diff --git a/.cursor/config.json b/.cursor/config.json deleted file mode 100644 index b6b5b655..00000000 --- a/.cursor/config.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "language": "fr", - "shell": "/usr/bin/bash", - "formatting": { - "markdown": { - "lint_strict": true - } - }, - "ci": { - "trigger_commit_prefix": "ci: docker_tag=", - "default_tag": "ext", - "branch": "dev4" - } -} diff --git a/.cursor/rules.md b/.cursor/rules.md deleted file mode 100644 index da64571b..00000000 --- a/.cursor/rules.md +++ /dev/null @@ -1,14 +0,0 @@ -# Règles Cursor pour ce projet - -- Toujours répondre en français. -- Exécuter des commandes simples, une par une. -- Redémarrer le terminal avant chaque utilisation si nécessaire. -- Respect strict des règles de lint Markdown. -- Ne pas utiliser Kubernetes pour ce projet. -- CI: déclencher via commit `ci: docker_tag=ext` sur `dev4`. -- Front Next.js: variables `NEXT_PUBLIC_*` alignées avec `.env.example`. -- Docker: build multi-stage, `ext` comme image de déploiement. -- Nginx: local (pas Docker), confs sous `../lecoffre_node/conf/nginx/`. -- Docs et tests: maintenir `docs/` et `tests/` à chaque modification. -- Ne pas exposer de secrets côté front (`SIGNER_API_KEY` etc.). -- Pour Nginx: vérifier permission fichier avant édition; backup, edit atomique, `nginx -t`. diff --git a/.env.example b/.env.example deleted file mode 100644 index 6b5ae503..00000000 --- a/.env.example +++ /dev/null @@ -1,37 +0,0 @@ -# Configuration par défaut pour le build CI -# Ces valeurs seront surchargées par les variables d'environnement au runtime - -# Backend API -NEXT_PUBLIC_BACK_API_PROTOCOL=https -NEXT_PUBLIC_BACK_API_HOST=localhost -NEXT_PUBLIC_BACK_API_PORT=443 -NEXT_PUBLIC_BACK_API_ROOT_URL=/api -NEXT_PUBLIC_BACK_API_VERSION=v1 - -# Frontend -NEXT_PUBLIC_FRONT_APP_HOST=http://localhost:3000 -NEXT_PUBLIC_FRONT_APP_PORT=3000 - -# IDNOT Configuration -NEXT_PUBLIC_IDNOT_BASE_URL=https://qual-connexion.idnot.fr -NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=/IdPOAuth2/authorize/idnot_idp_v1 -NEXT_PUBLIC_IDNOT_CLIENT_ID=default_client_id -NEXT_PUBLIC_IDNOT_REDIRECT_URI=http://localhost:3000/authorized-client -NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED=https://lecoffreio.4nkweb.com/authorized-client - -# 4NK Configuration -NEXT_PUBLIC_4NK_URL=http://localhost:3000 -NEXT_PUBLIC_4NK_IFRAME_URL=http://localhost:3000 - -# Backend Base -NEXT_PUBLIC_BACK_BASE=http://localhost:8080 - -# API Configuration -NEXT_PUBLIC_API_URL=http://localhost:8080/api -NEXT_PUBLIC_DEFAULT_VALIDATOR_ID=default_validator_id -NEXT_PUBLIC_DEFAULT_STORAGE_URLS=http://localhost:8080/storage - -# Optional configurations -NEXT_PUBLIC_DOCAPOSTE_API_URL= -NEXT_PUBLIC_HOTJAR_SITE_ID= -NEXT_PUBLIC_HOTJAR_VERSION= diff --git a/backups/20250925_072119/nginx_conf/assets/favicon.ico b/backups/20250925_072119/nginx_conf/assets/favicon.ico deleted file mode 100644 index 1ddbac54..00000000 Binary files a/backups/20250925_072119/nginx_conf/assets/favicon.ico and /dev/null differ diff --git a/backups/20250925_072119/nginx_conf/dev4.4nkweb.com-http.conf b/backups/20250925_072119/nginx_conf/dev4.4nkweb.com-http.conf deleted file mode 100644 index 6a7d847d..00000000 --- a/backups/20250925_072119/nginx_conf/dev4.4nkweb.com-http.conf +++ /dev/null @@ -1,15 +0,0 @@ -# HTTP server for ACME and redirect to HTTPS -server { - listen 80 default_server; - server_name _; - - # ACME HTTP-01 challenges - location /.well-known/acme-challenge/ { - root /var/www/letsencrypt; - } - - # Redirection vers HTTPS pour toutes les autres requêtes - location / { - return 301 https://$server_name$request_uri; - } -} diff --git a/backups/20250925_072119/nginx_conf/dev4.4nkweb.com-https.conf b/backups/20250925_072119/nginx_conf/dev4.4nkweb.com-https.conf deleted file mode 100644 index 97367408..00000000 --- a/backups/20250925_072119/nginx_conf/dev4.4nkweb.com-https.conf +++ /dev/null @@ -1,265 +0,0 @@ -# Configuration HTTPS pour dev4.4nkweb.com -server { - listen 443 ssl; - http2 on; - server_name dev4.4nkweb.com; - - include /home/debian/4NK_env/lecoffre_node/conf/nginx/logging.conf; - - # Certificats SSL - ssl_certificate /etc/letsencrypt/live/dev4.4nkweb.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/dev4.4nkweb.com/privkey.pem; - - # Configuration SSL - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; - ssl_prefer_server_ciphers off; - ssl_session_cache shared:SSL:10m; - ssl_session_timeout 10m; - - # Headers de sécurité - add_header Strict-Transport-Security "max-age=63072000" always; - add_header X-Frame-Options DENY always; - add_header X-Content-Type-Options nosniff always; - add_header X-XSS-Protection "1; mode=block" always; - - # Grafana - Interface de monitoring (DOIT être avant location /) - location /grafana/ { - proxy_pass http://localhost:3005/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # Configuration spécifique pour Grafana - proxy_set_header X-Grafana-Org-Id 1; - - # Support des WebSockets pour les live updates - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - # Timeouts - proxy_connect_timeout 60s; - proxy_send_timeout 60s; - proxy_read_timeout 60s; - - # Buffer settings - proxy_buffering off; - proxy_request_buffering off; - } - - # Loki API - API de logs (DOIT être avant location /) - location /loki/ { - proxy_pass http://localhost:3100/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # CORS pour les requêtes depuis Grafana - add_header Access-Control-Allow-Origin *; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - add_header Access-Control-Allow-Headers "Content-Type, Authorization"; - - if ($request_method = 'OPTIONS') { - return 204; - } - } - - # Page de statut des services (DOIT être avant location /) - location /status { - # Redirection vers /status/ - return 301 /status/; - } - - location /status/ { - # Serveur statique pour la page HTML - alias /var/www/lecoffre/status/; - index index.html; - try_files $uri $uri/ /status/index.html; - - # Headers de sécurité - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Cache pour les assets statiques - location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ { - expires 1h; - add_header Cache-Control "public, immutable"; - } - } - - # API de statut des services (DOIT être avant location /) - location /status/api { - proxy_pass http://localhost:3006/api; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # CORS pour les requêtes AJAX - add_header Access-Control-Allow-Origin *; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - add_header Access-Control-Allow-Headers "Content-Type, Authorization"; - - # Timeouts - proxy_connect_timeout 10s; - proxy_send_timeout 10s; - proxy_read_timeout 10s; - - if ($request_method = 'OPTIONS') { - return 204; - } - } - - # API backend - route /back/ vers /api/ du backend - location ~* ^/back/(.