4nk/4NK_node
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

chore: centralise conf, HTTP-only nginx, RPC 38332, remove cookie, fix network CIDR, drop *.backup from VCS
Some checks failed
CI - 4NK_node / Code Quality (push) Failing after 46s
Details
CI - 4NK_node / Unit Tests (push) Failing after 30s
Details
CI - 4NK_node / Integration Tests (push) Failing after 11s
Details
CI - 4NK_node / Security Tests (push) Failing after 29s
Details
CI - 4NK_node / Docker Build & Test (push) Failing after 10s
Details
CI - 4NK_node / Documentation Tests (push) Failing after 3s
Details
CI - 4NK_node / Security Audit (push) Successful in 3s
Details
CI - 4NK_node / Release Guard (push) Has been skipped
Details
CI - 4NK_node / Performance Tests (push) Successful in 29s
Details
CI - 4NK_node / Notify (push) Failing after 2s
Details
CI - 4NK_node / Publish Release (push) Has been skipped
Details

Browse Source
This commit is contained in:
Debian 2025-09-02 11:14:04 +00:00
parent d0a8758bb7
commit fe3012ef2f
19 changed files with 587 additions and 722 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ARCHITECTURE_CORRECTION.md
View File

@ -1 +0,0 @@
# 🏗️ Correction de l'Architecture 4NK_node

129
build_modules.sh
View File

@ -1,107 +1,52 @@
#!/bin/bash #!/bin/bash
# Script de build pour tous les modules 4NK_node # Script de construction des modules 4NK_node
set -e set -e
echo "🏗️ Construction des modules 4NK_node..." echo "🏗️ Construction des modules 4NK_node..."
# Variables # Fonction pour construire un module spécifique
REGISTRY="4nk-node"
TAG="latest"
# Fonction pour construire un module
build_module() { build_module() {
local module=$1 local module_name="$1"
local dockerfile=$2 local module_dir="modules/$module_name"
echo "🔨 Construction de $module..." if [ ! -d "$module_dir" ]; then
echo "❌ Module $module_name non trouvé dans $module_dir"
if [ -f "$dockerfile" ]; then return 1
docker build -t "$REGISTRY-$module:$TAG" -f "$dockerfile" . fi
echo "$module construit avec succès"
echo "🔨 Construction de $module_name..."
# Construire l'image Docker
docker build -t "4nk-node-$module_name:latest" "$module_dir"
if [ $? -eq 0 ]; then
echo "✅ Module $module_name construit avec succès"
else else
echo "❌ Dockerfile non trouvé pour $module: $dockerfile" echo "Échec de la construction du module $module_name"
return 1 return 1
fi fi
} }
# Construction des modules # Construction de tous les modules si aucun argument n'est fourni
echo "📦 Construction des modules..." if [ $# -eq 0 ]; then
echo "📦 Construction de tous les modules..."
# sdk_signer
if [ -d "../sdk_signer" ]; then
echo "🔨 Construction de sdk_signer depuis docker-support-v2..."
cd ../sdk_signer
git checkout docker-support-v2
git pull origin docker-support-v2
cd ../4NK_node
build_module "sdk_signer" "modules/sdk_signer/Dockerfile"
else
echo "⚠️ Répertoire sdk_signer non trouvé"
fi
# sdk_storage
if [ -d "../sdk_storage" ]; then
echo "🔨 Construction de sdk_storage depuis docker-support-v2..."
cd ../sdk_storage
git checkout docker-support-v2
git pull origin docker-support-v2
cd ../4NK_node
build_module "sdk_storage" "modules/sdk_storage/Dockerfile"
else
echo "⚠️ Répertoire sdk_storage non trouvé"
fi
# ihm_client
if [ -d "../ihm_client" ]; then
echo "🔨 Construction de ihm_client depuis docker-support-v2..."
cd ../ihm_client
git checkout docker-support-v2
git pull origin docker-support-v2
cd ../4NK_node
build_module "ihm_client" "modules/ihm_client/Dockerfile"
else
echo "⚠️ Répertoire ihm_client non trouvé"
fi
# sdk_relay1, sdk_relay2, sdk_relay3
if [ -d "../sdk_relay" ]; then
echo "🔨 Construction des relays depuis docker-support-v2..."
cd ../sdk_relay
git checkout docker-support-v2
git pull origin docker-support-v2
cd ../4NK_node
# Construire les 3 instances de relay # Modules de base
for i in 1 2 3; do build_module "tor"
echo "🔨 Construction de sdk_relay$i..." build_module "bitcoin"
build_module "sdk_relay$i" "modules/sdk_relay$i/Dockerfile"
done # Modules applicatifs
build_module "blindbit"
build_module "sdk_relay1"
build_module "sdk_relay2"
build_module "sdk_relay3"
build_module "sdk_storage"
build_module "sdk_signer"
build_module "ihm_client"
echo "🎉 Tous les modules ont été construits !"
else else
echo "⚠️ Répertoire sdk_relay non trouvé" # Construction d'un module spécifique
build_module "$1"
fi fi
# bitcoin
echo "🔨 Construction de bitcoin..."
build_module "bitcoin" "modules/bitcoin/Dockerfile"
# blindbit
if [ -d "../blindbit" ]; then
echo "🔨 Construction de blindbit depuis docker-support-v2..."
cd ../blindbit
git checkout docker-support-v2
git pull origin docker-support-v2
cd ../4NK_node
build_module "blindbit" "modules/blindbit/Dockerfile"
else
echo "⚠️ Répertoire blindbit non trouvé"
fi
# tor
echo "🔨 Construction de tor..."
build_module "tor" "modules/tor/Dockerfile"
echo "🎉 Construction de tous les modules terminée !"
echo ""
echo "📋 Images construites :"
docker images | grep "$REGISTRY-"

