chore: centralise conf, HTTP-only nginx, RPC 38332, remove cookie, fix network CIDR, drop *.backup from VCS

2025-09-02 11:14:04 +00:00 · 2025-09-02 11:14:04 +00:00 · fe3012ef2f
commit fe3012ef2f
parent d0a8758bb7
19 changed files with 587 additions and 722 deletions
--- a/ARCHITECTURE_CORRECTION.md
+++ b/ARCHITECTURE_CORRECTION.md
@ -1 +0,0 @@
-# 🏗️ Correction de l'Architecture 4NK_node
--- a/build_modules.sh
+++ b/build_modules.sh
@ -1,107 +1,52 @@
 #!/bin/bash

-# Script de build pour tous les modules 4NK_node
+# Script de construction des modules 4NK_node
 set -e

 echo "🏗️  Construction des modules 4NK_node..."

-# Variables
-REGISTRY="4nk-node"
-TAG="latest"
-
-# Fonction pour construire un module
+# Fonction pour construire un module spécifique
 build_module() {
-    local module=$1
-    local dockerfile=$2
-
-    echo "🔨 Construction de $module..."
-
-    if [ -f "$dockerfile" ]; then
-        docker build -t "$REGISTRY-$module:$TAG" -f "$dockerfile" .
-        echo "✅ $module construit avec succès"
+    local module_name="$1"
+    local module_dir="modules/$module_name"
+    
+    if [ ! -d "$module_dir" ]; then
+        echo "❌ Module $module_name non trouvé dans $module_dir"
+        return 1
+    fi
+    
+    echo "🔨 Construction de $module_name..."
+    
+    # Construire l'image Docker
+    docker build -t "4nk-node-$module_name:latest" "$module_dir"
+    
+    if [ $? -eq 0 ]; then
+        echo "✅ Module $module_name construit avec succès"
    else
-        echo "❌ Dockerfile non trouvé pour $module: $dockerfile"
+        echo "❌ Échec de la construction du module $module_name"
        return 1
    fi
 }

-# Construction des modules
-echo "📦 Construction des modules..."
-
-# sdk_signer
-if [ -d "../sdk_signer" ]; then
-    echo "🔨 Construction de sdk_signer depuis docker-support-v2..."
-    cd ../sdk_signer
-    git checkout docker-support-v2
-    git pull origin docker-support-v2
-    cd ../4NK_node
-    build_module "sdk_signer" "modules/sdk_signer/Dockerfile"
-else
-    echo "⚠️  Répertoire sdk_signer non trouvé"
-fi
-
-# sdk_storage
-if [ -d "../sdk_storage" ]; then
-    echo "🔨 Construction de sdk_storage depuis docker-support-v2..."
-    cd ../sdk_storage
-    git checkout docker-support-v2
-    git pull origin docker-support-v2
-    cd ../4NK_node
-    build_module "sdk_storage" "modules/sdk_storage/Dockerfile"
-else
-    echo "⚠️  Répertoire sdk_storage non trouvé"
-fi
-
-# ihm_client
-if [ -d "../ihm_client" ]; then
-    echo "🔨 Construction de ihm_client depuis docker-support-v2..."
-    cd ../ihm_client
-    git checkout docker-support-v2
-    git pull origin docker-support-v2
-    cd ../4NK_node
-    build_module "ihm_client" "modules/ihm_client/Dockerfile"
-else
-    echo "⚠️  Répertoire ihm_client non trouvé"
-fi
-
-# sdk_relay1, sdk_relay2, sdk_relay3
-if [ -d "../sdk_relay" ]; then
-    echo "🔨 Construction des relays depuis docker-support-v2..."
-    cd ../sdk_relay
-    git checkout docker-support-v2
-    git pull origin docker-support-v2
-    cd ../4NK_node
+# Construction de tous les modules si aucun argument n'est fourni
+if [ $# -eq 0 ]; then
+    echo "📦 Construction de tous les modules..."
    
