align for IA agents + grafana
This commit is contained in:
parent
a8af14aeb5
commit
548ce26009
@ -1,7 +1,7 @@
|
|||||||
# DOMAIN
|
# DOMAIN
|
||||||
DOMAIN=dev4.4nkweb.com
|
DOMAIN=dev4.4nkweb.com
|
||||||
BOOTSTRAP_DOMAIN=dev3.4nkweb.com
|
BOOTSTRAP_DOMAIN=dev3.4nkweb.com
|
||||||
LOCAL_DOMAIN=local.4nkweb.com
|
LOCAL_DOMAIN=lecoffreio.4nkweb.com
|
||||||
LECOFFRE_BACK_DOMAIN=dev3.4nkweb.com
|
LECOFFRE_BACK_DOMAIN=dev3.4nkweb.com
|
||||||
|
|
||||||
# GIT
|
# GIT
|
||||||
@ -17,7 +17,7 @@ NODE_OPTIONS=--max-old-space-size=2048
|
|||||||
|
|
||||||
# Configuration IDNOT
|
# Configuration IDNOT
|
||||||
IDNOT_ANNUARY_BASE_URL=https://qual-api.notaires.fr/annuaire
|
IDNOT_ANNUARY_BASE_URL=https://qual-api.notaires.fr/annuaire
|
||||||
IDNOT_REDIRECT_URI=http://${LOCAL_DOMAIN}:3000/authorized-client
|
IDNOT_REDIRECT_URI=http://${LOCAL_DOMAIN}/authorized-client
|
||||||
IDNOT_TOKEN_URL=https://qual-connexion.idnot.fr/user/IdPOAuth2/token/idnot_idp_v1
|
IDNOT_TOKEN_URL=https://qual-connexion.idnot.fr/user/IdPOAuth2/token/idnot_idp_v1
|
||||||
IDNOT_API_BASE_URL=https://qual-api.notaires.fr
|
IDNOT_API_BASE_URL=https://qual-api.notaires.fr
|
||||||
|
|
||||||
@ -58,7 +58,7 @@ VITE_BOOTSTRAPURL=wss://${BOOTSTRAP_DOMAIN}/ws/
|
|||||||
# Cartes de test Stripe
|
# Cartes de test Stripe
|
||||||
SUCCES='4242 4242 4242 4242'
|
SUCCES='4242 4242 4242 4242'
|
||||||
DECLINED='4000 0025 0000 3155'
|
DECLINED='4000 0025 0000 3155'
|
||||||
CORS_ALLOWED_ORIGINS=http://${LOCAL_DOMAIN}:3000,https://${DOMAIN}
|
CORS_ALLOWED_ORIGINS=https://${DOMAIN}
|
||||||
|
|
||||||
core_url=http://bitcoin:38332
|
core_url=http://bitcoin:38332
|
||||||
ws_url=0.0.0.0:8090
|
ws_url=0.0.0.0:8090
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
# DOMAIN
|
# DOMAIN
|
||||||
DOMAIN=dev4.4nkweb.com
|
DOMAIN=dev4.4nkweb.com
|
||||||
BOOTSTRAP_DOMAIN=dev3.4nkweb.com
|
BOOTSTRAP_DOMAIN=dev3.4nkweb.com
|
||||||
LOCAL_DOMAIN=local.4nkweb.com
|
LOCAL_DOMAIN=lecoffreio.4nkweb.com
|
||||||
LECOFFRE_BACK_DOMAIN=dev3.4nkweb.com
|
LECOFFRE_BACK_DOMAIN=dev3.4nkweb.com
|
||||||
|
|
||||||
# GIT
|
# GIT
|
||||||
@ -17,7 +17,7 @@ NODE_OPTIONS=--max-old-space-size=2048
|
|||||||
|
|
||||||
# Configuration IDNOT
|
# Configuration IDNOT
|
||||||
IDNOT_ANNUARY_BASE_URL=https://qual-api.notaires.fr/annuaire
|
IDNOT_ANNUARY_BASE_URL=https://qual-api.notaires.fr/annuaire
|
||||||
IDNOT_REDIRECT_URI=http://${LOCAL_DOMAIN}:3000/authorized-client
|
IDNOT_REDIRECT_URI=http://${LOCAL_DOMAIN}/authorized-client
|
||||||
IDNOT_TOKEN_URL=https://qual-connexion.idnot.fr/user/IdPOAuth2/token/idnot_idp_v1
|
IDNOT_TOKEN_URL=https://qual-connexion.idnot.fr/user/IdPOAuth2/token/idnot_idp_v1
|
||||||
IDNOT_API_BASE_URL=https://qual-api.notaires.fr
|
IDNOT_API_BASE_URL=https://qual-api.notaires.fr
|
||||||
|
|
||||||
@ -58,7 +58,7 @@ VITE_BOOTSTRAPURL=wss://${BOOTSTRAP_DOMAIN}/ws/
|
|||||||
# Cartes de test Stripe
|
# Cartes de test Stripe
|
||||||
SUCCES='4242 4242 4242 4242'
|
SUCCES='4242 4242 4242 4242'
|
||||||
DECLINED='4000 0025 0000 3155'
|
DECLINED='4000 0025 0000 3155'
|
||||||
CORS_ALLOWED_ORIGINS=http://${LOCAL_DOMAIN}:3000,https://${DOMAIN}
|
CORS_ALLOWED_ORIGINS=https://${DOMAIN}