81
build_modules.sh.backup
View File

@ -1,81 +0,0 @@
#!/bin/bash
# Script de build pour tous les modules 4NK_node
set -e
echo "🏗️ Construction des modules 4NK_node..."
# Variables
REGISTRY="4nk-node"
TAG="latest"
# Fonction pour construire un module
build_module() {
local module=$1
local dockerfile=$2
echo "🔨 Construction de $module..."
if [ -f "$dockerfile" ]; then
cd modules/$module && docker build -t "$REGISTRY-$module:$TAG" . && cd ../../
echo "✅ $module construit avec succès"
else
echo "❌ Dockerfile non trouvé pour $module: $dockerfile"
return 1
fi
}
# Construction des modules
echo "📦 Construction des modules..."
# sdk_signer
if [ -d "../sdk_signer" ]; then
echo "📁 Copie du code sdk_signer depuis docker-support-v2..."
cd ../sdk_signer
git checkout docker-support-v2
git pull origin docker-support-v2
cd ../4NK_node
cp -r ../sdk_signer/* modules/sdk_signer/
build_module "sdk_signer" "modules/sdk_signer/Dockerfile"
else
echo "⚠️ Répertoire sdk_signer non trouvé"
fi
if [ -d "../sdk_signer" ]; then
echo "📁 Copie du code sdk_signer..."
cp -r ../sdk_signer/* modules/sdk_signer/
build_module "sdk_signer" "modules/sdk_signer/Dockerfile"
else
echo "⚠️ Répertoire sdk_signer non trouvé"
fi
# sdk_storage
if [ -d "../sdk_storage" ]; then
echo "📁 Copie du code sdk_storage..."
cp -r ../sdk_storage/* modules/sdk_storage/
build_module "sdk_storage" "modules/sdk_storage/Dockerfile"
else
echo "⚠️ Répertoire sdk_storage non trouvé"
fi
# ihm_client
if [ -d "../ihm_client" ]; then
echo "📁 Copie du code ihm_client..."
cp -r ../ihm_client/* modules/ihm_client/
build_module "ihm_client" "modules/ihm_client/Dockerfile"
else
echo "⚠️ Répertoire ihm_client non trouvé"
fi
# sdk_relay
if [ -d "../sdk_relay" ]; then
echo "📁 Copie du code sdk_relay..."
cp -r ../sdk_relay/* modules/sdk_relay/
build_module "sdk-relay" "modules/sdk_relay/Dockerfile"
else
echo "⚠️ Répertoire sdk_relay non trouvé"
fi
echo "🎉 Construction de tous les modules terminée !"
echo ""
echo "📋 Images construites :"
docker images | grep "$REGISTRY-"

50
conf/bitcoin.conf
View File

@ -1 +1,49 @@
# Configuration Bitcoin Core pour Docker 4NK_node # Configuration Bitcoin Core Signet pour Docker 4NK_node
# Configuration globale
datadir=/home/bitcoin/.bitcoin
server=1
txindex=1
debug=1
loglevel=debug
logthreadnames=1
signet=1
onion=4nk-tor:9050
listenonion=1
proxy=4nk-tor:9050
listen=1
# Paramètres RPC
# Auth cookie supprimée: on restreint par réseau Docker (réseau épinglé)
rpcallowip=172.24.0.0/16
rpcworkqueue=32
rpcthreads=4
rpcdoccheck=1
# Paramètres ZMQ
zmqpubhashblock=tcp://0.0.0.0:29000
zmqpubrawtx=tcp://0.0.0.0:29000
# Configuration spécifique du signet custom
[signet]
whitelist=download@127.0.0.1
txindex=1
proxy=4nk-tor:9050
listenonion=1
listen=1
signetchallenge=0020341c43803863c252df326e73574a27d7e19322992061017b0dc893e2eab90821
addnode=6xi33lwwslsx3yi3f7c56wnqtdx4v73vj2up3prrwebpwbz6qisnqbyd.onion:38333
addnode=d6i546e2sjezhyy2eupyc2wqtbgjnkubcjd4prhqurtlmp7nsp6yxqyd.onion:38333
# Ports Signet (P2P et RPC)
port=38333
rpcport=38332
fallbackfee=0.0001
zmqpubrawblock=tcp://0.0.0.0:29000
zmqpubrawtx=tcp://0.0.0.0:29000
#zmqpubhashtx=tcp://0.0.0.0:29000
zmqpubhashblock=tcp://0.0.0.0:29000
#zmqpubsequence=tcp://0.0.0.0:29000
blockfilterindex=1

26
conf/blindbit.toml
View File

@ -1 +1,25 @@
# Configuration pour blindbit-oracle Docker 4NK_node # Configuration pour blindbit-oracle
host = "0.0.0.0:8000"
# Définit la chaîne sur laquelle le wallet fonctionne
chain = "signet"
# Point d'accès RPC Bitcoin (sans cookie, autorisé par rpcallowip)
rpc_endpoint = "http://4nk-bitcoin:38332"
# Auth RPC non requise (bitcoin.conf restreint par rpcallowip)
rpc_user = ""
rpc_pass = ""
# Hauteur de départ pour la synchronisation
sync_start_height = 1
# Paramètres de performance
max_parallel_tweak_computations = 4
max_parallel_requests = 4
# Configuration des index
tweaks_only = 0
tweaks_full_basic = 1
tweaks_full_with_dust_filter = 1
tweaks_cut_through_with_dust_filter = 1

