4nk/4NK_vault
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: nginx maintenant dans _4NK_modules/nginx/ comme module 4NK

Browse Source 
- Correction complète du script generate_nginx_configs.sh
- Tous les fichiers nginx sont maintenant générés dans _4NK_modules/nginx/
- Désactivation du traitement du répertoire nginx/ dans replace_variables_and_copy.sh
- Mise à jour des messages d'affichage dans generate.sh
- Cohérence avec la structure des modules 4NK
- Nginx traité comme un module 4NK standard dans _4NK_modules/
This commit is contained in:
4NK Dev 2025-10-05 22:29:17 +00:00
parent d4e1b14f1b
commit d02a183abb
51 changed files with 75 additions and 3503 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
storage/dev/nginx/BITCOIN_https.conf
View File

@ -1,43 +0,0 @@
# Configuration HTTPS pour BITCOIN
# Généré automatiquement le Sun Oct 5 22:04:53 UTC 2025
server {
listen 80;
server_name bitcoin..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name bitcoin..com;
ssl_certificate /etc/letsencrypt/live/dev4._4NKweb.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dev4._4NKweb.com/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://bitcoin;
include $/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://bitcoin;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}

43
storage/dev/nginx/BLINDBIT_ORACLE_https.conf
View File

@ -1,43 +0,0 @@
# Configuration HTTPS pour BLINDBIT_ORACLE
# Généré automatiquement le Sun Oct 5 22:04:53 UTC 2025
server {
listen 80;
server_name blindbit-oracle..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name blindbit_oracle..com;
ssl_certificate /etc/letsencrypt/live/dev4._4NKweb.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dev4._4NKweb.com/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://blindbit_oracle;
include $/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://blindbit_oracle;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}

43
storage/dev/nginx/GRAFANA_https.conf
View File

@ -1,43 +0,0 @@
# Configuration HTTPS pour GRAFANA
# Généré automatiquement le Sun Oct 5 22:04:53 UTC 2025
server {
listen 80;
server_name grafana..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name grafana..com;
ssl_certificate /etc/letsencrypt/live/dev4._4NKweb.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dev4._4NKweb.com/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://grafana;
include $/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://grafana;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}

43
storage/dev/nginx/IHM_CLIENT_https.conf
View File

@ -1,43 +0,0 @@
# Configuration HTTPS pour IHM_CLIENT
# Généré automatiquement le Sun Oct 5 22:04:53 UTC 2025
server {
listen 80;
server_name ihm_client..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name ihm_client..com;
ssl_certificate /etc/letsencrypt/live/dev4._4NKweb.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dev4._4NKweb.com/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://ihm_client;
include $/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://ihm_client;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}

43
storage/dev/nginx/LECOFFRE_FRONT_https.conf
View File

@ -1,43 +0,0 @@
# Configuration HTTPS pour LECOFFRE_FRONT
# Généré automatiquement le Sun Oct 5 22:04:53 UTC 2025
server {
listen 80;
server_name lecoffre-front..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name lecoffre_front..com;
ssl_certificate /etc/letsencrypt/live/dev4._4NKweb.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dev4._4NKweb.com/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://lecoffre_front;
include $/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://lecoffre_front;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}

43
storage/dev/nginx/LOKI_https.conf
View File

@ -1,43 +0,0 @@
# Configuration HTTPS pour LOKI
# Généré automatiquement le Sun Oct 5 22:04:53 UTC 2025
server {
listen 80;
server_name loki..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name loki..com;
ssl_certificate /etc/letsencrypt/live/dev4._4NKweb.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dev4._4NKweb.com/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://loki;
include $/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://loki;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}

43
storage/dev/nginx/NGNIX_https.conf
View File

@ -1,43 +0,0 @@
# Configuration HTTPS pour NGNIX
# Généré automatiquement le Sun Oct 5 22:04:53 UTC 2025
server {
listen 80;
server_name ..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name ngnix..com;
ssl_certificate /etc/letsencrypt/live/dev4._4NKweb.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dev4._4NKweb.com/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://ngnix;
include $/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://ngnix;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}

43
storage/dev/nginx/POSTGRESQL_https.conf
View File

@ -1,43 +0,0 @@
# Configuration HTTPS pour POSTGRESQL
# Généré automatiquement le Sun Oct 5 22:04:53 UTC 2025
server {
listen 80;
server_name postgresql..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name postgresql..com;
ssl_certificate /etc/letsencrypt/live/dev4._4NKweb.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dev4._4NKweb.com/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://postgresql;
include $/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://postgresql;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}

43
storage/dev/nginx/PROMTAIL_https.conf
View File

@ -1,43 +0,0 @@
# Configuration HTTPS pour PROMTAIL
# Généré automatiquement le Sun Oct 5 22:04:53 UTC 2025
server {
listen 80;
server_name promtail..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name promtail..com;
ssl_certificate /etc/letsencrypt/live/dev4._4NKweb.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dev4._4NKweb.com/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://promtail;
include $/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://promtail;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}

43
storage/dev/nginx/REDIS_https.conf
View File

@ -1,43 +0,0 @@
# Configuration HTTPS pour REDIS
# Généré automatiquement le Sun Oct 5 22:04:53 UTC 2025
server {
listen 80;
server_name redis..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name redis..com;
ssl_certificate /etc/letsencrypt/live/dev4._4NKweb.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dev4._4NKweb.com/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://redis;
include $/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://redis;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}

43
storage/dev/nginx/SDK_RELAY_https.conf
View File

@ -1,43 +0,0 @@
# Configuration HTTPS pour SDK_RELAY
# Généré automatiquement le Sun Oct 5 22:04:53 UTC 2025
server {
listen 80;
server_name sdk_relay..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name sdk_relay..com;
ssl_certificate /etc/letsencrypt/live/dev4._4NKweb.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dev4._4NKweb.com/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://sdk_relay;
include $/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://sdk_relay;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}

43
storage/dev/nginx/SDK_STORAGE_https.conf
View File

@ -1,43 +0,0 @@
# Configuration HTTPS pour SDK_STORAGE
# Généré automatiquement le Sun Oct 5 22:04:53 UTC 2025
server {
listen 80;
server_name sdk_storage..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name sdk_storage..com;
ssl_certificate /etc/letsencrypt/live/dev4._4NKweb.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dev4._4NKweb.com/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://sdk_storage;
include $/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://sdk_storage;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}

