align for IA agents + grafana
This commit is contained in:
parent
a8af14aeb5
commit
548ce26009
@ -1,7 +1,7 @@
|
||||
# DOMAIN
|
||||
DOMAIN=dev4.4nkweb.com
|
||||
BOOTSTRAP_DOMAIN=dev3.4nkweb.com
|
||||
LOCAL_DOMAIN=local.4nkweb.com
|
||||
LOCAL_DOMAIN=lecoffreio.4nkweb.com
|
||||
LECOFFRE_BACK_DOMAIN=dev3.4nkweb.com
|
||||
|
||||
# GIT
|
||||
@ -17,7 +17,7 @@ NODE_OPTIONS=--max-old-space-size=2048
|
||||
|
||||
# Configuration IDNOT
|
||||
IDNOT_ANNUARY_BASE_URL=https://qual-api.notaires.fr/annuaire
|
||||
IDNOT_REDIRECT_URI=http://${LOCAL_DOMAIN}:3000/authorized-client
|
||||
IDNOT_REDIRECT_URI=http://${LOCAL_DOMAIN}/authorized-client
|
||||
IDNOT_TOKEN_URL=https://qual-connexion.idnot.fr/user/IdPOAuth2/token/idnot_idp_v1
|
||||
IDNOT_API_BASE_URL=https://qual-api.notaires.fr
|
||||
|
||||
@ -58,7 +58,7 @@ VITE_BOOTSTRAPURL=wss://${BOOTSTRAP_DOMAIN}/ws/
|
||||
# Cartes de test Stripe
|
||||
SUCCES='4242 4242 4242 4242'
|
||||
DECLINED='4000 0025 0000 3155'
|
||||
CORS_ALLOWED_ORIGINS=http://${LOCAL_DOMAIN}:3000,https://${DOMAIN}
|
||||
CORS_ALLOWED_ORIGINS=https://${DOMAIN}
|
||||
|
||||
core_url=http://bitcoin:38332
|
||||
ws_url=0.0.0.0:8090
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
# DOMAIN
|
||||
DOMAIN=dev4.4nkweb.com
|
||||
BOOTSTRAP_DOMAIN=dev3.4nkweb.com
|
||||
LOCAL_DOMAIN=local.4nkweb.com
|
||||
LOCAL_DOMAIN=lecoffreio.4nkweb.com
|
||||
LECOFFRE_BACK_DOMAIN=dev3.4nkweb.com
|
||||
|
||||
# GIT
|
||||
@ -17,7 +17,7 @@ NODE_OPTIONS=--max-old-space-size=2048
|
||||
|
||||
# Configuration IDNOT
|
||||
IDNOT_ANNUARY_BASE_URL=https://qual-api.notaires.fr/annuaire
|
||||
IDNOT_REDIRECT_URI=http://${LOCAL_DOMAIN}:3000/authorized-client
|
||||
IDNOT_REDIRECT_URI=http://${LOCAL_DOMAIN}/authorized-client
|
||||
IDNOT_TOKEN_URL=https://qual-connexion.idnot.fr/user/IdPOAuth2/token/idnot_idp_v1
|
||||
IDNOT_API_BASE_URL=https://qual-api.notaires.fr
|
||||
|
||||
@ -58,7 +58,7 @@ VITE_BOOTSTRAPURL=wss://${BOOTSTRAP_DOMAIN}/ws/
|
||||
# Cartes de test Stripe
|
||||
SUCCES='4242 4242 4242 4242'
|
||||
DECLINED='4000 0025 0000 3155'
|
||||
CORS_ALLOWED_ORIGINS=http://${LOCAL_DOMAIN}:3000,https://${DOMAIN}
|
||||
CORS_ALLOWED_ORIGINS=https://${DOMAIN}
|
||||
|
||||
core_url=http://bitcoin:38332
|
||||
ws_url=0.0.0.0:8090
|
||||
|
||||
@ -125,7 +125,7 @@ docker run -d \
|
||||
| IHM Client | http://localhost/ | Interface client |
|
||||
| API Backend | http://localhost/api/ | API REST |
|
||||
| WebSocket | ws://localhost/ws/ | Communication temps réel |
|
||||
| **Redirections IdNot** | http://local.4nkweb.com:3000/ | Redirections externes IdNot |
|
||||
| **Redirections IdNot** | http://dev3.4nkweb.com/ | Redirections externes IdNot |
|
||||
| **HTTPS** | https://localhost/ | Accès sécurisé (certificats auto-signés) |
|
||||
|
||||
## 🔧 Gestion
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
server {
|
||||
listen 0.0.0.0:3000;
|
||||
listen [::]:3000;
|
||||
server_name local.4nkweb.com;
|
||||
server_name dev3.4nkweb.com;
|
||||
|
||||
# HTTP pur: pas de HTTPS ni HSTS
|
||||
|
||||
|
||||
@ -346,7 +346,7 @@ http {
|
||||
server {
|
||||
listen 3000 default_server;
|
||||
listen [::]:3000 default_server;
|
||||
server_name local.4nkweb.com;
|
||||
server_name dev3.4nkweb.com;
|
||||
|
||||
# Headers de sécurité
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
|
||||
@ -49,7 +49,7 @@ mkdir -p /home/debian/4NK_env/lecoffre_node/{data,logs,backup}
|
||||
|
||||
log "🚀 Démarrage du conteneur master autonome..."