-    # Construire les 3 instances de relay
-    for i in 1 2 3; do
-        echo "🔨 Construction de sdk_relay$i..."
-        build_module "sdk_relay$i" "modules/sdk_relay$i/Dockerfile"
-    done
+    # Modules de base
+    build_module "tor"
+    build_module "bitcoin"
+    
+    # Modules applicatifs
+    build_module "blindbit"
+    build_module "sdk_relay1"
+    build_module "sdk_relay2"
+    build_module "sdk_relay3"
+    build_module "sdk_storage"
+    build_module "sdk_signer"
+    build_module "ihm_client"
+    
+    echo "🎉 Tous les modules ont été construits !"
 else
-    echo "⚠️  Répertoire sdk_relay non trouvé"
+    # Construction d'un module spécifique
+    build_module "$1"
 fi
-
-# bitcoin
-echo "🔨 Construction de bitcoin..."
-build_module "bitcoin" "modules/bitcoin/Dockerfile"
-
-# blindbit
-if [ -d "../blindbit" ]; then
-    echo "🔨 Construction de blindbit depuis docker-support-v2..."
-    cd ../blindbit
-    git checkout docker-support-v2
-    git pull origin docker-support-v2
-    cd ../4NK_node
-    build_module "blindbit" "modules/blindbit/Dockerfile"
-else
-    echo "⚠️  Répertoire blindbit non trouvé"
-fi
-
-# tor
-echo "🔨 Construction de tor..."
-build_module "tor" "modules/tor/Dockerfile"
-
-echo "🎉 Construction de tous les modules terminée !"
-echo ""
-echo "📋 Images construites :"
-docker images | grep "$REGISTRY-"
--- a/build_modules.sh.backup
+++ b/build_modules.sh.backup
@ -1,81 +0,0 @@
-#!/bin/bash
-
-# Script de build pour tous les modules 4NK_node
-set -e
-
-echo "🏗️  Construction des modules 4NK_node..."
-
-# Variables
-REGISTRY="4nk-node"
-TAG="latest"
-
-# Fonction pour construire un module
-build_module() {
-    local module=$1
-    local dockerfile=$2
-    
-    echo "🔨 Construction de $module..."
-    
-    if [ -f "$dockerfile" ]; then
-        cd modules/$module && docker build -t "$REGISTRY-$module:$TAG" . && cd ../../
-        echo "✅ $module construit avec succès"
-    else
-        echo "❌ Dockerfile non trouvé pour $module: $dockerfile"
-        return 1
-    fi
-}
-
-# Construction des modules
-echo "📦 Construction des modules..."
-
-# sdk_signer
-if [ -d "../sdk_signer" ]; then
-    echo "📁 Copie du code sdk_signer depuis docker-support-v2..."
-    cd ../sdk_signer
-    git checkout docker-support-v2
-    git pull origin docker-support-v2
-    cd ../4NK_node
-    cp -r ../sdk_signer/* modules/sdk_signer/
-    build_module "sdk_signer" "modules/sdk_signer/Dockerfile"
-else
-    echo "⚠️  Répertoire sdk_signer non trouvé"
-fi
-if [ -d "../sdk_signer" ]; then
-    echo "📁 Copie du code sdk_signer..."
-    cp -r ../sdk_signer/* modules/sdk_signer/
-    build_module "sdk_signer" "modules/sdk_signer/Dockerfile"
-else
-    echo "⚠️  Répertoire sdk_signer non trouvé"
-fi
-
-# sdk_storage
-if [ -d "../sdk_storage" ]; then
-    echo "📁 Copie du code sdk_storage..."
-    cp -r ../sdk_storage/* modules/sdk_storage/
-    build_module "sdk_storage" "modules/sdk_storage/Dockerfile"
-else
-    echo "⚠️  Répertoire sdk_storage non trouvé"
-fi
-
-# ihm_client
-if [ -d "../ihm_client" ]; then
-    echo "📁 Copie du code ihm_client..."
-    cp -r ../ihm_client/* modules/ihm_client/
-    build_module "ihm_client" "modules/ihm_client/Dockerfile"
-else
-    echo "⚠️  Répertoire ihm_client non trouvé"
-fi
-
-# sdk_relay
-if [ -d "../sdk_relay" ]; then
-    echo "📁 Copie du code sdk_relay..."
-    cp -r ../sdk_relay/* modules/sdk_relay/
-    build_module "sdk-relay" "modules/sdk_relay/Dockerfile"
-else
-    echo "⚠️  Répertoire sdk_relay non trouvé"
-fi
-
-echo "🎉 Construction de tous les modules terminée !"
-echo ""
-echo "📋 Images construites :"
-docker images | grep "$REGISTRY-"
--- a/conf/bitcoin.conf
+++ b/conf/bitcoin.conf
@ -1 +1,49 @@
-# Configuration Bitcoin Core pour Docker 4NK_node
+# Configuration Bitcoin Core Signet pour Docker 4NK_node
+
+# Configuration globale
+datadir=/home/bitcoin/.bitcoin
+server=1
+txindex=1
+debug=1
+loglevel=debug
+logthreadnames=1
+signet=1
+onion=4nk-tor:9050
+listenonion=1
+proxy=4nk-tor:9050
+listen=1
+
+# Paramètres RPC
+# Auth cookie supprimée: on restreint par réseau Docker (réseau épinglé)
+rpcallowip=172.24.0.0/16
+rpcworkqueue=32
+rpcthreads=4
+rpcdoccheck=1
+
+# Paramètres ZMQ
+zmqpubhashblock=tcp://0.0.0.0:29000
+zmqpubrawtx=tcp://0.0.0.0:29000
+
+# Configuration spécifique du signet custom
+[signet]
+whitelist=download@127.0.0.1
+txindex=1
+proxy=4nk-tor:9050
+listenonion=1
+listen=1
+signetchallenge=0020341c43803863c252df326e73574a27d7e19322992061017b0dc893e2eab90821
+addnode=6xi33lwwslsx3yi3f7c56wnqtdx4v73vj2up3prrwebpwbz6qisnqbyd.onion:38333
+addnode=d6i546e2sjezhyy2eupyc2wqtbgjnkubcjd4prhqurtlmp7nsp6yxqyd.onion:38333
+# Ports Signet (P2P et RPC)
+port=38333
+rpcport=38332
+
+fallbackfee=0.0001
+
+zmqpubrawblock=tcp://0.0.0.0:29000
+zmqpubrawtx=tcp://0.0.0.0:29000
+#zmqpubhashtx=tcp://0.0.0.0:29000
+zmqpubhashblock=tcp://0.0.0.0:29000
+#zmqpubsequence=tcp://0.0.0.0:29000
+
+blockfilterindex=1
--- a/conf/blindbit.toml
+++ b/conf/blindbit.toml
@ -1 +1,25 @@
-# Configuration pour blindbit-oracle Docker 4NK_node
+# Configuration pour blindbit-oracle
+host = "0.0.0.0:8000"
+
+# Définit la chaîne sur laquelle le wallet fonctionne
+chain = "signet"
+
+# Point d'accès RPC Bitcoin (sans cookie, autorisé par rpcallowip)
+rpc_endpoint = "http://4nk-bitcoin:38332"
+
+# Auth RPC non requise (bitcoin.conf restreint par rpcallowip)
+rpc_user = ""
+rpc_pass = ""
+
+# Hauteur de départ pour la synchronisation
+sync_start_height = 1
+
+# Paramètres de performance
+max_parallel_tweak_computations = 4
+max_parallel_requests = 4
+
+# Configuration des index
+tweaks_only = 0
+tweaks_full_basic = 1
+tweaks_full_with_dust_filter = 1
+tweaks_cut_through_with_dust_filter = 1
--- a/conf/ihm_client.conf
+++ b/conf/ihm_client.conf
@ -0,0 +1,43 @@
+# Configuration ihm_client - Module 4NK_node
+
+# URLs des services
+sdk_signer_url = "http://4nk-sdk-signer:9090"
+sdk_storage_url = "http://4nk-sdk-storage:8081"
+sdk_relay1_url = "http://4nk-sdk-relay1:8091"
+sdk_relay2_url = "http://4nk-sdk-relay2:8093"
+sdk_relay3_url = "http://4nk-sdk-relay3:8095"
+
+# WebSocket URLs
+sdk_relay1_ws = "ws://4nk-sdk-relay1:8090"
+sdk_relay2_ws = "ws://4nk-sdk-relay2:8092"
+sdk_relay3_ws = "ws://4nk-sdk-relay3:8094"
+
+# Configuration réseau
+network_type = "signet"
+bitcoin_rpc_url = "http://4nk-bitcoin:18443"
+
+# Ports
+ui_port = 8080
+api_port = 8080
+
+# Sécurité
+cors_enabled = true
+cors_origins = ["*"]
+rate_limit_enabled = true
+rate_limit_requests = 100
+rate_limit_window = 60
+session_timeout = 3600
+
+# Timeouts
+request_timeout = 30
+connection_timeout = 10
+
+# Logging
+log_level = "info"
+log_file = "/app/logs/ihm_client.log"
+log_max_size = "100MB"
+log_max_files = 5
+
+# Mode développement
+dev_mode = true
+debug_enabled = true
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@ -0,0 +1,108 @@
+# Configuration Nginx Reverse Proxy - Module 4NK_node
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    # Logs centralisés
+    access_log /var/log/nginx/access.log;
+    error_log /var/log/nginx/error.log;
+
+    # Gzip compression
+    gzip on;
+    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+    # Upstream servers
+    upstream ihm_client {
+        server 4nk-ihm-client:8080;
+    }
+
+    upstream sdk_relay1 {
+        server 4nk-sdk-relay1:8091;
+    }
+
+    upstream sdk_storage {
+        server 4nk-sdk-storage:8081;
+    }
+
+    upstream sdk_signer {
+        server 4nk-sdk-signer:9090;
+    }
+
+    # HTTP server only (no TLS)
+    server {
+        listen 80;
+        server_name _;
+
+        # IHM Client
+        location / {
+            proxy_pass http://ihm_client;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+        }
+
+        # SDK Relay 1 API
+        location /api/relay1/ {
+            proxy_pass http://sdk_relay1/;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+        }
+
+        # SDK Relay 1 WebSocket
+        location /ws/relay1/ {
+            proxy_pass http://4nk-sdk-relay1:8090/;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+        }
+
+        # SDK Storage
+        location /api/storage/ {
+            proxy_pass http://sdk_storage/;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+        }
+
+        # SDK Signer
+        location /api/signer/ {
+            proxy_pass http://sdk_signer/;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+        }
+
+        # SDK Signer WebSocket
+        location /ws/signer/ {
+            proxy_pass http://4nk-sdk-signer:9090/;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+        }
+
+        # Health check endpoint
+        location /health {
+            access_log off;
+            return 200 "healthy\n";
+            add_header Content-Type text/plain;
+        }
+    }
+}
--- a/conf/sdk_relay1.conf
+++ b/conf/sdk_relay1.conf
@ -1,17 +1,17 @@
 # Configuration sdk_relay pour Docker
 # Services connectés via réseau Docker