43
conf/ihm_client.conf Normal file
View File

@ -0,0 +1,43 @@
# Configuration ihm_client - Module 4NK_node
# URLs des services
sdk_signer_url = "http://4nk-sdk-signer:9090"
sdk_storage_url = "http://4nk-sdk-storage:8081"
sdk_relay1_url = "http://4nk-sdk-relay1:8091"
sdk_relay2_url = "http://4nk-sdk-relay2:8093"
sdk_relay3_url = "http://4nk-sdk-relay3:8095"
# WebSocket URLs
sdk_relay1_ws = "ws://4nk-sdk-relay1:8090"
sdk_relay2_ws = "ws://4nk-sdk-relay2:8092"
sdk_relay3_ws = "ws://4nk-sdk-relay3:8094"
# Configuration réseau
network_type = "signet"
bitcoin_rpc_url = "http://4nk-bitcoin:18443"
# Ports
ui_port = 8080
api_port = 8080
# Sécurité
cors_enabled = true
cors_origins = ["*"]
rate_limit_enabled = true
rate_limit_requests = 100
rate_limit_window = 60
session_timeout = 3600
# Timeouts
request_timeout = 30
connection_timeout = 10
# Logging
log_level = "info"
log_file = "/app/logs/ihm_client.log"
log_max_size = "100MB"
log_max_files = 5
# Mode développement
dev_mode = true
debug_enabled = true

108
conf/nginx.conf Normal file
View File

@ -0,0 +1,108 @@
# Configuration Nginx Reverse Proxy - Module 4NK_node
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Logs centralisés
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# Gzip compression
gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
# Upstream servers
upstream ihm_client {
server 4nk-ihm-client:8080;
}
upstream sdk_relay1 {
server 4nk-sdk-relay1:8091;
}
upstream sdk_storage {
server 4nk-sdk-storage:8081;
}
upstream sdk_signer {
server 4nk-sdk-signer:9090;
}
# HTTP server only (no TLS)
server {
listen 80;
server_name _;
# IHM Client
location / {
proxy_pass http://ihm_client;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# SDK Relay 1 API
location /api/relay1/ {
proxy_pass http://sdk_relay1/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# SDK Relay 1 WebSocket
location /ws/relay1/ {
proxy_pass http://4nk-sdk-relay1:8090/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# SDK Storage
location /api/storage/ {
proxy_pass http://sdk_storage/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# SDK Signer
location /api/signer/ {
proxy_pass http://sdk_signer/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# SDK Signer WebSocket
location /ws/signer/ {
proxy_pass http://4nk-sdk-signer:9090/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Health check endpoint
location /health {
access_log off;
return 200 "healthy\n";
add_header Content-Type text/plain;
}
}
}

8
conf/sdk_relay1.conf
View File

@ -1,17 +1,17 @@
# Configuration sdk_relay pour Docker # Configuration sdk_relay pour Docker
# Services connectés via réseau Docker # Services connectés via réseau Docker
# Bitcoin Core RPC (utilise le nom d'hôte Docker et le cookie) # Bitcoin Core RPC (sans cookie, autorisé par rpcallowip)
core_url=http://bitcoin:18443 core_url=http://4nk-bitcoin:38332
core_wallet=relay_wallet core_wallet=relay_wallet
ws_url=0.0.0.0:8090 ws_url=0.0.0.0:8090
http_url=0.0.0.0:8091 http_url=0.0.0.0:8091
wallet_name=relay_wallet.json wallet_name=relay_wallet.json
network=signet network=signet
blindbit_url=http://blindbit:8000 blindbit_url=http://blindbit:8000
zmq_url=tcp://bitcoin:29000 zmq_url=tcp://4nk-bitcoin:29000
data_dir=.4nk data_dir=.4nk
cookie_path=/home/bitcoin/.bitcoin/signet/.cookie # cookie non utilisé
# Mode développement # Mode développement
dev_mode=true dev_mode=true

8
conf/sdk_relay2.conf
View File

@ -1,17 +1,17 @@
# Configuration sdk_relay pour Docker # Configuration sdk_relay pour Docker
# Services connectés via réseau Docker # Services connectés via réseau Docker
# Bitcoin Core RPC (utilise le nom d'hôte Docker et le cookie) # Bitcoin Core RPC (sans cookie, autorisé par rpcallowip)
core_url=http://bitcoin:18443 core_url=http://4nk-bitcoin:38332
core_wallet=relay_wallet core_wallet=relay_wallet
ws_url=0.0.0.0:8090 ws_url=0.0.0.0:8090
http_url=0.0.0.0:8091 http_url=0.0.0.0:8091
wallet_name=relay_wallet.json wallet_name=relay_wallet.json
network=signet network=signet
blindbit_url=http://blindbit:8000 blindbit_url=http://blindbit:8000
zmq_url=tcp://bitcoin:29000 zmq_url=tcp://4nk-bitcoin:29000
data_dir=.4nk data_dir=.4nk
cookie_path=/home/bitcoin/.bitcoin/signet/.cookie # cookie non utilisé
# Mode développement # Mode développement
dev_mode=true dev_mode=true