43
storage/dev/nginx/TOR_https.conf
View File

@ -1,43 +0,0 @@
# Configuration HTTPS pour TOR
# Généré automatiquement le Sun Oct 5 22:04:53 UTC 2025
server {
listen 80;
server_name tor-proxy..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name tor..com;
ssl_certificate /etc/letsencrypt/live/dev4._4NKweb.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dev4._4NKweb.com/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://tor;
include $/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://tor;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}

43
storage/dev/nginx/_4NK_CERTIFICATOR_https.conf
View File

@ -1,43 +0,0 @@
# Configuration HTTPS pour _4NK_CERTIFICATOR
# Généré automatiquement le Sun Oct 5 22:04:53 UTC 2025
server {
listen 80;
server_name _4NK_certificator..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name _4nk_certificator..com;
ssl_certificate /etc/letsencrypt/live/dev4._4NKweb.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dev4._4NKweb.com/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://_4nk_certificator;
include $/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://_4nk_certificator;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}

43
storage/dev/nginx/_4NK_MINER_https.conf
View File

@ -1,43 +0,0 @@
# Configuration HTTPS pour _4NK_MINER
# Généré automatiquement le Sun Oct 5 22:04:53 UTC 2025
server {
listen 80;
server_name _4NK_miner..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name _4nk_miner..com;
ssl_certificate /etc/letsencrypt/live/dev4._4NKweb.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dev4._4NKweb.com/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://_4nk_miner;
include $/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://_4nk_miner;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}

43
storage/dev/nginx/_4NK_VAULT_https.conf
View File

@ -1,43 +0,0 @@
# Configuration HTTPS pour _4NK_VAULT
# Généré automatiquement le Sun Oct 5 22:04:53 UTC 2025
server {
listen 80;
server_name _4NK_vault..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name _4nk_vault..com;
ssl_certificate /etc/letsencrypt/live/dev4._4NKweb.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dev4._4NKweb.com/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://_4nk_vault;
include $/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://_4nk_vault;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}

43
storage/dev/nginx/_4NK_WEB_STATUS_https.conf
View File

@ -1,43 +0,0 @@
# Configuration HTTPS pour _4NK_WEB_STATUS
# Généré automatiquement le Sun Oct 5 22:04:53 UTC 2025
server {
listen 80;
server_name _4NK_web_status..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name _4nk_web_status..com;
ssl_certificate /etc/letsencrypt/live/dev4._4NKweb.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dev4._4NKweb.com/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://_4nk_web_status;
include $/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://_4nk_web_status;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}

360
storage/dev/nginx/app-internal-ports.conf
View File

@ -1,360 +0,0 @@
# Configurations internes générées automatiquement
# Généré le $(date)
server {
listen 6379:6379 default_server;
server_name _; # pas d'host requis
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://redis;
include $/proxy_headers.conf;
}
# websocket (si nécessaire)
location /ws/ {
proxy_pass http://redis;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
server {
listen 5432:5432 default_server;
server_name _; # pas d'host requis
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://postgresql;
include $/proxy_headers.conf;
}
# websocket (si nécessaire)
location /ws/ {
proxy_pass http://postgresql;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
server {
listen 3100:3100 default_server;
server_name _; # pas d'host requis
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://loki;
include $/proxy_headers.conf;
}
# websocket (si nécessaire)
location /ws/ {
proxy_pass http://loki;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
server {
listen 8090:8090 default_server;
server_name _; # pas d'host requis
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://promtail;
include $/proxy_headers.conf;
}
# websocket (si nécessaire)
location /ws/ {
proxy_pass http://promtail;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
server {
listen 3001:3001 default_server;
server_name _; # pas d'host requis
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://grafana;
include $/proxy_headers.conf;
}
# websocket (si nécessaire)
location /ws/ {
proxy_pass http://grafana;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
server {
listen default_server;
server_name _; # pas d'host requis
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://ngnix;
include $/proxy_headers.conf;
}
# websocket (si nécessaire)
location /ws/ {
proxy_pass http://ngnix;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
server {
listen 9050:9050 default_server;
server_name _; # pas d'host requis
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://tor;
include $/proxy_headers.conf;
}
# websocket (si nécessaire)
location /ws/ {
proxy_pass http://tor;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
server {
listen default_server;
server_name _; # pas d'host requis
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://_4nk_vault;
include $/proxy_headers.conf;
}
# websocket (si nécessaire)
location /ws/ {
proxy_pass http://_4nk_vault;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
server {
listen 38332:38332 default_server;
server_name _; # pas d'host requis
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://bitcoin;
include $/proxy_headers.conf;
}
# websocket (si nécessaire)
location /ws/ {
proxy_pass http://bitcoin;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
server {
listen 8000:8000 default_server;
server_name _; # pas d'host requis
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://blindbit_oracle;
include $/proxy_headers.conf;
}
# websocket (si nécessaire)
location /ws/ {
proxy_pass http://blindbit_oracle;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
server {
listen 8080:8080 default_server;
server_name _; # pas d'host requis
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://sdk_relay;
include $/proxy_headers.conf;
}
# websocket (si nécessaire)
location /ws/ {
proxy_pass http://sdk_relay;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
server {
listen 8081:8081 default_server;
server_name _; # pas d'host requis
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://sdk_storage;
include $/proxy_headers.conf;
}
# websocket (si nécessaire)
location /ws/ {
proxy_pass http://sdk_storage;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
server {
listen 3003:3003 default_server;
server_name _; # pas d'host requis
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://ihm_client;
include $/proxy_headers.conf;
}
# websocket (si nécessaire)
location /ws/ {
proxy_pass http://ihm_client;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
server {
listen 8082:8082 default_server;
server_name _; # pas d'host requis
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://_4nk_certificator;
include $/proxy_headers.conf;
}
# websocket (si nécessaire)
location /ws/ {
proxy_pass http://_4nk_certificator;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
server {
listen 8083:8083 default_server;
server_name _; # pas d'host requis
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://_4nk_miner;
include $/proxy_headers.conf;
}
# websocket (si nécessaire)
location /ws/ {
proxy_pass http://_4nk_miner;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
server {
listen 3000:3000 default_server;
server_name _; # pas d'host requis
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://lecoffre_front;
include $/proxy_headers.conf;
}
# websocket (si nécessaire)
location /ws/ {
proxy_pass http://lecoffre_front;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
server {
listen 3006:3006 default_server;
server_name _; # pas d'host requis
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://_4nk_web_status;
include $/proxy_headers.conf;
}
# websocket (si nécessaire)
location /ws/ {
proxy_pass http://_4nk_web_status;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}

