4nk/lecoffre_node
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ci: docker_tag=dev-test - Mise à jour documentation et standardisation

Browse Source
This commit is contained in:
4NK Dev 2025-10-01 20:58:08 +00:00
parent 35a209ce8b
commit 5b2eb254bd
59 changed files with 266 additions and 5925 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

115
.cursorignore
View File

@ -1,54 +1,79 @@
# Cursor ignore file # 4NK Environment - Git Ignore
# Exclude sensitive and generated files # ============================
confs/
# Dossiers de sauvegarde des scripts
**/backup/
**/*backup*
# Environment files **/.cargo/
.env
.env.*
!*.env.example
.cargo/ # Fichiers temporaires
Cargo.lock **/*.tmp*
*/.cargo/ **/*.temp*
*/Cargo.lock **/*.log*
# Logs **/*.pid*
log/
logs/
*.log
# Node modules and build artifacts # Fichiers de configuration locale
node_modules/ **/*.env*
.next/ **/*.conf*
dist/ **/*.yaml*
build/ **/*.yml*
coverage/ **/*.ini*
**/*.json*
**/*.toml*
**/*.lock*
# OS files # Données et logs
.DS_Store **/*.logs*
Thumbs.db **/*.data
*.db
*.sqlite
# IDE files # Certificats et clés
.vscode/ **/*.key
.idea/ **/*.pem
*.swp **/*.crt
*.swo **/*.p12
**/*.pfx
ssl/
certs/
# Temporary files # Docker
*.tmp **/*.docker*
*.temp
*.bak
*.backup
# Sensitive files # Cache et build
*.key **/*.node_modules/
*.pem **/*.dist/
*.p12 **/*build/
*.jks **/*target/
priv_key.json **/*.*.o
**/*.so
**/*.dylib
# Docker volumes # IDE et éditeurs
volumes/ **/*.vscode/
**/*.idea/
**/*.swp
**/*.swo
**/*~
# Backup configurations # OS
conf/nginx/*bak* **/*.DS_Store
conf/nginx/*.tmp **/*Thumbs.db
conf/nginx/*.clean **/*tmp*
# Git
**/*.git/
**/*.orig*
# Backup des projets existants
**/*backup*
**/*wallet*
**/*keys*
**/*node_modules*
**/*cursor*
**/*pid*
**/*next*

89
.dockerignore
View File

@ -1,10 +1,79 @@
.git # 4NK Environment - Git Ignore
node_modules # ============================
.next confs/
coverage # Dossiers de sauvegarde des scripts
dist **/backup/
.DS_Store **/*backup*
npm-debug.log*
yarn-debug.log* **/.cargo/
yarn-error.log*
# .env* # Fichiers temporaires
**/*.tmp*
**/*.temp*
**/*.log*
**/*.pid*
# Fichiers de configuration locale
**/*.env*
**/*.conf*
**/*.yaml*
**/*.yml*
**/*.ini*
**/*.json*
**/*.toml*
**/*.lock*
# Données et logs
**/*.logs*
**/*.data
*.db
*.sqlite
# Certificats et clés
**/*.key
**/*.pem
**/*.crt
**/*.p12
**/*.pfx
ssl/
certs/
# Docker
**/*.docker*
# Cache et build
**/*.node_modules/
**/*.dist/
**/*build/
**/*target/
**/*.*.o
**/*.so
**/*.dylib
# IDE et éditeurs
**/*.vscode/
**/*.idea/
**/*.swp
**/*.swo
**/*~
# OS
**/*.DS_Store
**/*Thumbs.db
**/*tmp*
# Git
**/*.git/
**/*.orig*
# Backup des projets existants
**/*backup*
**/*wallet*
**/*keys*
**/*node_modules*
**/*cursor*
**/*pid*
**/*next*