-# Bitcoin Core RPC (utilise le nom d'hôte Docker et le cookie)
-core_url=http://bitcoin:18443
+# Bitcoin Core RPC (sans cookie, autorisé par rpcallowip)
+core_url=http://4nk-bitcoin:38332
 core_wallet=relay_wallet
 ws_url=0.0.0.0:8090
 http_url=0.0.0.0:8091
 wallet_name=relay_wallet.json
 network=signet
 blindbit_url=http://blindbit:8000
-zmq_url=tcp://bitcoin:29000
+zmq_url=tcp://4nk-bitcoin:29000
 data_dir=.4nk
-cookie_path=/home/bitcoin/.bitcoin/signet/.cookie
+# cookie non utilisé

 # Mode développement
 dev_mode=true
--- a/conf/sdk_relay2.conf
+++ b/conf/sdk_relay2.conf
@ -1,17 +1,17 @@
 # Configuration sdk_relay pour Docker
 # Services connectés via réseau Docker

-# Bitcoin Core RPC (utilise le nom d'hôte Docker et le cookie)
-core_url=http://bitcoin:18443
+# Bitcoin Core RPC (sans cookie, autorisé par rpcallowip)
+core_url=http://4nk-bitcoin:38332
 core_wallet=relay_wallet
 ws_url=0.0.0.0:8090
 http_url=0.0.0.0:8091
 wallet_name=relay_wallet.json
 network=signet
 blindbit_url=http://blindbit:8000
-zmq_url=tcp://bitcoin:29000
+zmq_url=tcp://4nk-bitcoin:29000
 data_dir=.4nk
-cookie_path=/home/bitcoin/.bitcoin/signet/.cookie
+# cookie non utilisé

 # Mode développement
 dev_mode=true
--- a/conf/sdk_relay3.conf
+++ b/conf/sdk_relay3.conf
@ -1,17 +1,17 @@
 # Configuration sdk_relay pour Docker
 # Services connectés via réseau Docker

-# Bitcoin Core RPC (utilise le nom d'hôte Docker et le cookie)
-core_url=http://bitcoin:18443
+# Bitcoin Core RPC (sans cookie, autorisé par rpcallowip)
+core_url=http://4nk-bitcoin:38332
 core_wallet=relay_wallet
 ws_url=0.0.0.0:8090
 http_url=0.0.0.0:8091
 wallet_name=relay_wallet.json
 network=signet
 blindbit_url=http://blindbit:8000
-zmq_url=tcp://bitcoin:29000
+zmq_url=tcp://4nk-bitcoin:29000
 data_dir=.4nk
-cookie_path=/home/bitcoin/.bitcoin/signet/.cookie
+# cookie non utilisé

