diff --git a/ARCHITECTURE_CORRECTION.md b/ARCHITECTURE_CORRECTION.md deleted file mode 100644 index 36b67826..00000000 --- a/ARCHITECTURE_CORRECTION.md +++ /dev/null @@ -1 +0,0 @@ -# 🏗️ Correction de l'Architecture 4NK_node diff --git a/build_modules.sh b/build_modules.sh index d6453a4d..f7b56d63 100755 --- a/build_modules.sh +++ b/build_modules.sh @@ -1,107 +1,52 @@ #!/bin/bash -# Script de build pour tous les modules 4NK_node +# Script de construction des modules 4NK_node set -e echo "🏗️ Construction des modules 4NK_node..." -# Variables -REGISTRY="4nk-node" -TAG="latest" - -# Fonction pour construire un module +# Fonction pour construire un module spécifique build_module() { - local module=$1 - local dockerfile=$2 - - echo "🔨 Construction de $module..." - - if [ -f "$dockerfile" ]; then - docker build -t "$REGISTRY-$module:$TAG" -f "$dockerfile" . - echo "✅ $module construit avec succès" + local module_name="$1" + local module_dir="modules/$module_name" + + if [ ! -d "$module_dir" ]; then + echo "❌ Module $module_name non trouvé dans $module_dir" + return 1 + fi + + echo "🔨 Construction de $module_name..." + + # Construire l'image Docker + docker build -t "4nk-node-$module_name:latest" "$module_dir" + + if [ $? -eq 0 ]; then + echo "✅ Module $module_name construit avec succès" else - echo "❌ Dockerfile non trouvé pour $module: $dockerfile" + echo "❌ Échec de la construction du module $module_name" return 1 fi } -# Construction des modules -echo "📦 Construction des modules..." - -# sdk_signer -if [ -d "../sdk_signer" ]; then - echo "🔨 Construction de sdk_signer depuis docker-support-v2..." - cd ../sdk_signer - git checkout docker-support-v2 - git pull origin docker-support-v2 - cd ../4NK_node - build_module "sdk_signer" "modules/sdk_signer/Dockerfile" -else - echo "⚠️ Répertoire sdk_signer non trouvé" -fi - -# sdk_storage -if [ -d "../sdk_storage" ]; then - echo "🔨 Construction de sdk_storage depuis docker-support-v2..." - cd ../sdk_storage - git checkout docker-support-v2 - git pull origin docker-support-v2 - cd ../4NK_node - build_module "sdk_storage" "modules/sdk_storage/Dockerfile" -else - echo "⚠️ Répertoire sdk_storage non trouvé" -fi - -# ihm_client -if [ -d "../ihm_client" ]; then - echo "🔨 Construction de ihm_client depuis docker-support-v2..." - cd ../ihm_client - git checkout docker-support-v2 - git pull origin docker-support-v2 - cd ../4NK_node - build_module "ihm_client" "modules/ihm_client/Dockerfile" -else - echo "⚠️ Répertoire ihm_client non trouvé" -fi - -# sdk_relay1, sdk_relay2, sdk_relay3 -if [ -d "../sdk_relay" ]; then - echo "🔨 Construction des relays depuis docker-support-v2..." - cd ../sdk_relay - git checkout docker-support-v2 - git pull origin docker-support-v2 - cd ../4NK_node +# Construction de tous les modules si aucun argument n'est fourni +if [ $# -eq 0 ]; then + echo "📦 Construction de tous les modules..." - # Construire les 3 instances de relay - for i in 1 2 3; do - echo "🔨 Construction de sdk_relay$i..." - build_module "sdk_relay$i" "modules/sdk_relay$i/Dockerfile" - done + # Modules de base + build_module "tor" + build_module "bitcoin" + + # Modules applicatifs + build_module "blindbit" + build_module "sdk_relay1" + build_module "sdk_relay2" + build_module "sdk_relay3" + build_module "sdk_storage" + build_module "sdk_signer" + build_module "ihm_client" + + echo "🎉 Tous les modules ont été construits !" else - echo "⚠️ Répertoire sdk_relay non trouvé" + # Construction d'un module spécifique + build_module "$1" fi - -# bitcoin -echo "🔨 Construction de bitcoin..." -build_module "bitcoin" "modules/bitcoin/Dockerfile" - -# blindbit -if [ -d "../blindbit" ]; then - echo "🔨 Construction de blindbit depuis docker-support-v2..." - cd ../blindbit - git checkout docker-support-v2 - git pull origin docker-support-v2 - cd ../4NK_node - build_module "blindbit" "modules/blindbit/Dockerfile" -else - echo "⚠️ Répertoire blindbit non trouvé" -fi - -# tor -echo "🔨 Construction de tor..." -build_module "tor" "modules/tor/Dockerfile" - -echo "🎉 Construction de tous les modules terminée !" -echo "" -echo "📋 Images construites :" -docker images | grep "$REGISTRY-" diff --git a/build_modules.sh.backup b/build_modules.sh.backup deleted file mode 100755 index 448c7ad2..00000000 --- a/build_modules.sh.backup +++ /dev/null @@ -1,81 +0,0 @@ -#!