*)$ { - proxy_pass http://localhost:8080/api/$1; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_buffering off; - } - - # API direct - route /api/ vers le backend - # Autorisations CORS dynamiques pour origines connues - set $cors_origin ""; - if ($http_origin ~* ^(http://local\.4nkweb\.com:3000|https://dev4\.4nkweb\.com)$) { - set $cors_origin $http_origin; - } - - location /api/ { - # CORS pour développement local Next.js - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Credentials; - proxy_hide_header Access-Control-Allow-Headers; - proxy_hide_header Access-Control-Allow-Methods; - - if ($request_method = OPTIONS) { - add_header Access-Control-Allow-Origin $cors_origin always; - add_header Access-Control-Allow-Credentials "true" always; - add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; - add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; - return 204; - } - - add_header Access-Control-Allow-Origin $cors_origin always; - add_header Access-Control-Allow-Credentials "true" always; - add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; - add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; - - proxy_set_header X-Request-ID $x_request_id; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host; - proxy_pass http://dev3.4nkweb.com:8080/api/; - include /etc/nginx/proxy_params; - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_send_timeout 300; - } - - # WebSocket relay (sdk_relay) - location /ws/ { - proxy_pass http://localhost:8090/; - proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key; - proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version; - proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol; - proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 86400; - } - - # API de transfert de fonds - location /api/v1/funds/ { - proxy_pass http://dev3.4nkweb.com:8080/api/v1/funds/; - include /etc/nginx/proxy_params; - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_send_timeout 300; - } - - # favicon - location = /favicon.ico { - root /home/debian/4NK_env/lecoffre_node/conf/nginx/assets; - try_files /favicon.ico =404; - } - - # blindbit - location /blindbit/ { - proxy_pass http://localhost:8000/; - include /etc/nginx/proxy_params; - } - - # signer (sdk_signer) avec support WebSocket - - # lecoffre-front - Application LeCoffre - location = /lecoffre { return 301 /lecoffre/; } - location ^~ /lecoffre/ { - # ensure no redirect here; only proxy to Next - add_header Cache-Control "no-store, no-cache, must-revalidate, max-age=0" always; - add_header Pragma "no-cache" always; - add_header Expires "-1" always; - proxy_hide_header ETag; - proxy_hide_header Last-Modified; - rewrite ^/lecoffre/(.*)$ /$1 break; - proxy_pass http://localhost:3004; - include /etc/nginx/proxy_params; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header X-Request-ID $x_request_id; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Host $host; - proxy_read_timeout 300; - proxy_send_timeout 300; - proxy_connect_timeout 300; - } - # HMR dev front - location ^~ /lecoffre-hmr/ { - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - rewrite ^/lecoffre-hmr/(.*)$ /lecoffre/$1 break; - proxy_pass http://localhost:3000; - } - - - # ihm_client (root) - DOIT être en dernier - - # Next.js assets for lecoffre-front - location ^~ /_next/ { - proxy_pass http://localhost:3004/_next/; - include /etc/nginx/proxy_params; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 300; - add_header Cache-Control "public, max-age=31536000, immutable"; - } - - location / { - proxy_pass http://localhost:3003; - include /etc/nginx/proxy_params; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 300; - } -} diff --git a/backups/20250925_072119/nginx_conf/dev4.4nkweb.com-https.conf.bak.1758553408 b/backups/20250925_072119/nginx_conf/dev4.4nkweb.com-https.conf.bak.1758553408 deleted file mode 100644 index b1cdd256..00000000 --- a/backups/20250925_072119/nginx_conf/dev4.4nkweb.com-https.conf.bak.1758553408 +++ /dev/null @@ -1,246 +0,0 @@ -# Configuration HTTPS pour dev4.4nkweb.com -server { - listen 443 ssl http2; - server_name dev4.4nkweb.com; - - # Certificats SSL - ssl_certificate /etc/letsencrypt/live/dev4.4nkweb.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/dev4.4nkweb.com/privkey.pem; - - # Configuration SSL - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; - ssl_prefer_server_ciphers off; - ssl_session_cache shared:SSL:10m; - ssl_session_timeout 10m; - - # Headers de sécurité - add_header Strict-Transport-Security "max-age=63072000" always; - add_header X-Frame-Options DENY always; - add_header X-Content-Type-Options nosniff always; - add_header X-XSS-Protection "1; mode=block" always; - - # Grafana - Interface de monitoring (DOIT être avant location /) - location /grafana/ { - proxy_pass http://localhost:3005/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # Configuration spécifique pour Grafana - proxy_set_header X-Grafana-Org-Id 1; - - # Support des WebSockets pour les live updates - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - # Timeouts - proxy_connect_timeout 60s; - proxy_send_timeout 60s; - proxy_read_timeout 60s; - - # Buffer settings - proxy_buffering off; - proxy_request_buffering off; - } - - # Loki API - API de logs (DOIT être avant location /) - location /loki/ { - proxy_pass http://localhost:3100/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # CORS pour les requêtes depuis Grafana - add_header Access-Control-Allow-Origin *; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - add_header Access-Control-Allow-Headers "Content-Type, Authorization"; - - if ($request_method = 'OPTIONS') { - return 204; - } - } - - # Page de statut des services (DOIT être avant location /) - location /status { - # Redirection vers /status/ - return 301 /status/; - } - - location /status/ { - # Serveur statique pour la page HTML - alias /var/www/lecoffre/status/; - index index.html; - try_files $uri $uri/ /status/index.html; - - # Headers de sécurité - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Désactiver le cache côté client - add_header Cache-Control "no-store, no-cache, must-revalidate, max-age=0" always; - add_header Pragma "no-cache" always; - expires -1; - - # Cache pour les assets statiques - location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ { - expires 1h; - add_header Cache-Control "public, immutable"; - } - } - - # API de statut des services (DOIT être avant location /) - location /status/api { - proxy_pass http://localhost:3006/api; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # CORS pour les requêtes AJAX - add_header Access-Control-Allow-Origin *; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - add_header Access-Control-Allow-Headers "Content-Type, Authorization"; - - # Désactiver le cache proxy/client - proxy_no_cache 1; - proxy_cache_bypass 1; - add_header Cache-Control "no-store, no-cache, must-revalidate, max-age=0" always; - add_header Pragma "no-cache" always; - - # Timeouts - proxy_connect_timeout 10s; - proxy_send_timeout 10s; - proxy_read_timeout 10s; - - if ($request_method = 'OPTIONS') { - return 204; - } - } - - # API backend - route /back/ vers /api/ du backend - location ~* ^/back/(.*)$ { - proxy_pass http://localhost:8080/api/$1; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_buffering off; - } - - # API direct - route /api/ vers le backend - # Autorisations CORS dynamiques pour origines connues - set $cors_origin ""; - if ($http_origin ~* ^(http://local\.4nkweb\.com:3000|https://dev4\.4nkweb\.com)$) { - set $cors_origin $http_origin; - } - - location /api/ { - # CORS pour développement local Next.js - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Credentials; - proxy_hide_header Access-Control-Allow-Headers; - proxy_hide_header Access-Control-Allow-Methods; - - if ($request_method = OPTIONS) { - add_header Access-Control-Allow-Origin $cors_origin always; - add_header Access-Control-Allow-Credentials "true" always; - add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; - add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; - return 204; - } - - add_header Access-Control-Allow-Origin $cors_origin always; - add_header Access-Control-Allow-Credentials "true" always; - add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; - add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; - - proxy_pass http://localhost:8080/api/; - include /etc/nginx/proxy_params; - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_send_timeout 300; - } - - # WebSocket relay (sdk_relay) - location /ws/ { - proxy_pass