8
conf/sdk_relay3.conf
View File

@ -1,17 +1,17 @@
# Configuration sdk_relay pour Docker # Configuration sdk_relay pour Docker
# Services connectés via réseau Docker # Services connectés via réseau Docker
# Bitcoin Core RPC (utilise le nom d'hôte Docker et le cookie) # Bitcoin Core RPC (sans cookie, autorisé par rpcallowip)
core_url=http://bitcoin:18443 core_url=http://4nk-bitcoin:38332
core_wallet=relay_wallet core_wallet=relay_wallet
ws_url=0.0.0.0:8090 ws_url=0.0.0.0:8090
http_url=0.0.0.0:8091 http_url=0.0.0.0:8091
wallet_name=relay_wallet.json wallet_name=relay_wallet.json
network=signet network=signet
blindbit_url=http://blindbit:8000 blindbit_url=http://blindbit:8000
zmq_url=tcp://bitcoin:29000 zmq_url=tcp://4nk-bitcoin:29000
data_dir=.4nk data_dir=.4nk
cookie_path=/home/bitcoin/.bitcoin/signet/.cookie # cookie non utilisé
# Mode développement # Mode développement
dev_mode=true dev_mode=true

31
conf/sdk_signer.conf Normal file
View File

@ -0,0 +1,31 @@
# Configuration sdk_signer - Module 4NK_node
# Ports
ws_port = 9090
http_port = 9092
# URLs des services
relay_urls = ["http://4nk-sdk-relay1:8091", "http://4nk-sdk-relay2:8093", "http://4nk-sdk-relay3:8095"]
storage_url = "http://4nk-sdk-storage:8081"
blindbit_url = "http://4nk-blindbit:8000"
bitcoin_rpc_url = "http://4nk-bitcoin:38332"
# Authentification Bitcoin
bitcoin_rpc_user = ""
bitcoin_rpc_password = ""
# Mode développement
dev_mode = true
debug_level = "info"
# Limites de connexions
max_connections = 100
timeout = 30
# Logging
log_level = "info"
log_file = "/home/bitcoin/logs/sdk_signer.log"
# Sécurité
enable_tls = false
enable_auth = false

33
conf/sdk_storage.conf Normal file
View File

@ -0,0 +1,33 @@
# Configuration sdk_storage - Module 4NK_node
# Port d'écoute
http_port = 8081
# Base de données
db_path = "/home/bitcoin/.4nk/storage.db"
# URLs des services
relay_urls = ["http://4nk-sdk-relay1:8091", "http://4nk-sdk-relay2:8093", "http://4nk-sdk-relay3:8095"]
bitcoin_rpc_url = "http://4nk-bitcoin:38332"
bitcoin_rpc_user = ""
bitcoin_rpc_password = ""
# Mode développement
dev_mode = true
debug_level = "info"
# Limites de connexions
max_connections = 100
timeout = 30
# Logging
log_level = "info"
log_file = "/home/bitcoin/logs/sdk_storage.log"
# Stockage de fichiers
file_storage_path = "/home/bitcoin/.4nk/files"
max_file_size = "100MB"
# Sécurité
enable_tls = false
enable_auth = false

35
conf/tor.conf
View File

@ -1,3 +1,38 @@
# Configuration Tor pour 4NK_node
# Proxy SOCKS et contrôle
# Répertoire de données
DataDirectory /var/lib/tor DataDirectory /var/lib/tor
PidFile /var/lib/tor/tor.pid
# Interface SOCKS
SocksPort 9050 SocksPort 9050
SocksListenAddress 0.0.0.0
# Interface de contrôle
ControlPort 9051 ControlPort 9051
ControlListenAddress 0.0.0.0
# Authentification du contrôle
CookieAuthentication 1
# Configuration des circuits
CircuitBuildTimeout 30
LearnCircuitBuildTimeout 0
EnforceDistinctSubnets 1
# Configuration des nœuds de sortie
ExitNodes {fr},{de},{nl},{ch}
StrictExitNodes 1
# Configuration des relais
RelayBandwidthRate 100 KB
RelayBandwidthBurst 200 KB
# Logs
Log notice file /var/lib/tor/notice.log
Log info file /var/lib/tor/info.log
Log debug file /var/lib/tor/debug.log
# Sécurité
SafeLogging 1