711
storage/dev/nginx/nginx_dev4.4NKweb.com-https.conf
View File

@ -1,711 +0,0 @@
# Configuration Nginx consolidée pour dev4._4NKweb.com
# Générée automatiquement le $(date)
# Inclusion du format de log JSON et des upstreams
include upstreams.conf;
# Redirection globale HTTP→HTTPS
server {
listen 80;
server_name dev4._4NKweb.com *.dev4._4NKweb.com;
return 301 https://;
}
# Configuration HTTPS pour REDIS
server {
listen 80;
server_name redis..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name redis..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://redis;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://redis;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour POSTGRESQL
server {
listen 80;
server_name postgresql..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name postgresql..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://postgresql;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://postgresql;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour LOKI
server {
listen 80;
server_name loki..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name loki..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://loki;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://loki;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour PROMTAIL
server {
listen 80;
server_name promtail..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name promtail..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://promtail;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://promtail;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour GRAFANA
server {
listen 80;
server_name grafana..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name grafana..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://grafana;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://grafana;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour NGNIX
server {
listen 80;
server_name ..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name ngnix..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://ngnix;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://ngnix;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour TOR
server {
listen 80;
server_name tor-proxy..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name tor..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://tor;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://tor;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour _4NK_VAULT
server {
listen 80;
server_name _4NK_vault..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name _4nk_vault..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://_4nk_vault;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://_4nk_vault;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour BITCOIN
server {
listen 80;
server_name bitcoin..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name bitcoin..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://bitcoin;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://bitcoin;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour BLINDBIT_ORACLE
server {
listen 80;
server_name blindbit-oracle..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name blindbit_oracle..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://blindbit_oracle;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://blindbit_oracle;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour SDK_RELAY
server {
listen 80;
server_name sdk_relay..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name sdk_relay..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://sdk_relay;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://sdk_relay;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour SDK_STORAGE
server {
listen 80;
server_name sdk_storage..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name sdk_storage..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://sdk_storage;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://sdk_storage;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour IHM_CLIENT
server {
listen 80;
server_name ihm_client..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name ihm_client..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://ihm_client;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://ihm_client;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour _4NK_CERTIFICATOR
server {
listen 80;
server_name _4NK_certificator..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name _4nk_certificator..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://_4nk_certificator;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://_4nk_certificator;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour _4NK_MINER
server {
listen 80;
server_name _4NK_miner..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name _4nk_miner..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://_4nk_miner;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://_4nk_miner;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour LECOFFRE_FRONT
server {
listen 80;
server_name lecoffre-front..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name lecoffre_front..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://lecoffre_front;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://lecoffre_front;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour _4NK_WEB_STATUS
server {
listen 80;
server_name _4NK_web_status..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name _4nk_web_status..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://_4nk_web_status;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://_4nk_web_status;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}

711
storage/dev/nginx/nginx_dev4.4nkweb.com-https.conf
View File

@ -1,711 +0,0 @@
# Configuration Nginx consolidée pour dev4._4NKweb.com
# Générée automatiquement le $(date)
# Inclusion du format de log JSON et des upstreams
include upstreams.conf;
# Redirection globale HTTP→HTTPS
server {
listen 80;
server_name dev4._4NKweb.com *.dev4._4NKweb.com;
return 301 https://;
}
# Configuration HTTPS pour REDIS
server {
listen 80;
server_name redis..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name redis..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://redis;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://redis;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour POSTGRESQL
server {
listen 80;
server_name postgresql..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name postgresql..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://postgresql;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://postgresql;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour LOKI
server {
listen 80;
server_name loki..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name loki..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://loki;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://loki;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour PROMTAIL
server {
listen 80;
server_name promtail..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name promtail..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://promtail;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://promtail;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour GRAFANA
server {
listen 80;
server_name grafana..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name grafana..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://grafana;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://grafana;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour NGNIX
server {
listen 80;
server_name ..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name ngnix..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://ngnix;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://ngnix;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour TOR
server {
listen 80;
server_name tor-proxy..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name tor..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://tor;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://tor;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour _4NK_VAULT
server {
listen 80;
server_name _4NK_vault..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name _4nk_vault..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://_4nk_vault;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://_4nk_vault;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour BITCOIN
server {
listen 80;
server_name bitcoin..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name bitcoin..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://bitcoin;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://bitcoin;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour BLINDBIT_ORACLE
server {
listen 80;
server_name blindbit-oracle..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name blindbit_oracle..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://blindbit_oracle;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://blindbit_oracle;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour SDK_RELAY
server {
listen 80;
server_name sdk_relay..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name sdk_relay..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://sdk_relay;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://sdk_relay;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour SDK_STORAGE
server {
listen 80;
server_name sdk_storage..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name sdk_storage..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://sdk_storage;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://sdk_storage;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour IHM_CLIENT
server {
listen 80;
server_name ihm_client..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name ihm_client..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://ihm_client;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://ihm_client;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour _4NK_CERTIFICATOR
server {
listen 80;
server_name _4NK_certificator..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name _4nk_certificator..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://_4nk_certificator;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://_4nk_certificator;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour _4NK_MINER
server {
listen 80;
server_name _4NK_miner..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name _4nk_miner..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://_4nk_miner;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://_4nk_miner;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour LECOFFRE_FRONT
server {
listen 80;
server_name lecoffre-front..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name lecoffre_front..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://lecoffre_front;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://lecoffre_front;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour _4NK_WEB_STATUS
server {
listen 80;
server_name _4NK_web_status..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name _4nk_web_status..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/DOCKER_GLOBAL_NAME/logs/nginx/.log app_json;
location / {
proxy_pass http://_4nk_web_status;
include $/etc/nginx/conf.d/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://_4nk_web_status;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/etc/nginx/conf.d/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}