 # Mode développement
 dev_mode=true
--- a/conf/sdk_signer.conf
+++ b/conf/sdk_signer.conf
@ -0,0 +1,31 @@
+# Configuration sdk_signer - Module 4NK_node
+
+# Ports
+ws_port = 9090
+http_port = 9092
+
+# URLs des services
+relay_urls = ["http://4nk-sdk-relay1:8091", "http://4nk-sdk-relay2:8093", "http://4nk-sdk-relay3:8095"]
+storage_url = "http://4nk-sdk-storage:8081"
+blindbit_url = "http://4nk-blindbit:8000"
+bitcoin_rpc_url = "http://4nk-bitcoin:38332"
+
+# Authentification Bitcoin
+bitcoin_rpc_user = ""
+bitcoin_rpc_password = ""
+
+# Mode développement
+dev_mode = true
+debug_level = "info"
+
+# Limites de connexions
+max_connections = 100
+timeout = 30
+
+# Logging
+log_level = "info"
+log_file = "/home/bitcoin/logs/sdk_signer.log"
+
+# Sécurité
+enable_tls = false
+enable_auth = false
--- a/conf/sdk_storage.conf
+++ b/conf/sdk_storage.conf
@ -0,0 +1,33 @@
+# Configuration sdk_storage - Module 4NK_node
+
+# Port d'écoute
+http_port = 8081
+
+# Base de données
+db_path = "/home/bitcoin/.4nk/storage.db"
+
+# URLs des services
+relay_urls = ["http://4nk-sdk-relay1:8091", "http://4nk-sdk-relay2:8093", "http://4nk-sdk-relay3:8095"]
+bitcoin_rpc_url = "http://4nk-bitcoin:38332"
+bitcoin_rpc_user = ""
+bitcoin_rpc_password = ""
+
+# Mode développement
+dev_mode = true
+debug_level = "info"
+
+# Limites de connexions
+max_connections = 100
+timeout = 30
+
+# Logging
+log_level = "info"
+log_file = "/home/bitcoin/logs/sdk_storage.log"
+
+# Stockage de fichiers
+file_storage_path = "/home/bitcoin/.4nk/files"
+max_file_size = "100MB"
+
+# Sécurité
+enable_tls = false
+enable_auth = false
--- a/conf/tor.conf
+++ b/conf/tor.conf
@ -1,3 +1,38 @@
+# Configuration Tor pour 4NK_node
+# Proxy SOCKS et contrôle
+
+# Répertoire de données
 DataDirectory /var/lib/tor
+PidFile /var/lib/tor/tor.pid
+
+# Interface SOCKS
 SocksPort 9050
+SocksListenAddress 0.0.0.0
+
+# Interface de contrôle
 ControlPort 9051
+ControlListenAddress 0.0.0.0
+
+# Authentification du contrôle
+CookieAuthentication 1
+
+# Configuration des circuits
+CircuitBuildTimeout 30
+LearnCircuitBuildTimeout 0
+EnforceDistinctSubnets 1
+
+# Configuration des nœuds de sortie
+ExitNodes {fr},{de},{nl},{ch}
+StrictExitNodes 1
+
+# Configuration des relais
+RelayBandwidthRate 100 KB
+RelayBandwidthBurst 200 KB
+
+# Logs
+Log notice file /var/lib/tor/notice.log
+Log info file /var/lib/tor/info.log
+Log debug file /var/lib/tor/debug.log
+
+# Sécurité
+SafeLogging 1
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,320 +1,39 @@
+version: '3.8'
+
 services:
  tor:
-    build: ./tor
-    image: 4nk_node-tor
-    container_name: tor-proxy
-    networks:
-      btcnet:
-        aliases:
-          - tor
+    image: 4nk-node-tor:latest
+    container_name: 4nk-tor
    ports:
-      - "9050:9050"  # Port SOCKS
-      - "9051:9051"  # Port de contrôle
-    restart: unless-stopped
+      - "9050:9050"
+      - "9051:9051"
    volumes:
-      - ./tor/torrc:/etc/tor/torrc:ro
-      - ./tor/bridges.extra:/etc/tor/bridges.extra:ro
-    command: ["tor", "-f", "/etc/tor/torrc"]
-    healthcheck:
-      test: ["CMD-SHELL", "nc -z 127.0.0.1 9050"]
-      interval: 30s
-      timeout: 5s
-      retries: 3
+      - tor_data:/var/lib/tor
+      - ./conf/tor.conf:/etc/tor/torrc:ro
+    networks:
+      - 4nk_network
+    restart: unless-stopped