130
.env.master.exemple
View File

@ -1,130 +0,0 @@
# DOMAIN
DOMAIN=dev4.4nkweb.com
BOOTSTRAP_DOMAIN=dev3.4nkweb.com
LOCAL_DOMAIN=lecoffreio.4nkweb.com
LECOFFRE_BACK_DOMAIN=dev3.4nkweb.com
# GIT
GITEA_BASE_URL=git.4nkweb.com
GIT_TOKEN=8cde80690a5ffd737536d82a1ab16a765d5105df
GITEA_OWNER="nicolas.cantu,Omar"
GITEA_RUNNER_NAME=debian-runner
# Variables d'environnement pour l'application back-end
NODE_ENV=production
RUST_LOG=DEBUG
NODE_OPTIONS=--max-old-space-size=2048
# Configuration IDNOT
IDNOT_ANNUARY_BASE_URL=https://qual-api.notaires.fr/annuaire
IDNOT_REDIRECT_URI=http://${LOCAL_DOMAIN}/authorized-client
IDNOT_TOKEN_URL=https://qual-connexion.idnot.fr/user/IdPOAuth2/token/idnot_idp_v1
IDNOT_API_BASE_URL=https://qual-api.notaires.fr
# Configuration serveur
APP_HOST=dev4.4nkweb.com
API_BASE_URL=https://${DOMAIN}/back
DEFAULT_STORAGE=https://${DOMAIN}/storage
# Variables d'environnement pour l'application front-end
NEXT_PUBLIC_4NK_URL=https://${DOMAIN}
NEXT_PUBLIC_FRONT_APP_HOST=https://dev4.4nkweb.com/lecoffre
NEXT_PUBLIC_IDNOT_BASE_URL=https://qual-connexion.idnot.fr
NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=/IdPOAuth2/authorize/idnot_idp_v1
NEXT_PUBLIC_BACK_API_PROTOCOL=https
NEXT_PUBLIC_BACK_API_HOST=${LECOFFRE_BACK_DOMAIN}
NEXT_PUBLIC_BACK_API_PORT=443
NEXT_PUBLIC_BACK_API_ROOT_URL=/api
NEXT_PUBLIC_BACK_API_VERSION=v1
NEXT_PUBLIC_ANK_BASE_REDIRECT_URI=https://${DOMAIN}/lecoffre/authorized-client
NEXT_PUBLIC_TARGET_ORIGIN=https://${DOMAIN}/lecoffre
NEXT_PUBLIC_4NK_IFRAME_URL=https://${DOMAIN}
NEXT_PUBLIC_IDNOT_REDIRECT_URI=https://${DOMAIN}/lecoffre/authorized-client
NEXT_PUBLIC_DOCAPOSTE_API_URL=
NEXT_PUBLIC_API_URL=https://${DOMAIN}/api
NEXT_PUBLIC_DEFAULT_VALIDATOR_ID=28c9a3a8151bef545ebf700ca5222c63d0031ad593097e95c1de202464304a99
NEXT_PUBLIC_DEFAULT_STORAGE_URLS=https://${DOMAIN}/storage
# WS
RELAY_URLS=wss://${DOMAIN}/ws/,wss://${BOOTSTRAP_DOMAIN}/ws/
# SIGNER
SIGNER_WS_URL=ws://${BOOTSTRAP_DOMAIN}:9090
SIGNER_BASE_URL=https://${BOOTSTRAP_DOMAIN}
# IHM URLS
VITE_BOOTSTRAPURL=wss://${BOOTSTRAP_DOMAIN}/ws/
# Cartes de test Stripe
SUCCES='4242 4242 4242 4242'
DECLINED='4000 0025 0000 3155'
CORS_ALLOWED_ORIGINS=https://${DOMAIN}
core_url=http://bitcoin:38332
ws_url=0.0.0.0:8090
wallet_name=default
network=signet
blindbit_url=http://blindbit:8000
zmq_url=tcp://bitcoin:29000
storage=https://${DOMAIN}/storage
data_dir=/home/bitcoin/.4nk
bitcoin_data_dir=/home/bitcoin/.bitcoin
bootstrap_url=wss://${BOOTSTRAP_DOMAIN}/ws/
bootstrap_faucet=true
# ================== /!\ sensible =========================
# Configuration IDNOT
IDNOT_API_KEY=ba557f84-0bf6-4dbf-844f-df2767555e3e
IDNOT_CLIENT_ID=B3CE56353EDB15A9
IDNOT_CLIENT_SECRET=3F733549E879878344B6C949B366BB5CDBB2DB5B7F7AB7EBBEBB0F0DD0776D1C
NEXT_PUBLIC_IDNOT_CLIENT_ID=B3CE56353EDB15A9
SIGNER_API_KEY=your-api-key-change-this
VITE_JWT_SECRET_KEY=52b3d77617bb00982dfee15b08effd52cfe5b2e69b2f61cc4848cfe1e98c0bc9
# Configuration pour réduire les traces Docker
DOCKER_LOG_LEVEL=info
COMPOSE_LOG_LEVEL=WARNING
# ===========================================
# VARIABLES SDK_SIGNER (manquantes)
# ===========================================
SIGNER_PORT=9090
SIGNER_DATABASE_PATH=./data/server.db
SIGNER_RELAY_URLS=wss://${DOMAIN}/ws/,wss://${BOOTSTRAP_DOMAIN}/ws/
SIGNER_AUTO_RESTART=true
SIGNER_MAX_RESTARTS=3
SIGNER_LOG_LEVEL=info
# ===========================================
# VARIABLES SDK_RELAY (formatées pour docker-compose)
# ===========================================
SDK_RELAY_CORE_URL=http://bitcoin:38332
SDK_RELAY_WS_URL=0.0.0.0:8090
SDK_RELAY_WALLET_NAME=default
SDK_RELAY_NETWORK=signet
SDK_RELAY_ZMQ_URL=tcp://bitcoin:29000
SDK_RELAY_STORAGE=https://${DOMAIN}/storage
SDK_RELAY_DATA_DIR=/app/.4nk
SDK_RELAY_BITCOIN_DATA_DIR=/app/.bitcoin
SDK_RELAY_BOOTSTRAP_URL=wss://${BOOTSTRAP_DOMAIN}/ws/
SDK_RELAY_BOOTSTRAP_FAUCET=true
SDK_RELAY_BLINDBIT_URL=http://blindbit-oracle:8000
# ===========================================
# VARIABLES IHM_CLIENT (formatées pour docker-compose)
# ===========================================
VITE_API_BASE_URL=https://${DOMAIN}/back/api/v1
VITE_WS_URL=wss://${DOMAIN}/ws/
VITE_STORAGE_URL=https://${DOMAIN}/storage
VITE_SIGNER_URL=https://${DOMAIN}/signer
# ===========================================
# VARIABLES MONITORING
# ===========================================
GRAFANA_ADMIN_USER=admin
GRAFANA_ADMIN_PASSWORD=admin123
LOKI_URL=http://loki:3100
PROMTAIL_CONFIG_FILE=/etc/promtail/config.yml

94
.gitignore vendored
View File

@ -1,17 +1,79 @@
.env # 4NK Environment - Git Ignore
!.env.master # ============================
miner/.env confs/
miner/signet/priv_key.json # Dossiers de sauvegarde des scripts
**/backup/
**/*backup*
# Sensibles et générés **/.cargo/
.cursor/
log/*.log # Fichiers temporaires
miner/.env.signet **/*.tmp*
miner/tools/*.json **/*.temp*
conf/nginx/*bak* **/*.log*
conf/nginx/*.tmp **/*.pid*
conf/nginx/*.clean
.env.bak # Fichiers de configuration locale
backups/ **/*.env*
.cargo/ **/*.conf*
Cargo.lock.cursor-server **/*.yaml*
**/*.yml*
**/*.ini*
**/*.json*
**/*.toml*
**/*.lock*
# Données et logs
**/*.logs*
**/*.data
*.db
*.sqlite
# Certificats et clés
**/*.key
**/*.pem
**/*.crt
**/*.p12
**/*.pfx
ssl/
certs/
# Docker
**/*.docker*
# Cache et build
**/*.node_modules/
**/*.dist/
**/*build/
**/*target/
**/*.*.o
**/*.so
**/*.dylib
# IDE et éditeurs
**/*.vscode/
**/*.idea/
**/*.swp
**/*.swo
**/*~
# OS
**/*.DS_Store
**/*Thumbs.db
**/*tmp*
# Git
**/*.git/
**/*.orig*
# Backup des projets existants
**/*backup*
**/*wallet*
**/*keys*
**/*node_modules*
**/*cursor*
**/*pid*
**/*next*