711
storage/dev/nginx/nginx_dev4._4NKweb.com-https.conf
View File

@ -1,711 +0,0 @@
# Configuration Nginx consolidée pour dev4._4NKweb.com
# Générée automatiquement le $(date)
# Inclusion du format de log JSON et des upstreams
include upstreams.conf;
# Redirection globale HTTP→HTTPS
server {
listen 80;
server_name dev4._4NKweb.com *.dev4._4NKweb.com;
return 301 https://;
}
# Configuration HTTPS pour REDIS
server {
listen 80;
server_name redis..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name redis..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://redis;
include $/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://redis;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour POSTGRESQL
server {
listen 80;
server_name postgresql..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name postgresql..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://postgresql;
include $/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://postgresql;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour LOKI
server {
listen 80;
server_name loki..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name loki..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://loki;
include $/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://loki;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour PROMTAIL
server {
listen 80;
server_name promtail..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name promtail..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://promtail;
include $/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://promtail;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour GRAFANA
server {
listen 80;
server_name grafana..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name grafana..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://grafana;
include $/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://grafana;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour NGNIX
server {
listen 80;
server_name ..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name ngnix..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://ngnix;
include $/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://ngnix;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour TOR
server {
listen 80;
server_name tor-proxy..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name tor..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://tor;
include $/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://tor;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour _4NK_VAULT
server {
listen 80;
server_name _4NK_vault..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name _4nk_vault..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://_4nk_vault;
include $/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://_4nk_vault;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour BITCOIN
server {
listen 80;
server_name bitcoin..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name bitcoin..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://bitcoin;
include $/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://bitcoin;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour BLINDBIT_ORACLE
server {
listen 80;
server_name blindbit-oracle..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name blindbit_oracle..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://blindbit_oracle;
include $/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://blindbit_oracle;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour SDK_RELAY
server {
listen 80;
server_name sdk_relay..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name sdk_relay..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://sdk_relay;
include $/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://sdk_relay;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour SDK_STORAGE
server {
listen 80;
server_name sdk_storage..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name sdk_storage..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://sdk_storage;
include $/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://sdk_storage;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour IHM_CLIENT
server {
listen 80;
server_name ihm_client..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name ihm_client..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://ihm_client;
include $/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://ihm_client;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour _4NK_CERTIFICATOR
server {
listen 80;
server_name _4NK_certificator..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name _4nk_certificator..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://_4nk_certificator;
include $/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://_4nk_certificator;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour _4NK_MINER
server {
listen 80;
server_name _4NK_miner..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name _4nk_miner..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://_4nk_miner;
include $/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://_4nk_miner;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour LECOFFRE_FRONT
server {
listen 80;
server_name lecoffre-front..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name lecoffre_front..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://lecoffre_front;
include $/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://lecoffre_front;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}
# Configuration HTTPS pour _4NK_WEB_STATUS
server {
listen 80;
server_name _4NK_web_status..com;
# redirection HTTP→HTTPS pour l'externe
return 301 https://;
}
server {
listen 443 ssl http2;
server_name _4nk_web_status..com;
ssl_certificate $/etc/letsencrypt/live/dev4._4NKweb.com/certs/fullchain.pem;
ssl_certificate_key $/etc/letsencrypt/live/dev4._4NKweb.com/private/privkey.pem;
# réglages TLS minimaux (adapter selon politique)
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# HSTS (activer seulement si tout le domaine est en HTTPS)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log $/home/debian/_4NK_env/projects/lecoffre/lecoffre_node/logs/nginx/.log app_json;
location / {
proxy_pass http://_4nk_web_status;
include $/proxy_headers.conf;
}
location /ws/ {
proxy_pass http://_4nk_web_status;
proxy_http_version 1.1;
proxy_set_header Upgrade ;
proxy_set_header Connection "upgrade";
include $/proxy_headers.conf;
proxy_read_timeout 3600s;
}
}

29
storage/dev/nginx/proxy_headers.conf
View File

@ -1,29 +0,0 @@
# Headers de proxy générés automatiquement
# Généré le $(date)
proxy_set_header Host ;
proxy_set_header X-Real-IP ;
proxy_set_header X-Forwarded-For ;
proxy_set_header X-Forwarded-Proto ;
proxy_set_header X-Forwarded-Host ;
proxy_set_header X-Forwarded-Port ;
# Directives de proxy
proxy_redirect off; # si l'app sait générer ses URLs
add_header X-Debug-Scheme always;
add_header X-Debug-XFP always;
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# Buffer settings
proxy_buffering on;
proxy_buffer_size 4k;
proxy_buffers 8 4k;
proxy_busy_buffers_size 8k;
# Cache settings
proxy_cache_bypass ;
proxy_no_cache ;

102
storage/dev/nginx/upstreams.conf
View File

@ -1,102 +0,0 @@
# Upstreams générés automatiquement
# Généré le $(date)
log_format app_json escape=json
'{ "time":"",'
' "client":"",'
' "xff":"",'
' "method":"",'
' "host":"",'
' "uri":"",'
' "status":,'
' "bytes":,'
' "ua":"",'
' "upstream":"",'
' "rt":,'
' "urt": }';
upstream redis {
server redis:6379:6379;
keepalive 64;
}
upstream postgresql {
server postgresql:5432:5432;
keepalive 64;
}
upstream loki {
server loki:3100:3100;
keepalive 64;
}
upstream promtail {
server promtail:8090:8090;
keepalive 64;
}
upstream grafana {
server grafana:3001:3001;
keepalive 64;
}
upstream {
server ngnix:;
keepalive 64;
}
upstream tor-proxy {
server tor:9050:9050;
keepalive 64;
}
upstream _4NK_vault {
server _4nk_vault:;
keepalive 64;
}
upstream bitcoin {
server bitcoin:38332:38332;
keepalive 64;
}
upstream blindbit-oracle {
server blindbit_oracle:8000:8000;
keepalive 64;
}
upstream sdk_relay {
server sdk_relay:8080:8080;
keepalive 64;
}
upstream sdk_storage {
server sdk_storage:8081:8081;
keepalive 64;
}
upstream ihm_client {
server ihm_client:3003:3003;
keepalive 64;
}
upstream _4NK_certificator {
server _4nk_certificator:8082:8082;
keepalive 64;
}
upstream _4NK_miner {
server _4nk_miner:8083:8083;
keepalive 64;
}
upstream lecoffre-front {
server lecoffre_front:3000:3000;
keepalive 64;
}
upstream _4NK_web_status {
server _4nk_web_status:3006:3006;
keepalive 64;
}