  bitcoin:
-    build: ./bitcoin
-    container_name: bitcoin-signet
+    image: 4nk-node-bitcoin:latest
+    container_name: 4nk-bitcoin
+    ports:
+      - "38333:38333"
+      - "18443:18443"
+      - "29000:29000"
+    volumes:
+      - bitcoin_data:/home/bitcoin/.bitcoin
+      - ./conf/bitcoin.conf:/home/bitcoin/.bitcoin/bitcoin.conf:ro
+    networks:
+      - 4nk_network
+    restart: unless-stopped
    depends_on:
      - tor
-    volumes:
-      - bitcoin_data:/home/bitcoin/.bitcoin
-      - ./bitcoin/bitcoin.conf:/home/bitcoin/.bitcoin/bitcoin.conf
-    # ports supprimés: service interne uniquement
-    networks:
-      btcnet:
-        aliases:
-          - bitcoin
-    environment:
-      - TOR_HOST=tor
-      - TOR_PORT=9050
-    restart: unless-stopped
-    healthcheck:
-      test: ["CMD", "bitcoin-cli", "-conf=/home/bitcoin/.bitcoin/bitcoin.conf", "getblockchaininfo"]
-      interval: 30s
-      timeout: 10s
-      retries: 3
-
-  blindbit:
-    build: ./blindbit
-    container_name: blindbit-oracle
-    depends_on:
-      - bitcoin
-    volumes:
-      - blindbit_data:/data
-      - ./blindbit/blindbit.toml:/data/blindbit.toml
-      - bitcoin_data:/home/bitcoin/.bitcoin
-    # ports supprimés: service interne uniquement
-    networks:
-      btcnet:
-        aliases:
-          - blindbit
-    restart: unless-stopped
-
-  sdk_relay_1:
-    build:
-      context: ..
-      dockerfile: 4NK_node/sdk_relay/Dockerfile
-    container_name: sdk_relay_1
-    depends_on:
-      bitcoin:
-        condition: service_healthy
-      blindbit:
-        condition: service_started
-    volumes:
-      - bitcoin_data:/home/bitcoin/.bitcoin
-      - ./bitcoin/bitcoin.conf:/home/bitcoin/.bitcoin/bitcoin.conf
-      - sdk_relay_1_data:/home/bitcoin/.4nk
-      - ./sdk_relay/.conf.docker.relay1:/home/bitcoin/.conf.docker
-    # ports supprimés: service utilisé via reverse proxy interne
-    networks:
-      btcnet:
-        aliases:
-          - sdk_relay_1
-    logging:
-      driver: "json-file"
-      options:
-        max-size: "10m"
-        max-file: "3"
-    environment:
-      - RUST_LOG=debug,bitcoincore_rpc=trace
-      - HOME=/home/bitcoin
-      - BITCOIN_COOKIE_PATH=/home/bitcoin/.bitcoin/signet/.cookie
-      - ENABLE_SYNC_TEST=1
-    restart: on-failure:3
-    entrypoint: >
-      /bin/sh -c "
-      cp /home/bitcoin/.conf.docker /home/bitcoin/.conf &&
-      cp /home/bitcoin/.bitcoin/signet/.cookie /home/bitcoin/.4nk/bitcoin.cookie &&
-      chmod 600 /home/bitcoin/.4nk/bitcoin.cookie &&
-      echo 'Configuration loaded:' &&
-      cat /home/bitcoin/.conf &&
-      echo 'Testing DNS resolution:' &&
-      getent hosts bitcoin &&
-      echo 'Testing connectivity:' &&
-      curl -s --connect-timeout 5 http://bitcoin:18443 &&
-      echo 'Bitcoin accessible via curl' &&
-      echo 'Starting sdk_relay_1:' &&
-      /usr/local/bin/sdk_relay serve --config .conf --ws 0.0.0.0:8090 --http 0.0.0.0:8091"
-    healthcheck:
-      test: ["CMD", "/usr/local/bin/healthcheck.sh"]
-      interval: 30s
-      timeout: 15s
-      retries: 3
-      start_period: 60s
-
-  sdk_relay_2:
-    build:
-      context: ..
-      dockerfile: 4NK_node/sdk_relay/Dockerfile
-    container_name: sdk_relay_2
-    depends_on:
-      bitcoin:
-        condition: service_healthy
-      blindbit:
-        condition: service_started
-    volumes:
-      - bitcoin_data:/home/bitcoin/.bitcoin
-      - ./bitcoin/bitcoin.conf:/home/bitcoin/.bitcoin/bitcoin.conf
-      - sdk_relay_2_data:/home/bitcoin/.4nk
-      - ./sdk_relay/.conf.docker.relay2:/home/bitcoin/.conf.docker
-    # ports supprimés: service utilisé via reverse proxy interne
-    networks:
-      btcnet:
-        aliases:
-          - sdk_relay_2
-    logging:
-      driver: "json-file"
-      options:
-        max-size: "10m"
-        max-file: "3"
-    environment:
-      - RUST_LOG=debug,bitcoincore_rpc=trace
-      - HOME=/home/bitcoin
-      - BITCOIN_COOKIE_PATH=/home/bitcoin/.bitcoin/signet/.cookie
-      - ENABLE_SYNC_TEST=1
-    restart: on-failure:3
-    entrypoint: >
-      /bin/sh -c "
-      cp /home/bitcoin/.conf.docker /home/bitcoin/.conf &&
-      cp /home/bitcoin/.bitcoin/signet/.cookie /home/bitcoin/.4nk/bitcoin.cookie &&
-      chmod 600 /home/bitcoin/.4nk/bitcoin.cookie &&
-      echo 'Configuration loaded:' &&
-      cat /home/bitcoin/.conf &&
-      echo 'Testing DNS resolution:' &&
-      getent hosts bitcoin &&