/bin/bash - -# Script de build pour tous les modules 4NK_node -set -e - -echo "🏗️ Construction des modules 4NK_node..." - -# Variables -REGISTRY="4nk-node" -TAG="latest" - -# Fonction pour construire un module -build_module() { - local module=$1 - local dockerfile=$2 - - echo "🔨 Construction de $module..." - - if [ -f "$dockerfile" ]; then - cd modules/$module && docker build -t "$REGISTRY-$module:$TAG" . && cd ../../ - echo "✅ $module construit avec succès" - else - echo "❌ Dockerfile non trouvé pour $module: $dockerfile" - return 1 - fi -} - -# Construction des modules -echo "📦 Construction des modules..." - -# sdk_signer -if [ -d "../sdk_signer" ]; then - echo "📁 Copie du code sdk_signer depuis docker-support-v2..." - cd ../sdk_signer - git checkout docker-support-v2 - git pull origin docker-support-v2 - cd ../4NK_node - cp -r ../sdk_signer/* modules/sdk_signer/ - build_module "sdk_signer" "modules/sdk_signer/Dockerfile" -else - echo "⚠️ Répertoire sdk_signer non trouvé" -fi -if [ -d "../sdk_signer" ]; then - echo "📁 Copie du code sdk_signer..." - cp -r ../sdk_signer/* modules/sdk_signer/ - build_module "sdk_signer" "modules/sdk_signer/Dockerfile" -else - echo "⚠️ Répertoire sdk_signer non trouvé" -fi - -# sdk_storage -if [ -d "../sdk_storage" ]; then - echo "📁 Copie du code sdk_storage..." - cp -r ../sdk_storage/* modules/sdk_storage/ - build_module "sdk_storage" "modules/sdk_storage/Dockerfile" -else - echo "⚠️ Répertoire sdk_storage non trouvé" -fi - -# ihm_client -if [ -d "../ihm_client" ]; then - echo "📁 Copie du code ihm_client..." - cp -r ../ihm_client/* modules/ihm_client/ - build_module "ihm_client" "modules/ihm_client/Dockerfile" -else - echo "⚠️ Répertoire ihm_client non trouvé" -fi - -# sdk_relay -if [ -d "../sdk_relay" ]; then - echo "📁 Copie du code sdk_relay..." - cp -r ../sdk_relay/* modules/sdk_relay/ - build_module "sdk-relay" "modules/sdk_relay/Dockerfile" -else - echo "⚠️ Répertoire sdk_relay non trouvé" -fi - -echo "🎉 Construction de tous les modules terminée !" -echo "" -echo "📋 Images construites :" -docker images | grep "$REGISTRY-" diff --git a/conf/bitcoin.conf b/conf/bitcoin.conf index 41ed7f3a..c2ab61b2 100644 --- a/conf/bitcoin.conf +++ b/conf/bitcoin.conf @@ -1 +1,49 @@ -# Configuration Bitcoin Core pour Docker 4NK_node +# Configuration Bitcoin Core Signet pour Docker 4NK_node + +# Configuration globale +datadir=/home/bitcoin/.bitcoin +server=1 +txindex=1 +debug=1 +loglevel=debug +logthreadnames=1 +signet=1 +onion=4nk-tor:9050 +listenonion=1 +proxy=4nk-tor:9050 +listen=1 + +# Paramètres RPC +# Auth cookie supprimée: on restreint par réseau Docker (réseau épinglé) +rpcallowip=172.24.0.0/16 +rpcworkqueue=32 +rpcthreads=4 +rpcdoccheck=1 + +# Paramètres ZMQ +zmqpubhashblock=tcp://0.0.0.0:29000 +zmqpubrawtx=tcp://0.0.0.0:29000 + +# Configuration spécifique du signet custom +[signet] +whitelist=download@127.0.0.1 +txindex=1 +proxy=4nk-tor:9050 +listenonion=1 +listen=1 +signetchallenge=0020341c43803863c252df326e73574a27d7e19322992061017b0dc893e2eab90821 +addnode=6xi33lwwslsx3yi3f7c56wnqtdx4v73vj2up3prrwebpwbz6qisnqbyd.onion:38333 +addnode=d6i546e2sjezhyy2eupyc2wqtbgjnkubcjd4prhqurtlmp7nsp6yxqyd.onion:38333 +# Ports Signet (P2P et RPC) +port=38333 +rpcport=38332 + +fallbackfee=0.0001 + +zmqpubrawblock=tcp://0.0.0.0:29000 +zmqpubrawtx=tcp://0.0.0.0:29000 +#zmqpubhashtx=tcp://0.0.0.0:29000 +zmqpubhashblock=tcp://0.0.0.0:29000 +#zmqpubsequence=tcp://0.0.0.0:29000 + +blockfilterindex=1 \ No newline at end of file diff --git a/conf/blindbit.toml b/conf/blindbit.toml index 758b7665..d77769f2 100644 --- a/conf/blindbit.toml +++ b/conf/blindbit.toml @@ -1 +1,25 @@ -# Configuration pour blindbit-oracle Docker 4NK_node +# Configuration pour blindbit-oracle +host = "0.0.0.0:8000" + +# Définit la chaîne sur laquelle le wallet fonctionne +chain = "signet" + +# Point d'accès RPC Bitcoin (sans cookie, autorisé par rpcallowip) +rpc_endpoint = "http://4nk-bitcoin:38332" + +# Auth RPC non requise (bitcoin.conf restreint par rpcallowip) +rpc_user = "" +rpc_pass = "" + +# Hauteur de départ pour la synchronisation +sync_start_height = 1 + +# Paramètres de performance +max_parallel_tweak_computations = 4 +max_parallel_requests = 4 + +# Configuration des index +tweaks_only = 0 +tweaks_full_basic = 1 +tweaks_full_with_dust_filter = 1 +tweaks_cut_through_with_dust_filter = 1 \ No newline at end of file diff --git a/conf/ihm_client.conf b/conf/ihm_client.conf new file mode 100644 index 00000000..10e0b25c --- /dev/null +++ b/conf/ihm_client.conf @@ -0,0 +1,43 @@ +# Configuration ihm_client - Module 4NK_node + +# URLs des services +sdk_signer_url = "http://4nk-sdk-signer:9090" +sdk_storage_url = "http://4nk-sdk-storage:8081" +sdk_relay1_url = "http://4nk-sdk-relay1:8091" +sdk_relay2_url = "http://4nk-sdk-relay2:8093" +sdk_relay3_url = "http://4nk-sdk-relay3:8095" + +# WebSocket URLs +sdk_relay1_ws = "ws://4nk-sdk-relay1:8090" +sdk_relay2_ws = "ws://4nk-sdk-relay2:8092" +sdk_relay3_ws = "ws://4nk-sdk-relay3:8094" + +# Configuration réseau +network_type = "signet" +bitcoin_rpc_url = "http://4nk-bitcoin:18443" + +# Ports +ui_port = 8080 +api_port = 8080 + +# Sécurité +cors_enabled = true +cors_origins = ["*"] +rate_limit_enabled = true +rate_limit_requests = 100 +rate_limit_window = 60 +session_timeout = 3600 + +# Timeouts +request_timeout = 30 +connection_timeout = 10 + +# Logging +log_level = "info" +log_file = "/app/logs/ihm_client.log" +log_max_size = "100MB" +log_max_files = 5 + +# Mode développement +dev_mode = true +debug_enabled = true diff --git a/conf/nginx.conf b/conf/nginx.conf new file mode 100644 index 00000000..de0ec80e --- /dev/null +++ b/conf/nginx.conf @@ -0,0 +1,108 @@ +# Configuration Nginx Reverse Proxy - Module 4NK_node + +events { + worker_connections 1024; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + # Logs centralisés + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + # Gzip compression + gzip on; + gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + # Upstream servers + upstream ihm_client { + server 4nk-ihm-client:8080; + } + + upstream sdk_relay1 { + server 4nk-sdk-relay1:8091; + } + + upstream sdk_storage { + server 4nk-sdk-storage:8081; + } + + upstream sdk_signer { + server 4nk-sdk-signer:9090; + } + + # HTTP server only (no TLS) + server { + listen 80; + server_name _; + + # IHM Client + location / { + proxy_pass http://ihm_client; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + # SDK Relay 1 API + location /api/relay1/ { + proxy_pass http://sdk_relay1/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + # SDK Relay 1 WebSocket + location /ws/relay1/ { + proxy_pass http://4nk-sdk-relay1:8090/; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + # SDK Storage + location /api/storage/ { + proxy_pass http://sdk_storage/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + # SDK Signer + location /api/signer/ { + proxy_pass http://sdk_signer/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + # SDK Signer WebSocket + location /ws/signer/ { + proxy_pass http://4nk-sdk-signer:9090/; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + # Health check endpoint + location /health { + access_log off; + return 200 "healthy\n"; + add_header Content-Type text/plain; + } + } +} diff --git a/conf/sdk_relay1.conf b/conf/sdk_relay1.conf index 1b60cb82..49353092 100644 --- a/conf/sdk_relay1.conf +++ b/conf/sdk_relay1.conf @@ -1,17 +1,17 @@ # Configuration sdk_relay pour Docker # Services connectés via réseau Docker -# Bitcoin Core RPC (utilise le nom d'hôte Docker et le cookie) -core_url=http://bitcoin:18443 +# Bitcoin Core RPC (sans cookie, autorisé par rpcallowip) +core_url=http://4nk-bitcoin:38332 core_wallet=relay_wallet ws_url=0.0.0.0:8090 http_url=0.0.0.0:8091 wallet_name=relay_wallet.json network=signet blindbit_url=http://blindbit:8000 -zmq_url=tcp://bitcoin:29000 +zmq_url=tcp://4nk-bitcoin:29000 data_dir=.4nk -cookie_path=/home/bitcoin/.bitcoin/signet/.cookie +# cookie non utilisé # Mode développement dev_mode=true diff --git a/conf/sdk_relay2.conf b/conf/sdk_relay2.conf index cbdffa62..d2ed2f36 100644 --- a/conf/sdk_relay2.conf +++ b/conf/sdk_relay2.conf @@ -1,17 +1,17 @@ # Configuration sdk_relay pour Docker # Services connectés via réseau Docker -# Bitcoin Core RPC (utilise le nom d'hôte Docker et le cookie) -core_url=http://bitcoin:18443 +# Bitcoin Core RPC (sans cookie, autorisé par rpcallowip) +core_url=http://4nk-bitcoin:38332 core_wallet=relay_wallet ws_url=0.0.0.0:8090 http_url=0.0.0.0:8091 wallet_name=relay_wallet.json network=signet blindbit_url=http://blindbit:8000 -zmq_url=tcp://bitcoin:29000 +zmq_url=tcp://4nk-bitcoin:29000 data_dir=.4nk -cookie_path=/home/bitcoin/.bitcoin/signet/.cookie +# cookie non utilisé # Mode développement dev_mode=true diff --git a/conf/sdk_relay3.conf b/conf/sdk_relay3.conf index 029cf5b7..bc583f94 100644 --- a/conf/sdk_relay3.conf +++ b/conf/sdk_relay3.conf @@ -1,17 +1,17 @@ # Configuration sdk_relay pour Docker # Services connectés via réseau Docker -# Bitcoin Core RPC (utilise le nom d'hôte Docker et le cookie) -core_url=http://bitcoin:18443 +# Bitcoin Core RPC (sans cookie, autorisé par rpcallowip) +core_url=http://4nk-bitcoin:38332 core_wallet=relay_wallet ws_url=0.0.0.0:8090 http_url=0.0.0.0:8091 wallet_name=relay_wallet.json network=signet blindbit_url=http://blindbit:8000 -zmq_url=tcp://bitcoin:29000 +zmq_url=tcp://4nk-bitcoin:29000 data_dir=.4nk -cookie_path=/home/bitcoin/.bitcoin/signet/.cookie +# cookie non utilisé # Mode développement dev_mode=true diff --git