|
||||||
|
|
||||||
core_url=http://bitcoin:38332
|
core_url=http://bitcoin:38332
|
||||||
ws_url=0.0.0.0:8090
|
ws_url=0.0.0.0:8090
|
||||||
|
|||||||
@ -125,7 +125,7 @@ docker run -d \
|
|||||||
| IHM Client | http://localhost/ | Interface client |
|
| IHM Client | http://localhost/ | Interface client |
|
||||||
| API Backend | http://localhost/api/ | API REST |
|
| API Backend | http://localhost/api/ | API REST |
|
||||||
| WebSocket | ws://localhost/ws/ | Communication temps réel |
|
| WebSocket | ws://localhost/ws/ | Communication temps réel |
|
||||||
| **Redirections IdNot** | http://local.4nkweb.com:3000/ | Redirections externes IdNot |
|
| **Redirections IdNot** | http://dev3.4nkweb.com/ | Redirections externes IdNot |
|
||||||
| **HTTPS** | https://localhost/ | Accès sécurisé (certificats auto-signés) |
|
| **HTTPS** | https://localhost/ | Accès sécurisé (certificats auto-signés) |
|
||||||
|
|
||||||
## 🔧 Gestion
|
## 🔧 Gestion
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
server {
|
server {
|
||||||
listen 0.0.0.0:3000;
|
listen 0.0.0.0:3000;
|
||||||
listen [::]:3000;
|
listen [::]:3000;
|
||||||
server_name local.4nkweb.com;
|
server_name dev3.4nkweb.com;
|
||||||
|
|
||||||
# HTTP pur: pas de HTTPS ni HSTS
|
# HTTP pur: pas de HTTPS ni HSTS
|
||||||
|
|
||||||
|
|||||||
@ -346,7 +346,7 @@ http {
|
|||||||
server {
|
server {
|
||||||
listen 3000 default_server;
|
listen 3000 default_server;
|
||||||
listen [::]:3000 default_server;
|
listen [::]:3000 default_server;
|
||||||
server_name local.4nkweb.com;
|
server_name dev3.4nkweb.com;
|
||||||
|
|
||||||
# Headers de sécurité
|
# Headers de sécurité
|
||||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||||
|
|||||||
@ -49,7 +49,7 @@ mkdir -p /home/debian/4NK_env/lecoffre_node/{data,logs,backup}
|
|||||||
|
|
||||||
log "🚀 Démarrage du conteneur master autonome..."
|
log "🚀 Démarrage du conteneur master autonome..."
|
||||||
log "ℹ️ Le conteneur utilise son propre Nginx (ports 80, 443, 3000) - indépendant du host"
|
log "ℹ️ Le conteneur utilise son propre Nginx (ports 80, 443, 3000) - indépendant du host"
|
||||||
log "ℹ️ Port 3000 pour redirections externes IdNot (local.4nkweb.com:3000)"
|
log "ℹ️ Port 3000 pour redirections externes IdNot (dev3.4nkweb.com)"
|
||||||
docker run -d \
|
docker run -d \
|
||||||
--name ${CONTAINER_NAME} \
|
--name ${CONTAINER_NAME} \
|
||||||
--privileged \
|
--privileged \
|
||||||
|
|||||||
@ -22,7 +22,7 @@ log "Génération du certificat auto-signé..."
|
|||||||
openssl req -new -x509 -key /app/ssl/nginx-selfsigned.key \
|
openssl req -new -x509 -key /app/ssl/nginx-selfsigned.key \
|
||||||
-out /app/ssl/nginx-selfsigned.crt \
|
-out /app/ssl/nginx-selfsigned.crt \
|
||||||
-days 365 \
|
-days 365 \
|
||||||
-subj "/C=FR/ST=France/L=Paris/O=LeCoffre/OU=Development/CN=local.4nkweb.com/emailAddress=admin@lecoffre.io"
|
-subj "/C=FR/ST=France/L=Paris/O=LeCoffre/OU=Development/CN=dev3.4nkweb.com/emailAddress=admin@lecoffre.io"
|
||||||
|
|
||||||
# Configuration des permissions
|
# Configuration des permissions
|
||||||
log "Configuration des permissions..."
|
log "Configuration des permissions..."