73
storage/dev/nginx/validate_templates.sh
View File

@ -1,73 +0,0 @@
#!/bin/bash
# Script de validation des templates Nginx générés
# Généré automatiquement le $(date)
set -euo pipefail
# Couleurs pour les messages
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'
# Fonctions d'affichage
print_error() { echo -e "❌ ERREUR: $1"; }
print_success() { echo -e "✅ SUCCÈS: $1"; }
print_info() { echo -e " INFO: $1"; }
print_warning() { echo -e "⚠️ ATTENTION: $1"; }
# Charger les variables d'environnement
if [ -f ".env" ]; then
# Charger .env en mode silencieux pour éviter les erreurs de syntaxe
source .env 2>/dev/null || true
fi
# Vérifier que HOST est défini
if [ -z "${HOST:-}" ]; then
print_warning "Variable HOST non définie, utilisation de la valeur par défaut"
export HOST="dev4._4NKweb.com"
fi
print_info "Validation des templates Nginx pour dev4._4NKweb.com"
# Vérifier que les fichiers existent
missing_files=0
if [ ! -f "nginx/upstreams.conf" ]; then
print_error "Template nginx/upstreams.conf non trouvé"
missing_files=$((missing_files + 1))
fi
if [ ! -f "nginx/app-internal-ports.conf" ]; then
print_error "Template nginx/app-internal-ports.conf non trouvé"
missing_files=$((missing_files + 1))
fi
if [ ! -f "nginx/proxy_headers.conf" ]; then
print_error "Template nginx/proxy_headers.conf non trouvé"
missing_files=$((missing_files + 1))
fi
if [ ! -f "nginx/nginx_dev4._4NKweb.com-https.conf" ]; then
print_error "Template nginx/nginx_dev4._4NKweb.com-https.conf non trouvé"
missing_files=$((missing_files + 1))
fi
if [ -eq 0 ]; then
print_success "Tous les templates de configuration sont présents"
print_info "Templates générés:"
echo " • nginx/upstreams.conf"
echo " • nginx/app-internal-ports.conf"
echo " • nginx/proxy_headers.conf"
echo " • nginx/*_https.conf (configurations HTTPS individuelles)"
echo " • nginx/nginx_dev4._4NKweb.com-https.conf"
print_info "Ces templates sont prêts à être utilisés dans votre infrastructure"
print_warning "Adaptez les chemins et configurations selon vos besoins spécifiques"
else
print_error " template(s) manquant(s)"
exit 1
fi

2
templates/dev/nginx/BITCOIN_https.conf → templates/dev/_4NK_modules/nginx/BITCOIN_https.conf
View File

@ -1,5 +1,5 @@
# Configuration HTTPS pour BITCOIN
# Généré automatiquement le Sun Oct 5 22:04:53 UTC 2025
# Généré automatiquement le Sun Oct 5 22:28:54 UTC 2025
server {
listen 80;

2
templates/dev/nginx/BLINDBIT_ORACLE_https.conf → templates/dev/_4NK_modules/nginx/BLINDBIT_ORACLE_https.conf
View File

@ -1,5 +1,5 @@
# Configuration HTTPS pour BLINDBIT_ORACLE
# Généré automatiquement le Sun Oct 5 22:04:53 UTC 2025
# Généré automatiquement le Sun Oct 5 22:28:54 UTC 2025
server {
listen 80;

2
templates/dev/nginx/GRAFANA_https.conf → templates/dev/_4NK_modules/nginx/GRAFANA_https.conf
View File

@ -1,5 +1,5 @@
# Configuration HTTPS pour GRAFANA
# Généré automatiquement le Sun Oct 5 22:04:53 UTC 2025
# Généré automatiquement le Sun Oct 5 22:28:54 UTC 2025
server {
listen 80;

2
templates/dev/nginx/IHM_CLIENT_https.conf → templates/dev/_4NK_modules/nginx/IHM_CLIENT_https.conf
View File

@ -1,5 +1,5 @@
# Configuration HTTPS pour IHM_CLIENT
# Généré automatiquement le Sun Oct 5 22:04:53 UTC 2025
# Généré automatiquement le Sun Oct 5 22:28:54 UTC 2025
server {
listen 80;

2
templates/dev/nginx/LECOFFRE_FRONT_https.conf → templates/dev/_4NK_modules/nginx/LECOFFRE_FRONT_https.conf
View File

@ -1,5 +1,5 @@
# Configuration HTTPS pour LECOFFRE_FRONT
# Généré automatiquement le Sun Oct 5 22:04:53 UTC 2025
# Généré automatiquement le Sun Oct 5 22:28:54 UTC 2025
server {
listen 80;

2
templates/dev/nginx/LOKI_https.conf → templates/dev/_4NK_modules/nginx/LOKI_https.conf
View File

@ -1,5 +1,5 @@
# Configuration HTTPS pour LOKI
# Généré automatiquement le Sun Oct 5 22:04:53 UTC 2025
# Généré automatiquement le Sun Oct 5 22:28:54 UTC 2025
server {
listen 80;

2
templates/dev/nginx/NGNIX_https.conf → templates/dev/_4NK_modules/nginx/NGNIX_https.conf
View File

@ -1,5 +1,5 @@
# Configuration HTTPS pour NGNIX
# Généré automatiquement le Sun Oct 5 22:04:53 UTC 2025
# Généré automatiquement le Sun Oct 5 22:28:54 UTC 2025
server {
listen 80;

2
templates/dev/nginx/POSTGRESQL_https.conf → templates/dev/_4NK_modules/nginx/POSTGRESQL_https.conf
View File

@ -1,5 +1,5 @@
# Configuration HTTPS pour POSTGRESQL
# Généré automatiquement le Sun Oct 5 22:04:53 UTC 2025
# Généré automatiquement le Sun Oct 5 22:28:54 UTC 2025
server {
listen 80;

2
templates/dev/nginx/PROMTAIL_https.conf → templates/dev/_4NK_modules/nginx/PROMTAIL_https.conf
View File

@ -1,5 +1,5 @@
# Configuration HTTPS pour PROMTAIL
# Généré automatiquement le Sun Oct 5 22:04:53 UTC 2025
# Généré automatiquement le Sun Oct 5 22:28:54 UTC 2025
server {
listen 80;

2
templates/dev/nginx/REDIS_https.conf → templates/dev/_4NK_modules/nginx/REDIS_https.conf
View File

@ -1,5 +1,5 @@
# Configuration HTTPS pour REDIS
# Généré automatiquement le Sun Oct 5 22:04:53 UTC 2025
# Généré automatiquement le Sun Oct 5 22:28:54 UTC 2025
server {
listen 80;