a/conf/sdk_signer.conf b/conf/sdk_signer.conf new file mode 100644 index 00000000..16356cd7 --- /dev/null +++ b/conf/sdk_signer.conf @@ -0,0 +1,31 @@ +# Configuration sdk_signer - Module 4NK_node + +# Ports +ws_port = 9090 +http_port = 9092 + +# URLs des services +relay_urls = ["http://4nk-sdk-relay1:8091", "http://4nk-sdk-relay2:8093", "http://4nk-sdk-relay3:8095"] +storage_url = "http://4nk-sdk-storage:8081" +blindbit_url = "http://4nk-blindbit:8000" +bitcoin_rpc_url = "http://4nk-bitcoin:38332" + +# Authentification Bitcoin +bitcoin_rpc_user = "" +bitcoin_rpc_password = "" + +# Mode développement +dev_mode = true +debug_level = "info" + +# Limites de connexions +max_connections = 100 +timeout = 30 + +# Logging +log_level = "info" +log_file = "/home/bitcoin/logs/sdk_signer.log" + +# Sécurité +enable_tls = false +enable_auth = false diff --git a/conf/sdk_storage.conf b/conf/sdk_storage.conf new file mode 100644 index 00000000..321c4c49 --- /dev/null +++ b/conf/sdk_storage.conf @@ -0,0 +1,33 @@ +# Configuration sdk_storage - Module 4NK_node + +# Port d'écoute +http_port = 8081 + +# Base de données +db_path = "/home/bitcoin/.4nk/storage.db" + +# URLs des services +relay_urls = ["http://4nk-sdk-relay1:8091", "http://4nk-sdk-relay2:8093", "http://4nk-sdk-relay3:8095"] +bitcoin_rpc_url = "http://4nk-bitcoin:38332" +bitcoin_rpc_user = "" +bitcoin_rpc_password = "" + +# Mode développement +dev_mode = true +debug_level = "info" + +# Limites de connexions +max_connections = 100 +timeout = 30 + +# Logging +log_level = "info" +log_file = "/home/bitcoin/logs/sdk_storage.log" + +# Stockage de fichiers +file_storage_path = "/home/bitcoin/.4nk/files" +max_file_size = "100MB" + +# Sécurité +enable_tls = false +enable_auth = false diff --git a/conf/tor.conf b/conf/tor.conf index f782e46c..f21112cb 100644 --- a/conf/tor.conf +++ b/conf/tor.conf @@ -1,3 +1,38 @@ +# Configuration Tor pour 4NK_node +# Proxy SOCKS et contrôle + +# Répertoire de données DataDirectory /var/lib/tor +PidFile /var/lib/tor/tor.pid + +# Interface SOCKS SocksPort 9050 +SocksListenAddress 0.0.0.0 + +# Interface de contrôle ControlPort 9051 +ControlListenAddress 0.0.0.0 + +# Authentification du contrôle +CookieAuthentication 1 + +# Configuration des circuits +CircuitBuildTimeout 30 +LearnCircuitBuildTimeout 0 +EnforceDistinctSubnets 1 + +# Configuration des nœuds de sortie +ExitNodes {fr},{de},{nl},{ch} +StrictExitNodes 1 + +# Configuration des relais +RelayBandwidthRate 100 KB +RelayBandwidthBurst 200 KB + +# Logs +Log notice file /var/lib/tor/notice.log +Log info file /var/lib/tor/info.log +Log debug file /var/lib/tor/debug.log + +# Sécurité +SafeLogging 1 diff --git a/docker-compose.yml b/docker-compose.yml index cf284668..9455eb8c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,320 +1,39 @@ +version: '3.8' + services: tor: - build: ./tor - image: 4nk_node-tor - container_name: tor-proxy - networks: - btcnet: - aliases: - - tor + image: 4nk-node-tor:latest + container_name: 4nk-tor ports: - - "9050:9050" # Port SOCKS - - "9051:9051" # Port de contrôle - restart: unless-stopped + - "9050:9050" + - "9051:9051" volumes: - - ./tor/torrc:/etc/tor/torrc:ro - - ./tor/bridges.extra:/etc/tor/bridges.extra:ro - command: ["tor", "-f", "/etc/tor/torrc"] - healthcheck: - test: ["CMD-SHELL", "nc -z 127.0.0.1 9050"] - interval: 30s - timeout: 5s - retries: 3 + - tor_data:/var/lib/tor + - ./conf/tor.conf:/etc/tor/torrc:ro + networks: + - 4nk_network + restart: unless-stopped bitcoin: - build: ./bitcoin - container_name: bitcoin-signet + image: 4nk-node-bitcoin:latest + container_name: 4nk-bitcoin + ports: + - "38333:38333" + - "18443:18443" + - "29000:29000" + volumes: + - bitcoin_data:/home/bitcoin/.bitcoin + - ./conf/bitcoin.conf:/home/bitcoin/.bitcoin/bitcoin.conf:ro + networks: + - 4nk_network + restart: unless-stopped depends_on: - tor - volumes: - - bitcoin_data:/home/bitcoin/.bitcoin - - ./bitcoin/bitcoin.conf:/home/bitcoin/.bitcoin/bitcoin.conf - # ports supprimés: service interne uniquement - networks: - btcnet: - aliases: - - bitcoin - environment: - - TOR_HOST=tor - - TOR_PORT=9050 - restart: unless-stopped - healthcheck: - test: ["CMD", "bitcoin-cli", "-conf=/home/bitcoin/.bitcoin/bitcoin.conf", "getblockchaininfo"] - interval: 30s - timeout: 10s - retries: 3 - - blindbit: - build: ./blindbit - container_name: blindbit-oracle - depends_on: - - bitcoin - volumes: - - blindbit_data:/data - - ./blindbit/blindbit.toml:/data/blindbit.toml - - bitcoin_data:/home/bitcoin/.bitcoin - # ports supprimés: service interne uniquement - networks: - btcnet: - aliases: - - blindbit - restart: unless-stopped - - sdk_relay_1: - build: - context: .. - dockerfile: 4NK_node/sdk_relay/Dockerfile - container_name: sdk_relay_1 - depends_on: - bitcoin: - condition: service_healthy - blindbit: - condition: service_started - volumes: - - bitcoin_data:/home/bitcoin/.bitcoin - - ./bitcoin/bitcoin.conf:/home/bitcoin/.bitcoin/bitcoin.conf - - sdk_relay_1_data:/home/bitcoin/.4nk - - ./sdk_relay/.conf.docker.relay1:/home/bitcoin/.conf.docker - # ports supprimés: service utilisé via reverse proxy interne - networks: - btcnet: - aliases: - - sdk_relay_1 - logging: - driver: "json-file" - options: - max-size: "10m" - max-file: "3" - environment: - - RUST_LOG=debug,bitcoincore_rpc=trace - - HOME=/home/bitcoin - - BITCOIN_COOKIE_PATH=/home/bitcoin/.bitcoin/signet/.cookie - - ENABLE_SYNC_TEST=1 - restart: on-failure:3 - entrypoint: > - /bin/sh -c " - cp /home/bitcoin/.conf.docker /home/bitcoin/.conf && - cp /home/bitcoin/.bitcoin/signet/.cookie /home/bitcoin/.4nk/bitcoin.cookie && - chmod 600 /home/bitcoin/.4nk/bitcoin.cookie && - echo 'Configuration loaded:' && - cat /home/bitcoin/.conf && - echo 'Testing DNS resolution:' && - getent hosts bitcoin && - echo 'Testing connectivity:' && - curl -s --connect-timeout 5 http://bitcoin:18443 && - echo 'Bitcoin accessible via curl' && - echo 'Starting sdk_relay_1:' && - /usr/local/bin/sdk_relay serve --config .conf --ws 0.0.0.0:8090 --http 0.0.0.0:8091" - healthcheck: - test: ["CMD", "/usr/local/bin/healthcheck.sh"] - interval: 30s - timeout: 15s - retries: 3 - start_period: 60s - - sdk_relay_2: - build: - context: .. - dockerfile: 4NK_node/sdk_relay/Dockerfile - container_name: sdk_relay_2 - depends_on: - bitcoin: - condition: service_healthy - blindbit: - condition: service_started - volumes: - - bitcoin_data:/home/bitcoin/.bitcoin - - ./bitcoin/bitcoin.conf:/home/bitcoin/.bitcoin/bitcoin.conf - - sdk_relay_2_data:/home/bitcoin/.4nk - - ./sdk_relay/.conf.docker.relay2:/home/bitcoin/.conf.docker - # ports supprimés: service utilisé via reverse proxy interne - networks: - btcnet: - aliases: - - sdk_relay_2 - logging: - driver: "json-file" - options: - max-size: "10m" - max-file: "3" - environment: - - RUST_LOG=debug,bitcoincore_rpc=trace - - HOME=/home/bitcoin - - BITCOIN_COOKIE_PATH=/home/bitcoin/.bitcoin/signet/.cookie - - ENABLE_SYNC_TEST=1 - restart: on-failure:3 - entrypoint: > - /bin/sh -c " - cp /home/bitcoin/.conf.docker /home/bitcoin/.conf && - cp /home/bitcoin/.bitcoin/signet/.cookie /home/bitcoin/.4nk/bitcoin.cookie && - chmod 600 /home/bitcoin/.4nk/bitcoin.cookie && - echo 'Configuration loaded:' && - cat /home/bitcoin/.conf && - echo 'Testing DNS resolution:' && - getent hosts bitcoin && - echo 'Testing connectivity:' && - curl -s --connect-timeout 5 http://bitcoin:18443 && - echo 'Bitcoin accessible via curl' && - echo 'Starting sdk_relay_2:' && - /usr/local/bin/sdk_relay serve --config .conf --ws 0.0.0.0:8090 --http 0.0.0.0:8091" - healthcheck: - test: ["CMD", "/usr/local/bin/healthcheck.sh"] - interval: 30s - timeout: 15s - retries: 3 - start_period: 60s - - sdk_relay_3: - build: - context: .. - dockerfile: 4NK_node/sdk_relay/Dockerfile - container_name: sdk_relay_3 - depends_on: - bitcoin: - condition: service_healthy - blindbit: - condition: service_started - volumes: - - bitcoin_data:/home/bitcoin/.bitcoin - - ./bitcoin/bitcoin.conf:/home/bitcoin/.bitcoin/bitcoin.conf - - sdk_relay_3_data:/home/bitcoin/.4nk - - ./sdk_relay/.conf.docker.relay3:/home/bitcoin/.conf.docker - # ports supprimés: service utilisé via reverse proxy interne - networks: - btcnet: - aliases: - - sdk_relay_3 - logging: - driver: "json-file" - options: - max-size: "10m" - max-file: "3" - environment: - - RUST_LOG=debug,bitcoincore_rpc=trace - - HOME=/home/bitcoin - - BITCOIN_COOKIE_PATH=/home/bitcoin/.bitcoin/signet/.cookie - - ENABLE_SYNC_TEST=1 - restart: on-failure:3 - entrypoint: > - /bin/sh -c " - cp /home/bitcoin/.conf.docker /home/bitcoin/.conf && - cp /home/bitcoin/.bitcoin/signet/.cookie /home/bitcoin/.4nk/bitcoin.cookie && - chmod 600 /home/bitcoin/.4nk/bitcoin.cookie && - echo 'Configuration loaded:' && - cat /home/bitcoin/.conf && - echo 'Testing DNS resolution:' && - getent hosts bitcoin && - echo 'Testing connectivity:' && - curl -s --connect-timeout 5 http://bitcoin:18443 && - echo 'Bitcoin accessible via curl' && - echo 'Starting sdk_relay_3:' && - /usr/local/bin/sdk_relay serve --config .conf --ws 0.0.0.0:8090 --http 0.0.0.0:8091" - healthcheck: - test: ["CMD", "/usr/local/bin/healthcheck.sh"] - interval: 30s - timeout: 15s - retries: 3 - start_period: 60s - - ihm_client: - image: busybox:latest - container_name: 