-      echo 'Testing connectivity:' &&
-      curl -s --connect-timeout 5 http://bitcoin:18443 &&
-      echo 'Bitcoin accessible via curl' &&
-      echo 'Starting sdk_relay_2:' &&
-      /usr/local/bin/sdk_relay serve --config .conf --ws 0.0.0.0:8090 --http 0.0.0.0:8091"
-    healthcheck:
-      test: ["CMD", "/usr/local/bin/healthcheck.sh"]
-      interval: 30s
-      timeout: 15s
-      retries: 3
-      start_period: 60s
-
-  sdk_relay_3:
-    build:
-      context: ..
-      dockerfile: 4NK_node/sdk_relay/Dockerfile
-    container_name: sdk_relay_3
-    depends_on:
-      bitcoin:
-        condition: service_healthy
-      blindbit:
-        condition: service_started
-    volumes:
-      - bitcoin_data:/home/bitcoin/.bitcoin
-      - ./bitcoin/bitcoin.conf:/home/bitcoin/.bitcoin/bitcoin.conf
-      - sdk_relay_3_data:/home/bitcoin/.4nk
-      - ./sdk_relay/.conf.docker.relay3:/home/bitcoin/.conf.docker
-    # ports supprimés: service utilisé via reverse proxy interne
-    networks:
-      btcnet:
-        aliases:
-          - sdk_relay_3
-    logging:
-      driver: "json-file"
-      options:
-        max-size: "10m"
-        max-file: "3"
-    environment:
-      - RUST_LOG=debug,bitcoincore_rpc=trace
-      - HOME=/home/bitcoin
-      - BITCOIN_COOKIE_PATH=/home/bitcoin/.bitcoin/signet/.cookie
-      - ENABLE_SYNC_TEST=1
-    restart: on-failure:3
-    entrypoint: >
-      /bin/sh -c "
-      cp /home/bitcoin/.conf.docker /home/bitcoin/.conf &&
-      cp /home/bitcoin/.bitcoin/signet/.cookie /home/bitcoin/.4nk/bitcoin.cookie &&
-      chmod 600 /home/bitcoin/.4nk/bitcoin.cookie &&
-      echo 'Configuration loaded:' &&
-      cat /home/bitcoin/.conf &&
-      echo 'Testing DNS resolution:' &&
-      getent hosts bitcoin &&
-      echo 'Testing connectivity:' &&
-      curl -s --connect-timeout 5 http://bitcoin:18443 &&
-      echo 'Bitcoin accessible via curl' &&
-      echo 'Starting sdk_relay_3:' &&
-      /usr/local/bin/sdk_relay serve --config .conf --ws 0.0.0.0:8090 --http 0.0.0.0:8091"
-    healthcheck:
-      test: ["CMD", "/usr/local/bin/healthcheck.sh"]
-      interval: 30s
-      timeout: 15s
-      retries: 3
-      start_period: 60s
-
-  ihm_client:
-    image: busybox:latest
-    container_name: 4nk-ihm-client
-    command: sh -c "sleep infinity"
-    volumes:
-      - ./ihm_client/dist:/usr/share/nginx/html:ro
-    networks:
-      - btcnet
-
-  reverse_proxy:
-    image: nginx:alpine
-    container_name: 4nk-reverse-proxy
-    depends_on:
-      - sdk_relay_1
-      - sdk_storage
-    volumes:
-      - ./proxy/nginx.conf:/etc/nginx/conf.d/default.conf:ro
-      - ./certs:/etc/nginx/certs:ro
-      - ./ihm_client/dist:/usr/share/nginx/html:ro
-      - ./acme:/var/www/certbot:ro
-    ports:
-      - "80:80"
-      - "443:443"
-    networks:
-      btcnet:
-        aliases:
-          - reverse_proxy
-
-  sdk_storage:
-    build:
-      context: ../sdk_storage
-      dockerfile: Dockerfile
-    container_name: sdk-storage
-    restart: unless-stopped
-    entrypoint: >
-      /bin/sh -lc "chown -R 10001:10001 /app/storage || true; exec /usr/local/bin/sdk_storage --permanent"
-    networks:
-      btcnet:
-        aliases:
-          - sdk_storage
-    volumes:
-      - sdk_storage_data:/app/storage
-    # Service interne: aucun port exposé
-
-  sdk_signer:
-      args:
-        GIT_BRANCH: master
-    build:
-      args:
-        GIT_BRANCH: master
-      context: ../sdk_signer
-      args:
-        GIT_BRANCH: master
-      dockerfile: Dockerfile
-      args:
-        GIT_BRANCH: master
-    container_name: sdk-signer
-    restart: unless-stopped
-    user: "0:0"
-    environment:
-      - PORT=9090
-      - API_KEY=dev-change-me
-      - RELAY_URLS=ws://sdk_relay_1:8090
-      - LOG_LEVEL=info
-      - DATABASE_PATH=/app/data/server.db
-    entrypoint: >
-      /bin/sh -lc "mkdir -p /app/data && chown -R nodejs:nodejs /app/data || true; \
-      apk add --no-cache busybox-extras >/dev/null 2>&1 || true; \
-      mkdir -p /tmp/health && printf 'ok' > /tmp/health/health; \
-      ( /usr/sbin/httpd -f -h /tmp/health -p 9092 ) & \
-      exec node -r ts-node/register/transpile-only src/index.ts"
-    networks:
-      btcnet:
-        aliases:
-          - sdk_signer
-    depends_on:
-      sdk_relay_1:
-        condition: service_started
-    volumes:
-      - sdk_signer_data:/app/data
-    # Service interne: aucun port exposé

