginx.conf` +3. Configurer les chemins des certificats +4. Redémarrer Nginx + +### Performance + +- **Worker processes**: Auto-détection du nombre de CPU +- **Keepalive**: 32 connexions par upstream +- **Buffer sizes**: Optimisés pour les APIs +- **Timeouts**: 30s pour les APIs lentes (Bitcoin, BlindBit) + + diff --git a/log-monitoring.yml b/log-monitoring.yml new file mode 100644 index 00000000..bf346461 --- /dev/null +++ b/log-monitoring.yml @@ -0,0 +1,56 @@ +version: '3.8' + +services: + loki: + image: grafana/loki:2.9.0 + container_name: 4nk-loki + ports: + - "3100:3100" + command: -config.file=/etc/loki/local-config.yaml + volumes: + - ./log/loki-config.yaml:/etc/loki/local-config.yaml:ro + - loki_data:/loki + networks: + - 4nk_network + restart: unless-stopped + + promtail: + image: grafana/promtail:2.9.0 + container_name: 4nk-promtail + command: -config.file=/etc/promtail/config.yml + volumes: + - ./log/promtail-config.yml:/etc/promtail/config.yml:ro + - /var/lib/docker/containers:/var/lib/docker/containers:ro + - /var/log/docker:/var/log/docker:ro + networks: + - 4nk_network + restart: unless-stopped + depends_on: + - loki + + grafana: + image: grafana/grafana:10.0.0 + container_name: 4nk-grafana + ports: + - "3000:3000" + environment: + - GF_SECURITY_ADMIN_PASSWORD=admin + - GF_USERS_ALLOW_SIGN_UP=false + volumes: + - grafana_data:/var/lib/grafana + - ./log/grafana-datasources.yml:/etc/grafana/provisioning/datasources/datasources.yml:ro + - ./log/grafana-dashboards.yml:/etc/grafana/provisioning/dashboards/dashboards.yml:ro + - ./log/dashboards:/etc/grafana/provisioning/dashboards/dashboards:ro + networks: + - 4nk_network + restart: unless-stopped + depends_on: + - loki + +volumes: + loki_data: + grafana_data: + +networks: + 4nk_network: + external: true diff --git a/projects/lecoffre-back-mini/Dockerfile b/projects/lecoffre-back-mini/Dockerfile new file mode 100644 index 00000000..993b37d7 --- /dev/null +++ b/projects/lecoffre-back-mini/Dockerfile @@ -0,0 +1,6 @@ +# Dockerfile minimal pour lecoffre-back-mini (local project) +FROM alpine:3.19 +RUN apk add --no-cache bash +WORKDIR /app +COPY . /app +CMD ["bash", "-lc", "echo 'lecoffre-back-mini backend ready' && tail -f /dev/null"] diff --git a/projects/lecoffre-front/Dockerfile b/projects/lecoffre-front/Dockerfile new file mode 100644 index 00000000..b9ea0e27 --- /dev/null +++ b/projects/lecoffre-front/Dockerfile @@ -0,0 +1,6 @@ +FROM node:20-alpine +WORKDIR /app +COPY package*.json ./ +RUN npm install --silent +COPY . . +CMD ["node", "server.js"] diff --git a/scripts/disable_nginx_docker.sh b/scripts/disable_nginx_docker.sh new file mode 100755 index 00000000..4be0fa32 --- /dev/null +++ b/scripts/disable_nginx_docker.sh @@ -0,0 +1,16 @@ +#!/bin/bash +set -euo pipefail + +# Désactiver l'exécution de nginx docker +CONTAINER_NAME="4nk-nginx" + +# Arrêter et supprimer le conteneur s'il est présent +if docker ps -a --format '{{.Names}}' | grep -q "^${CONTAINER_NAME}$"; then + echo "Arrêt et suppression du conteneur Docker '$CONTAINER_NAME'..." + docker rm -f "$CONTAINER_NAME" >/dev/null 2>&1 || true + docker stop "$CONTAINER_NAME" >/dev/null 2>&1 || true +else + echo "Aucun conteneur '$CONTAINER_NAME' trouvé; pas d'action nécessaire." +fi + +echo "Désactivation Nginx Docker terminée." diff --git a/scripts/health_after_ibd.sh b/scripts/health_after_ibd.sh new file mode 100755 index 00000000..a629b47b --- /dev/null +++ b/scripts/health_after_ibd.sh @@ -0,0 +1,59 @@ +#!