http://localhost:8090/; - proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key; - proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version; - proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol; - proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 86400; - } - - # API de transfert de fonds - location /api/v1/funds/ { - proxy_pass http://localhost:8080/api/v1/funds/; - include /etc/nginx/proxy_params; - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_send_timeout 300; - } - - # favicon - location = /favicon.ico { - root /home/debian/lecoffre_node/conf/nginx/assets; - try_files /favicon.ico =404; - } - - # blindbit - location /blindbit/ { - proxy_pass http://localhost:8000/; - include /etc/nginx/proxy_params; - } - - # signer (sdk_signer) avec support WebSocket - location /signer/ { - proxy_pass http://localhost:3001/; - include /etc/nginx/proxy_params; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 300; - } - - # lecoffre-front - Application LeCoffre - # Forcer le trailing slash pour éviter les redirections et erreurs 500 côté Next.js - location = /lecoffre { - return 301 /lecoffre/; - } - - location ^~ /lecoffre/ { - # Déléguer la gestion du basePath à Next.js - proxy_pass http://localhost:3004; - include /etc/nginx/proxy_params; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 300; - proxy_send_timeout 300; - proxy_connect_timeout 300; - } - - # ihm_client (root) - DOIT être en dernier - location / { - proxy_pass http://localhost:3003; - include /etc/nginx/proxy_params; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 300; - } -} \ No newline at end of file diff --git a/backups/20250925_072119/nginx_conf/dev4.4nkweb.com.conf b/backups/20250925_072119/nginx_conf/dev4.4nkweb.com.conf deleted file mode 100644 index e26ac3da..00000000 --- a/backups/20250925_072119/nginx_conf/dev4.4nkweb.com.conf +++ /dev/null @@ -1,258 +0,0 @@ -# HTTP server for ACME and redirect to HTTPS -server { - listen 80; - server_name dev4.4nkweb.com http://dev4.4nkweb.com; - - # ACME HTTP-01 challenges - location /.well-known/acme-challenge/ { - root /var/www/letsencrypt; - } - - # Redirection vers HTTPS pour toutes les autres requêtes - location / { - return 301 https://$server_name$request_uri; - } - - # API backend - route /back/ vers /api/ du backend - location ~* ^/back/(.*)$ { - proxy_pass http://localhost:8080/api/$1; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_buffering off; - } - - # API direct - route /api/ vers le backend - # Autorisations CORS dynamiques pour origines connues - set $cors_origin ""; - if ($http_origin ~* ^(http://local\.4nkweb\.com:3000|https://dev4\.4nkweb\.com)$) { - set $cors_origin $http_origin; - } - - location /api/ { - # CORS pour développement local Next.js - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Credentials; - proxy_hide_header Access-Control-Allow-Headers; - proxy_hide_header Access-Control-Allow-Methods; - - if ($request_method = OPTIONS) { - add_header Access-Control-Allow-Origin $cors_origin always; - add_header Access-Control-Allow-Credentials "true" always; - add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; - add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; - return 204; - } - - add_header Access-Control-Allow-Origin $cors_origin always; - add_header Access-Control-Allow-Credentials "true" always; - add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; - add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; - - proxy_pass http://localhost:8080/api/; - include /etc/nginx/proxy_params; - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_send_timeout 300; - } - - # Compat: certains clients appellent /apiv1 -> réécriture vers /api/v1 - location ~* ^/apiv1/(.*)$ { - # CORS pour compatibilité - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Credentials; - proxy_hide_header Access-Control-Allow-Headers; - proxy_hide_header Access-Control-Allow-Methods; - - if ($request_method = OPTIONS) { - add_header Access-Control-Allow-Origin $cors_origin always; - add_header Access-Control-Allow-Credentials "true" always; - add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; - add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; - return 204; - } - - add_header Access-Control-Allow-Origin $cors_origin always; - add_header Access-Control-Allow-Credentials "true" always; - add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; - add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; - - proxy_pass http://localhost:8080/api/v1/$1; - include /etc/nginx/proxy_params; - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_send_timeout 300; - } - - # WebSocket relay (sdk_relay) - location /ws/ { - proxy_pass http://localhost:8090/; - proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key; - proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version; - proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol; - proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_read_timeout 300; - } - - # API de transfert de fonds - location /api/v1/funds/ { - proxy_pass http://localhost:8080/api/v1/funds/; - include /etc/nginx/proxy_params; - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_send_timeout 300; - } - - # Grafana - Interface de monitoring (DOIT être avant location /) - location /grafana/ { - proxy_pass http://localhost:3005/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # Configuration spécifique pour Grafana - proxy_set_header X-Grafana-Org-Id 1; - - # Support des WebSockets pour les live updates - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - # Timeouts - proxy_connect_timeout 60s; - proxy_send_timeout 60s; - proxy_read_timeout 60s; - - # Buffer settings - proxy_buffering off; - proxy_request_buffering off; - } - - # Loki API - API de logs (DOIT être avant location /) - location /loki/ { - proxy_pass http://localhost:3100/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # CORS pour les requêtes depuis Grafana - add_header Access-Control-Allow-Origin *; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - add_header Access-Control-Allow-Headers "Content-Type, Authorization"; - - if ($request_method = 'OPTIONS') { - return 204; - } - } - - # Page de statut des services (DOIT être avant location /) - location /status { - # Redirection vers /status/ - return 301 /status/; - } - - location /status/ { - # Serveur statique pour la page HTML - alias /var/www/lecoffre/status/; - index index.html; - try_files $uri $uri/ /status/index.html; - - # Headers de sécurité - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Cache pour les assets statiques - location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ { - expires 1h; - add_header Cache-Control "public, immutable"; - } - } - - # API de statut des services (DOIT être avant location /) - location /status/api { - proxy_pass http://localhost:3006/api; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # CORS pour les requêtes AJAX - add_header Access-Control-Allow-Origin *; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - add_header Access-Control-Allow-Headers "Content-Type, Authorization"; - - # Timeouts - proxy_connect_timeout 10s; - proxy_send_timeout 10s; - proxy_read_timeout 10s; - - if ($request_method = 'OPTIONS') { - return 204; - } - } - - # ihm_client (root) - DOIT être en dernier - location / { - proxy_pass http://localhost:3003; - include /etc/nginx/proxy_params; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 300; - } - - # favicon - location = /favicon.ico { - root /home/debian/4NK_env/lecoffre_node/conf/nginx/assets; - try_files /favicon.ico =404; - access_log off; - expires 30d; - } - - # lecoffre frontend - location = /lecoffre { - proxy_pass