 volumes:
+  tor_data:
  bitcoin_data:
-    name: 4nk_node_bitcoin_data
-  blindbit_data:
-    name: 4nk_node_blindbit_data
-  sdk_relay_1_data:
-    name: 4nk_node_sdk_relay_1_data
-  sdk_relay_2_data:
-    name: 4nk_node_sdk_relay_2_data
-  sdk_relay_3_data:
-    name: 4nk_node_sdk_relay_3_data
-  sdk_storage_data:
-    name: 4nk_node_sdk_storage_data
-  sdk_signer_data:
-    name: 4nk_node_sdk_signer_data

 networks:
-  btcnet:
-    name: 4nk_node_btcnet
+  4nk_network:
    driver: bridge
--- a/manage_services.sh
+++ b/manage_services.sh
@ -1,111 +1 @@
 #!/bin/bash
-
-# Script de gestion des services 4NK_node
-set -e
-
-# Variables
-COMPOSE_FILE="docker-compose.yml"
-SERVICES=("tor-proxy" "bitcoin-signet" "blindbit-oracle" "sdk_relay_1" "sdk_relay_2" "sdk_relay_3" "sdk_signer" "sdk_storage" "ihm_client" "reverse_proxy")
-
-# Fonction d'aide
-show_help() {
-    echo "🔧 Gestionnaire des services 4NK_node"
-    echo ""
-    echo "Usage: $0 [COMMANDE]"
-    echo ""
-    echo "Commandes:"
-    echo "  start       Démarrer tous les services"
-    echo "  stop        Arrêter tous les services"
-    echo "  restart     Redémarrer tous les services"
-    echo "  status      Afficher le statut des services"
-    echo "  logs        Afficher les logs de tous les services"
-    echo "  logs [SVC]  Afficher les logs d'un service spécifique"
-    echo "  build       Construire tous les modules"
-    echo "  clean       Nettoyer les containers et volumes"
-    echo "  help        Afficher cette aide"
-    echo ""
-    echo "Services disponibles:"
-    printf "  %s\n" "${SERVICES[@]}"
-}
-
-# Fonction pour démarrer les services
-start_services() {
-    echo "🚀 Démarrage des services 4NK_node..."
-    docker compose -f "$COMPOSE_FILE" up -d
-    echo "✅ Services démarrés"
-}
-
-# Fonction pour arrêter les services
-stop_services() {
-    echo "🛑 Arrêt des services 4NK_node..."
-    docker compose -f "$COMPOSE_FILE" down
-    echo "✅ Services arrêtés"
-}
-
-# Fonction pour redémarrer les services
-restart_services() {
-    echo "🔄 Redémarrage des services 4NK_node..."
-    docker compose -f "$COMPOSE_FILE" restart
-    echo "✅ Services redémarrés"
-}
-
-# Fonction pour afficher le statut
-show_status() {
-    echo "📊 Statut des services 4NK_node..."
-    docker compose -f "$COMPOSE_FILE" ps
-}
-
-# Fonction pour afficher les logs
-show_logs() {
-    local service=$1
-    
-    if [ -z "$service" ]; then
-        echo "📋 Logs de tous les services..."
-        docker compose -f "$COMPOSE_FILE" logs --tail=50
-    else
-        echo "📋 Logs du service $service..."
-        docker compose -f "$COMPOSE_FILE" logs --tail=50 "$service"
-    fi
-}
-
-# Fonction pour construire les modules
-build_modules() {
-    echo "🏗️  Construction des modules..."
-    ./build_modules.sh
-}
-
-# Fonction pour nettoyer
-clean_services() {
-    echo "🧹 Nettoyage des services..."
-    docker compose -f "$COMPOSE_FILE" down -v --remove-orphans
-    docker system prune -f
-    echo "✅ Nettoyage terminé"
-}
-
-# Gestion des commandes
-case "${1:-help}" in
-    start)
-        start_services
-        ;;
-    stop)
-        stop_services
-        ;;
-    restart)
-        restart_services
-        ;;
-    status)
-        show_status
-        ;;
-    logs)
-        show_logs "$2"
-        ;;
-    build)
-        build_modules
-        ;;
-    clean)
-        clean_services
-        ;;
-    help|*)
-        show_help
-        ;;
-esac
--- a/modules/bitcoin/Dockerfile
+++ b/modules/bitcoin/Dockerfile
@ -1 +1,9 @@
-FROM bitcoin/bitcoin-core:25.0
+FROM alpine:latest
+RUN apk add --no-cache bitcoin curl
+RUN addgroup -g 1001 bitcoinuser && adduser -D -s /bin/sh -u 1001 -G bitcoinuser bitcoinuser
+RUN mkdir -p /home/bitcoin/.bitcoin/signet && chown -R bitcoinuser:bitcoinuser /home/bitcoin
+COPY conf/bitcoin.conf /home/bitcoin/bitcoin.conf
+USER bitcoinuser
+WORKDIR /home/bitcoin
+EXPOSE 38333 18443 29000
+CMD ["bitcoind", "-signet", "-conf=/home/bitcoin/bitcoin.conf"]
--- a/modules/tor/Dockerfile
+++ b/modules/tor/Dockerfile
@ -1,5 +1,8 @@
 FROM alpine:latest
 RUN apk add --no-cache tor curl
+RUN addgroup -g 1001 toruser && adduser -D -s /bin/sh -u 1001 -G toruser toruser
+RUN mkdir -p /var/lib/tor && chown -R toruser:toruser /var/lib/tor
 COPY conf/tor.conf /etc/tor/torrc
+USER toruser
 EXPOSE 9050 9051
 CMD ["tor"]
--- a/proxy/nginx.conf
+++ b/proxy/nginx.conf
@ -1,117 +0,0 @@
-server {
-  listen 80;
-  server_name dev4.4nkweb.com;
-
-  # ACME HTTP-01 challenge (Let’s Encrypt)
-  location ^~ /.well-known/acme-challenge/ {
-    alias /var/www/certbot/.well-known/acme-challenge/;
-    default_type text/plain;
-    try_files $uri =404;
-  }
-
-  # Redirection par défaut vers HTTPS
-  location / {
-    return 301 https://$host$request_uri;
-  }
-}
-
-server {
-  listen 443 ssl http2;
-  server_name _;
-
-  ssl_certificate     /etc/nginx/certs/server.crt;
-  ssl_certificate_key /etc/nginx/certs/server.key;
-  ssl_session_cache shared:SSL:10m;
-  ssl_session_timeout 10m;
-  ssl_protocols TLSv1.2 TLSv1.3;
-  ssl_ciphers HIGH:!aNULL:!MD5;
-
-  # Sécurité de base
-  add_header X-Frame-Options SAMEORIGIN always;
-  add_header X-Content-Type-Options nosniff always;
-  add_header X-XSS-Protection "1; mode=block" always;
-  add_header Referrer-Policy "strict-origin-when-cross-origin" always;
-  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
-  # CSP minimale (adapter selon besoins)
-  add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' ws: wss: http: https:; img-src 'self' data:;" always;
-
-  # Résolveur DNS Docker pour les upstreams dynamiques
-  resolver 127.0.0.11 ipv6=off valid=10s;
-
-  # ihm_client statique servi directement
-  root /usr/share/nginx/html;
-  index index.html;
-
-  # Types MIME (WASM/ESM)
-  include /etc/nginx/mime.types;
-  types {
-    application/javascript mjs;
-    application/wasm wasm;
-  }
-  location / {
-    try_files $uri $uri/ /index.html;
-  }
-
-  # API http sdk_relay
-  location /api/ {
-    proxy_pass http://sdk_relay_1:8091/;
-    proxy_set_header Host $host;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Forwarded-Proto $scheme;
-  }
-
-  # sdk_storage HTTP (tide 8081)
-  location /storage/ {
-    proxy_pass http://sdk_storage:8081/;
-    proxy_http_version 1.1;
-    proxy_set_header Host sdk_storage;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Forwarded-Proto $scheme;
-    proxy_read_timeout 60s;
-    proxy_send_timeout 60s;
-  }
-
-  # WebSocket sdk_relay
-  location /ws/ {
-    proxy_pass http://sdk_relay_1:8090;
-    proxy_http_version 1.1;
-    proxy_set_header Upgrade $http_upgrade;
-    proxy_set_header Connection "upgrade";
-    proxy_set_header Host $host;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Forwarded-Proto $scheme;