2
templates/dev/nginx/SDK_RELAY_https.conf → templates/dev/_4NK_modules/nginx/SDK_RELAY_https.conf
View File

@ -1,5 +1,5 @@
# Configuration HTTPS pour SDK_RELAY
# Généré automatiquement le Sun Oct 5 22:04:53 UTC 2025
# Généré automatiquement le Sun Oct 5 22:28:54 UTC 2025
server {
listen 80;

2
templates/dev/nginx/SDK_STORAGE_https.conf → templates/dev/_4NK_modules/nginx/SDK_STORAGE_https.conf
View File

@ -1,5 +1,5 @@
# Configuration HTTPS pour SDK_STORAGE
# Généré automatiquement le Sun Oct 5 22:04:53 UTC 2025
# Généré automatiquement le Sun Oct 5 22:28:54 UTC 2025
server {
listen 80;

2
templates/dev/nginx/TOR_https.conf → templates/dev/_4NK_modules/nginx/TOR_https.conf
View File

@ -1,5 +1,5 @@
# Configuration HTTPS pour TOR
# Généré automatiquement le Sun Oct 5 22:04:53 UTC 2025
# Généré automatiquement le Sun Oct 5 22:28:54 UTC 2025
server {
listen 80;

2
templates/dev/nginx/_4NK_CERTIFICATOR_https.conf → templates/dev/_4NK_modules/nginx/_4NK_CERTIFICATOR_https.conf
View File

@ -1,5 +1,5 @@
# Configuration HTTPS pour _4NK_CERTIFICATOR
# Généré automatiquement le Sun Oct 5 22:04:53 UTC 2025
# Généré automatiquement le Sun Oct 5 22:28:54 UTC 2025
server {
listen 80;

2
templates/dev/nginx/_4NK_MINER_https.conf → templates/dev/_4NK_modules/nginx/_4NK_MINER_https.conf
View File

@ -1,5 +1,5 @@
# Configuration HTTPS pour _4NK_MINER
# Généré automatiquement le Sun Oct 5 22:04:53 UTC 2025
# Généré automatiquement le Sun Oct 5 22:28:54 UTC 2025
server {
listen 80;

2
templates/dev/nginx/_4NK_VAULT_https.conf → templates/dev/_4NK_modules/nginx/_4NK_VAULT_https.conf
View File

@ -1,5 +1,5 @@
# Configuration HTTPS pour _4NK_VAULT
# Généré automatiquement le Sun Oct 5 22:04:53 UTC 2025
# Généré automatiquement le Sun Oct 5 22:28:54 UTC 2025
server {
listen 80;

2
templates/dev/nginx/_4NK_WEB_STATUS_https.conf → templates/dev/_4NK_modules/nginx/_4NK_WEB_STATUS_https.conf
View File

@ -1,5 +1,5 @@
# Configuration HTTPS pour _4NK_WEB_STATUS
# Généré automatiquement le Sun Oct 5 22:04:53 UTC 2025
# Généré automatiquement le Sun Oct 5 22:28:54 UTC 2025
server {
listen 80;

0
templates/dev/nginx/app-internal-ports.conf → templates/dev/_4NK_modules/nginx/app-internal-ports.conf
View File

0
templates/dev/nginx/nginx_dev4.4NKweb.com-https.conf → templates/dev/_4NK_modules/nginx/nginx_dev4.4NKweb.com-https.conf
View File

0
templates/dev/nginx/nginx_dev4.4nkweb.com-https.conf → templates/dev/_4NK_modules/nginx/nginx_dev4.4nkweb.com-https.conf
View File

0
templates/dev/nginx/nginx_dev4._4NKweb.com-https.conf → templates/dev/_4NK_modules/nginx/nginx_dev4._4NKweb.com-https.conf
View File

0
templates/dev/nginx/proxy_headers.conf → templates/dev/_4NK_modules/nginx/proxy_headers.conf
View File

0
templates/dev/nginx/upstreams.conf → templates/dev/_4NK_modules/nginx/upstreams.conf
View File

26
templates/dev/nginx/validate_templates.sh → templates/dev/_4NK_modules/nginx/validate_templates.sh
View File

@ -35,34 +35,34 @@ print_info "Validation des templates Nginx pour $HOST"
# Vérifier que les fichiers existent
missing_files=0
if [ ! -f "nginx/upstreams.conf" ]; then
print_error "Template nginx/upstreams.conf non trouvé"
if [ ! -f "_4NK_modules/nginx/upstreams.conf" ]; then
print_error "Template _4NK_modules/nginx/upstreams.conf non trouvé"
missing_files=$((missing_files + 1))
fi
if [ ! -f "nginx/app-internal-ports.conf" ]; then
print_error "Template nginx/app-internal-ports.conf non trouvé"
if [ ! -f "_4NK_modules/nginx/app-internal-ports.conf" ]; then
print_error "Template _4NK_modules/nginx/app-internal-ports.conf non trouvé"
missing_files=$((missing_files + 1))
fi
if [ ! -f "nginx/proxy_headers.conf" ]; then
print_error "Template nginx/proxy_headers.conf non trouvé"
if [ ! -f "_4NK_modules/nginx/proxy_headers.conf" ]; then
print_error "Template _4NK_modules/nginx/proxy_headers.conf non trouvé"
missing_files=$((missing_files + 1))
fi
if [ ! -f "nginx/nginx_$HOST-https.conf" ]; then
print_error "Template nginx/nginx_$HOST-https.conf non trouvé"
if [ ! -f "_4NK_modules/nginx/nginx_$HOST-https.conf" ]; then
print_error "Template _4NK_modules/nginx/nginx_$HOST-https.conf non trouvé"
missing_files=$((missing_files + 1))
fi
if [ $missing_files -eq 0 ]; then
print_success "Tous les templates de configuration sont présents"
print_info "Templates générés:"
echo " • nginx/upstreams.conf"
echo " • nginx/app-internal-ports.conf"
echo " • nginx/proxy_headers.conf"
echo " • nginx/*_https.conf (configurations HTTPS individuelles)"
echo "nginx/nginx_$HOST-https.conf"
echo " • _4NK_modules/nginx/upstreams.conf"
echo " • _4NK_modules/nginx/app-internal-ports.conf"
echo " • _4NK_modules/nginx/proxy_headers.conf"
echo " • _4NK_modules/nginx/*_https.conf (configurations HTTPS individuelles)"
echo "_4NK_modules/nginx/nginx_$HOST-https.conf"
print_info "Ces templates sont prêts à être utilisés dans votre infrastructure"
print_warning "Adaptez les chemins et configurations selon vos besoins spécifiques"