4nk-ihm-client - command: sh -c "sleep infinity" - volumes: - - ./ihm_client/dist:/usr/share/nginx/html:ro - networks: - - btcnet - - reverse_proxy: - image: nginx:alpine - container_name: 4nk-reverse-proxy - depends_on: - - sdk_relay_1 - - sdk_storage - volumes: - - ./proxy/nginx.conf:/etc/nginx/conf.d/default.conf:ro - - ./certs:/etc/nginx/certs:ro - - ./ihm_client/dist:/usr/share/nginx/html:ro - - ./acme:/var/www/certbot:ro - ports: - - "80:80" - - "443:443" - networks: - btcnet: - aliases: - - reverse_proxy - - sdk_storage: - build: - context: ../sdk_storage - dockerfile: Dockerfile - container_name: sdk-storage - restart: unless-stopped - entrypoint: > - /bin/sh -lc "chown -R 10001:10001 /app/storage || true; exec /usr/local/bin/sdk_storage --permanent" - networks: - btcnet: - aliases: - - sdk_storage - volumes: - - sdk_storage_data:/app/storage - # Service interne: aucun port exposé - - sdk_signer: - args: - GIT_BRANCH: master - build: - args: - GIT_BRANCH: master - context: ../sdk_signer - args: - GIT_BRANCH: master - dockerfile: Dockerfile - args: - GIT_BRANCH: master - container_name: sdk-signer - restart: unless-stopped - user: "0:0" - environment: - - PORT=9090 - - API_KEY=dev-change-me - - RELAY_URLS=ws://sdk_relay_1:8090 - - LOG_LEVEL=info - - DATABASE_PATH=/app/data/server.db - entrypoint: > - /bin/sh -lc "mkdir -p /app/data && chown -R nodejs:nodejs /app/data || true; \ - apk add --no-cache busybox-extras >/dev/null 2>&1 || true; \ - mkdir -p /tmp/health && printf 'ok' > /tmp/health/health; \ - ( /usr/sbin/httpd -f -h /tmp/health -p 9092 ) & \ - exec node -r ts-node/register/transpile-only src/index.ts" - networks: - btcnet: - aliases: - - sdk_signer - depends_on: - sdk_relay_1: - condition: service_started - volumes: - - sdk_signer_data:/app/data - # Service interne: aucun port exposé volumes: + tor_data: bitcoin_data: - name: 4nk_node_bitcoin_data - blindbit_data: - name: 4nk_node_blindbit_data - sdk_relay_1_data: - name: 4nk_node_sdk_relay_1_data - sdk_relay_2_data: - name: 4nk_node_sdk_relay_2_data - sdk_relay_3_data: - name: 4nk_node_sdk_relay_3_data - sdk_storage_data: - name: 4nk_node_sdk_storage_data - sdk_signer_data: - name: 4nk_node_sdk_signer_data networks: - btcnet: - name: 4nk_node_btcnet + 4nk_network: driver: bridge diff --git a/manage_services.sh b/manage_services.sh old mode 100755 new mode 100644 index f0b310b9..a9bf588e --- a/manage_services.sh +++ b/manage_services.sh @@ -1,111 +1 @@ #!/bin/bash - -# Script de gestion des services 4NK_node -set -e - -# Variables -COMPOSE_FILE="docker-compose.yml" -SERVICES=("tor-proxy" "bitcoin-signet" "blindbit-oracle" "sdk_relay_1" "sdk_relay_2" "sdk_relay_3" "sdk_signer" "sdk_storage" "ihm_client" "reverse_proxy") - -# Fonction d'aide -show_help() { - echo "🔧 Gestionnaire des services 4NK_node" - echo "" - echo "Usage: $0 [COMMANDE]" - echo "" - echo "Commandes:" - echo " start Démarrer tous les services" - echo " stop Arrêter tous les services" - echo " restart Redémarrer tous les services" - echo " status Afficher le statut des services" - echo " logs Afficher les logs de tous les services" - echo " logs [SVC] Afficher les logs d'un service spécifique" - echo " build Construire tous les modules" - echo " clean Nettoyer les containers et volumes" - echo " help Afficher cette aide" - echo "" - echo "Services disponibles:" - printf " %s\n" "${SERVICES[@]}" -} - -# Fonction pour démarrer les services -start_services() { - echo "🚀 Démarrage des services 4NK_node..." - docker compose -f "$COMPOSE_FILE" up -d - echo "✅ Services démarrés" -} - -# Fonction pour arrêter les services -stop_services() { - echo "🛑 Arrêt des services 4NK_node..." - docker compose -f "$COMPOSE_FILE" down - echo "✅ Services arrêtés" -} - -# Fonction pour redémarrer les services -restart_services() { - echo "🔄 Redémarrage des services 4NK_node..." - docker compose -f "$COMPOSE_FILE" restart - echo "✅ Services redémarrés" -} - -# Fonction pour afficher le statut -show_status() { - echo "📊 Statut des services 4NK_node..." - docker compose -f "$COMPOSE_FILE" ps -} - -# Fonction pour afficher les logs -show_logs() { - local service=$1 - - if [ -z "$service" ]; then - echo "📋 Logs de tous les services..." - docker compose -f "$COMPOSE_FILE" logs --tail=50 - else - echo "📋 Logs du service $service..." - docker compose -f "$COMPOSE_FILE" logs --tail=50 "$service" - fi -} - -# Fonction pour construire les modules -build_modules() { - echo "🏗️ Construction des modules..." - ./build_modules.sh -} - -# Fonction pour nettoyer -clean_services() { - echo "🧹 Nettoyage des services..." - docker compose -f "$COMPOSE_FILE" down -v --remove-orphans - docker system prune -f - echo "✅ Nettoyage terminé" -} - -# Gestion des commandes -case "${1:-help}" in - start) - start_services - ;; - stop) - stop_services - ;; - restart) - restart_services - ;; - status) - show_status - ;; - logs) - show_logs "$2" - ;; - build) - build_modules - ;; - clean) - clean_services - ;; - help|*) - show_help - ;; -esac diff --git a/modules/bitcoin/Dockerfile b/modules/bitcoin/Dockerfile index f9918c3c..7d64dbec 100644 --- a/modules/bitcoin/Dockerfile +++ b/modules/bitcoin/Dockerfile @@ -1 +1,9 @@ -FROM bitcoin/bitcoin-core:25.0 +FROM alpine:latest +RUN apk add --no-cache bitcoin curl +RUN addgroup -g 1001 bitcoinuser && adduser -D -s /bin/sh -u 1001 -G bitcoinuser bitcoinuser +RUN mkdir -p /home/bitcoin/.bitcoin/signet && chown -R bitcoinuser:bitcoinuser /home/bitcoin +COPY conf/bitcoin.conf /home/bitcoin/bitcoin.conf +USER bitcoinuser +WORKDIR /home/bitcoin +EXPOSE 38333 18443 29000 +CMD ["bitcoind", "-signet", "-conf=/home/bitcoin/bitcoin.conf"] diff --git a/modules/tor/Dockerfile b/modules/tor/Dockerfile index 76d19dec..0740d12e 100644 --- a/modules/tor/Dockerfile +++ b/modules/tor/Dockerfile @@ -1,5 +1,8 @@ FROM alpine:latest RUN apk add --no-cache tor curl +RUN addgroup -g 1001 toruser && adduser -D -s /bin/sh -u 1001 -G toruser toruser +RUN mkdir -p /var/lib/tor && chown -R toruser:toruser /var/lib/tor COPY conf/tor.conf /etc/tor/torrc +USER toruser EXPOSE 9050 9051 CMD ["tor"] diff --git a/proxy/nginx.conf b/proxy/nginx.conf deleted file mode 100644 index 5efa3fe8..00000000 --- a/proxy/nginx.conf +++ /dev/null @@ -1,117 +0,0 @@ -server { - listen 80; - server_name dev4.4nkweb.com; - - # ACME HTTP-01 challenge (Let’s Encrypt) - location ^~ /.well-known/acme-challenge/ { - alias /var/www/certbot/.well-known/acme-challenge/; - default_type text/plain; - try_files $uri =404; - } - - # Redirection par défaut vers HTTPS - location / { - return 301 https://$host$request_uri; - } -} - -server { - listen 443 ssl http2; - server_name _; - - ssl_certificate /etc/nginx/certs/server.crt; - ssl_certificate_key /etc/nginx/certs/server.key; - ssl_session_cache shared:SSL:10m; - ssl_session_timeout 10m; - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers HIGH:!aNULL:!MD5; - - # Sécurité de base - add_header X-Frame-Options SAMEORIGIN always; - add_header X-Content-Type-Options nosniff always; - add_header X-XSS-Protection "1; mode=block" always; - add_header Referrer-Policy "strict-origin-when-cross-origin" always; - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - # CSP minimale (adapter selon besoins) - add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' ws: wss: http: https:; img-src 'self' data:;" always; - - # Résolveur DNS Docker pour les upstreams dynamiques - resolver 127.0.0.11 ipv6=off valid=10s; - - # ihm_client statique servi directement - root /usr/share/nginx/html; - index index.html; - - # Types MIME (WASM/ESM) - include /etc/nginx/mime.types; - types { - application/javascript mjs; - application/wasm wasm; - } - location / { - try_files $uri $uri/ /index.html; - } - - # API http sdk_relay - location /api/ { - proxy_pass http://sdk_relay_1:8091/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - - # sdk_storage HTTP (tide 8081) - location /storage/ { - proxy_pass http://sdk_storage:8081/; - proxy_http_version 1.1; - proxy_set_header Host sdk_storage; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_read_timeout 60s; - proxy_send_timeout 60s; - } - - # WebSocket sdk_relay - location /ws/ { - proxy_pass http://sdk_relay_1:8090; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_read_timeout 86400; - proxy_send_timeout 86400; - } - - # WebSocket sdk_signer (port 9090) - location /signer/ws/ { - set $signer_upstream sdk_signer:9090; - proxy_pass http://$signer_upstream; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host sdk_signer; - proxy_set_header Origin "http://sdk_signer:9090"; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_buffering off; - proxy_read_timeout 86400; - proxy_send_timeout 86400; - } - - # Healthcheck sdk_signer HTTP - location /signer/health { - proxy_pass http://sdk_signer:9092/health; - proxy_set_header Host sdk_signer; - } - - # Healthcheck simple - location = /health { - return 200; - } -} diff --git a/scripts/manage_auth.sh b/scripts/manage_auth.sh new file mode 100755 index 00000000..e6fb2460 --- /dev/null +++ b/scripts/manage_auth.sh @@ -0,0 +1,177 @@ +#!