-    proxy_read_timeout 86400;
-    proxy_send_timeout 86400;
-  }
-
-  # WebSocket sdk_signer (port 9090)
-  location /signer/ws/ {
-    set $signer_upstream sdk_signer:9090;
-    proxy_pass http://$signer_upstream;
-    proxy_http_version 1.1;
-    proxy_set_header Upgrade $http_upgrade;
-    proxy_set_header Connection "upgrade";
-    proxy_set_header Host sdk_signer;
-    proxy_set_header Origin "http://sdk_signer:9090";
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Forwarded-Proto $scheme;
-    proxy_buffering off;
-    proxy_read_timeout 86400;
-    proxy_send_timeout 86400;
-  }
-
-  # Healthcheck sdk_signer HTTP
-  location /signer/health {
-    proxy_pass http://sdk_signer:9092/health;
-    proxy_set_header Host sdk_signer;
-  }
-
-  # Healthcheck simple
-  location = /health {
-    return 200;
-  }
-}
--- a/scripts/manage_auth.sh
+++ b/scripts/manage_auth.sh
@ -0,0 +1,177 @@
+#!/bin/bash
+
+# Script de gestion de l'authentification et des fichiers partagés
+# pour la stack 4NK_node
+
+set -e
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+PROJECT_DIR="$(dirname "$SCRIPT_DIR")"
+
+echo "🔐 Gestion de l'authentification et des fichiers partagés 4NK_node"
+
+# Fonction pour vérifier si un conteneur est en cours d'exécution
+container_running() {
+    docker ps --format "table {{.Names}}" | grep -q "$1"
+}
+
+# Fonction pour attendre qu'un conteneur soit prêt
+wait_for_container() {
+    local container_name="$1"
+    local max_wait=60
+    local wait_time=0
+    
+    echo "⏳ Attente que le conteneur $container_name soit prêt..."
+    
+    while [ $wait_time -lt $max_wait ]; do
+        if container_running "$container_name"; then
+            echo "✅ Conteneur $container_name est prêt"
+            return 0
+        fi
+        sleep 2
+        wait_time=$((wait_time + 2))
+    done
+    
+    echo "❌ Timeout en attendant le conteneur $container_name"
+    return 1
+}
+
+# Fonction pour vérifier et créer le fichier .cookie
+setup_bitcoin_cookie() {
+    echo "🔍 Configuration du fichier .cookie Bitcoin..."
+    
+    if ! container_running "4nk-bitcoin"; then
+        echo "❌ Le conteneur Bitcoin n'est pas en cours d'exécution"
+        return 1
+    fi
+    
+    # Attendre que Bitcoin soit complètement démarré
+    wait_for_container "4nk-bitcoin"
+    sleep 10
+    
+    # Vérifier si le fichier .cookie existe
+    if docker exec 4nk-bitcoin test -f /home/bitcoin/.bitcoin/signet/.cookie; then
+        echo "✅ Fichier .cookie Bitcoin trouvé"
+        
+        # Afficher les informations du cookie
+        echo "📋 Informations du fichier .cookie :"
+        docker exec 4nk-bitcoin ls -la /home/bitcoin/.bitcoin/signet/.cookie
+        docker exec 4nk-bitcoin cat /home/bitcoin/.bitcoin/signet/.cookie | head -1
+        
+        # Vérifier les permissions
+        local perms=$(docker exec 4nk-bitcoin stat -c "%a" /home/bitcoin/.bitcoin/signet/.cookie)
+        echo "🔐 Permissions du fichier .cookie : $perms"
+        
+        # S'assurer que les permissions sont correctes (600)
+        if [ "$perms" != "600" ]; then
+            echo "🔧 Correction des permissions du fichier .cookie..."
+            docker exec 4nk-bitcoin chmod 600 /home/bitcoin/.bitcoin/signet/.cookie
+        fi
+        
+        return 0
+    else
+        echo "❌ Fichier .cookie Bitcoin non trouvé"
+        echo "📋 Logs Bitcoin récents :"
+        docker logs 4nk-bitcoin --tail 10
+        
+        return 1
+    fi
+}
+
+# Fonction pour vérifier l'accès au fichier .cookie depuis d'autres services
+verify_cookie_access() {
+    echo "🔍 Vérification de l'accès au fichier .cookie depuis d'autres services..."
+    
+    local services=("4nk-blindbit" "4nk-sdk-relay1" "4nk-sdk-relay2" "4nk-sdk-relay3" "4nk-sdk-storage" "4nk-sdk-signer")
+    
+    for service in "${services[@]}"; do
+        if container_running "$service"; then
+            echo "🔍 Vérification de $service..."
+            
+            if docker exec "$service" test -f /home/bitcoin/.bitcoin/signet/.cookie; then
+                echo "✅ $service peut accéder au fichier .cookie"
+                
+                # Vérifier les permissions
+                local perms=$(docker exec "$service" stat -c "%a" /home/bitcoin/.bitcoin/signet/.cookie)
+                echo "   Permissions : $perms"
+                
+                # Vérifier la lisibilité
+                if docker exec "$service" test -r /home/bitcoin/.bitcoin/signet/.cookie; then
+                    echo "   ✅ Fichier lisible"
+                else
+                    echo "   ❌ Fichier non lisible"
+                fi
+            else
+                echo "❌ $service ne peut pas accéder au fichier .cookie"
+            fi
+        else
+            echo "⏸️  $service n'est pas en cours d'exécution"
+        fi
+    done
+}
+
+# Fonction pour tester la connectivité RPC
+test_rpc_connectivity() {
+    echo "🔍 Test de la connectivité RPC..."
+    
+    if ! container_running "4nk-bitcoin"; then
+        echo "❌ Bitcoin n'est pas en cours d'exécution"
+        return 1
+    fi
+    
+    # Attendre que Bitcoin soit prêt
+    sleep 5
+    
+    # Test de la connectivité RPC via curl
+    echo "📡 Test de la connectivité RPC via HTTP..."
+    if docker exec 4nk-bitcoin curl -s --connect-timeout 5 http://localhost:18443 > /dev/null 2>&1; then
+        echo "✅ Connectivité RPC HTTP OK"
+        return 0
+    else
+        echo "❌ Connectivité RPC HTTP échouée"
+        return 1
+    fi
+}
+
+# Fonction pour afficher le statut des volumes partagés
+show_shared_volumes() {
+    echo "🔍 Statut des volumes partagés..."
+    
+    echo "📊 Volumes Docker :"
+    docker volume ls | grep 4nk_node || echo "Aucun volume 4nk_node trouvé"
+    
+    echo "📊 Volumes partagés dans docker-compose :"
+    if [ -f "$PROJECT_DIR/docker-compose.yml" ]; then
+        grep -A 5 -B 5 "shared_auth" "$PROJECT_DIR/docker-compose.yml" || echo "Volume shared_auth non trouvé"
+    fi
+}
+
+# Fonction principale
+main() {
+    case "${1:-all}" in
+        "cookie")
+            setup_bitcoin_cookie
+            ;;
+        "access")
+            verify_cookie_access
+            ;;
+        "rpc")
+            test_rpc_connectivity
+            ;;
+        "volumes")
+            show_shared_volumes
+            ;;
+        "all"|*)
+            echo "🚀 Exécution de toutes les vérifications..."
+            setup_bitcoin_cookie
+            verify_cookie_access
+            test_rpc_connectivity
+            show_shared_volumes
+            ;;
+    esac
+    
+    echo "✅ Gestion de l'authentification terminée"
+}
+
+# Exécution du script
+main "$@"
				`@ -1 +0,0 @@`
				`# 🏗️ Correction de l'Architecture 4NK_node`