http://127.0.0.2:3004/lecoffre; - include /etc/nginx/proxy_params; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto http; - } - - location /lecoffre/ { - proxy_pass http://127.0.0.2:3004/lecoffre/; - include /etc/nginx/proxy_params; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto http; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 300; - } - - # Next.js assets - location /_next/ { - proxy_pass http://127.0.0.2:3004/_next/; - include /etc/nginx/proxy_params; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto http; - } - - # blindbit - location /blindbit/ { - proxy_pass http://localhost:8000/; - include /etc/nginx/proxy_params; - } - -} diff --git a/backups/20250925_072119/nginx_conf/grafana.conf b/backups/20250925_072119/nginx_conf/grafana.conf deleted file mode 100644 index c3753bba..00000000 --- a/backups/20250925_072119/nginx_conf/grafana.conf +++ /dev/null @@ -1,49 +0,0 @@ -# Configuration Nginx pour Grafana -server { - listen 80; - server_name dev4.4nkweb.com; - - # Proxy pour Grafana - location /grafana/ { - proxy_pass http://127.0.0.1:3005/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # Configuration spécifique pour Grafana - proxy_set_header X-Grafana-Org-Id 1; - - # Support des WebSockets pour les live updates - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - # Timeouts - proxy_connect_timeout 60s; - proxy_send_timeout 60s; - proxy_read_timeout 60s; - - # Buffer settings - proxy_buffering off; - proxy_request_buffering off; - } - - # Proxy pour Loki (API) - location /loki/ { - proxy_pass http://127.0.0.1:3100/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # CORS pour les requêtes depuis Grafana - add_header Access-Control-Allow-Origin *; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - add_header Access-Control-Allow-Headers "Content-Type, Authorization"; - - if ($request_method = 'OPTIONS') { - return 204; - } - } -} diff --git a/backups/20250925_072119/nginx_conf/logging.conf b/backups/20250925_072119/nginx_conf/logging.conf deleted file mode 100644 index a993765f..00000000 --- a/backups/20250925_072119/nginx_conf/logging.conf +++ /dev/null @@ -1,39 +0,0 @@ -# Logging configuration for lecoffre front - -log_format lecoffre_json escape=json - '{' - '"time":"$time_iso8601",' - '"request_id":"$request_id",' - '"remote_addr":"$remote_addr",' - '"host":"$host",' - '"method":"$request_method",' - '"uri":"$uri",' - '"args":"$args",' - '"status":$status,' - '"bytes":$body_bytes_sent,' - '"referer":"$http_referer",' - '"user_agent":"$http_user_agent",' - '"request_time":$request_time,' - '"upstream_addr":"$upstream_addr",' - '"upstream_status":"$upstream_status",' - '"upstream_connect_time":"$upstream_connect_time",' - '"upstream_header_time":"$upstream_header_time",' - '"upstream_response_time":"$upstream_response_time",' - '"x_forwarded_for":"$http_x_forwarded_for"' - '}'; - -# Default access and error logs for the front site -access_log /var/log/nginx/lecoffre_front_access.log lecoffre_json; -error_log /var/log/nginx/lecoffre_front_error.log warn; - -# Map incoming X-Request-ID or generate one -map $http_x_request_id $x_request_id { - default $http_x_request_id; - "" $request_id; -} - -# These headers should be set in each proxy location of the vhost -# proxy_set_header X-Request-ID $x_request_id; -# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -# proxy_set_header X-Forwarded-Proto $scheme; -# proxy_set_header X-Forwarded-Host $host; diff --git a/backups/20250925_072119/nginx_conf/nginx.conf b/backups/20250925_072119/nginx_conf/nginx.conf deleted file mode 100644 index 726a64b1..00000000 --- a/backups/20250925_072119/nginx_conf/nginx.conf +++ /dev/null @@ -1,470 +0,0 @@ -user www-data; -worker_processes auto; -pid /app/nginx.pid; -include /etc/nginx/modules-enabled/*.conf; - -events { - worker_connections 1024; - use epoll; - multi_accept on; -} - -http { - # Configuration de base - sendfile on; - tcp_nopush on; - tcp_nodelay on; - keepalive_timeout 65; - types_hash_max_size 2048; - server_tokens off; - - # MIME types - include /etc/nginx/mime.types; - default_type application/octet-stream; - - # Logging - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /app/logs/nginx/access.log main; - error_log /app/logs/nginx/error.log warn; - - # Gzip compression - gzip on; - gzip_vary on; - gzip_proxied any; - gzip_comp_level 6; - gzip_types - text/plain - text/css - text/xml - text/javascript - application/json - application/javascript - application/xml+rss - application/atom+xml - image/svg+xml; - - # Rate limiting - limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s; - limit_req_zone $binary_remote_addr zone=login:10m rate=1r/s; - - # Upstream servers - - upstream lecoffre_frontend { - server localhost:3004; - keepalive 32; - } - - upstream ihm_client { - server localhost:3003; - keepalive 32; - } - - upstream grafana { - server localhost:3005; - keepalive 32; - } - - upstream loki { - server localhost:3100; - keepalive 32; - } - - upstream status_api { - server localhost:3006; - keepalive 32; - } - - upstream sdk_relay { - server localhost:8090; - keepalive 32; - } - - upstream blindbit { - server localhost:8000; - keepalive 32; - } - - # Serveur principal HTTP (port 80) - server { - listen 80 default_server; - listen [::]:80 default_server; - server_name _; - - # Redirection automatique vers HTTPS si disponible - return 301 https://$host$request_uri; - } - - # Serveur HTTPS (port 443) - server { - listen 443 ssl http2 default_server; - listen [::]:443 ssl http2 default_server; - server_name _; - - # Certificats SSL (auto-signés pour le développement) - ssl_certificate /app/ssl/nginx-selfsigned.crt; - ssl_certificate_key /app/ssl/nginx-selfsigned.key; - - # Configuration SSL - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; - ssl_prefer_server_ciphers off; - ssl_session_cache shared:SSL:10m; - ssl_session_timeout 10m; - - # Headers de sécurité - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-XSS-Protection "1; mode=block" always; - add_header Referrer-Policy "strict-origin-when-cross-origin" always; - - # Page de statut des services - location /status/ { - alias /var/www/lecoffre/status/; - index index.html; - try_files $uri $uri/ /status/index.html; - - location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ { - expires 1h; - add_header Cache-Control "public, immutable"; - } - } - - # API de statut des services - location /status/api { - limit_req zone=api burst=20 nodelay; - proxy_pass http://status_api/api; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # CORS - add_header Access-Control-Allow-Origin *; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - add_header Access-Control-Allow-Headers "Content-Type, Authorization"; - - if ($request_method = 'OPTIONS') { - return 204; - } - } - - # Grafana - Interface de monitoring - location /grafana/ { - proxy_pass http://grafana/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Grafana-Org-Id 1; - - # WebSocket support - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - proxy_connect_timeout 60s; - proxy_send_timeout 60s; - proxy_read_timeout 60s; - proxy_buffering off; - proxy_request_buffering off; - } - - # Loki API - API de logs - location /loki/ { - limit_req zone=api burst=10 nodelay; - proxy_pass http://loki/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # CORS pour Grafana - add_header Access-Control-Allow-Origin *; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - add_header Access-Control-Allow-Headers "Content-Type, Authorization"; - - if ($request_method = 'OPTIONS') { - return 204; - } - } - - # API backend - routes /back/ vers /api/ - location ~* ^/back/(.