/bin/bash + +# Script de gestion de l'authentification et des fichiers partagés +# pour la stack 4NK_node + +set -e + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +PROJECT_DIR="$(dirname "$SCRIPT_DIR")" + +echo "🔐 Gestion de l'authentification et des fichiers partagés 4NK_node" + +# Fonction pour vérifier si un conteneur est en cours d'exécution +container_running() { + docker ps --format "table {{.Names}}" | grep -q "$1" +} + +# Fonction pour attendre qu'un conteneur soit prêt +wait_for_container() { + local container_name="$1" + local max_wait=60 + local wait_time=0 + + echo "⏳ Attente que le conteneur $container_name soit prêt..." + + while [ $wait_time -lt $max_wait ]; do + if container_running "$container_name"; then + echo "✅ Conteneur $container_name est prêt" + return 0 + fi + sleep 2 + wait_time=$((wait_time + 2)) + done + + echo "❌ Timeout en attendant le conteneur $container_name" + return 1 +} + +# Fonction pour vérifier et créer le fichier .cookie +setup_bitcoin_cookie() { + echo "🔍 Configuration du fichier .cookie Bitcoin..." + + if ! container_running "4nk-bitcoin"; then + echo "❌ Le conteneur Bitcoin n'est pas en cours d'exécution" + return 1 + fi + + # Attendre que Bitcoin soit complètement démarré + wait_for_container "4nk-bitcoin" + sleep 10 + + # Vérifier si le fichier .cookie existe + if docker exec 4nk-bitcoin test -f /home/bitcoin/.bitcoin/signet/.cookie; then + echo "✅ Fichier .cookie Bitcoin trouvé" + + # Afficher les informations du cookie + echo "📋 Informations du fichier .cookie :" + docker exec 4nk-bitcoin ls -la /home/bitcoin/.bitcoin/signet/.cookie + docker exec 4nk-bitcoin cat /home/bitcoin/.bitcoin/signet/.cookie | head -1 + + # Vérifier les permissions + local perms=$(docker exec 4nk-bitcoin stat -c "%a" /home/bitcoin/.bitcoin/signet/.cookie) + echo "🔐 Permissions du fichier .cookie : $perms" + + # S'assurer que les permissions sont correctes (600) + if [ "$perms" != "600" ]; then + echo "🔧 Correction des permissions du fichier .cookie..." + docker exec 4nk-bitcoin chmod 600 /home/bitcoin/.bitcoin/signet/.cookie + fi + + return 0 + else + echo "❌ Fichier .cookie Bitcoin non trouvé" + echo "📋 Logs Bitcoin récents :" + docker logs 4nk-bitcoin --tail 10 + + return 1 + fi +} + +# Fonction pour vérifier l'accès au fichier .cookie depuis d'autres services +verify_cookie_access() { + echo "🔍 Vérification de l'accès au fichier .cookie depuis d'autres services..." + + local services=("4nk-blindbit" "4nk-sdk-relay1" "4nk-sdk-relay2" "4nk-sdk-relay3" "4nk-sdk-storage" "4nk-sdk-signer") + + for service in "${services[@]}"; do + if container_running "$service"; then + echo "🔍 Vérification de $service..." + + if docker exec "$service" test -f /home/bitcoin/.bitcoin/signet/.cookie; then + echo "✅ $service peut accéder au fichier .cookie" + + # Vérifier les permissions + local perms=$(docker exec "$service" stat -c "%a" /home/bitcoin/.bitcoin/signet/.cookie) + echo " Permissions : $perms" + + # Vérifier la lisibilité + if docker exec "$service" test -r /home/bitcoin/.bitcoin/signet/.cookie; then + echo " ✅ Fichier lisible" + else + echo " ❌ Fichier non lisible" + fi + else + echo "❌ $service ne peut pas accéder au fichier .cookie" + fi + else + echo "⏸️ $service n'est pas en cours d'exécution" + fi + done +} + +# Fonction pour tester la connectivité RPC +test_rpc_connectivity() { + echo "🔍 Test de la connectivité RPC..." + + if ! container_running "4nk-bitcoin"; then + echo "❌ Bitcoin n'est pas en cours d'exécution" + return 1 + fi + + # Attendre que Bitcoin soit prêt + sleep 5 + + # Test de la connectivité RPC via curl + echo "📡 Test de la connectivité RPC via HTTP..." + if docker exec 4nk-bitcoin curl -s --connect-timeout 5 http://localhost:18443 > /dev/null 2>&1; then + echo "✅ Connectivité RPC HTTP OK" + return 0 + else + echo "❌ Connectivité RPC HTTP échouée" + return 1 + fi +} + +# Fonction pour afficher le statut des volumes partagés +show_shared_volumes() { + echo "🔍 Statut des volumes partagés..." + + echo "📊 Volumes Docker :" + docker volume ls | grep 4nk_node || echo "Aucun volume 4nk_node trouvé" + + echo "📊 Volumes partagés dans docker-compose :" + if [ -f "$PROJECT_DIR/docker-compose.yml" ]; then + grep -A 5 -B 5 "shared_auth" "$PROJECT_DIR/docker-compose.yml" || echo "Volume shared_auth non trouvé" + fi +} + +# Fonction principale +main() { + case "${1:-all}" in + "cookie") + setup_bitcoin_cookie + ;; + "access") + verify_cookie_access + ;; + "rpc") + test_rpc_connectivity + ;; + "volumes") + show_shared_volumes + ;; + "all"|*) + echo "🚀 Exécution de toutes les vérifications..." + setup_bitcoin_cookie + verify_cookie_access + test_rpc_connectivity + show_shared_volumes + ;; + esac + + echo "✅ Gestion de l'authentification terminée" +} + +# Exécution du script +main "$@"