258
README-AUTONOMOUS.md
View File

@ -1,258 +0,0 @@
# 🚀 Architecture Autonome LeCoffre Node
## Vue d'ensemble
Cette architecture autonome permet de déployer l'ensemble de l'écosystème LeCoffre dans un seul conteneur Docker, avec Nginx intégré pour une autonomie complète.
## 🏗️ Architecture
```
┌─────────────────────────────────────────────────────────┐
│ Container Master │
│ ┌─────────────────────────────────────────────────┐ │
│ │ Nginx (Port 80) │ │
│ │ - Reverse Proxy │ │
│ │ - Load Balancing │ │
│ │ - SSL Termination │ │
│ │ - Rate Limiting │ │
│ └─────────────────────────────────────────────────┘ │
│ ┌─────────────────────────────────────────────────┐ │
│ │ Supervisor │ │
│ │ - Process Management │ │
│ │ - Auto-restart │ │
│ │ - Log Management │ │
│ └─────────────────────────────────────────────────┘ │
│ ┌─────────────────────────────────────────────────┐ │
│ │ Docker Compose Services │ │
│ │ - Bitcoin Signet │ │
│ │ - SDK Relay/Signer/Storage │ │
│ │ - LeCoffre Front/Back │ │
│ │ - IHM Client │ │
│ │ - Grafana/Loki/Promtail │ │
│ └─────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────┘
```
## 📁 Structure des fichiers
```
lecoffre_node/
├── Dockerfile.master # Image Docker autonome
├── .env.master # Configuration avec secrets
├── env.master # Variables publiques
├── docker-compose.yml # Services internes
├── conf/
│ ├── nginx/
│ │ └── nginx.conf # Configuration Nginx intégrée
│ └── supervisor/
│ └── supervisord.conf # Gestion des processus
├── scripts/
│ ├── entrypoint.sh # Point d'entrée principal
│ ├── startup.sh # Démarrage des services
│ └── deploy-autonomous.sh # Script de déploiement
└── README-AUTONOMOUS.md # Cette documentation
```
## 🔐 Sécurité
### Protection des secrets
- Tous les fichiers `.env` sont protégés par `.gitignore`
- Les secrets sont centralisés dans `.env.master`
- Variables sensibles : clés API, mots de passe, tokens
### Variables protégées
```bash
# IdNot
IDNOT_API_KEY=ba557f84-0bf6-4dbf-844f-df2767555e3e
IDNOT_CLIENT_SECRET=3F733549E879878344B6C949B366BB5CDBB2DB5B7F7AB7EBBEBB0F0DD0776D1C
# OVH
OVH_APP_SECRET=de1fac1779d707d263a611a557cd5766
OVH_CONSUMER_KEY=5fe817829b8a9c780cfa2354f8312ece
# Stripe
STRIPE_SECRET_KEY=sk_test_51OwKmMP5xh1u9BqSeFpqw0Yr15hHtFsh0pvRGaE0VERhlYtvw33ND1qiGA6Dy1DPmmV61B6BqIimlhuv7bwElhjF00PLQwD60n
# Grafana
GF_SECURITY_ADMIN_PASSWORD=Fuy8ZfxQI2xdSdoB8wsGxNjyU
```
## 🚀 Déploiement
### Prérequis
- Docker et Docker Compose installés
- Ports 80, 443, 3000 disponibles (le conteneur utilise son propre Nginx)
- Accès au socket Docker (`/var/run/docker.sock`)
- **Nginx du host supprimé** pour éviter les conflits
### Déploiement automatique
```bash
cd /home/debian/4NK_env/lecoffre_node
./scripts/deploy-autonomous.sh
```
### Déploiement manuel
```bash
# 1. Construction de l'image
docker build -f Dockerfile.master -t lecoffre-node-master:ext .
# 2. Démarrage du conteneur (utilise le port 80 du host)
docker run -d \
--name lecoffre-node-master \
--privileged \
--restart unless-stopped \
-p 80:80 \
-v /var/run/docker.sock:/var/run/docker.sock \
-v $(pwd)/data:/app/data \
-v $(pwd)/logs:/app/logs \
-v $(pwd)/.env.master:/app/.env \
lecoffre-node-master:ext
```
### Désinstallation du Nginx du host (optionnel)
```bash
# Pour une indépendance complète, désinstaller Nginx du host
./scripts/uninstall-host-nginx.sh
```
## 🌐 Services exposés
| Service | URL | Description |
|---------|-----|-------------|
| Status Page | http://localhost/status/ | Tableau de bord des services |
| Grafana | http://localhost/grafana/ | Monitoring et logs |
| LeCoffre Front | http://localhost/lecoffre/ | Application principale |
| IHM Client | http://localhost/ | Interface client |
| API Backend | http://localhost/api/ | API REST |
| WebSocket | ws://localhost/ws/ | Communication temps réel |
| **Redirections IdNot** | http://dev3.4nkweb.com/ | Redirections externes IdNot |
| **HTTPS** | https://localhost/ | Accès sécurisé (certificats auto-signés) |
## 🔧 Gestion
### Commandes utiles
```bash
# Voir les logs
docker logs lecoffre-node-master
# Accéder au shell
docker exec -it lecoffre-node-master bash
# Redémarrer le conteneur
docker restart lecoffre-node-master
# Arrêter le conteneur
docker stop lecoffre-node-master
# Voir les services internes
docker exec lecoffre-node-master docker-compose ps
```
### Surveillance
```bash
# Healthcheck automatique
docker inspect lecoffre-node-master | grep Health -A 10
# Vérification des services
curl -f http://localhost:8080/status/api/health
```
## 📊 Monitoring
### Grafana Dashboards
- **Bitcoin Miner** : Surveillance du minage Signet
- **Backend Services** : Métriques des APIs
- **SDK Services** : État des services SDK
- **Frontend Services** : Performance des interfaces
- **Bitcoin Services** : État du réseau Bitcoin
### Logs centralisés
- Tous les logs sont collectés par Promtail
- Stockage dans Loki
- Visualisation dans Grafana
- Rotation automatique des logs
## 🔄 Maintenance
### Sauvegarde
```bash
# Sauvegarde des données
docker exec lecoffre-node-master tar -czf /app/backup/backup-$(date +%Y%m%d).tar.gz /app/data
# Restauration
docker exec lecoffre-node-master tar -xzf /app/backup/backup-YYYYMMDD.tar.gz -C /
```
### Mise à jour
```bash
# 1. Arrêter le conteneur
docker stop lecoffre-node-master
# 2. Reconstruire l'image
docker build -f Dockerfile.master -t lecoffre-node-master:ext .
# 3. Redémarrer
docker start lecoffre-node-master
```
## 🚨 Dépannage
### Problèmes courants
1. **Services non accessibles**
```bash
docker logs lecoffre-node-master
docker exec lecoffre-node-master docker-compose ps
```
2. **Problème de permissions Docker**
```bash
sudo chmod 666 /var/run/docker.sock
```
3. **Ports déjà utilisés**
```bash
sudo netstat -tulpn | grep :8080
sudo fuser -k 8080/tcp
```
### Logs détaillés
```bash
# Logs du conteneur master
docker logs lecoffre-node-master -f
# Logs des services internes
docker exec lecoffre-node-master tail -f /app/logs/docker-compose.log
# Logs Nginx
docker exec lecoffre-node-master tail -f /var/log/nginx/error.log
```
## 📝 Configuration
### Variables d'environnement principales
- `EXTERNAL_DOMAIN` : Domaine externe (dev4.4nkweb.com)
- `INTERNAL_DOMAIN` : Domaine interne (localhost)
- `DOCKER_NETWORK_SUBNET` : Sous-réseau Docker
- `GF_SECURITY_ADMIN_PASSWORD` : Mot de passe Grafana
### Personnalisation
1. Modifier `.env.master` pour les secrets
2. Ajuster `conf/nginx/nginx.conf` pour le routage
3. Configurer `conf/supervisor/supervisord.conf` pour les processus
## 🎯 Avantages
**Autonomie complète** : Un seul conteneur pour tout l'écosystème
**Sécurité renforcée** : Secrets centralisés et protégés
**Monitoring intégré** : Grafana, Loki, Promtail inclus
**Facilité de déploiement** : Script automatisé
**Scalabilité** : Architecture modulaire
**Maintenance simplifiée** : Gestion centralisée
## 📞 Support
Pour toute question ou problème :
1. Vérifier les logs : `docker logs lecoffre-node-master`
2. Consulter la documentation des services individuels
3. Tester la connectivité : `curl http://localhost:8080/status/`