331
docker-compose.yml
View File

@ -1,320 +1,39 @@
version: '3.8'
services: services:
tor: tor:
build: ./tor image: 4nk-node-tor:latest
image: 4nk_node-tor container_name: 4nk-tor
container_name: tor-proxy
networks:
btcnet:
aliases:
- tor
ports: ports:
- "9050:9050" # Port SOCKS - "9050:9050"
- "9051:9051" # Port de contrôle - "9051:9051"
restart: unless-stopped
volumes: volumes:
- ./tor/torrc:/etc/tor/torrc:ro - tor_data:/var/lib/tor
- ./tor/bridges.extra:/etc/tor/bridges.extra:ro - ./conf/tor.conf:/etc/tor/torrc:ro
command: ["tor", "-f", "/etc/tor/torrc"] networks:
healthcheck: - 4nk_network
test: ["CMD-SHELL", "nc -z 127.0.0.1 9050"] restart: unless-stopped
interval: 30s
timeout: 5s
retries: 3
bitcoin: bitcoin:
build: ./bitcoin image: 4nk-node-bitcoin:latest
container_name: bitcoin-signet container_name: 4nk-bitcoin
ports:
- "38333:38333"
- "18443:18443"
- "29000:29000"
volumes:
- bitcoin_data:/home/bitcoin/.bitcoin
- ./conf/bitcoin.conf:/home/bitcoin/.bitcoin/bitcoin.conf:ro
networks:
- 4nk_network
restart: unless-stopped
depends_on: depends_on:
- tor - tor
volumes:
- bitcoin_data:/home/bitcoin/.bitcoin
- ./bitcoin/bitcoin.conf:/home/bitcoin/.bitcoin/bitcoin.conf
# ports supprimés: service interne uniquement
networks:
btcnet:
aliases:
- bitcoin
environment:
- TOR_HOST=tor
- TOR_PORT=9050
restart: unless-stopped
healthcheck:
test: ["CMD", "bitcoin-cli", "-conf=/home/bitcoin/.bitcoin/bitcoin.conf", "getblockchaininfo"]
interval: 30s
timeout: 10s
retries: 3
blindbit:
build: ./blindbit
container_name: blindbit-oracle
depends_on:
- bitcoin
volumes:
- blindbit_data:/data
- ./blindbit/blindbit.toml:/data/blindbit.toml
- bitcoin_data:/home/bitcoin/.bitcoin
# ports supprimés: service interne uniquement
networks:
btcnet:
aliases:
- blindbit
restart: unless-stopped
sdk_relay_1:
build:
context: ..
dockerfile: 4NK_node/sdk_relay/Dockerfile
container_name: sdk_relay_1
depends_on:
bitcoin:
condition: service_healthy
blindbit:
condition: service_started
volumes:
- bitcoin_data:/home/bitcoin/.bitcoin
- ./bitcoin/bitcoin.conf:/home/bitcoin/.bitcoin/bitcoin.conf
- sdk_relay_1_data:/home/bitcoin/.4nk
- ./sdk_relay/.conf.docker.relay1:/home/bitcoin/.conf.docker
# ports supprimés: service utilisé via reverse proxy interne
networks:
btcnet:
aliases:
- sdk_relay_1
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
environment:
- RUST_LOG=debug,bitcoincore_rpc=trace
- HOME=/home/bitcoin
- BITCOIN_COOKIE_PATH=/home/bitcoin/.bitcoin/signet/.cookie
- ENABLE_SYNC_TEST=1
restart: on-failure:3
entrypoint: >
/bin/sh -c "
cp /home/bitcoin/.conf.docker /home/bitcoin/.conf &&
cp /home/bitcoin/.bitcoin/signet/.cookie /home/bitcoin/.4nk/bitcoin.cookie &&
chmod 600 /home/bitcoin/.4nk/bitcoin.cookie &&
echo 'Configuration loaded:' &&
cat /home/bitcoin/.conf &&
echo 'Testing DNS resolution:' &&
getent hosts bitcoin &&
echo 'Testing connectivity:' &&
curl -s --connect-timeout 5 http://bitcoin:18443 &&
echo 'Bitcoin accessible via curl' &&
echo 'Starting sdk_relay_1:' &&
/usr/local/bin/sdk_relay serve --config .conf --ws 0.0.0.0:8090 --http 0.0.0.0:8091"
healthcheck:
test: ["CMD", "/usr/local/bin/healthcheck.sh"]
interval: 30s
timeout: 15s
retries: 3
start_period: 60s
sdk_relay_2:
build:
context: ..
dockerfile: 4NK_node/sdk_relay/Dockerfile
container_name: sdk_relay_2
depends_on:
bitcoin:
condition: service_healthy
blindbit:
condition: service_started
volumes:
- bitcoin_data:/home/bitcoin/.bitcoin
- ./bitcoin/bitcoin.conf:/home/bitcoin/.bitcoin/bitcoin.conf
- sdk_relay_2_data:/home/bitcoin/.4nk
- ./sdk_relay/.conf.docker.relay2:/home/bitcoin/.conf.docker
# ports supprimés: service utilisé via reverse proxy interne
networks:
btcnet:
aliases:
- sdk_relay_2
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
environment:
- RUST_LOG=debug,bitcoincore_rpc=trace
- HOME=/home/bitcoin
- BITCOIN_COOKIE_PATH=/home/bitcoin/.bitcoin/signet/.cookie
- ENABLE_SYNC_TEST=1
restart: on-failure:3
entrypoint: >
/bin/sh -c "
cp /home/bitcoin/.conf.docker /home/bitcoin/.conf &&
cp /home/bitcoin/.bitcoin/signet/.cookie /home/bitcoin/.4nk/bitcoin.cookie &&