|
||||||
@ -32,4 +32,4 @@ chmod 644 /app/ssl/nginx-selfsigned.crt
|
|||||||
log "✅ Certificats SSL générés avec succès"
|
log "✅ Certificats SSL générés avec succès"
|
||||||
log " Certificat: /app/ssl/nginx-selfsigned.crt"
|
log " Certificat: /app/ssl/nginx-selfsigned.crt"
|
||||||
log " Clé privée: /app/ssl/nginx-selfsigned.key"
|
log " Clé privée: /app/ssl/nginx-selfsigned.key"
|
||||||
log " Valide pour: local.4nkweb.com"
|
log " Valide pour: dev3.4nkweb.com"
|
||||||
|
|||||||
@ -15,21 +15,13 @@
|
|||||||
- `/signer/` WebSocket (101), `/blindbit/` (200)
|
- `/signer/` WebSocket (101), `/blindbit/` (200)
|
||||||
|
|
||||||
### CORS
|
### CORS
|
||||||
- Origines autorisées: `http://local.4nkweb.com:3000`, `https://dev4.4nkweb.com`
|
- Origines autorisées: `http://dev3.4nkweb.com`, `https://dev4.4nkweb.com`
|
||||||
- Prévols `OPTIONS` (204) et en-têtes `Access-Control-*`
|
- Prévols `OPTIONS` (204) et en-têtes `Access-Control-*`
|
||||||
|
|
||||||
### Non-régression
|
### Non-régression
|
||||||
- Absence de `localhost:8080` dans les bundles front servis via `/lecoffre/`
|
- Absence de `localhost:8080` dans les bundles front servis via `/lecoffre/`
|
||||||
- Redirections locales `local.4nkweb.com:3000` → `https://dev4.4nkweb.com/lecoffre/`
|
- Redirections locales `dev3.4nkweb.com` → `https://dev4.4nkweb.com/lecoffre/`
|
||||||
|
|
||||||
### Observabilité
|
### Observabilité
|
||||||
- Journaux Nginx (`error.log`) sans erreurs après reload
|
- Journaux Nginx (`error.log`) sans erreurs après reload
|
||||||
- Logs `sdk_relay` présents dans `/home/bitcoin/.4nk/logs/sdk_relay.log`
|
- Logs `sdk_relay` présents dans `/home/bitcoin/.4nk/logs/sdk_relay.log`
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -59,8 +59,8 @@ Attendu: `HTTP/2 200` et pas de 301/302 en boucle.
|
|||||||
|
|
||||||
#### Redirections locales
|
#### Redirections locales
|
||||||
|
|
||||||
- `curl -I http://local.4nkweb.com:3000/` → 301 Location `https://dev4.4nkweb.com/lecoffre/`
|
- `curl -I http://dev3.4nkweb.com/` → 301 Location `https://dev4.4nkweb.com/lecoffre/`
|
||||||
- `curl -I http://local.4nkweb.com:3000/authorized-client?code=ABC` → 301 Location `https://dev4.4nkweb.com/lecoffre/authorized-client?code=ABC`
|
- `curl -I http://dev3.4nkweb.com/authorized-client?code=ABC` → 301 Location `https://dev4.4nkweb.com/lecoffre/authorized-client?code=ABC`
|
||||||
|
|
||||||
#### WebSocket
|
#### WebSocket
|
||||||
|
|
||||||
|
|||||||
@ -9,12 +9,12 @@ WebSocket
|
|||||||
- wss://dev4.4nkweb.com/ws handshake OK → À vérifier (outil ws requis côté serveur)
|
- wss://dev4.4nkweb.com/ws handshake OK → À vérifier (outil ws requis côté serveur)
|
||||||
|
|
||||||
Redirections
|
Redirections
|
||||||
- GET http://local.4nkweb.com:3000/ attend 301 → Location: https://dev4.4nkweb.com/lecoffre/
|
- GET http://dev3.4nkweb.com/ attend 301 → Location: https://dev4.4nkweb.com/lecoffre/
|
||||||
- GET http://local.4nkweb.com:3000/authorized-client?code=... attend 301 → Location: https://dev4.4nkweb.com/lecoffre/authorized-client?code=...
|
- GET http://dev3.4nkweb.com/authorized-client?code=... attend 301 → Location: https://dev4.4nkweb.com/lecoffre/authorized-client?code=...
|
||||||
|
|
||||||
DNS côté client
|
DNS côté client
|
||||||
- local.4nkweb.com doit résoudre vers 92.243.24.12 (pas 127.0.0.1)
|
- dev3.4nkweb.com doit résoudre vers 92.243.24.12 (pas 127.0.0.1)
|
||||||
- Test: nslookup local.4nkweb.com sur machine cliente
|
- Test: nslookup dev3.4nkweb.com sur machine cliente
|
||||||
Nginx
|
Nginx
|
||||||
- Certificats valides
|
- Certificats valides
|
||||||
- Pas derreurs critiques dans error.log
|
- Pas derreurs critiques dans error.log
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user