12
templates/dev/generate.sh
View File

@ -160,7 +160,7 @@ show_summary() {
echo -e "${GREEN}_4NK_modules/grafana/dashboards/${NC} - Dashboards Grafana"
echo -e "${GREEN}_4NK_modules/promtail/promtail.yml${NC} - Configuration Promtail"
echo -e "${GREEN}logrotade/${NC} - Configurations Logrotate"
echo -e "${GREEN}nginx/${NC} - Configurations Nginx"
echo -e "${GREEN}_4NK_modules/nginx/${NC} - Configurations Nginx"
echo -e "\n${CYAN}🚀 Prochaines étapes recommandées:${NC}"
echo -e " 1. Vérifiez les fichiers générés dans ../../storage/dev/"
@ -301,11 +301,11 @@ main() {
if execute_script "generate_nginx_configs.sh" "./generate_nginx_configs.sh" "Génère toutes les configurations Nginx (upstreams, internes, HTTPS)"; then
print_success "Configurations Nginx générées avec succès"
print_info "Fichiers créés:"
[ -f "nginx/upstreams.conf" ] && echo " • nginx/upstreams.conf"
[ -f "nginx/app-internal-ports.conf" ] && echo " • nginx/app-internal-ports.conf"
[ -d "nginx/https-configs" ] && echo " • nginx/https-configs/ (configurations HTTPS)"
[ -f "nginx/nginx_${HOST:-dev4._4NKweb.com}-https.conf" ] && echo "nginx/nginx_${HOST:-dev4._4NKweb.com}-https.conf"
[ -f "nginx/proxy_headers.conf" ] && echo " • nginx/proxy_headers.conf"
[ -f "_4NK_modules/nginx/upstreams.conf" ] && echo " • _4NK_modules/nginx/upstreams.conf"
[ -f "_4NK_modules/nginx/app-internal-ports.conf" ] && echo " • _4NK_modules/nginx/app-internal-ports.conf"
[ -d "_4NK_modules/nginx/https-configs" ] && echo " • _4NK_modules/nginx/https-configs/ (configurations HTTPS)"
[ -f "_4NK_modules/nginx/nginx_${HOST:-dev4._4NKweb.com}-https.conf" ] && echo "_4NK_modules/nginx/nginx_${HOST:-dev4._4NKweb.com}-https.conf"
[ -f "_4NK_modules/nginx/proxy_headers.conf" ] && echo " • _4NK_modules/nginx/proxy_headers.conf"
else
print_error "Échec de la génération des configurations Nginx"
fi