chmod 600 /home/bitcoin/.4nk/bitcoin.cookie &&
echo 'Configuration loaded:' &&
cat /home/bitcoin/.conf &&
echo 'Testing DNS resolution:' &&
getent hosts bitcoin &&
echo 'Testing connectivity:' &&
curl -s --connect-timeout 5 http://bitcoin:18443 &&
echo 'Bitcoin accessible via curl' &&
echo 'Starting sdk_relay_2:' &&
/usr/local/bin/sdk_relay serve --config .conf --ws 0.0.0.0:8090 --http 0.0.0.0:8091"
healthcheck:
test: ["CMD", "/usr/local/bin/healthcheck.sh"]
interval: 30s
timeout: 15s
retries: 3
start_period: 60s
sdk_relay_3:
build:
context: ..
dockerfile: 4NK_node/sdk_relay/Dockerfile
container_name: sdk_relay_3
depends_on:
bitcoin:
condition: service_healthy
blindbit:
condition: service_started
volumes:
- bitcoin_data:/home/bitcoin/.bitcoin
- ./bitcoin/bitcoin.conf:/home/bitcoin/.bitcoin/bitcoin.conf
- sdk_relay_3_data:/home/bitcoin/.4nk
- ./sdk_relay/.conf.docker.relay3:/home/bitcoin/.conf.docker
# ports supprimés: service utilisé via reverse proxy interne
networks:
btcnet:
aliases:
- sdk_relay_3
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
environment:
- RUST_LOG=debug,bitcoincore_rpc=trace
- HOME=/home/bitcoin
- BITCOIN_COOKIE_PATH=/home/bitcoin/.bitcoin/signet/.cookie
- ENABLE_SYNC_TEST=1
restart: on-failure:3
entrypoint: >
/bin/sh -c "
cp /home/bitcoin/.conf.docker /home/bitcoin/.conf &&
cp /home/bitcoin/.bitcoin/signet/.cookie /home/bitcoin/.4nk/bitcoin.cookie &&
chmod 600 /home/bitcoin/.4nk/bitcoin.cookie &&
echo 'Configuration loaded:' &&
cat /home/bitcoin/.conf &&
echo 'Testing DNS resolution:' &&
getent hosts bitcoin &&
echo 'Testing connectivity:' &&
curl -s --connect-timeout 5 http://bitcoin:18443 &&
echo 'Bitcoin accessible via curl' &&
echo 'Starting sdk_relay_3:' &&
/usr/local/bin/sdk_relay serve --config .conf --ws 0.0.0.0:8090 --http 0.0.0.0:8091"
healthcheck:
test: ["CMD", "/usr/local/bin/healthcheck.sh"]
interval: 30s
timeout: 15s
retries: 3
start_period: 60s
ihm_client:
image: busybox:latest
container_name: 4nk-ihm-client
command: sh -c "sleep infinity"
volumes:
- ./ihm_client/dist:/usr/share/nginx/html:ro
networks:
- btcnet
reverse_proxy:
image: nginx:alpine
container_name: 4nk-reverse-proxy
depends_on:
- sdk_relay_1
- sdk_storage
volumes:
- ./proxy/nginx.conf:/etc/nginx/conf.d/default.conf:ro
- ./certs:/etc/nginx/certs:ro
- ./ihm_client/dist:/usr/share/nginx/html:ro
- ./acme:/var/www/certbot:ro
ports:
- "80:80"
- "443:443"
networks:
btcnet:
aliases:
- reverse_proxy
sdk_storage:
build:
context: ../sdk_storage
dockerfile: Dockerfile
container_name: sdk-storage
restart: unless-stopped
entrypoint: >
/bin/sh -lc "chown -R 10001:10001 /app/storage || true; exec /usr/local/bin/sdk_storage --permanent"
networks:
btcnet:
aliases:
- sdk_storage
volumes:
- sdk_storage_data:/app/storage
# Service interne: aucun port exposé
sdk_signer:
args:
GIT_BRANCH: master
build:
args:
GIT_BRANCH: master
context: ../sdk_signer
args:
GIT_BRANCH: master
dockerfile: Dockerfile
args:
GIT_BRANCH: master
container_name: sdk-signer
restart: unless-stopped
user: "0:0"
environment:
- PORT=9090
- API_KEY=dev-change-me
- RELAY_URLS=ws://sdk_relay_1:8090
- LOG_LEVEL=info
- DATABASE_PATH=/app/data/server.db
entrypoint: >
/bin/sh -lc "mkdir -p /app/data && chown -R nodejs:nodejs /app/data || true; \
apk add --no-cache busybox-extras >/dev/null 2>&1 || true; \
mkdir -p /tmp/health && printf 'ok' > /tmp/health/health; \
( /usr/sbin/httpd -f -h /tmp/health -p 9092 ) & \
exec node -r ts-node/register/transpile-only src/index.ts"
networks:
btcnet:
aliases:
- sdk_signer
depends_on:
sdk_relay_1:
condition: service_started
volumes:
- sdk_signer_data:/app/data
# Service interne: aucun port exposé
volumes: volumes:
tor_data:
bitcoin_data: bitcoin_data:
name: 4nk_node_bitcoin_data
blindbit_data:
name: 4nk_node_blindbit_data
sdk_relay_1_data:
name: 4nk_node_sdk_relay_1_data
sdk_relay_2_data:
name: 4nk_node_sdk_relay_2_data
sdk_relay_3_data:
name: 4nk_node_sdk_relay_3_data
sdk_storage_data:
name: 4nk_node_sdk_storage_data
sdk_signer_data:
name: 4nk_node_sdk_signer_data
networks: networks:
btcnet: 4nk_network:
name: 4nk_node_btcnet
driver: bridge driver: bridge