28
README.md
View File

@ -1,8 +1,8 @@
# LeCoffre Node - Plateforme de Gestion de Documents Sécurisée # LeCoffre Node - Plateforme de Gestion de Documents Sécurisée
[![Docker](https://img.shields.io/badge/Docker-Ext-blue)](https://git.4nkweb.com/4nk/lecoffre_node) [![Docker](https://img.shields.io/badge/Docker-Ext-blue)](https://git.4nkweb.com/4nk/lecoffre_node)
[![Bitcoin Signet](https://img.shields.io/badge/Bitcoin-Signet-orange)](https://mempool2.4nkweb.com) [![Bitcoin Signet](https://img.shields.io/badge/Bitcoin-Signet-orange)](https://example.com)
[![Status](https://img.shields.io/badge/Status-Production-green)](https://dev4.4nkweb.com/lecoffre) [![Status](https://img.shields.io/badge/Status-Production-green)](https://example.com)
## 🚀 Démarrage Rapide ## 🚀 Démarrage Rapide
@ -40,15 +40,15 @@
| Service | URL | Description | | Service | URL | Description |
|---------|-----|-------------| |---------|-----|-------------|
| **LeCoffre Frontend** | [https://dev4.4nkweb.com/lecoffre](https://dev4.4nkweb.com/lecoffre) | Interface principale | | **LeCoffre Frontend** | `<PUBLIC_BASE_URL>/lecoffre` | Interface principale |
| **IHM Client** | [https://dev4.4nkweb.com/](https://dev4.4nkweb.com/) | Interface de gestion des clés | | **IHM Client** | `<PUBLIC_BASE_URL>/` | Interface de gestion des clés |
| **API Backend** | [https://dev4.4nkweb.com/api/](https://dev4.4nkweb.com/api/) | API REST | | **API Backend** | `<PUBLIC_BASE_URL>/api/` | API REST |
| **WebSocket** | `wss://dev4.4nkweb.com/ws/` | Relay WebSocket | | **WebSocket** | `wss://<PUBLIC_BASE_HOST>/ws/` | Relay WebSocket |
## 🏗️ Architecture ## 🏗️ Architecture
``` ```
Internet → dev4.4nkweb.com (Nginx) → Services Locaux Internet → Reverse proxy (public) → Services locaux
├── Frontend: LeCoffre Application ├── Frontend: LeCoffre Application
├── IHM: Interface de gestion des clés Bitcoin ├── IHM: Interface de gestion des clés Bitcoin
├── API: Backend REST ├── API: Backend REST
@ -102,10 +102,10 @@ Le système utilise **Grafana + Loki + Promtail** pour le monitoring centralisé
./scripts/deploy-grafana.sh start ./scripts/deploy-grafana.sh start
# Accéder à Grafana # Accéder à Grafana
https://dev4.4nkweb.com/grafana/ <PUBLIC_BASE_URL>/grafana/
``` ```
**Identifiants** : `admin` / `admin123` **Identifiants** : `admin` / `<GRAFANA_ADMIN_PASSWORD>`
### Dashboards Disponibles ### Dashboards Disponibles
@ -131,13 +131,13 @@ https://dev4.4nkweb.com/grafana/
Les variables d'environnement sont centralisées dans `.env` : Les variables d'environnement sont centralisées dans `.env` :
```bash ```bash
# URLs des services externes # URLs des services externes (à définir selon l'environnement)
VITE_BOOTSTRAPURL=wss://dev4.4nkweb.com/ws/ VITE_BOOTSTRAPURL=wss://<PUBLIC_BASE_HOST>/ws/
SIGNER_WS_URL=ws://dev3.4nkweb.com:9090 SIGNER_WS_URL=ws://<SIGNER_HOST>:9090
SIGNER_BASE_URL=https://dev3.4nkweb.com SIGNER_BASE_URL=https://<SIGNER_HOST>
# Configuration monitoring # Configuration monitoring
GRAFANA_ADMIN_PASSWORD=admin123 GRAFANA_ADMIN_PASSWORD=<GRAFANA_ADMIN_PASSWORD>
``` ```
### Scripts Utiles ### Scripts Utiles

14
bitcoin/Dockerfile
View File

@ -1,14 +0,0 @@
# Dockerfile personnalisé pour Bitcoin avec jq
FROM git.4nkweb.com/4nk/bitcoin:latest
# Installer jq et autres outils utiles pour les healthchecks
USER root
RUN apk update && apk add --no-cache \
jq bc \
net-tools iputils \
bind-tools netcat-openbsd \
telnet procps && \
rm -rf /var/cache/apk/* /tmp/* /var/tmp/*
# Revenir à l'utilisateur bitcoin
USER bitcoin