*)$ { - limit_req zone=api burst=20 nodelay; - proxy_pass http://lecoffre_backend/api/$1; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_buffering off; - } - - # API direct - routes /api/ - location /api/ { - limit_req zone=api burst=20 nodelay; - - # CORS dynamique - set $cors_origin ""; - if ($http_origin ~* ^(http://localhost:3000|http://local\.4nkweb\.com:3000|https://dev4\.4nkweb\.com)$) { - set $cors_origin $http_origin; - } - - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Credentials; - proxy_hide_header Access-Control-Allow-Headers; - proxy_hide_header Access-Control-Allow-Methods; - - if ($request_method = OPTIONS) { - add_header Access-Control-Allow-Origin $cors_origin always; - add_header Access-Control-Allow-Credentials "true" always; - add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; - add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; - return 204; - } - - add_header Access-Control-Allow-Origin $cors_origin always; - add_header Access-Control-Allow-Credentials "true" always; - add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; - add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; - - proxy_pass http://lecoffre_backend/api/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_send_timeout 300; - } - - # WebSocket relay (sdk_relay) - location /ws/ { - proxy_pass http://sdk_relay/; - proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key; - proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version; - proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol; - proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 86400; - } - - # API de transfert de fonds - location /api/v1/funds/ { - limit_req zone=api burst=5 nodelay; - proxy_pass http://lecoffre_backend/api/v1/funds/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_send_timeout 300; - } - - # favicon - location = /favicon.ico { - root /var/www/lecoffre/assets; - try_files /favicon.ico =404; - } - - # blindbit - location /blindbit/ { - proxy_pass http://blindbit/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } - - # LeCoffre Front - Application principale - # Redirige /lecoffre -> /lecoffre/ - location = /lecoffre { - return 301 /lecoffre/; - } - location /lecoffre/ { - proxy_pass http://lecoffre_frontend/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 300; - - # Configuration spécifique pour Next.js - proxy_buffering off; - proxy_request_buffering off; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - } - - # ihm_client (root) - DOIT être en dernier - location / { - proxy_pass http://ihm_client; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 300; - } - } - # API de statut des services - location /status/api { - limit_req zone=api burst=20 nodelay; - proxy_pass http://status_api/api; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # CORS - add_header Access-Control-Allow-Origin *; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - add_header Access-Control-Allow-Headers "Content-Type, Authorization"; - - if ($request_method = 'OPTIONS') { - return 204; - } - } - - # Grafana - Interface de monitoring - location /grafana/ { - proxy_pass http://grafana/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Grafana-Org-Id 1; - - # WebSocket support - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - proxy_connect_timeout 60s; - proxy_send_timeout 60s; - proxy_read_timeout 60s; - proxy_buffering off; - proxy_request_buffering off; - } - - # API backend - routes /back/ vers /api/ - location ~* ^/back/(.*)$ { - limit_req zone=api burst=20 nodelay; - proxy_pass http://lecoffre_backend/api/$1; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_buffering off; - } - - # API direct - routes /api/ - location /api/ { - limit_req zone=api burst=20 nodelay; - - # CORS dynamique pour développement local - set $cors_origin ""; - if ($http_origin ~* ^(http://local\.4nkweb\.com:3000|http://localhost:3000|https://dev4\.4nkweb\.com)$) { - set $cors_origin $http_origin; - } - - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Credentials; - proxy_hide_header Access-Control-Allow-Headers; - proxy_hide_header Access-Control-Allow-Methods; - - if ($request_method = OPTIONS) { - add_header Access-Control-Allow-Origin $cors_origin always; - add_header Access-Control-Allow-Credentials "true" always; - add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; - add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; - return 204; - } - - add_header Access-Control-Allow-Origin $cors_origin always; - add_header Access-Control-Allow-Credentials "true" always; - add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; - add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; - - proxy_pass http://lecoffre_backend/api/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_send_timeout 300; - } - - # WebSocket relay (sdk_relay) - location /ws/ { - proxy_pass http://sdk_relay/; - proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key; - proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version; - proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol; - proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 86400; - } - - # LeCoffre Front - Application principale - # Redirige /lecoffre -> /lecoffre/ - location = /lecoffre { - return 301 /lecoffre/; - } - location /lecoffre/ { - proxy_pass http://lecoffre_frontend/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 300; - - # Configuration spécifique pour Next.js - proxy_buffering off; - proxy_request_buffering off; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - } - - # ihm_client (root) - DOIT être en dernier - location / { - proxy_pass http://ihm_client; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 300; - } - } -} diff --git a/backups/20250925_072119/nginx_http_flows.txt b/backups/20250925_072119/nginx_http_flows.txt deleted file mode 100644 index 129011ed..00000000 --- a/backups/20250925_072119/nginx_http_flows.txt +++ /dev/null @@ -1,44 +0,0 @@ -136: location /api/ { -137: # CORS pour développement local Next.js -138: proxy_hide_header Access-Control-Allow-Origin; -139: proxy_hide_header Access-Control-Allow-Credentials; -140: proxy_hide_header Access-Control-Allow-Headers; -141: proxy_hide_header Access-Control-Allow-Methods; -142: -143: if ($request_method = OPTIONS) { -144: add_header Access-Control-Allow-Origin $cors_origin always; -145: add_header Access-Control-Allow-Credentials "true" always; -146: add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; -147: add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; -148: return 204; -149: } -185: location /api/v1/funds/ { -186: proxy_pass http://dev3.4nkweb.com:8080/api/v1/funds/; -187: include /etc/nginx/proxy_params; -188: proxy_read_timeout 300; -189: proxy_connect_timeout 300; -190: proxy_send_timeout 300; -191: } -136: location /api/ { -137: # CORS pour développement local Next.js -138: proxy_hide_header Access-Control-Allow-Origin; -139: proxy_hide_header Access-Control-Allow-Credentials; -140: proxy_hide_header Access-Control-Allow-Headers; -141: proxy_hide_header Access-Control-Allow-Methods; -142: -143: if ($request_method = OPTIONS) { -144: add_header Access-Control-Allow-Origin $cors_origin always; -145: add_header Access-Control-Allow-Credentials "true" always; -146: add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; -147: add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; -148: return 204; -149: } -150: -151: add_header Access-Control-Allow-Origin $cors_origin always; -152: add_header Access-Control-Allow-Credentials "true" always; -153: add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; -154: add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; -155: -156: proxy_set_header X-Request-ID $x_request_id; -157: proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -158: proxy_set_header X-Forwarded-Proto $scheme; diff --git a/backups/20250925_072119/ports_open.txt b/backups/20250925_072119/ports_open.txt deleted file mode 100644 index cd4a14f0..00000000 --- a/backups/20250925_072119/ports_open.txt +++ /dev/null @@ -1,27 +0,0 @@ -Netid State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess -udp UNCONN 0 0 127.0.0.54:53 0.0.0.0:* -udp UNCONN 0 0 127.0.0.53%lo:53 0.0.0.0:* -udp UNCONN 0 0 92.243.24.12%enX0:68 0.0.0.0:* -udp UNCONN 0 0 0.0.0.0:5355 0.0.0.0:* -udp UNCONN 0 0 [::]:5355 [::]:* -tcp LISTEN 0 4096 0.0.0.0:3001 0.0.0.0:* -tcp LISTEN 0 511 0.0.0.0:3000 0.0.0.0:* users:(("next-server (v1",pid=2772198,fd=25)) -tcp LISTEN 0 4096 0.0.0.0:3003 0.0.0.0:* -tcp LISTEN 0 4096 0.0.0.0:3005 0.0.0.0:* -tcp LISTEN 0 4096 0.0.0.0:3004 0.0.0.0:* -tcp LISTEN 0 4096 0.0.0.0:3006 0.0.0.0:* -tcp LISTEN 0 4096 0.0.0.0:8081 0.0.0.0:* -tcp LISTEN 0 4096 127.0.0.54:53 0.0.0.0:* -tcp LISTEN 0 4096 0.0.0.0:8000 0.0.0.0:* -tcp LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:* -tcp LISTEN 0 4096 0.0.0.0:3100 0.0.0.0:* -tcp LISTEN 0 511 127.0.0.1:43709 0.0.0.0:* users:(("node",pid=2771446,fd=19)) -tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* -tcp LISTEN 0 511 0.0.0.0:80 0.0.0.0:* -tcp LISTEN 0 511 0.0.0.0:443 0.0.0.0:* -tcp LISTEN 0 20 127.0.0.1:25 0.0.0.0:* -tcp LISTEN 0 511 127.0.0.1:45431 0.0.0.0:* users:(("node",pid=2771409,fd=19)) -tcp LISTEN 0 4096 0.0.0.0:5355 0.0.0.0:* -tcp LISTEN 0 128 [::]:22 [::]:* -tcp LISTEN 0 4096 [::]:5355 [::]:* -tcp LISTEN 0 20 [::1]:25 [::]:* diff --git a/backups/LAST_BACKUP b/backups/LAST_BACKUP deleted file mode 100644 index b316e998..00000000 --- a/backups/LAST_BACKUP +++ /dev/null @@ -1 +0,0 @@ -20250925_072119 diff --git a/backups/front_20250923_060340/VariablesFront.ts b/backups/front_20250923_060340/VariablesFront.ts deleted file mode 100644 index 2038a65a..00000000 --- a/backups/front_20250923_060340/VariablesFront.ts +++ /dev/null @@ -1,48 +0,0 @@ -export class FrontendVariables { - private static instance: FrontendVariables; - - public BACK_API_PROTOCOL!: string; - - public BACK_API_HOST!: string; - - public BACK_API_PORT!: string; - - public BACK_API_ROOT_URL!: string; - - public BACK_API_VERSION!: string; - - public FRONT_APP_HOST!: string; - - public IDNOT_BASE_URL!: string; - - public IDNOT_AUTHORIZE_ENDPOINT!: string; - - public IDNOT_CLIENT_ID!: string; - - public IDNOT_REDIRECT_URI?: string; - - public DOCAPOST_API_URL!: string; - - public KEY_DATA!: string; - - public FC_AUTHORIZE_ENDPOINT!: string; - - public FC_CLIENT_ID!: string; - - public HOTJAR_SITE_ID!: number; - - public HOTJAR_VERSION!: number; - - public _4NK_URL!: string; - - public API_URL!: string; - - private constructor() {} - - public static getInstance(): FrontendVariables { - if (!this.instance) { - this.instance = new this(); - } - return this.instance; - } -} diff --git a/backups/front_20250923_060340/authorized-client.tsx b/backups/front_20250923_060340/authorized-client.tsx deleted file mode 100644 index 2536da16..00000000 --- a/backups/front_20250923_060340/authorized-client.tsx +++ /dev/null @@ -1,24 +0,0 @@ -import LoginCallBack from "@Front/Components/Layouts/LoginCallback"; -import { useEffect } from "react"; - -export default function Route() { - useEffect(() => { - if (typeof window !== "undefined") { - const origin = window.location.origin; - const search = window.location.search || ""; - // Forcer HTTPS et domaine dev4 après retour ID.not - if (!origin.startsWith("https://dev4.4nkweb.com")) { - const target = `https://dev4.4nkweb.com/lecoffre/authorized-client${search}`; - window.location.replace(target); - return; - } - if (origin.startsWith("http://dev3.4nkweb.com")) { - const search = window.location.search || ""; - const target = `https://dev4.4nkweb.com/lecoffre/authorized-client${search}`; - window.location.replace(target); - } - } - }, []); - - return ; -} diff --git a/backups/front_20250923_060340/index.tsx b/backups/front_20250923_060340/index.tsx deleted file mode 100644 index e43565cd..00000000 --- a/backups/front_20250923_060340/index.tsx +++ /dev/null @@ -1,239 +0,0 @@ -import React, { useCallback, useEffect, useState } from "react"; -import classes from "./classes.module.scss"; -import Typography, { ETypo, ETypoColor } from "@Front/Components/DesignSystem/Typography"; -//import Image from "next/image"; -import Form from "@Front/Components/DesignSystem/Form"; -import TextField from "@Front/Components/DesignSystem/Form/TextField"; -import Button from "@Front/Components/DesignSystem/Button"; -//import franceConnectLogo from "../france-connect.svg"; -// import { useRouter } from "next/router"; -// import Customers from "@Front/Api/Auth/Id360/Customers/Customers"; -import { ValidationError } from "class-validator"; -import Image from "next/image"; -import LogoSmallBlue from "@Assets/logo_small_blue.svg"; - -import idNoteLogo from "@Assets/Icons/id-note-logo.svg"; -import { useRouter } from "next/router"; -import { FrontendVariables } from "@Front/Config/VariablesFront"; -import Confirm from "@Front/Components/DesignSystem/OldModal/Confirm"; - -type IProps = { - onSubmit: (e: React.FormEvent | null, values: { [key: string]: string }) => void; - validationErrors: ValidationError[]; -}; - -export default function StepEmail(props: IProps) { - const { onSubmit, validationErrors } = props; - const [isErrorModalOpen, setIsErrorModalOpen] = useState(0); - - // Forcer HTTPS dès le début pour éviter le contexte de sécurité mixte - useEffect(() => { - if (typeof window !== "undefined" && window.location.protocol === "http:") { - const target = `https://dev4.4nkweb.com/lecoffre${window.location.pathname}${window.location.search}`; - window.location.replace(target); - } - }, []); - - /* const router = useRouter(); - const redirectCustomerOnConnection = useCallback(() => { - async function getCustomer() { - try { - const loginRes = await Customers.getInstance().login(); - router.push(loginRes.enrollment.franceConnectUrl); - } catch (e) { - console.error(e); - } - } - getCustomer(); - }, [router]); */ - - const router = useRouter(); - const error = router.query["error"]; - const redirectUserOnConnection = useCallback(() => { - const variables = FrontendVariables.getInstance(); - let redirectUri = variables.IDNOT_REDIRECT_URI || ""; - if (!redirectUri) { - console.warn("[IDNOT] NEXT_PUBLIC_IDNOT_REDIRECT_URI vide; fallback sur FRONT_APP_HOST/authorized-client"); - redirectUri = `${variables.FRONT_APP_HOST}/authorized-client`; - } - const authorizeBase = `${variables.IDNOT_BASE_URL}${variables.IDNOT_AUTHORIZE_ENDPOINT}`; - router.push( - `${authorizeBase}?client_id=${variables.IDNOT_CLIENT_ID}&redirect_uri=${encodeURIComponent(redirectUri)}&scope=openid,profile&response_type=code`, - ); - }, [router]); - - const openErrorModal = useCallback((index: number) => { - setIsErrorModalOpen(index); - }, []); - - const closeErrorModal = useCallback(() => { - setIsErrorModalOpen(0); - }, []); - - const closeNoEmailModal = useCallback(() => { - setIsErrorModalOpen(0); - router.push("https://connexion.idnot.fr/"); - }, [router]); - - // const closeContactAdminModal = () => { - // setIsErrorModalOpen(0); - // window.open("https://www.lecoffre.io/contact", "_blank"); - // }; - - useEffect(() => { - openErrorModal(parseInt(error as string)); - }, [error, openErrorModal]); - - return ( -
-
- Logo small blue - - Bienvenue ! - - Connectez-vous pour accéder à votre espace sécurisé. -
-
-
- - Pour les notaires et les collaborateurs : - - -
-
- - Pour les clients : - -
- { - err.property === "email")} - /> - } - - -
-
- -
