From 30eb0380791e3a8c5635bef8461342008d1f3770 Mon Sep 17 00:00:00 2001
From: Nicolas Cantu <nicolas.cantu@pm.me>
Date: Thu, 25 Sep 2025 08:58:16 +0000
Subject: [PATCH] ci: docker_tag=ext chore: sync ignores, logging and backups

---
 .cursorignore                         |  5 +++-
 .env.master                           |  3 ++-
 .gitignore                            |  4 ++-
 conf/nginx/dev4.4nkweb.com-http.conf  |  4 +--
 conf/nginx/dev4.4nkweb.com-https.conf | 13 ++++++++-
 conf/nginx/dev4.4nkweb.com.conf       |  2 +-
 conf/nginx/logging.conf               | 39 +++++++++++++++++++++++++++
 7 files changed, 63 insertions(+), 7 deletions(-)
 create mode 100644 conf/nginx/logging.conf

diff --git a/.cursorignore b/.cursorignore
index d3018b0..71eaf87 100644
--- a/.cursorignore
+++ b/.cursorignore
@@ -6,6 +6,10 @@
 .env.*
 !*.env.example
 
+.cargo/
+Cargo.lock
+*/.cargo/
+*/Cargo.lock
 # Logs
 log/
 logs/
@@ -48,4 +52,3 @@ volumes/
 conf/nginx/*bak*
 conf/nginx/*.tmp
 conf/nginx/*.clean
-
diff --git a/.env.master b/.env.master
index d42f41a..de0e1c5 100644
--- a/.env.master
+++ b/.env.master
@@ -173,7 +173,8 @@ BACK_API_VERSION=/v1
 
 # Configuration idnot
 IDNOT_ANNUARY_BASE_URL='https://qual-api.notaires.fr/annuaire'
-IDNOT_API_KEY='ba557f84-0bf6-4dbf-844f-df2767555e3e'
+IDNOT_API_KEY=ba557f84-0bf6-4dbf-844f-df2767555e3e
+# 96b8b46a-ff67-4325-b8b4-6aff67e32542
 
 ALLOW_LOCALHOST_REDIRECTS=false
 BACK_HMAC_SECRET=7e0f4a8b7c9d3e2fb6c1a5d4e8f09b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5e6f70
diff --git a/.gitignore b/.gitignore
index e0f50ee..757cc8f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,4 +12,6 @@ conf/nginx/*bak*
 conf/nginx/*.tmp
 conf/nginx/*.clean
 .env.bak
-backups/
\ No newline at end of file
+backups/
+.cargo/
+Cargo.lock.cursor-server
diff --git a/conf/nginx/dev4.4nkweb.com-http.conf b/conf/nginx/dev4.4nkweb.com-http.conf
index 804d8a0..6a7d847 100644
--- a/conf/nginx/dev4.4nkweb.com-http.conf
+++ b/conf/nginx/dev4.4nkweb.com-http.conf
@@ -1,7 +1,7 @@
 # HTTP server for ACME and redirect to HTTPS
 server {
-    listen 80;
-    server_name dev4.4nkweb.com;
+    listen 80 default_server;
+    server_name _;
 
     # ACME HTTP-01 challenges
     location /.well-known/acme-challenge/ {
diff --git a/conf/nginx/dev4.4nkweb.com-https.conf b/conf/nginx/dev4.4nkweb.com-https.conf
index bb0df7b..9736740 100644
--- a/conf/nginx/dev4.4nkweb.com-https.conf
+++ b/conf/nginx/dev4.4nkweb.com-https.conf
@@ -1,8 +1,11 @@
 # Configuration HTTPS pour dev4.4nkweb.com
 server {
-    listen 443 ssl http2;
+    listen 443 ssl;
+    http2 on;
     server_name dev4.4nkweb.com;
 
+    include /home/debian/4NK_env/lecoffre_node/conf/nginx/logging.conf;
+
     # Certificats SSL
     ssl_certificate     /etc/letsencrypt/live/dev4.4nkweb.com/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/dev4.4nkweb.com/privkey.pem;
@@ -150,6 +153,10 @@ server {
         add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
         add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
 
+        proxy_set_header X-Request-ID $x_request_id;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Host $host;
         proxy_pass http://dev3.4nkweb.com:8080/api/;
         include /etc/nginx/proxy_params;
         proxy_read_timeout 300;
@@ -212,6 +219,10 @@ server {
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
+        proxy_set_header X-Request-ID $x_request_id;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Host $host;
         proxy_read_timeout 300;
         proxy_send_timeout 300;
         proxy_connect_timeout 300;
diff --git a/conf/nginx/dev4.4nkweb.com.conf b/conf/nginx/dev4.4nkweb.com.conf
index ff896da..e26ac3d 100644
--- a/conf/nginx/dev4.4nkweb.com.conf
+++ b/conf/nginx/dev4.4nkweb.com.conf
@@ -1,7 +1,7 @@
 # HTTP server for ACME and redirect to HTTPS
 server {
     listen 80;
-    server_name dev4.4nkweb.com;
+    server_name dev4.4nkweb.com http://dev4.4nkweb.com;
 
     # ACME HTTP-01 challenges
     location /.well-known/acme-challenge/ {
diff --git a/conf/nginx/logging.conf b/conf/nginx/logging.conf
new file mode 100644
index 0000000..a993765
--- /dev/null
+++ b/conf/nginx/logging.conf
@@ -0,0 +1,39 @@
+# Logging configuration for lecoffre front
+
+log_format lecoffre_json escape=json
+  '{'
+    '"time":"$time_iso8601",'
+    '"request_id":"$request_id",'
+    '"remote_addr":"$remote_addr",'
+    '"host":"$host",'
+    '"method":"$request_method",'
+    '"uri":"$uri",'
+    '"args":"$args",'
+    '"status":$status,'
+    '"bytes":$body_bytes_sent,'
+    '"referer":"$http_referer",'
+    '"user_agent":"$http_user_agent",'
+    '"request_time":$request_time,'
+    '"upstream_addr":"$upstream_addr",'
+    '"upstream_status":"$upstream_status",'
+    '"upstream_connect_time":"$upstream_connect_time",'
+    '"upstream_header_time":"$upstream_header_time",'
+    '"upstream_response_time":"$upstream_response_time",'
+    '"x_forwarded_for":"$http_x_forwarded_for"'
+  '}';
+
+# Default access and error logs for the front site
+access_log /var/log/nginx/lecoffre_front_access.log lecoffre_json;
+error_log  /var/log/nginx/lecoffre_front_error.log warn;
+
+# Map incoming X-Request-ID or generate one
+map $http_x_request_id $x_request_id {
+  default $http_x_request_id;
+  ""      $request_id;
+}
+
+# These headers should be set in each proxy location of the vhost
+# proxy_set_header X-Request-ID $x_request_id;
+# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+# proxy_set_header X-Forwarded-Proto $scheme;
+# proxy_set_header X-Forwarded-Host $host;