45
bitcoin/bitcoin.conf
View File

@ -1,45 +0,0 @@
# Configuration globale
signet=1
server=1
datadir=/home/bitcoin/.bitcoin
[signet]
daemon=0
txindex=1
upnp=1
#debug=1
#loglevel=debug
logthreadnames=1
onion=tor:9050
listenonion=1
onlynet=onion
# Paramètres RPC
rpcauth=bitcoin:c8ea921c7357bd6a5a8a7c43a12350a7$955e25b17672987b17c5a12f12cd8b9c1d38f0f86201c8cd47fc431f2e1c7956
rpcallowip=0.0.0.0/0
rpcworkqueue=32
rpcthreads=4
rpcdoccheck=1
# Paramètres ZMQ
zmqpubhashblock=tcp://0.0.0.0:29000
zmqpubrawtx=tcp://0.0.0.0:29001
listen=1
bind=0.0.0.0:38333
rpcbind=0.0.0.0:38332
rpcport=38332
fallbackfee=0.0001
blockfilterindex=1
datacarriersize=205
acceptnonstdtxn=1
dustrelayfee=0.00000001
minrelaytxfee=0.00000001
prune=0
signetchallenge=0020341c43803863c252df326e73574a27d7e19322992061017b0dc893e2eab90821
wallet=mining
wallet=watchonly
maxtxfee=1
addnode=tlv2yqamflv22vfdzy2hha2nwmt6zrwrhjjzz4lx7qyq7lyc6wfhabyd.onion
addnode=6xi33lwwslsx3yi3f7c56wnqtdx4v73vj2up3prrwebpwbz6qisnqbyd.onion
addnode=id7e3r3d2epen2v65jebjhmx77aimu7oyhcg45zadafypr4crqsytfid.onion

13
blindbit/Dockerfile
View File

@ -1,13 +0,0 @@
# Dockerfile personnalisé pour BlindBit avec pgrep et wget
FROM git.4nkweb.com/4nk/blindbit-oracle:dev
# Installer pgrep, wget et autres outils utiles pour les healthchecks
USER root
RUN apt-get update && apt-get install -y procps wget curl && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
# Revenir à l'utilisateur par défaut
USER root

18
blindbit/blindbit.toml
View File

@ -1,18 +0,0 @@
# Configuration Blindbit Oracle
host = "0.0.0.0:8000"
chain = "signet"
rpc_endpoint = "http://bitcoin:38332"
cookie_path = "/home/bitcoin/.bitcoin/signet/.cookie"
rpc_user = ""
rpc_pass = ""
sync_start_height = 1
# Performance
max_parallel_tweak_computations = 4
max_parallel_requests = 4
# Index
tweaks_only = 0
tweaks_full_basic = 1
tweaks_full_with_dust_filter = 1
tweaks_cut_through_with_dust_filter = 1

95
conf/README.md
View File

@ -1,95 +0,0 @@
# Configuration Centralisée - LeCoffre Node
Ce dossier contient toutes les configurations centralisées pour les services du projet LeCoffre Node.
## Structure
```
conf/
├── bitcoin/ # Configuration Bitcoin Signet
│ └── bitcoin.conf
├── relay/ # Configuration SDK Relay
│ └── sdk_relay.conf
├── nginx/ # Configurations Nginx (déjà existantes)
│ └── ...
├── ihm_client/ # Configuration IHM Client
│ └── nginx.dev.conf
├── lecoffre-front/ # Configuration LeCoffre Frontend
└── miner/ # Configuration du mineur
```
## Scripts de Gestion
Les configurations et le déploiement sont gérés via des scripts centralisés :
- `scripts/sync-configs.sh` : Synchronise toutes les configurations
- `scripts/startup-sequence.sh` : Script principal avec déploiement complet
- `scripts/pre-build.sh` : Prépare l'environnement avant build Docker
## Avantages
1. **Centralisation** : Toutes les configurations au même endroit
2. **Cohérence** : Gestion uniforme des paramètres
3. **Maintenance** : Modifications centralisées
4. **Versioning** : Suivi des changements de configuration
5. **Backup** : Sauvegarde centralisée
## Utilisation
### Synchronisation manuelle
```bash
# Synchroniser tous les projets
./scripts/sync-configs.sh
# Synchroniser un projet spécifique
./scripts/sync-configs.sh ihm_client
```
### Déploiement complet
```bash
# Déployer tous les projets
./scripts/startup-sequence.sh deploy
# Déployer un projet spécifique
./scripts/startup-sequence.sh deploy-project ihm_client
# Déployer avec push des images Docker
PUSH_DOCKER_IMAGES=true ./scripts/startup-sequence.sh deploy
```
### Préparation avant build
```bash
# Préparer l'environnement avant build Docker
./scripts/pre-build.sh
```
### Commandes de maintenance
```bash
# Mettre à jour toutes les dépendances
./scripts/startup-sequence.sh update-deps
# Vérifier les fichiers ignore
./scripts/startup-sequence.sh check-ignore
# Nettoyer les fichiers non suivis
./scripts/startup-sequence.sh clean-untracked
# Compiler tous les projets
./scripts/startup-sequence.sh compile-all
# Exécuter tous les tests
./scripts/startup-sequence.sh test-all
```
### Modification d'une configuration
1. Éditer le fichier dans `conf/[service]/`
2. Synchroniser avec `./scripts/sync-configs.sh [service]`
3. Redémarrer le service concerné
## Services Concernés
- **Bitcoin Signet** : Configuration du nœud Bitcoin
- **SDK Relay** : Configuration du relais WebSocket
- **IHM Client** : Configuration Nginx pour l'interface client
- **LeCoffre Front/Back** : Configurations des services web
- **Mineur** : Configuration du minage Bitcoin