- - Une erreur est survenue lors de la connexion. Veuillez réessayer ou contacter le support si le problème persiste. - - - - Contactez le support - - -
- - -
- - Veuillez vous reconnecter. - -
- - -
- - Votre e-mail professionnel n'est pas renseigné sur votre compte ID.Not. Merci de l'ajouter pour accéder à ce - service. Pour toute question, contactez-nous à support@lecoffre.io. - - - - Contactez le support - - -
- - -
- - Notre partenaire ID.Not rencontre actuellement un problème technique. Nous vous tiendrons informé de l'évolution. - Pour toute question, contactez-nous à support@lecoffre.io. - - - - Contactez le support - - -
- - {/* -
- - L'accès à la version bêta de lecoffre.io est limité à un groupe restreint d'utilisateurs autorisés. - -
    -
  • - - Si vous êtes intéressé par la participation à notre programme de bêta-test, veuillez nous compléter le - formulaire :{" "} - - https://www.lecoffre.io/contact - - -
    • -
    -
  • - - Si vous avez déjà un compte bêta-testeur, veuillez vous connecter sur{" "} - - https://compte.idnot.fr/home - {" "} - et vérifier que l'adresse mail renseignée sur votre espace est identique à celle que vous nous avez - communiquée. - -
    • -
-
- */} -
- ); -} diff --git a/backups/front_20250923_060340/next.config.js b/backups/front_20250923_060340/next.config.js deleted file mode 100644 index a0616746..00000000 --- a/backups/front_20250923_060340/next.config.js +++ /dev/null @@ -1,83 +0,0 @@ -/** @type {import('next').NextConfig} */ - -const nextConfig = { - reactStrictMode: false, - output: 'standalone', - basePath: '/lecoffre', - typescript: { - ignoreBuildErrors: true, - }, - publicRuntimeConfig: { - // Will be available on both server and client - NEXT_PUBLIC_BACK_API_PROTOCOL: process.env.NEXT_PUBLIC_BACK_API_PROTOCOL, - NEXT_PUBLIC_BACK_API_HOST: process.env.NEXT_PUBLIC_BACK_API_HOST, - NEXT_PUBLIC_BACK_API_PORT: process.env.NEXT_PUBLIC_BACK_API_PORT, - NEXT_PUBLIC_BACK_API_ROOT_URL: process.env.NEXT_PUBLIC_BACK_API_ROOT_URL, - NEXT_PUBLIC_BACK_API_VERSION: process.env.NEXT_PUBLIC_BACK_API_VERSION, - NEXT_PUBLIC_FRONT_APP_HOST: process.env.NEXT_PUBLIC_FRONT_APP_HOST, - NEXT_PUBLIC_FRONT_APP_PORT: process.env.NEXT_PUBLIC_FRONT_APP_PORT, - NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT: process.env.NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT, - NEXT_PUBLIC_IDNOT_CLIENT_ID: process.env.NEXT_PUBLIC_IDNOT_CLIENT_ID, - NEXT_PUBLIC_IDNOT_BASE_URL: process.env.NEXT_PUBLIC_IDNOT_BASE_URL, - NEXT_PUBLIC_IDNOT_REDIRECT_URI: process.env.NEXT_PUBLIC_IDNOT_REDIRECT_URI, - NEXT_PUBLIC_DOCAPOSTE_API_URL: process.env.NEXT_PUBLIC_DOCAPOSTE_API_URL, - NEXT_PUBLIC_4NK_URL: process.env.NEXT_PUBLIC_4NK_URL, - NEXT_PUBLIC_4NK_IFRAME_URL: process.env.NEXT_PUBLIC_4NK_IFRAME_URL, - NEXT_PUBLIC_API_URL: process.env.NEXT_PUBLIC_API_URL, - NEXT_PUBLIC_DEFAULT_VALIDATOR_ID: process.env.NEXT_PUBLIC_DEFAULT_VALIDATOR_ID, - NEXT_PUBLIC_DEFAULT_STORAGE_URLS: process.env.NEXT_PUBLIC_DEFAULT_STORAGE_URLS, - }, - - serverRuntimeConfig: { - NEXT_PUBLIC_BACK_API_PROTOCOL: process.env.NEXT_PUBLIC_BACK_API_PROTOCOL, - NEXT_PUBLIC_BACK_API_HOST: process.env.NEXT_PUBLIC_BACK_API_HOST, - NEXT_PUBLIC_BACK_API_PORT: process.env.NEXT_PUBLIC_BACK_API_PORT, - NEXT_PUBLIC_BACK_API_ROOT_URL: process.env.NEXT_PUBLIC_BACK_API_ROOT_URL, - NEXT_PUBLIC_BACK_API_VERSION: process.env.NEXT_PUBLIC_BACK_API_VERSION, - NEXT_PUBLIC_FRONT_APP_HOST: process.env.NEXT_PUBLIC_FRONT_APP_HOST, - NEXT_PUBLIC_FRONT_APP_PORT: process.env.NEXT_PUBLIC_FRONT_APP_PORT, - NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT: process.env.NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT, - NEXT_PUBLIC_IDNOT_CLIENT_ID: process.env.NEXT_PUBLIC_IDNOT_CLIENT_ID, - NEXT_PUBLIC_IDNOT_BASE_URL: process.env.NEXT_PUBLIC_IDNOT_BASE_URL, - NEXT_PUBLIC_IDNOT_REDIRECT_URI: process.env.NEXT_PUBLIC_IDNOT_REDIRECT_URI, - NEXT_PUBLIC_DOCAPOSTE_API_URL: process.env.NEXT_PUBLIC_DOCAPOSTE_API_URL, - NEXT_PUBLIC_4NK_URL: process.env.NEXT_PUBLIC_4NK_URL, - NEXT_PUBLIC_4NK_IFRAME_URL: process.env.NEXT_PUBLIC_4NK_IFRAME_URL, - NEXT_PUBLIC_API_URL: process.env.NEXT_PUBLIC_API_URL, - NEXT_PUBLIC_DEFAULT_VALIDATOR_ID: process.env.NEXT_PUBLIC_DEFAULT_VALIDATOR_ID, - NEXT_PUBLIC_DEFAULT_STORAGE_URLS: process.env.NEXT_PUBLIC_DEFAULT_STORAGE_URLS, - }, - - env: { - NEXT_PUBLIC_BACK_API_PROTOCOL: process.env.NEXT_PUBLIC_BACK_API_PROTOCOL, - NEXT_PUBLIC_BACK_API_HOST: process.env.NEXT_PUBLIC_BACK_API_HOST, - NEXT_PUBLIC_BACK_API_PORT: process.env.NEXT_PUBLIC_BACK_API_PORT, - NEXT_PUBLIC_BACK_API_ROOT_URL: process.env.NEXT_PUBLIC_BACK_API_ROOT_URL, - NEXT_PUBLIC_BACK_API_VERSION: process.env.NEXT_PUBLIC_BACK_API_VERSION, - NEXT_PUBLIC_FRONT_APP_HOST: process.env.NEXT_PUBLIC_FRONT_APP_HOST, - NEXT_PUBLIC_FRONT_APP_PORT: process.env.NEXT_PUBLIC_FRONT_APP_PORT, - NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT: process.env.NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT, - NEXT_PUBLIC_IDNOT_CLIENT_ID: process.env.NEXT_PUBLIC_IDNOT_CLIENT_ID, - NEXT_PUBLIC_IDNOT_BASE_URL: process.env.NEXT_PUBLIC_IDNOT_BASE_URL, - NEXT_PUBLIC_IDNOT_REDIRECT_URI: process.env.NEXT_PUBLIC_IDNOT_REDIRECT_URI, - NEXT_PUBLIC_DOCAPOSTE_API_URL: process.env.NEXT_PUBLIC_DOCAPOSTE_API_URL, - NEXT_PUBLIC_4NK_URL: process.env.NEXT_PUBLIC_4NK_URL, - NEXT_PUBLIC_4NK_IFRAME_URL: process.env.NEXT_PUBLIC_4NK_IFRAME_URL, - NEXT_PUBLIC_API_URL: process.env.NEXT_PUBLIC_API_URL, - NEXT_PUBLIC_DEFAULT_VALIDATOR_ID: process.env.NEXT_PUBLIC_DEFAULT_VALIDATOR_ID, - NEXT_PUBLIC_DEFAULT_STORAGE_URLS: process.env.NEXT_PUBLIC_DEFAULT_STORAGE_URLS, - }, - - // webpack: config => { - // config.node = { - // fs: 'empty', - // child_process: 'empty', - // net: 'empty', - // dns: 'empty', - // tls: 'empty', - // }; - // return config; - // }, -}; - -module.exports = nextConfig; diff --git a/backups/latest b/backups/latest deleted file mode 120000 index 34d28147..00000000 --- a/backups/latest +++ /dev/null @@ -1 +0,0 @@ -20250925_072119 \ No newline at end of file diff --git a/backups/nginx/dev4.4nkweb.com-http.conf b/backups/nginx/dev4.4nkweb.com-http.conf deleted file mode 100644 index 804d8a0d..00000000 --- a/backups/nginx/dev4.4nkweb.com-http.conf +++ /dev/null @@ -1,15 +0,0 @@ -# HTTP server for ACME and redirect to HTTPS -server { - listen 80; - server_name dev4.4nkweb.com; - - # ACME HTTP-01 challenges - location /.well-known/acme-challenge/ { - root /var/www/letsencrypt; - } - - # Redirection vers HTTPS pour toutes les autres requêtes - location / { - return 301 https://$server_name$request_uri; - } -} diff --git a/backups/nginx/dev4.4nkweb.com-https.conf b/backups/nginx/dev4.4nkweb.com-https.conf deleted file mode 100755 index 8417f1e7..00000000 --- a/backups/nginx/dev4.4nkweb.com-https.conf +++ /dev/null @@ -1,221 +0,0 @@ -# Configuration HTTPS pour dev4.4nkweb.com -server { - listen 443 ssl http2; - server_name dev4.4nkweb.com; - - # Certificats SSL - ssl_certificate /etc/letsencrypt/live/dev4.4nkweb.