74
templates/dev/generate_nginx_configs.sh
View File

@ -22,17 +22,17 @@ generate_upstreams() {
echo "🔧 Génération du fichier upstreams.conf"
# Créer le répertoire si nécessaire
mkdir -p "nginx"
mkdir -p "_4NK_modules/nginx"
# Générer le fichier upstreams.conf
cat > "nginx/upstreams.conf" << 'EOF'
cat > "_4NK_modules/nginx/upstreams.conf" << 'EOF'
# Upstreams générés automatiquement
# Généré le $(date)
EOF
# Ajouter le format de log JSON
cat >> "nginx/upstreams.conf" << 'EOF'
cat >> "_4NK_modules/nginx/upstreams.conf" << 'EOF'
log_format app_json escape=json
'{ "time":"$time_iso8601",'
' "client":"$remote_addr",'
@ -53,7 +53,7 @@ EOF
for SERVICE_VAR in "${SERVICES[@]}"; do
echo " 🔄 Génération upstream pour $SERVICE_VAR"
cat >> "nginx/upstreams.conf" << EOF
cat >> "_4NK_modules/nginx/upstreams.conf" << EOF
upstream \$${SERVICE_VAR} {
server \$${SERVICE_VAR}_DOCKER_NAME:\$${SERVICE_VAR}_PORT;
@ -70,10 +70,10 @@ generate_internal_configs() {
echo "🔧 Génération du fichier app-internal-ports.conf"
# Créer le répertoire si nécessaire
mkdir -p "nginx"
mkdir -p "_4NK_modules/nginx"
# Générer le fichier app-internal-ports.conf
cat > "nginx/app-internal-ports.conf" << 'EOF'
cat > "_4NK_modules/nginx/app-internal-ports.conf" << 'EOF'
# Configurations internes générées automatiquement
# Généré le $(date)
@ -83,7 +83,7 @@ EOF
for SERVICE_VAR in "${SERVICES[@]}"; do
echo " 🔄 Génération config interne pour $SERVICE_VAR"
cat >> "nginx/app-internal-ports.conf" << EOF
cat >> "_4NK_modules/nginx/app-internal-ports.conf" << EOF
server {
listen \$${SERVICE_VAR}_PORT default_server;
@ -119,7 +119,7 @@ generate_https_configs() {
for SERVICE_VAR in "${SERVICES[@]}"; do
echo " 🔄 Génération config HTTPS pour $SERVICE_VAR"
local CONFIG_FILE="nginx/${SERVICE_VAR}_https.conf"
local CONFIG_FILE="_4NK_modules/nginx/${SERVICE_VAR}_https.conf"
cat > "$CONFIG_FILE" << EOF
# Configuration HTTPS pour $SERVICE_VAR
@ -178,10 +178,10 @@ generate_consolidated_https_config() {
echo "🔧 Génération du fichier nginx_$HOST-https.conf consolidé"
# Créer le répertoire si nécessaire
mkdir -p "nginx"
mkdir -p "_4NK_modules/nginx"
# Générer le fichier consolidé
cat > "nginx/nginx_$HOST-https.conf" << 'EOF'
cat > "_4NK_modules/nginx/nginx_$HOST-https.conf" << 'EOF'
# Configuration Nginx consolidée pour $HOST
# Générée automatiquement le $(date)
@ -191,7 +191,7 @@ include upstreams.conf;
EOF
# Ajouter la redirection HTTP→HTTPS globale
cat >> "nginx/nginx_$HOST-https.conf" << 'EOF'
cat >> "_4NK_modules/nginx/nginx_$HOST-https.conf" << 'EOF'
# Redirection globale HTTP→HTTPS
server {
@ -206,7 +206,7 @@ EOF
for SERVICE_VAR in "${SERVICES[@]}"; do
echo " 🔄 Ajout de la config HTTPS pour $SERVICE_VAR dans le fichier consolidé"
cat >> "nginx/nginx_$HOST-https.conf" << EOF
cat >> "_4NK_modules/nginx/nginx_$HOST-https.conf" << EOF
# Configuration HTTPS pour $SERVICE_VAR
server {
@ -259,10 +259,10 @@ generate_proxy_headers() {
echo "🔧 Génération du fichier proxy_headers.conf"
# Créer le répertoire si nécessaire
mkdir -p "nginx"
mkdir -p "_4NK_modules/nginx"
# Générer le fichier proxy_headers.conf
cat > "nginx/proxy_headers.conf" << 'EOF'
cat > "_4NK_modules/nginx/proxy_headers.conf" << 'EOF'
# Headers de proxy générés automatiquement
# Généré le $(date)
@ -301,7 +301,7 @@ EOF
generate_deploy_script() {
echo "🔧 Génération du script de validation des templates"
cat > "nginx/validate_templates.sh" << 'EOF'
cat > "_4NK_modules/nginx/validate_templates.sh" << 'EOF'
#!/bin/bash
# Script de validation des templates Nginx générés
@ -339,34 +339,34 @@ print_info "Validation des templates Nginx pour $HOST"
# Vérifier que les fichiers existent
missing_files=0
if [ ! -f "nginx/upstreams.conf" ]; then
print_error "Template nginx/upstreams.conf non trouvé"
if [ ! -f "_4NK_modules/nginx/upstreams.conf" ]; then
print_error "Template _4NK_modules/nginx/upstreams.conf non trouvé"
missing_files=$((missing_files + 1))
fi
if [ ! -f "nginx/app-internal-ports.conf" ]; then
print_error "Template nginx/app-internal-ports.conf non trouvé"
if [ ! -f "_4NK_modules/nginx/app-internal-ports.conf" ]; then
print_error "Template _4NK_modules/nginx/app-internal-ports.conf non trouvé"
missing_files=$((missing_files + 1))
fi
if [ ! -f "nginx/proxy_headers.conf" ]; then
print_error "Template nginx/proxy_headers.conf non trouvé"
if [ ! -f "_4NK_modules/nginx/proxy_headers.conf" ]; then
print_error "Template _4NK_modules/nginx/proxy_headers.conf non trouvé"
missing_files=$((missing_files + 1))
fi
if [ ! -f "nginx/nginx_$HOST-https.conf" ]; then
print_error "Template nginx/nginx_$HOST-https.conf non trouvé"
if [ ! -f "_4NK_modules/nginx/nginx_$HOST-https.conf" ]; then
print_error "Template _4NK_modules/nginx/nginx_$HOST-https.conf non trouvé"
missing_files=$((missing_files + 1))
fi
if [ $missing_files -eq 0 ]; then
print_success "Tous les templates de configuration sont présents"
print_info "Templates générés:"
echo " • nginx/upstreams.conf"
echo " • nginx/app-internal-ports.conf"
echo " • nginx/proxy_headers.conf"
echo " • nginx/*_https.conf (configurations HTTPS individuelles)"
echo "nginx/nginx_$HOST-https.conf"
echo " • _4NK_modules/nginx/upstreams.conf"
echo " • _4NK_modules/nginx/app-internal-ports.conf"
echo " • _4NK_modules/nginx/proxy_headers.conf"
echo " • _4NK_modules/nginx/*_https.conf (configurations HTTPS individuelles)"
echo "_4NK_modules/nginx/nginx_$HOST-https.conf"
print_info "Ces templates sont prêts à être utilisés dans votre infrastructure"
print_warning "Adaptez les chemins et configurations selon vos besoins spécifiques"
@ -377,7 +377,7 @@ fi
EOF
chmod +x "nginx/validate_templates.sh"
chmod +x "_4NK_modules/nginx/validate_templates.sh"
echo "✅ Script de validation des templates généré"
}
@ -400,15 +400,15 @@ main() {
echo " Services: ${SERVICES[*]}"
# Supprimer les fichiers de sortie existants (remplacer complètement)
rm -f "nginx/upstreams.conf" 2>/dev/null || true
rm -f "nginx/app-internal-ports.conf" 2>/dev/null || true
rm -f "nginx/proxy_headers.conf" 2>/dev/null || true
rm -f "nginx/nginx_${HOST:-dev4._4NKweb.com}-https.conf" 2>/dev/null || true
rm -f "nginx/deploy_configs.sh" 2>/dev/null || true
rm -f "nginx/"*_https.conf 2>/dev/null || true
rm -f "_4NK_modules/nginx/upstreams.conf" 2>/dev/null || true
rm -f "_4NK_modules/nginx/app-internal-ports.conf" 2>/dev/null || true
rm -f "_4NK_modules/nginx/proxy_headers.conf" 2>/dev/null || true
rm -f "_4NK_modules/nginx/nginx_${HOST:-dev4._4NKweb.com}-https.conf" 2>/dev/null || true
rm -f "_4NK_modules/nginx/deploy_configs.sh" 2>/dev/null || true
rm -f "_4NK_modules/nginx/"*_https.conf 2>/dev/null || true
# Créer le répertoire de sortie
mkdir -p "nginx"
mkdir -p "_4NK_modules/nginx"
# Générer tous les fichiers de configuration
generate_upstreams
@ -420,7 +420,7 @@ main() {
echo ""
echo "✅ GÉNÉRATION TERMINÉE !"
echo "📁 Configurations générées dans: nginx/"
echo "📁 Configurations générées dans: _4NK_modules/nginx/"
echo "🔧 Les configurations utilisent les variables d'environnement"
echo "📊 Services traités: ${#SERVICES[@]}"
}

4
templates/dev/replace_variables_and_copy.sh
View File

@ -303,8 +303,8 @@ main() {
# Configurations logrotate
[ -d "logrotade" ] && process_directory "logrotade" "logrotade"
# Configurations nginx
[ -d "nginx" ] && process_directory "nginx" "nginx"
# Configurations nginx - DÉSACTIVÉ car généré dans _4NK_modules/nginx
# [ -d "nginx" ] && process_directory "nginx" "nginx"
# Configuration git
[ -d "git" ] && process_directory "git" "git"