45
conf/bitcoin/bitcoin.conf
View File

@ -1,45 +0,0 @@
# Configuration globale
signet=1
server=1
datadir=/home/bitcoin/.bitcoin
[signet]
daemon=0
txindex=1
upnp=1
#debug=1
#loglevel=debug
logthreadnames=1
onion=tor:9050
listenonion=1
onlynet=onion
# Paramètres RPC
rpcauth=bitcoin:c8ea921c7357bd6a5a8a7c43a12350a7$955e25b17672987b17c5a12f12cd8b9c1d38f0f86201c8cd47fc431f2e1c7956
rpcallowip=0.0.0.0/0
rpcworkqueue=32
rpcthreads=4
rpcdoccheck=1
# Paramètres ZMQ
zmqpubhashblock=tcp://0.0.0.0:29000
zmqpubrawtx=tcp://0.0.0.0:29001
listen=1
bind=0.0.0.0:38333
rpcbind=0.0.0.0:38332
rpcport=38332
fallbackfee=0.0001
blockfilterindex=1
datacarriersize=205
acceptnonstdtxn=1
dustrelayfee=0.00000001
minrelaytxfee=0.00000001
prune=0
signetchallenge=0020341c43803863c252df326e73574a27d7e19322992061017b0dc893e2eab90821
wallet=mining
wallet=watchonly
maxtxfee=1
addnode=tlv2yqamflv22vfdzy2hha2nwmt6zrwrhjjzz4lx7qyq7lyc6wfhabyd.onion
addnode=6xi33lwwslsx3yi3f7c56wnqtdx4v73vj2up3prrwebpwbz6qisnqbyd.onion
addnode=id7e3r3d2epen2v65jebjhmx77aimu7oyhcg45zadafypr4crqsytfid.onion

399
conf/grafana/dashboards/bitcoin-miner-detailed.json
View File

@ -1,399 +0,0 @@
{
"annotations": {
"list": []
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"id": null,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 0
},
"id": 1,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom"
},
"tooltip": {
"mode": "single"
}
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "sum(rate({container=\"signet_miner\"} |= \"Block mined\" [5m])) by (container)",
"queryType": "",
"refId": "A"
}
],
"title": "Blocs Minés par Minute",
"type": "timeseries"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 0
},
"id": 2,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom"
},
"tooltip": {
"mode": "single"
}
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "sum(rate({container=\"signet_miner\"} |= \"Hashrate\" [5m])) by (container)",
"queryType": "",
"refId": "A"
}
],
"title": "Hashrate du Mineur",
"type": "timeseries"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 8,
"x": 0,
"y": 8
},
"id": 3,
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "count_over_time({container=\"signet_miner\"} |= \"ERROR\" [1h])",
"queryType": "",
"refId": "A"
}
],
"title": "Erreurs du Mineur (1h)",
"type": "stat"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
}
},
"mappings": []
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 16,
"x": 8,
"y": 8
},
"id": 4,
"options": {
"legend": {
"displayMode": "list",
"placement": "right"
},
"pieType": "pie",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"tooltip": {
"mode": "single"
}
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "sum by (level) (count_over_time({container=\"signet_miner\"} | json | level != \"\" [1h]))",
"queryType": "",
"refId": "A"
}
],
"title": "Distribution des Niveaux de Log",
"type": "piechart"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 16
},
"id": 5,
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": "",
"reducer": [
"sum"
],
"show": false
},
"showHeader": true
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "{container=\"signet_miner\"} |= \"Block mined\" | json | line_format \"{{.timestamp}} - Bloc {{.height}} miné - Hash: {{.hash}}\"",
"queryType": "",
"refId": "A"
}
],
"title": "Historique des Blocs Minés",
"type": "table"
}
],
"refresh": "5s",
"schemaVersion": 37,
"style": "dark",
"tags": [
"bitcoin",
"miner",
"signet"
],
"templating": {
"list": []
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "Bitcoin Miner - Détails",
"uid": "bitcoin-miner-detailed",
"version": 1,
"weekStart": ""
}

160
conf/grafana/dashboards/bitcoin-miner.json
View File

@ -1,160 +0,0 @@
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "grafana",
"uid": "-- Grafana --"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"target": {
"limit": 100,
"matchAny": false,
"tags": [],
"type": "dashboard"
},
"type": "dashboard"
}
]
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"id": null,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 0
},
"id": 1,
"options": {
"showTime": false,
"showLabels": false,
"showCommonLabels": false,
"wrapLogMessage": false,
"prettifyLogMessage": false,
"enableLogDetails": true,
"dedupStrategy": "none",
"sortOrder": "Descending"
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "{job=\"bitcoin\"} |= \"block\" | logfmt",
"queryType": "",
"refId": "A"
}
],
"title": "Bitcoin - Nouveaux Blocs",
"type": "logs"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 0
},
"id": 2,
"options": {
"showTime": false,
"showLabels": false,
"showCommonLabels": false,
"wrapLogMessage": false,
"prettifyLogMessage": false,
"enableLogDetails": true,
"dedupStrategy": "none",
"sortOrder": "Descending"
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "{job=\"miner\"} |= \"mined\" | logfmt",
"queryType": "",
"refId": "A"
}
],
"title": "Miner - Blocs Minés",
"type": "logs"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 8
},
"id": 3,
"options": {
"showTime": false,
"showLabels": false,
"showCommonLabels": false,
"wrapLogMessage": false,
"prettifyLogMessage": false,
"enableLogDetails": true,
"dedupStrategy": "none",
"sortOrder": "Descending"
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "{job=~\"bitcoin|miner|blindbit\"} |= \"error\" | logfmt",
"queryType": "",
"refId": "A"
}
],
"title": "Bitcoin/Miner/Blindbit - Erreurs",
"type": "logs"
}
],
"refresh": "30s",
"schemaVersion": 36,
"style": "dark",
"tags": ["bitcoin", "miner", "blockchain"],
"templating": {
"list": []
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "Bitcoin & Miner Monitoring",
"uid": "bitcoin-miner",
"version": 1,
"weekStart": ""
}

