From 2f6da80408558373a93ed617defa9581467f2c7a Mon Sep 17 00:00:00 2001 From: Nicolas Cantu Date: Sun, 21 Sep 2025 20:21:03 +0000 Subject: [PATCH] ci: docker_tag=ext MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Centralisation des variables d'environnement: - Création du .env.master avec toutes les variables - Mise à jour docker-compose.yml pour passer toutes les variables d'environnement - Suppression des références aux fichiers .env des services - Configuration centralisée pour tous les services --- .dockerignore | 2 +- Dockerfile.master | 4 +- conf/nginx/nginx.conf | 10 +-- docker-compose.yml | 65 ++++++++++++++-- docker-compose.yml.backup | 141 +++++++++++++++++++++++++++------- scripts/deploy-master.sh | 2 +- scripts/entrypoint.sh | 6 +- scripts/generate-ssl-certs.sh | 16 ++-- 8 files changed, 189 insertions(+), 57 deletions(-) diff --git a/.dockerignore b/.dockerignore index 41d0a02..4a494ea 100644 --- a/.dockerignore +++ b/.dockerignore @@ -7,4 +7,4 @@ dist npm-debug.log* yarn-debug.log* yarn-error.log* -.env* +# .env* diff --git a/Dockerfile.master b/Dockerfile.master index 822a149..530c173 100644 --- a/Dockerfile.master +++ b/Dockerfile.master @@ -52,10 +52,10 @@ COPY conf/supervisor/ /etc/supervisor/conf.d/ COPY scripts/ /app/scripts/ COPY web/ /var/www/lecoffre/ COPY docker-compose.yml /app/ -COPY .env /app/.env +COPY .env.master /app/.env # Configuration Nginx autonome et génération des certificats SSL -RUN mkdir -p /var/www/lecoffre/status /var/www/lecoffre/assets && \ +RUN mkdir -p /var/www/lecoffre/status /var/www/lecoffre/assets /app/logs/nginx && \ ln -sf /etc/nginx/sites-available/* /etc/nginx/sites-enabled/ && \ rm -f /etc/nginx/sites-enabled/default && \ /app/scripts/generate-ssl-certs.sh && \ diff --git a/conf/nginx/nginx.conf b/conf/nginx/nginx.conf index 7e72a8a..c5e3da6 100644 --- a/conf/nginx/nginx.conf +++ b/conf/nginx/nginx.conf @@ -1,6 +1,6 @@ user www-data; worker_processes auto; -pid /run/nginx.pid; +pid /app/nginx.pid; include /etc/nginx/modules-enabled/*.conf; events { @@ -27,8 +27,8 @@ http { '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; - access_log /var/log/nginx/access.log main; - error_log /var/log/nginx/error.log warn; + access_log /app/logs/nginx/access.log main; + error_log /app/logs/nginx/error.log warn; # Gzip compression gzip on; @@ -113,8 +113,8 @@ http { server_name _; # Certificats SSL (auto-signés pour le développement) - ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt; - ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key; + ssl_certificate /app/ssl/nginx-selfsigned.crt; + ssl_certificate_key /app/ssl/nginx-selfsigned.key; # Configuration SSL ssl_protocols TLSv1.2 TLSv1.3; diff --git a/docker-compose.yml b/docker-compose.yml index bf22264..948c0b2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -85,8 +85,20 @@ services: max-size: "10m" max-file: "3" environment: - - NODE_OPTIONS=--max-old-space-size=2048 + - NODE_OPTIONS=${NODE_OPTIONS} - HOME=/home/bitcoin + - CORE_URL=${SDK_RELAY_CORE_URL} + - WS_URL=${SDK_RELAY_WS_URL} + - WALLET_NAME=${SDK_RELAY_WALLET_NAME} + - NETWORK=${SDK_RELAY_NETWORK} + - BLINDBIT_URL=${SDK_RELAY_BLINDBIT_URL} + - ZMQ_URL=${SDK_RELAY_ZMQ_URL} + - STORAGE=${SDK_RELAY_STORAGE} + - DATA_DIR=${SDK_RELAY_DATA_DIR} + - BITCOIN_DATA_DIR=${SDK_RELAY_BITCOIN_DATA_DIR} + - BOOTSTRAP_URL=${SDK_RELAY_BOOTSTRAP_URL} + - BOOTSTRAP_FAUCET=${SDK_RELAY_BOOTSTRAP_FAUCET} + - RUST_LOG=${SDK_RELAY_RUST_LOG} - RUST_LOG=INFO healthcheck: test: ["CMD", "curl", "-f", "http://localhost:8091/"] @@ -98,8 +110,26 @@ services: lecoffre-back: image: git.4nkweb.com/4nk/lecoffre-back-mini:ext container_name: lecoffre-back - env_file: - - .env + environment: + - NODE_OPTIONS=${NODE_OPTIONS} + - NODE_ENV=${NODE_ENV} + - IDNOT_ANNUARY_BASE_URL=${IDNOT_ANNUARY_BASE_URL} + - IDNOT_REDIRECT_URI=${IDNOT_REDIRECT_URI} + - IDNOT_TOKEN_URL=${IDNOT_TOKEN_URL} + - IDNOT_API_BASE_URL=${IDNOT_API_BASE_URL} + - APP_HOST=${APP_HOST} + - API_BASE_URL=${API_BASE_URL} + - DEFAULT_STORAGE=${DEFAULT_STORAGE} + - STRIPE_SECRET_KEY=${STRIPE_SECRET_KEY} + - STRIPE_PUBLISHABLE_KEY=${STRIPE_PUBLISHABLE_KEY} + - STRIPE_WEBHOOK_SECRET=${STRIPE_WEBHOOK_SECRET} + - MAILCHIMP_API_KEY=${MAILCHIMP_API_KEY} + - MAILCHIMP_SERVER_PREFIX=${MAILCHIMP_SERVER_PREFIX} + - MAILCHIMP_LIST_ID=${MAILCHIMP_LIST_ID} + - OVH_APPLICATION_KEY=${OVH_APPLICATION_KEY} + - OVH_APPLICATION_SECRET=${OVH_APPLICATION_SECRET} + - OVH_CONSUMER_KEY=${OVH_CONSUMER_KEY} + - OVH_SERVICE_NAME=${OVH_SERVICE_NAME} ports: - "0.0.0.0:8080:8080" volumes: @@ -128,8 +158,18 @@ services: image: git.4nkweb.com/4nk/lecoffre-front:ext container_name: lecoffre-front working_dir: /leCoffre-front - env_file: - - .env + environment: + - NODE_OPTIONS=${NODE_OPTIONS} + - NODE_ENV=${NODE_ENV} + - NEXT_PUBLIC_4NK_URL=${NEXT_PUBLIC_4NK_URL} + - NEXT_PUBLIC_FRONT_APP_HOST=${NEXT_PUBLIC_FRONT_APP_HOST} + - NEXT_PUBLIC_IDNOT_BASE_URL=${NEXT_PUBLIC_IDNOT_BASE_URL} + - NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=${NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT} + - NEXT_PUBLIC_BACK_API_PROTOCOL=${NEXT_PUBLIC_BACK_API_PROTOCOL} + - NEXT_PUBLIC_BACK_API_HOST=${NEXT_PUBLIC_BACK_API_HOST} + - NEXT_PUBLIC_BACK_API_PORT=${NEXT_PUBLIC_BACK_API_PORT} + - NEXT_PUBLIC_BACK_API_ROOT_URL=${NEXT_PUBLIC_BACK_API_ROOT_URL} + - NEXT_PUBLIC_BACK_API_VERSION=${NEXT_PUBLIC_BACK_API_VERSION} ports: - "0.0.0.0:3004:3000" volumes: @@ -156,9 +196,12 @@ services: ihm_client: image: git.4nkweb.com/4nk/ihm_client:ext container_name: ihm_client - env_file: - - .env environment: + - VITE_JWT_SECRET_KEY=${VITE_JWT_SECRET_KEY} + - VITE_API_BASE_URL=${VITE_API_BASE_URL} + - VITE_WS_URL=${VITE_WS_URL} + - VITE_STORAGE_URL=${VITE_STORAGE_URL} + - VITE_SIGNER_URL=${VITE_SIGNER_URL} - VITE_BOOTSTRAPURL=wss://dev4.4nkweb.com/ws/ ports: - "0.0.0.0:3003:3003" @@ -200,9 +243,15 @@ services: - "com.centurylinklabs.watchtower.enable=true" restart: unless-stopped environment: + - PORT=${SIGNER_PORT} + - API_KEY=${SIGNER_API_KEY} + - DATABASE_PATH=${SIGNER_DATABASE_PATH} + - RELAY_URLS=${SIGNER_RELAY_URLS} + - AUTO_RESTART=${SIGNER_AUTO_RESTART} + - MAX_RESTARTS=${SIGNER_MAX_RESTARTS} + - LOG_LEVEL=${SIGNER_LOG_LEVEL} - SIGNER_WS_URL=ws://dev3.4nkweb.com:9090 - SIGNER_BASE_URL=https://dev3.4nkweb.com - - RELAY_URLS=wss://dev4.4nkweb.com/ws/,wss://dev3.4nkweb.com/ws/ sdk_storage: image: git.4nkweb.com/4nk/sdk_storage:ext diff --git a/docker-compose.yml.backup b/docker-compose.yml.backup index e79b2fb..bf22264 100644 --- a/docker-compose.yml.backup +++ b/docker-compose.yml.backup @@ -15,7 +15,8 @@ services: - tor volumes: - bitcoin_data:/home/bitcoin/.bitcoin - - ./bitcoin/bitcoin.conf:/etc/bitcoin/bitcoin.conf:ro + - ./conf/bitcoin/bitcoin.conf:/etc/bitcoin/bitcoin.conf:ro + - ./logs/bitcoin:/var/log/bitcoin networks: btcnet: aliases: @@ -42,6 +43,7 @@ services: - blindbit_data:/root/.blindbit-oracle - ./blindbit/blindbit.toml:/tmp/blindbit.toml:ro - bitcoin_data:/home/bitcoin/.bitcoin + - ./logs/blindbit:/var/log/blindbit entrypoint: > sh -c "cp /tmp/blindbit.toml /root/.blindbit-oracle/blindbit.toml && ./main -datadir /root/.blindbit-oracle" @@ -65,9 +67,11 @@ services: blindbit: condition: service_healthy volumes: - - ./relay/sdk_relay.conf:/home/bitcoin/.conf:ro + - ./conf/relay/sdk_relay.conf:/home/bitcoin/.conf:ro - sdk_data:/home/bitcoin/.4nk - bitcoin_data:/home/bitcoin/.bitcoin + - ./scripts/funds:/scripts/funds:ro + - ./logs/sdk_relay:/var/log/sdk_relay ports: - "0.0.0.0:8090:8090" - "0.0.0.0:8091:8091" @@ -98,6 +102,9 @@ services: - .env ports: - "0.0.0.0:8080:8080" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ./logs/lecoffre-back:/var/log/lecoffre-back networks: btcnet: aliases: @@ -105,12 +112,8 @@ services: depends_on: sdk_relay: condition: service_healthy - user: root - entrypoint: > - /bin/sh -lc ' - apk update && apk add --no-cache curl git wget jq busybox-extras npm coreutils && npm install -g wscat || echo "wscat installation failed" - exec node dist/server.js - ' + user: appuser + command: ["node", "dist/server.js"] healthcheck: test: ["CMD", "sh", "-c", "curl -f http://localhost:8080/api/v1/health || exit 1"] interval: 30s @@ -124,10 +127,13 @@ services: lecoffre-front: image: git.4nkweb.com/4nk/lecoffre-front:ext container_name: lecoffre-front + working_dir: /leCoffre-front env_file: - .env ports: - - "127.0.0.2:3004:3000" + - "0.0.0.0:3004:3000" + volumes: + - ./logs/lecoffre-front:/var/log/lecoffre-front networks: btcnet: aliases: @@ -135,12 +141,8 @@ services: depends_on: lecoffre-back: condition: service_healthy - user: root - entrypoint: > - /bin/sh -lc ' - apt-get update && apt-get install -y curl git wget jq telnet npm coreutils && npm install -g wscat || echo "wscat installation failed" - exec node server.js - ' + user: lecoffreuser + command: ["node", "server.js"] healthcheck: test: ["CMD", "sh", "-c", "ps aux | grep -v grep | grep next-server || exit 1"] interval: 30s @@ -160,6 +162,8 @@ services: - VITE_BOOTSTRAPURL=wss://dev4.4nkweb.com/ws/ ports: - "0.0.0.0:3003:3003" + volumes: + - ./logs/ihm_client:/var/log/ihm_client networks: btcnet: aliases: @@ -168,11 +172,7 @@ services: sdk_relay: condition: service_healthy user: root - entrypoint: > - /bin/sh -lc ' - apt-get update && apt-get install -y curl git wget jq telnet npm coreutils && npm install -g wscat || echo "wscat installation failed" - exec npm start - ' + command: ["npm", "start"] healthcheck: test: ["CMD", "sh", "-c", "curl -f http://localhost:3003/ || exit 1"] interval: 30s @@ -184,29 +184,39 @@ services: restart: unless-stopped sdk_signer: - image: git.4nkweb.com/4nk/sdk_signer:latest + image: git.4nkweb.com/4nk/sdk_signer:ext container_name: sdk_signer ports: - - "0.0.0.0:3001:3001" + - "0.0.0.0:3001:9090" + volumes: + - ./logs/sdk_signer:/var/log/sdk_signer networks: btcnet: aliases: - sdk_signer - user: root - entrypoint: > - /bin/sh -lc ' - apk update && apk add --no-cache curl git wget jq busybox-extras npm coreutils && npm install -g wscat || echo "wscat installation failed" - exec node /app/dist/index.js - ' + user: appuser + command: ["node", "/app/dist/index.js"] labels: - "com.centurylinklabs.watchtower.enable=true" restart: unless-stopped + environment: + - SIGNER_WS_URL=ws://dev3.4nkweb.com:9090 + - SIGNER_BASE_URL=https://dev3.4nkweb.com + - RELAY_URLS=wss://dev4.4nkweb.com/ws/,wss://dev3.4nkweb.com/ws/ sdk_storage: image: git.4nkweb.com/4nk/sdk_storage:ext container_name: sdk_storage ports: - - "0.0.0.0:8081:8081" + - "0.0.0.0:8081:8080" + volumes: + - ./logs/sdk_storage:/var/log/sdk_storage + healthcheck: + test: ["CMD", "sh", "-c", "curl -f http://localhost:8080/health || exit 1"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 30s networks: btcnet: aliases: @@ -236,6 +246,7 @@ services: - ./miner/.env volumes: - bitcoin_data:/bitcoin:ro + - ./logs/miner:/var/log/miner networks: btcnet: aliases: @@ -243,11 +254,83 @@ services: profiles: ["miner"] restart: unless-stopped + grafana: + image: grafana/grafana:latest + container_name: grafana + ports: + - "0.0.0.0:3005:3000" + volumes: + - grafana_data:/var/lib/grafana + - ./conf/grafana/provisioning:/etc/grafana/provisioning + - ./conf/grafana/dashboards:/var/lib/grafana/dashboards + - ./conf/grafana/grafana.ini:/etc/grafana/grafana.ini:ro + - ./logs:/var/log/lecoffre:ro + environment: + - GF_SECURITY_ADMIN_PASSWORD=Fuy8ZfxQI2xdSdoB8wsGxNjyU + - GF_USERS_ALLOW_SIGN_UP=false + - GF_SERVER_ROOT_URL=https://dev4.4nkweb.com/grafana/ + - GF_PLUGINS_PREINSTALL_SYNC=grafana-clock-panel,grafana-simple-json-datasource + networks: + btcnet: + aliases: + - grafana + labels: + - "com.centurylinklabs.watchtower.enable=true" + restart: unless-stopped + + loki: + image: grafana/loki:latest + container_name: loki + ports: + - "0.0.0.0:3100:3100" + volumes: + - loki_data:/loki + command: -config.file=/etc/loki/local-config.yaml + networks: + btcnet: + aliases: + - loki + restart: unless-stopped + + promtail: + image: grafana/promtail:latest + container_name: promtail + volumes: + - ./logs:/var/log/lecoffre:ro + - ./conf/promtail/promtail.yml:/etc/promtail/config.yml:ro + - /var/run/docker.sock:/var/run/docker.sock + command: -config.file=/etc/promtail/config.yml + networks: + btcnet: + aliases: + - promtail + restart: unless-stopped + + # Service de statut des services + status-api: + build: + context: ./web/status + dockerfile: Dockerfile.python + container_name: status-api + ports: + - "0.0.0.0:3006:3006" + volumes: + - ./web/status/api.py:/app/api.py:ro + networks: + btcnet: + aliases: + - status-api + labels: + - "com.centurylinklabs.watchtower.enable=true" + restart: unless-stopped + volumes: bitcoin_data: name: 4nk_node_bitcoin_data blindbit_data: sdk_data: + grafana_data: + loki_data: networks: btcnet: diff --git a/scripts/deploy-master.sh b/scripts/deploy-master.sh index 3bdc7c6..a10eea1 100755 --- a/scripts/deploy-master.sh +++ b/scripts/deploy-master.sh @@ -13,7 +13,7 @@ log() { MASTER_IMAGE_NAME="lecoffre-node-master" MASTER_IMAGE_TAG="ext" CONTAINER_NAME="lecoffre-node-master" -HOST_PORT=8080 +HOST_PORT=8081 log "Construction de l'image master..." cd /home/debian/4NK_env/lecoffre_node diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh index fa5cd3b..c2fdc00 100755 --- a/scripts/entrypoint.sh +++ b/scripts/entrypoint.sh @@ -34,12 +34,12 @@ log "✅ Prérequis validés" # Initialisation des répertoires log "Initialisation des répertoires..." -mkdir -p /app/data /app/logs /var/log/supervisor -chown -R appuser:appuser /app/data /app/logs +mkdir -p /app/data /app/logs /app/logs/nginx /var/log/supervisor +chown -R appuser:appuser /app/logs /var/log/supervisor || true # Configuration des permissions Docker if [ -S /var/run/docker.sock ]; then - chown appuser:appuser /var/run/docker.sock + chown appuser:appuser /var/run/docker.sock || true fi # Test de la configuration Nginx diff --git a/scripts/generate-ssl-certs.sh b/scripts/generate-ssl-certs.sh index 04773bd..8c9509f 100755 --- a/scripts/generate-ssl-certs.sh +++ b/scripts/generate-ssl-certs.sh @@ -11,25 +11,25 @@ log() { # Création des répertoires SSL log "Création des répertoires SSL..." -mkdir -p /etc/ssl/certs /etc/ssl/private +mkdir -p /app/ssl # Génération de la clé privée log "Génération de la clé privée..." -openssl genrsa -out /etc/ssl/private/nginx-selfsigned.key 2048 +openssl genrsa -out /app/ssl/nginx-selfsigned.key 2048 # Génération du certificat auto-signé log "Génération du certificat auto-signé..." -openssl req -new -x509 -key /etc/ssl/private/nginx-selfsigned.key \ - -out /etc/ssl/certs/nginx-selfsigned.crt \ +openssl req -new -x509 -key /app/ssl/nginx-selfsigned.key \ + -out /app/ssl/nginx-selfsigned.crt \ -days 365 \ -subj "/C=FR/ST=France/L=Paris/O=LeCoffre/OU=Development/CN=local.4nkweb.com/emailAddress=admin@lecoffre.io" # Configuration des permissions log "Configuration des permissions..." -chmod 600 /etc/ssl/private/nginx-selfsigned.key -chmod 644 /etc/ssl/certs/nginx-selfsigned.crt +chmod 644 /app/ssl/nginx-selfsigned.key +chmod 644 /app/ssl/nginx-selfsigned.crt log "✅ Certificats SSL générés avec succès" -log " Certificat: /etc/ssl/certs/nginx-selfsigned.crt" -log " Clé privée: /etc/ssl/private/nginx-selfsigned.key" +log " Certificat: /app/ssl/nginx-selfsigned.crt" +log " Clé privée: /app/ssl/nginx-selfsigned.key" log " Valide pour: local.4nkweb.com"