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/dev4.4nkweb.com/privkey.pem; - - # Configuration SSL - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; - ssl_prefer_server_ciphers off; - ssl_session_cache shared:SSL:10m; - ssl_session_timeout 10m; - - # Headers de sécurité - add_header Strict-Transport-Security "max-age=63072000" always; - add_header X-Frame-Options DENY always; - add_header X-Content-Type-Options nosniff always; - add_header X-XSS-Protection "1; mode=block" always; - - # Grafana - Interface de monitoring (DOIT être avant location /) - location /grafana/ { - proxy_pass http://localhost:3005/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # Configuration spécifique pour Grafana - proxy_set_header X-Grafana-Org-Id 1; - - # Support des WebSockets pour les live updates - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - # Timeouts - proxy_connect_timeout 60s; - proxy_send_timeout 60s; - proxy_read_timeout 60s; - - # Buffer settings - proxy_buffering off; - proxy_request_buffering off; - } - - # Loki API - API de logs (DOIT être avant location /) - location /loki/ { - proxy_pass http://localhost:3100/; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # CORS pour les requêtes depuis Grafana - add_header Access-Control-Allow-Origin *; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - add_header Access-Control-Allow-Headers "Content-Type, Authorization"; - - if ($request_method = 'OPTIONS') { - return 204; - } - } - - # Page de statut des services (DOIT être avant location /) - location /status { - # Redirection vers /status/ - return 301 /status/; - } - - location /status/ { - # Serveur statique pour la page HTML - alias /var/www/lecoffre/status/; - index index.html; - try_files $uri $uri/ /status/index.html; - - # Headers de sécurité - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Cache pour les assets statiques - location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ { - expires 1h; - add_header Cache-Control "public, immutable"; - } - } - - # API de statut des services (DOIT être avant location /) - location /status/api { - proxy_pass http://localhost:3006/api; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # CORS pour les requêtes AJAX - add_header Access-Control-Allow-Origin *; - add_header Access-Control-Allow-Methods "GET, POST, OPTIONS"; - add_header Access-Control-Allow-Headers "Content-Type, Authorization"; - - # Timeouts - proxy_connect_timeout 10s; - proxy_send_timeout 10s; - proxy_read_timeout 10s; - - if ($request_method = 'OPTIONS') { - return 204; - } - } - - # API backend - route /back/ vers /api/ du backend - location ~* ^/back/(.*)$ { - proxy_pass http://localhost:8080/api/$1; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_buffering off; - } - - # API direct - route /api/ vers le backend - # Autorisations CORS dynamiques pour origines connues - set $cors_origin ""; - if ($http_origin ~* ^(http://local\.4nkweb\.com:3000|https://dev4\.4nkweb\.com)$) { - set $cors_origin $http_origin; - } - - location /api/ { - # CORS pour développement local Next.js - proxy_hide_header Access-Control-Allow-Origin; - proxy_hide_header Access-Control-Allow-Credentials; - proxy_hide_header Access-Control-Allow-Headers; - proxy_hide_header Access-Control-Allow-Methods; - - if ($request_method = OPTIONS) { - add_header Access-Control-Allow-Origin $cors_origin always; - add_header Access-Control-Allow-Credentials "true" always; - add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; - add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; - return 204; - } - - add_header Access-Control-Allow-Origin $cors_origin always; - add_header Access-Control-Allow-Credentials "true" always; - add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; - add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; - - proxy_pass http://dev3.4nkweb.com:8080/api/; - include /etc/nginx/proxy_params; - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_send_timeout 300; - } - - # WebSocket relay (sdk_relay) - location /ws/ { - proxy_pass http://localhost:8090/; - proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key; - proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version; - proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol; - proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 86400; - } - - # API de transfert de fonds - location /api/v1/funds/ { - proxy_pass http://dev3.4nkweb.com:8080/api/v1/funds/; - include /etc/nginx/proxy_params; - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_send_timeout 300; - } - - # favicon - location = /favicon.ico { - root /home/debian/lecoffre_node/conf/nginx/assets; - try_files /favicon.ico =404; - } - - # blindbit - location /blindbit/ { - proxy_pass http://localhost:8000/; - include /etc/nginx/proxy_params; - } - - # signer (sdk_signer) avec support WebSocket - - # lecoffre-front - Application LeCoffre - location /lecoffre { - proxy_pass http://localhost:3004; - include /etc/nginx/proxy_params; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 300; - proxy_send_timeout 300; - proxy_connect_timeout 300; - } - - # ihm_client (root) - DOIT être en dernier - location / { - proxy_pass http://localhost:3003; - include /etc/nginx/proxy_params; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_read_timeout 300; - } -} \ No newline at end of file diff --git a/backups/nginx/local.4nkweb.com-3000.conf b/backups/nginx/local.4nkweb.com-3000.conf deleted file mode 100644 index a4ea5113..00000000 --- a/backups/nginx/local.4nkweb.com-3000.conf +++ /dev/null @@ -1,64 +0,0 @@ -server { - listen 0.0.0.0:3000; - listen [::]:3000; - server_name local.4nkweb.com; - - # HTTP pur: pas de HTTPS ni HSTS - - # Favicon - location = /favicon.ico { - root /home/debian/lecoffre_node/conf/nginx/assets; - } - - # Compat: callback ID.not sans basePath (toutes variantes et querystring) - location /authorized-client { - proxy_pass http://127.0.0.2:3004/lecoffre/authorized-client; - include /etc/nginx/proxy_params; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto http; - proxy_set_header X-Forwarded-Prefix /lecoffre; - proxy_read_timeout 300; - } - - # Entrée sans slash - location = /lecoffre { - proxy_pass http://127.0.0.2:3004; - include /etc/nginx/proxy_params; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto http; - proxy_set_header X-Forwarded-Prefix /lecoffre; - proxy_read_timeout 300; - } - - # BasePath /lecoffre - location /lecoffre/ { - proxy_pass http://127.0.0.2:3004; - include /etc/nginx/proxy_params; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto http; - proxy_set_header X-Forwarded-Prefix /lecoffre; - proxy_read_timeout 300; - } - - # HMR (si utilisé en local) - location /lecoffre/_next/webpack-hmr { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto http; - proxy_buffering off; - proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr; - proxy_read_timeout 600s; - } - - # Assets Next.js - location ~* ^(/_next/static/|/lecoffre/_next/static/|/.+\.(?:css|js|png|jpg|jpeg|gif|svg|ico|webp|woff2?))$ { - expires 7d; - add_header Cache-Control "public, max-age=604800, immutable" always; - proxy_pass http://127.0.0.2:3004$request_uri; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto http; - proxy_read_timeout 300; - } -} diff --git a/backups/nginx/local.4nkweb.com.conf b/backups/nginx/local.4nkweb.com.conf deleted file mode 100644 index fb6b90b7..00000000 --- a/backups/nginx/local.4nkweb.com.conf +++ /dev/null @@ -1,9 +0,0 @@ -server { - listen 80; - server_name local.4nkweb.com; - - # HTTP only: pas de redirection HTTPS, pas d'HSTS - location / { - return 302 http://local.4nkweb.com:3000$request_uri; - } -} diff --git a/docs/DEPLOYMENT_FIXES_2025-09-24.md b/docs/DEPLOYMENT_FIXES_2025-09-24.md index 9122c5a4..0d2e9d1d 100644 --- a/docs/DEPLOYMENT_FIXES_2025-09-24.md +++ b/docs/DEPLOYMENT_FIXES_2025-09-24.md @@ -77,3 +77,5 @@ - ✅ CORS dev3: OPTIONS 204 + POST state 200 - ✅ ihm_client: `/` → 200 + + diff --git a/docs/HMR_IDNOT_STATE.md b/docs/HMR_IDNOT_STATE.md index 76337bbd..4ae647d1 100644 --- a/docs/HMR_IDNOT_STATE.md +++ b/docs/HMR_IDNOT_STATE.md @@ -39,3 +39,5 @@ Vue d’ensemble - Checks publics: `/lecoffre` = 301 → `/lecoffre/`, `/lecoffre/` = 200. + + diff --git a/docs/PORTS.md b/docs/PORTS.md index 14cf69d8..e3678665 100644 --- a/docs/PORTS.md +++ b/docs/PORTS.md @@ -28,3 +28,5 @@ Notes - Nginx: rediriger `/lecoffre` → `/lecoffre/`, et proxy sur `^~ /lecoffre/` vers `http://localhost:3004` + +