532
conf/grafana/dashboards/bitcoin-services.json
View File

@ -1,532 +0,0 @@
{
"annotations": {
"list": []
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"id": null,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 0
},
"id": 1,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom"
},
"tooltip": {
"mode": "single"
}
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "sum(rate({container=\"bitcoin-signet\"} |= \"UpdateTip\" [5m])) by (container)",
"queryType": "",
"refId": "A"
}
],
"title": "Mises à Jour de la Chaîne Bitcoin",
"type": "timeseries"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 0
},
"id": 2,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom"
},
"tooltip": {
"mode": "single"
}
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "sum(rate({container=\"blindbit-oracle\"} |= \"tweak\" [5m])) by (container)",
"queryType": "",
"refId": "A"
}
],
"title": "Détection de Tweak (BlindBit)",
"type": "timeseries"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 4,
"w": 6,
"x": 0,
"y": 8
},
"id": 3,
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "count_over_time({container=\"bitcoin-signet\"} |= \"ERROR\" [1h])",
"queryType": "",
"refId": "A"
}
],
"title": "Erreurs Bitcoin (1h)",
"type": "stat"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 4,
"w": 6,
"x": 6,
"y": 8
},
"id": 4,
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "count_over_time({container=\"blindbit-oracle\"} |= \"ERROR\" [1h])",
"queryType": "",
"refId": "A"
}
],
"title": "Erreurs BlindBit (1h)",
"type": "stat"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 4,
"w": 6,
"x": 12,
"y": 8
},
"id": 5,
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "count_over_time({container=\"bitcoin-signet\"} |= \"New block\" [1h])",
"queryType": "",
"refId": "A"
}
],
"title": "Nouveaux Blocs (1h)",
"type": "stat"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 4,
"w": 6,
"x": 18,
"y": 8
},
"id": 6,
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "count_over_time({container=\"blindbit-oracle\"} |= \"Silent payment\" [1h])",
"queryType": "",
"refId": "A"
}
],
"title": "Silent Payments (1h)",
"type": "stat"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 12
},
"id": 7,
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": "",
"reducer": [
"sum"
],
"show": false
},
"showHeader": true
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "{container=~\"bitcoin-signet|blindbit-oracle\"} |= \"ERROR\" | line_format \"{{.timestamp}} - {{.container}} - {{.message}}\"",
"queryType": "",
"refId": "A"
}
],
"title": "Erreurs Bitcoin Services",
"type": "table"
}
],
"refresh": "5s",
"schemaVersion": 37,
"style": "dark",
"tags": [
"bitcoin",
"signet",
"blindbit",
"oracle"
],
"templating": {
"list": []
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "Bitcoin Services - Monitoring",
"uid": "bitcoin-services",
"version": 1,
"weekStart": ""
}

532
conf/grafana/dashboards/frontend-services.json
View File

@ -1,532 +0,0 @@
{
"annotations": {
"list": []
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"id": null,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 0
},
"id": 1,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom"
},
"tooltip": {
"mode": "single"
}
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "sum(rate({container=~\"lecoffre-front|ihm_client\"} |= \"GET\" [5m])) by (container)",
"queryType": "",
"refId": "A"
}
],
"title": "Requêtes HTTP par Frontend",
"type": "timeseries"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 0
},
"id": 2,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom"
},
"tooltip": {
"mode": "single"
}
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "sum(rate({container=\"ihm_client\"} |= \"vite\" [5m])) by (container)",
"queryType": "",
"refId": "A"
}
],
"title": "Activité Vite (IHM Client)",
"type": "timeseries"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 4,
"w": 6,
"x": 0,
"y": 8
},
"id": 3,
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "count_over_time({container=\"lecoffre-front\"} |= \"ERROR\" [1h])",
"queryType": "",
"refId": "A"
}
],
"title": "Erreurs LeCoffre Front (1h)",
"type": "stat"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 4,
"w": 6,
"x": 6,
"y": 8
},
"id": 4,
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "count_over_time({container=\"ihm_client\"} |= \"ERROR\" [1h])",
"queryType": "",
"refId": "A"
}
],
"title": "Erreurs IHM Client (1h)",
"type": "stat"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 4,
"w": 6,
"x": 12,
"y": 8
},
"id": 5,
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "sum(count_over_time({container=~\"lecoffre-front|ihm_client\"} [1h]))",
"queryType": "",
"refId": "A"
}
],
"title": "Total Logs Frontend (1h)",
"type": "stat"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 4,
"w": 6,
"x": 18,
"y": 8
},
"id": 6,
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "count_over_time({container=\"ihm_client\"} |= \"Pre-transform error\" [1h])",
"queryType": "",
"refId": "A"
}
],
"title": "Erreurs Vite (1h)",
"type": "stat"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 12
},
"id": 7,
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": "",
"reducer": [
"sum"
],
"show": false
},
"showHeader": true
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "{container=~\"lecoffre-front|ihm_client\"} |= \"ERROR\" | line_format \"{{.timestamp}} - {{.container}} - {{.message}}\"",
"queryType": "",
"refId": "A"
}
],
"title": "Erreurs Récentes Frontend",
"type": "table"
}
],
"refresh": "5s",
"schemaVersion": 37,
"style": "dark",
"tags": [
"frontend",
"lecoffre",
"ihm",
"client"
],
"templating": {
"list": []
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "Frontend Services - Monitoring",
"uid": "frontend-services",
"version": 1,
"weekStart": ""
}

252
conf/grafana/dashboards/lecoffre-overview.json
View File

@ -1,252 +0,0 @@
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "grafana",
"uid": "-- Grafana --"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"target": {
"limit": 100,
"matchAny": false,
"tags": [],
"type": "dashboard"
},
"type": "dashboard"
}
]
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"id": null,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 0
},
"id": 1,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom"
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "sum by (service) (count_over_time({job=~\".*\"} |= \"error\" [5m]))",
"queryType": "",
"refId": "A"
}
],
"title": "Erreurs par Service (5 dernières minutes)",
"type": "timeseries"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 0
},
"id": 2,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom"
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "sum by (service) (count_over_time({job=~\".*\"} [5m]))",
"queryType": "",
"refId": "A"
}
],
"title": "Volume de Logs par Service (5 dernières minutes)",
"type": "timeseries"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"gridPos": {
"h": 12,
"w": 24,
"x": 0,
"y": 8
},
"id": 3,
"options": {
"showTime": false,
"showLabels": false,
"showCommonLabels": false,
"wrapLogMessage": false,
"prettifyLogMessage": false,
"enableLogDetails": true,
"dedupStrategy": "none",
"sortOrder": "Descending"
},
"title": "Logs d'Erreur - Tous Services",
"type": "logs"
}
],
"refresh": "30s",
"schemaVersion": 36,
"style": "dark",
"tags": ["lecoffre", "monitoring"],
"templating": {
"list": []
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "LeCoffre Node - Vue d'ensemble",
"uid": "lecoffre-overview",
"version": 1,
"weekStart": ""
}