110
manage_services.sh Executable file → Normal file
View File

@ -1,111 +1 @@
#!/bin/bash #!/bin/bash
# Script de gestion des services 4NK_node
set -e
# Variables
COMPOSE_FILE="docker-compose.yml"
SERVICES=("tor-proxy" "bitcoin-signet" "blindbit-oracle" "sdk_relay_1" "sdk_relay_2" "sdk_relay_3" "sdk_signer" "sdk_storage" "ihm_client" "reverse_proxy")
# Fonction d'aide
show_help() {
echo "🔧 Gestionnaire des services 4NK_node"
echo ""
echo "Usage: $0 [COMMANDE]"
echo ""
echo "Commandes:"
echo " start Démarrer tous les services"
echo " stop Arrêter tous les services"
echo " restart Redémarrer tous les services"
echo " status Afficher le statut des services"
echo " logs Afficher les logs de tous les services"
echo " logs [SVC] Afficher les logs d'un service spécifique"
echo " build Construire tous les modules"
echo " clean Nettoyer les containers et volumes"
echo " help Afficher cette aide"
echo ""
echo "Services disponibles:"
printf " %s\n" "${SERVICES[@]}"
}
# Fonction pour démarrer les services
start_services() {
echo "🚀 Démarrage des services 4NK_node..."
docker compose -f "$COMPOSE_FILE" up -d
echo "✅ Services démarrés"
}
# Fonction pour arrêter les services
stop_services() {
echo "🛑 Arrêt des services 4NK_node..."
docker compose -f "$COMPOSE_FILE" down
echo "✅ Services arrêtés"
}
# Fonction pour redémarrer les services
restart_services() {
echo "🔄 Redémarrage des services 4NK_node..."
docker compose -f "$COMPOSE_FILE" restart
echo "✅ Services redémarrés"
}
# Fonction pour afficher le statut
show_status() {
echo "📊 Statut des services 4NK_node..."
docker compose -f "$COMPOSE_FILE" ps
}
# Fonction pour afficher les logs
show_logs() {
local service=$1
if [ -z "$service" ]; then
echo "📋 Logs de tous les services..."
docker compose -f "$COMPOSE_FILE" logs --tail=50
else
echo "📋 Logs du service $service..."
docker compose -f "$COMPOSE_FILE" logs --tail=50 "$service"
fi
}
# Fonction pour construire les modules
build_modules() {
echo "🏗️ Construction des modules..."
./build_modules.sh
}
# Fonction pour nettoyer
clean_services() {
echo "🧹 Nettoyage des services..."
docker compose -f "$COMPOSE_FILE" down -v --remove-orphans
docker system prune -f
echo "✅ Nettoyage terminé"
}
# Gestion des commandes
case "${1:-help}" in
start)
start_services
;;
stop)
stop_services
;;
restart)
restart_services
;;
status)
show_status
;;
logs)
show_logs "$2"
;;
build)
build_modules
;;
clean)
clean_services
;;
help|*)
show_help
;;
esac

10
modules/bitcoin/Dockerfile
View File

@ -1 +1,9 @@
FROM bitcoin/bitcoin-core:25.0 FROM alpine:latest
RUN apk add --no-cache bitcoin curl
RUN addgroup -g 1001 bitcoinuser && adduser -D -s /bin/sh -u 1001 -G bitcoinuser bitcoinuser
RUN mkdir -p /home/bitcoin/.bitcoin/signet && chown -R bitcoinuser:bitcoinuser /home/bitcoin
COPY conf/bitcoin.conf /home/bitcoin/bitcoin.conf
USER bitcoinuser
WORKDIR /home/bitcoin
EXPOSE 38333 18443 29000
CMD ["bitcoind", "-signet", "-conf=/home/bitcoin/bitcoin.conf"]

3
modules/tor/Dockerfile
View File

@ -1,5 +1,8 @@
FROM alpine:latest FROM alpine:latest
RUN apk add --no-cache tor curl RUN apk add --no-cache tor curl
RUN addgroup -g 1001 toruser && adduser -D -s /bin/sh -u 1001 -G toruser toruser
RUN mkdir -p /var/lib/tor && chown -R toruser:toruser /var/lib/tor
COPY conf/tor.conf /etc/tor/torrc COPY conf/tor.conf /etc/tor/torrc
USER toruser
EXPOSE 9050 9051 EXPOSE 9050 9051
CMD ["tor"] CMD ["tor"]

117
proxy/nginx.conf
View File

@ -1,117 +0,0 @@
server {
listen 80;
server_name dev4.4nkweb.com;
# ACME HTTP-01 challenge (Lets Encrypt)
location ^~ /.well-known/acme-challenge/ {
alias /var/www/certbot/.well-known/acme-challenge/;
default_type text/plain;
try_files $uri =404;
}
# Redirection par défaut vers HTTPS
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
server_name _;
ssl_certificate /etc/nginx/certs/server.crt;
ssl_certificate_key /etc/nginx/certs/server.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
# Sécurité de base
add_header X-Frame-Options SAMEORIGIN always;
add_header X-Content-Type-Options nosniff always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# CSP minimale (adapter selon besoins)
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' ws: wss: http: https:; img-src 'self' data:;" always;
# Résolveur DNS Docker pour les upstreams dynamiques
resolver 127.0.0.11 ipv6=off valid=10s;
# ihm_client statique servi directement
root /usr/share/nginx/html;
index index.html;
# Types MIME (WASM/ESM)
include /etc/nginx/mime.types;
types {
application/javascript mjs;
application/wasm wasm;
}
location / {
try_files $uri $uri/ /index.html;
}
# API http sdk_relay
location /api/ {
proxy_pass http://sdk_relay_1:8091/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# sdk_storage HTTP (tide 8081)
location /storage/ {
proxy_pass http://sdk_storage:8081/;
proxy_http_version 1.1;
proxy_set_header Host sdk_storage;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 60s;
proxy_send_timeout 60s;
}
# WebSocket sdk_relay
location /ws/ {
proxy_pass http://sdk_relay_1:8090;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 86400;
proxy_send_timeout 86400;
}
# WebSocket sdk_signer (port 9090)
location /signer/ws/ {
set $signer_upstream sdk_signer:9090;
proxy_pass http://$signer_upstream;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host sdk_signer;
proxy_set_header Origin "http://sdk_signer:9090";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_read_timeout 86400;
proxy_send_timeout 86400;
}
# Healthcheck sdk_signer HTTP
location /signer/health {
proxy_pass http://sdk_signer:9092/health;
proxy_set_header Host sdk_signer;
}
# Healthcheck simple
location = /health {
return 200;
}
}