|
||||
log "ℹ️ Le conteneur utilise son propre Nginx (ports 80, 443, 3000) - indépendant du host"
|
||||
log "ℹ️ Port 3000 pour redirections externes IdNot (local.4nkweb.com:3000)"
|
||||
log "ℹ️ Port 3000 pour redirections externes IdNot (dev3.4nkweb.com)"
|
||||
docker run -d \
|
||||
--name ${CONTAINER_NAME} \
|
||||
--privileged \
|
||||
|
||||
@ -22,7 +22,7 @@ log "Génération du certificat auto-signé..."
|
||||
openssl req -new -x509 -key /app/ssl/nginx-selfsigned.key \
|
||||
-out /app/ssl/nginx-selfsigned.crt \
|
||||
-days 365 \
|
||||
-subj "/C=FR/ST=France/L=Paris/O=LeCoffre/OU=Development/CN=local.4nkweb.com/emailAddress=admin@lecoffre.io"
|
||||
-subj "/C=FR/ST=France/L=Paris/O=LeCoffre/OU=Development/CN=dev3.4nkweb.com/emailAddress=admin@lecoffre.io"
|
||||
|
||||
# Configuration des permissions
|
||||
log "Configuration des permissions..."
|
||||
@ -32,4 +32,4 @@ chmod 644 /app/ssl/nginx-selfsigned.crt
|
||||
log "✅ Certificats SSL générés avec succès"
|
||||
log " Certificat: /app/ssl/nginx-selfsigned.crt"
|
||||
log " Clé privée: /app/ssl/nginx-selfsigned.key"
|
||||
log " Valide pour: local.4nkweb.com"
|
||||
log " Valide pour: dev3.4nkweb.com"
|
||||
|
||||
@ -15,21 +15,13 @@
|
||||
- `/signer/` WebSocket (101), `/blindbit/` (200)
|
||||
|
||||
### CORS
|
||||
- Origines autorisées: `http://local.4nkweb.com:3000`, `https://dev4.4nkweb.com`
|
||||
- Origines autorisées: `http://dev3.4nkweb.com`, `https://dev4.4nkweb.com`
|
||||
- Prévols `OPTIONS` (204) et en-têtes `Access-Control-*`
|
||||
|
||||
### Non-régression
|
||||
- Absence de `localhost:8080` dans les bundles front servis via `/lecoffre/`
|
||||
- Redirections locales `local.4nkweb.com:3000` → `https://dev4.4nkweb.com/lecoffre/`
|
||||
- Redirections locales `dev3.4nkweb.com` → `https://dev4.4nkweb.com/lecoffre/`
|
||||
|
||||
### Observabilité
|
||||
- Journaux Nginx (`error.log`) sans erreurs après reload
|
||||
- Logs `sdk_relay` présents dans `/home/bitcoin/.4nk/logs/sdk_relay.log`
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
@ -59,8 +59,8 @@ Attendu: `HTTP/2 200` et pas de 301/302 en boucle.
|
||||
|
||||
#### Redirections locales
|
||||
|
||||
- `curl -I http://local.4nkweb.com:3000/` → 301 Location `https://dev4.4nkweb.com/lecoffre/`
|
||||
- `curl -I http://local.4nkweb.com:3000/authorized-client?code=ABC` → 301 Location `https://dev4.4nkweb.com/lecoffre/authorized-client?code=ABC`
|
||||
- `curl -I http://dev3.4nkweb.com/` → 301 Location `https://dev4.4nkweb.com/lecoffre/`
|
||||
- `curl -I http://dev3.4nkweb.com/authorized-client?code=ABC` → 301 Location `https://dev4.4nkweb.com/lecoffre/authorized-client?code=ABC`
|
||||
|
||||
#### WebSocket
|
||||
|
||||
|
||||
@ -9,12 +9,12 @@ WebSocket
|
||||
- wss://dev4.4nkweb.com/ws handshake OK → À vérifier (outil ws requis côté serveur)
|
||||
|
||||
Redirections
|
||||
- GET http://local.4nkweb.com:3000/ attend 301 → Location: https://dev4.4nkweb.com/lecoffre/
|
||||
- GET http://local.4nkweb.com:3000/authorized-client?code=... attend 301 → Location: https://dev4.4nkweb.com/lecoffre/authorized-client?code=...
|
||||
- GET http://dev3.4nkweb.com/ attend 301 → Location: https://dev4.4nkweb.com/lecoffre/
|
||||
- GET http://dev3.4nkweb.com/authorized-client?code=... attend 301 → Location: https://dev4.4nkweb.com/lecoffre/authorized-client?code=...
|
||||
|
||||
DNS côté client
|
||||
- local.4nkweb.com doit résoudre vers 92.243.24.12 (pas 127.0.0.1)
|
||||
- Test: nslookup local.4nkweb.com sur machine cliente
|
||||
- dev3.4nkweb.com doit résoudre vers 92.243.24.12 (pas 127.0.0.1)
|
||||
- Test: nslookup dev3.4nkweb.com sur machine cliente
|
||||
Nginx
|
||||
- Certificats valides
|
||||
- Pas derreurs critiques dans error.log
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user