/bin/bash +set -euo pipefail + +BTC_CONTAINER="4nk-bitcoin" +RELAY_CONTAINERS=("4nk-sdk-relay1" "4nk-sdk-relay2" "4nk-sdk-relay3") +STORAGE_CONTAINER="4nk-sdk-storage" +SIGNER_CONTAINER="4nk-sdk-signer" +IHMSERVER_CONTAINER="4nk-node-ihm-client" +TOR_CONTAINER="4nk-node-tor" +NGINX_CONTAINER="4nk-nginx" # si présent + +# Attendre la fin de l'IBD du Bitcoin Core +echo "Relancer les healthchecks après l'IBD terminé..." +while true; do + if docker ps -q -f name="^${BTC_CONTAINER}$" >/dev/null 2>&1; then + INFO=$(docker exec "$BTC_CONTAINER" bitcoin-cli -signet getblockchaininfo 2>/dev/null || true) + if echo "$INFO" | grep -q '"initialblockdownload":false'; then + echo "IBD terminé sur $BTC_CONTAINER" + break + else + echo "IBD en cours sur $BTC_CONTAINER..."; + fi + else + echo "Bitcoin container non trouvé, tentative de reprise..." + fi + sleep 60 +done + +# Redémarrer les conteneurs critiques pour relancer les healthchecks +RESTART_LIST=("$BTC_CONTAINER" "${RELAY_CONTAINERS[@]}" "$STORAGE_CONTAINER" "$SIGNER_CONTAINER" "$IHMSERVER_CONTAINER" "$TOR_CONTAINER") +for c in "${RESTART_LIST[@]}"; do + if docker ps -a | awk '{print $NF}' | tail -n +2 | grep -qx "$c"; then + echo "Redémarrage de $c ..." + docker restart "$c" >/dev/null 2>&1 || true + fi +done + +# Vérification rapide des conteneurs +echo "État des conteneurs après redémarrage:" +docker ps -a + +# Vérifier des endpoints simples si accessibles +echo "Vérification rapide des endpoints (si disponibles) :" +ENDPOINTS=( + "http://localhost:8081/" # storage + "http://localhost:8000/" # blindbit + "http://localhost:9090/" # signer + "http://localhost:3003/" # ihm web + "http://localhost:8091/" # relay1 + "http://localhost:8093/" # relay2 + "http://localhost:8095/" # relay3 +) +for url in "${ENDPOINTS[@]}"; do + if curl -sS --max-time 5 "$url" >/dev/null 2>&1; then + echo "OK: $url reachable" + else + echo "WARN: $url not reachable" + fi +done diff --git a/scripts/install_loki_promtail_local.sh b/scripts/install_loki_promtail_local.sh new file mode 100755 index 00000000..9c9cef16 --- /dev/null +++ b/scripts/install_loki_promtail_local.sh @@ -0,0 +1,109 @@ +#!/bin/bash +set -euo pipefail + +# Version et URLs +LOKI_VER="2.9.0" +PROMTAIL_VER="2.9.0" +LOKI_URL="https://github.com/grafana/loki/releases/download/v${LOKI_VER}/loki-linux-amd64.zip" +PROMTAIL_URL="https://github.com/grafana/loki/releases/download/v${PROMTAIL_VER}/promtail-linux-amd64.zip" + +# Détection Distro et dépendances +if [ -f /etc/os-release ]; then + . /etc/os-release +fi +OS_ID=${ID:-debian} + +sudo apt-get update +sudo apt-get install -y curl unzip + +# Installer Loki +sudo mkdir -p /usr/local/bin /etc/loki /var/lib/loki +sudo curl -L -o /tmp/loki-linux-amd64.zip "$LOKI_URL" +sudo unzip -o /tmp/loki-linux-amd64.zip -d /usr/local/bin +sudo bash -lc 'cat > /etc/systemd/system/loki.service </dev/null << 'EOF' +auth_enabled: false +server: + http_listen_port: 3100 + grpc_listen_port: 9095 +ingester: + wal: + enabled: true +storage_config: + boltdb: + directory: /var/lib/loki/chunks +limits_config: + enforce_metric_name: false +EOF + +sudo systemctl daemon-reload +sudo systemctl enable loki +sudo systemctl start loki + +# Installer Promtail +sudo mkdir -p /usr/local/bin /etc/promtail /var/log/promtail +sudo curl -L -o /tmp/promtail-linux-amd64.zip "$PROMTAIL_URL" +sudo unzip -o /tmp/promtail-linux-amd64.zip -d /usr/local/bin +sudo bash -lc 'cat > /etc/systemd/system/promtail.service </dev/null << 'EOF' +server: + http_listen_port: 9080 +positions: + filename: /var/log/promtail/positions.yaml +clients: + - url: http://localhost:3100/loki/api/v1/push +scrape_configs: + - job: grafana-logs + static_configs: + - targets: [localhost] + labels: + __path__: /home/debian/code/logs/*.log + job: logs + - job: coffre-logs + static_configs: + - targets: [localhost] + labels: + __path__: /home/debian/code/4NK_dev/4NK_node/log/*.log + job: coffre_logs +EOF + +sudo systemctl daemon-reload +sudo systemctl enable promtail +sudo systemctl start promtail + +# Vérifications simples +echo +echo "Grafana Loki Promtail local install terminé. Vérifications:" +echo " - Grafana: http://localhost:3000" +echo " - Loki: http://localhost:3100" +echo " - Promtail: service actif (Promtail)"