177
scripts/manage_auth.sh Executable file
View File

@ -0,0 +1,177 @@
#!/bin/bash
# Script de gestion de l'authentification et des fichiers partagés
# pour la stack 4NK_node
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_DIR="$(dirname "$SCRIPT_DIR")"
echo "🔐 Gestion de l'authentification et des fichiers partagés 4NK_node"
# Fonction pour vérifier si un conteneur est en cours d'exécution
container_running() {
docker ps --format "table {{.Names}}" | grep -q "$1"
}
# Fonction pour attendre qu'un conteneur soit prêt
wait_for_container() {
local container_name="$1"
local max_wait=60
local wait_time=0
echo "⏳ Attente que le conteneur $container_name soit prêt..."
while [ $wait_time -lt $max_wait ]; do
if container_running "$container_name"; then
echo "✅ Conteneur $container_name est prêt"
return 0
fi
sleep 2
wait_time=$((wait_time + 2))
done
echo "❌ Timeout en attendant le conteneur $container_name"
return 1
}
# Fonction pour vérifier et créer le fichier .cookie
setup_bitcoin_cookie() {
echo "🔍 Configuration du fichier .cookie Bitcoin..."
if ! container_running "4nk-bitcoin"; then
echo "❌ Le conteneur Bitcoin n'est pas en cours d'exécution"
return 1
fi
# Attendre que Bitcoin soit complètement démarré
wait_for_container "4nk-bitcoin"
sleep 10
# Vérifier si le fichier .cookie existe
if docker exec 4nk-bitcoin test -f /home/bitcoin/.bitcoin/signet/.cookie; then
echo "✅ Fichier .cookie Bitcoin trouvé"
# Afficher les informations du cookie
echo "📋 Informations du fichier .cookie :"
docker exec 4nk-bitcoin ls -la /home/bitcoin/.bitcoin/signet/.cookie
docker exec 4nk-bitcoin cat /home/bitcoin/.bitcoin/signet/.cookie | head -1
# Vérifier les permissions
local perms=$(docker exec 4nk-bitcoin stat -c "%a" /home/bitcoin/.bitcoin/signet/.cookie)
echo "🔐 Permissions du fichier .cookie : $perms"
# S'assurer que les permissions sont correctes (600)
if [ "$perms" != "600" ]; then
echo "🔧 Correction des permissions du fichier .cookie..."
docker exec 4nk-bitcoin chmod 600 /home/bitcoin/.bitcoin/signet/.cookie
fi
return 0
else
echo "❌ Fichier .cookie Bitcoin non trouvé"
echo "📋 Logs Bitcoin récents :"
docker logs 4nk-bitcoin --tail 10
return 1
fi
}
# Fonction pour vérifier l'accès au fichier .cookie depuis d'autres services
verify_cookie_access() {
echo "🔍 Vérification de l'accès au fichier .cookie depuis d'autres services..."
local services=("4nk-blindbit" "4nk-sdk-relay1" "4nk-sdk-relay2" "4nk-sdk-relay3" "4nk-sdk-storage" "4nk-sdk-signer")
for service in "${services[@]}"; do
if container_running "$service"; then
echo "🔍 Vérification de $service..."
if docker exec "$service" test -f /home/bitcoin/.bitcoin/signet/.cookie; then
echo "$service peut accéder au fichier .cookie"
# Vérifier les permissions
local perms=$(docker exec "$service" stat -c "%a" /home/bitcoin/.bitcoin/signet/.cookie)
echo " Permissions : $perms"
# Vérifier la lisibilité
if docker exec "$service" test -r /home/bitcoin/.bitcoin/signet/.cookie; then
echo " ✅ Fichier lisible"
else
echo " ❌ Fichier non lisible"
fi
else
echo "$service ne peut pas accéder au fichier .cookie"
fi
else
echo "⏸️ $service n'est pas en cours d'exécution"
fi
done
}
# Fonction pour tester la connectivité RPC
test_rpc_connectivity() {
echo "🔍 Test de la connectivité RPC..."
if ! container_running "4nk-bitcoin"; then
echo "❌ Bitcoin n'est pas en cours d'exécution"
return 1
fi
# Attendre que Bitcoin soit prêt
sleep 5
# Test de la connectivité RPC via curl
echo "📡 Test de la connectivité RPC via HTTP..."
if docker exec 4nk-bitcoin curl -s --connect-timeout 5 http://localhost:18443 > /dev/null 2>&1; then
echo "✅ Connectivité RPC HTTP OK"
return 0
else
echo "❌ Connectivité RPC HTTP échouée"
return 1
fi
}
# Fonction pour afficher le statut des volumes partagés
show_shared_volumes() {
echo "🔍 Statut des volumes partagés..."
echo "📊 Volumes Docker :"
docker volume ls | grep 4nk_node || echo "Aucun volume 4nk_node trouvé"
echo "📊 Volumes partagés dans docker-compose :"
if [ -f "$PROJECT_DIR/docker-compose.yml" ]; then
grep -A 5 -B 5 "shared_auth" "$PROJECT_DIR/docker-compose.yml" || echo "Volume shared_auth non trouvé"
fi
}
# Fonction principale
main() {
case "${1:-all}" in
"cookie")
setup_bitcoin_cookie
;;
"access")
verify_cookie_access
;;
"rpc")
test_rpc_connectivity
;;
"volumes")
show_shared_volumes
;;
"all"|*)
echo "🚀 Exécution de toutes les vérifications..."
setup_bitcoin_cookie
verify_cookie_access
test_rpc_connectivity
show_shared_volumes
;;
esac
echo "✅ Gestion de l'authentification terminée"
}
# Exécution du script
main "$@"