From bf07c2de9d8ae3a78289ba7b0f6e50d1e0925894 Mon Sep 17 00:00:00 2001
From: Debian <debian@dev4.novalocal>
Date: Tue, 26 Aug 2025 10:15:15 +0000
Subject: [PATCH] feat(signer): ajouter sdk_signer (docker-support), route WSS
 /signer/ws via Nginx

---
 docker-compose.yml | 1 -
 proxy/nginx.conf   | 6 +++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 12d118e7..36f083fb 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -231,7 +231,6 @@ services:
     depends_on:
       - sdk_relay_1
       - sdk_storage
-      - sdk_signer
     volumes:
       - ./proxy/nginx.conf:/etc/nginx/conf.d/default.conf:ro
       - ./certs:/etc/nginx/certs:ro
diff --git a/proxy/nginx.conf b/proxy/nginx.conf
index 2889a230..4ce8453c 100644
--- a/proxy/nginx.conf
+++ b/proxy/nginx.conf
@@ -22,6 +22,9 @@ server {
   # CSP minimale (adapter selon besoins)
   add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' ws: wss: http: https:; img-src 'self' data:;" always;
 
+  # Résolveur DNS Docker pour les upstreams dynamiques
+  resolver 127.0.0.11 ipv6=off valid=10s;
+
   # ihm_client statique servi directement
   root /usr/share/nginx/html;
   index index.html;
@@ -73,7 +76,8 @@ server {
 
   # WebSocket sdk_signer (port 9090)
   location /signer/ws/ {
-    proxy_pass http://sdk_signer:9090;
+    set $signer_upstream sdk_signer:9090;
+    proxy_pass http://$signer_upstream;
     proxy_http_version 1.1;
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection "upgrade";