From 58f745d8859e03e6290e6dde846880c0d86cf8c7 Mon Sep 17 00:00:00 2001 From: Nicolas Cantu Date: Wed, 17 Sep 2025 08:08:42 +0000 Subject: [PATCH] =?UTF-8?q?chore(nginx,docs):=20piloter=20Nginx=20via=20co?= =?UTF-8?q?nf/nginx/*=20(symlinks=20conf.d),=20d=C3=A9sactivation=20doublo?= =?UTF-8?q?n,=20MAJ=20doc=20d=C3=A9ploiement=20et=20proc=C3=A9dure=20rebui?= =?UTF-8?q?ld=20front=20avec=20.env.production?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- conf/nginx/dev4.4nkweb.com-https.conf | 31 ++++++++++++++++++++++++ conf/nginx/local.4nkweb.com-3000.conf | 6 ++--- docs/DEPLOIEMENT_dev4.md | 34 +++++++++++++++++++++++++++ 3 files changed, 68 insertions(+), 3 deletions(-) diff --git a/conf/nginx/dev4.4nkweb.com-https.conf b/conf/nginx/dev4.4nkweb.com-https.conf index e69de29..abef143 100644 --- a/conf/nginx/dev4.4nkweb.com-https.conf +++ b/conf/nginx/dev4.4nkweb.com-https.conf @@ -0,0 +1,31 @@ +server { + listen 443 ssl http2; + server_name dev4.4nkweb.com; + ssl_certificate /etc/letsencrypt/live/dev4.4nkweb.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/dev4.4nkweb.com/privkey.pem; + include /etc/nginx/proxy_params; + location /lecoffre/ { + proxy_pass http://127.0.0.2:3004/; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Prefix /lecoffre; + } + + location / { + proxy_pass http://127.0.0.1:3003; + include /etc/nginx/proxy_params; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 300; + } + + location /lecoffre/_next/ { + proxy_read_timeout 300; + } + location /_next/ { + proxy_pass http://127.0.0.2:3004/_next/; + proxy_read_timeout 300; + } +} diff --git a/conf/nginx/local.4nkweb.com-3000.conf b/conf/nginx/local.4nkweb.com-3000.conf index 8ab4ff0..f6841c3 100644 --- a/conf/nginx/local.4nkweb.com-3000.conf +++ b/conf/nginx/local.4nkweb.com-3000.conf @@ -1,7 +1,7 @@ server { - listen 127.0.0.1:3000; + listen 0.0.0.0:3000; server_name local.4nkweb.com; + + # Redirection vers HTTPS avec le chemin /lecoffre return 301 https://dev4.4nkweb.com/lecoffre$request_uri; } - - diff --git a/docs/DEPLOIEMENT_dev4.md b/docs/DEPLOIEMENT_dev4.md index d51cff4..ed9b119 100644 --- a/docs/DEPLOIEMENT_dev4.md +++ b/docs/DEPLOIEMENT_dev4.md @@ -86,3 +86,37 @@ sudo dscacheutil -flushcache ``` Après ces modifications, `http://local.4nkweb.com:3000/authorized-client?code=...` devrait rediriger correctement vers `https://dev4.4nkweb.com/lecoffre/authorized-client?code=...`. + +## Pilotage Nginx depuis le dépôt + +- Conf actives sur le système pointent vers les fichiers du dépôt: + - `/etc/nginx/conf.d/ssl-dev4.4nkweb.com.conf` → lien vers `conf/nginx/dev4.4nkweb.com-https.conf` + - `/etc/nginx/conf.d/local.4nkweb.com-3000.conf` → lien vers `conf/nginx/local.4nkweb.com-3000.conf` +- Doublon supprimé: `/etc/nginx/sites-enabled/dev4.4nkweb.com.conf`. +- Vérification et rechargement: + - `sudo nginx -t` + - `sudo nginx -s reload` + +## Variables .env critiques pour le front Next.js + +Ces variables doivent être sans quotes et sans espaces autour de `=` et alignées sur le sous-chemin `/lecoffre`: + +- `NEXT_PUBLIC_ANK_BASE_REDIRECT_URI=https://dev4.4nkweb.com/lecoffre/authorized-client` +- `NEXT_PUBLIC_TARGET_ORIGIN=https://dev4.4nkweb.com/lecoffre` + +Notes: +- Les variables `NEXT_PUBLIC_*` sont prises en compte au build; un rebuild est nécessaire après modification. + +## Rebuild de lecoffre-front avec le .env courant + +Étapes: +1. Vérifier que le conteneur contient le code: + - `sudo docker exec -i lecoffre-front sh -lc "test -f package.json && echo ok || echo ko"` +2. Lancer le build (mémoire augmentée): + - `sudo docker exec -i lecoffre-front sh -lc "export NODE_OPTIONS=--max-old-space-size=2048; npm run build"` +3. Redémarrer le service: + - `sudo docker compose -f docker-compose.yml restart lecoffre-front` +4. Tester: + - `curl -si https://dev4.4nkweb.com/lecoffre/` + +Incident connu: 500 SSR « Invalid targetOrigin » résolu en corrigeant `NEXT_PUBLIC_TARGET_ORIGIN` puis rebuild.