594
conf/grafana/dashboards/sdk-services.json
View File

@ -1,594 +0,0 @@
{
"annotations": {
"list": []
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"id": null,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 8,
"x": 0,
"y": 0
},
"id": 1,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom"
},
"tooltip": {
"mode": "single"
}
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "sum(rate({container=~\"sdk_.*\"} |= \"message\" [5m])) by (container)",
"queryType": "",
"refId": "A"
}
],
"title": "Messages par Service SDK",
"type": "timeseries"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 8,
"x": 8,
"y": 0
},
"id": 2,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom"
},
"tooltip": {
"mode": "single"
}
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "sum(rate({container=\"sdk_relay\"} |= \"transaction\" [5m])) by (container)",
"queryType": "",
"refId": "A"
}
],
"title": "Transactions Relay",
"type": "timeseries"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 8,
"x": 16,
"y": 0
},
"id": 3,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom"
},
"tooltip": {
"mode": "single"
}
},
"title": "Signatures Signer",
"type": "timeseries"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 4,
"w": 6,
"x": 0,
"y": 8
},
"id": 4,
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "count_over_time({container=\"sdk_relay\"} |= \"ERROR\" [1h])",
"queryType": "",
"refId": "A"
}
],
"title": "Erreurs Relay (1h)",
"type": "stat"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 4,
"w": 6,
"x": 6,
"y": 8
},
"id": 5,
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "10.0.0",
"title": "Erreurs Signer (1h)",
"type": "stat"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 4,
"w": 6,
"x": 12,
"y": 8
},
"id": 6,
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "count_over_time({container=\"sdk_storage\"} |= \"ERROR\" [1h])",
"queryType": "",
"refId": "A"
}
],
"title": "Erreurs Storage (1h)",
"type": "stat"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 4,
"w": 6,
"x": 18,
"y": 8
},
"id": 7,
"options": {
"colorMode": "value",
"graphMode": "area",
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"fields": "",
"values": false
},
"textMode": "auto"
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "sum(count_over_time({container=~\"sdk_.*\"} [1h]))",
"queryType": "",
"refId": "A"
}
],
"title": "Total Logs SDK (1h)",
"type": "stat"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 12
},
"id": 8,
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": "",
"reducer": [
"sum"
],
"show": false
},
"showHeader": true
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "{container=~\"sdk_.*\"} |= \"ERROR\" | line_format \"{{.timestamp}} - {{.container}} - {{.message}}\"",
"queryType": "",
"refId": "A"
}
],
"title": "Erreurs Récentes SDK",
"type": "table"
}
],
"refresh": "5s",
"schemaVersion": 37,
"style": "dark",
"tags": [
"sdk",
"relay",
"signer",
"storage"
],
"templating": {
"list": []
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "SDK Services - Monitoring",
"uid": "sdk-services",
"version": 1,
"weekStart": ""
}

418
conf/grafana/dashboards/services-overview.json
View File

@ -1,418 +0,0 @@
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "grafana",
"uid": "-- Grafana --"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"target": {
"limit": 100,
"matchAny": false,
"tags": [],
"type": "dashboard"
},
"type": "dashboard"
}
]
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"id": null,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 6,
"x": 0,
"y": 0
},
"id": 1,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom"
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"title": "LeCoffre Backend - Volume Logs",
"type": "timeseries"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 6,
"x": 6,
"y": 0
},
"id": 2,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom"
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "sum by (service) (count_over_time({job=\"lecoffre-front\"} [5m]))",
"queryType": "",
"refId": "A"
}
],
"title": "LeCoffre Frontend - Volume Logs",
"type": "timeseries"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 6,
"x": 12,
"y": 0
},
"id": 3,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom"
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "sum by (service) (count_over_time({job=\"ihm_client\"} [5m]))",
"queryType": "",
"refId": "A"
}
],
"title": "IHM Client - Volume Logs",
"type": "timeseries"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 6,
"x": 18,
"y": 0
},
"id": 4,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom"
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "sum by (service) (count_over_time({job=\"sdk_relay\"} [5m]))",
"queryType": "",
"refId": "A"
}
],
"title": "SDK Relay - Volume Logs",
"type": "timeseries"
},
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"gridPos": {
"h": 12,
"w": 24,
"x": 0,
"y": 8
},
"id": 5,
"options": {
"showTime": false,
"showLabels": false,
"showCommonLabels": false,
"wrapLogMessage": false,
"prettifyLogMessage": false,
"enableLogDetails": true,
"dedupStrategy": "none",
"sortOrder": "Descending"
},
"title": "Logs d'Erreur - Services Applications",
"type": "logs"
}
],
"refresh": "30s",
"schemaVersion": 36,
"style": "dark",
"tags": ["services", "applications"],
"templating": {
"list": []
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "Services Applications - Monitoring",
"uid": "services-overview",
"version": 1,
"weekStart": ""
}

57
conf/grafana/grafana.ini
View File

@ -1,57 +0,0 @@
# Configuration Grafana avancée pour LeCoffre Node
[server]
# URL publique de Grafana
root_url = https://dev4.4nkweb.com/grafana/
# Configuration de sécurité
enable_gzip = true
cert_file =
cert_key =
enforce_domain = false
[security]
# Configuration de sécurité
admin_user = admin
admin_password = admin123
secret_key = lecoffre_grafana_secret_key_2025
# Configuration des sessions
cookie_secure = true
cookie_samesite = strict
[users]
# Configuration des utilisateurs
allow_sign_up = false
allow_org_create = false
auto_assign_org = true
auto_assign_org_id = 1
auto_assign_org_role = Viewer
[auth.anonymous]
# Accès anonyme désactivé pour la sécurité
enabled = false
[dashboards]
# Configuration des dashboards
default_home_dashboard_path = /var/lib/grafana/dashboards/lecoffre-overview.json
[unified_alerting]
# Configuration des alertes unifiées
enabled = true
[log]
# Configuration des logs Grafana
mode = console
level = info
format = json
[metrics]
# Métriques Prometheus
enabled = true
basic_auth_username =
basic_auth_password =
[feature_toggles]
# Fonctionnalités activées
enable = traceqlEditor

12
conf/grafana/provisioning/dashboards/dashboards.yml
View File

@ -1,12 +0,0 @@
apiVersion: 1
providers:
- name: 'LeCoffre Node Dashboards'
orgId: 1
folder: 'LeCoffre Node'
type: file
disableDeletion: false
updateIntervalSeconds: 10
allowUiUpdates: true
options:
path: /var/lib/grafana/dashboards

12
conf/grafana/provisioning/datasources/loki.yml
View File

@ -1,12 +0,0 @@
apiVersion: 1
datasources:
- name: Loki
type: loki
access: proxy
url: http://loki:3100
uid: loki
isDefault: true
editable: true
jsonData:
maxLines: 1000

10
conf/grafana/provisioning/datasources/loki.yml.bak
View File

@ -1,10 +0,0 @@
apiVersion: 1
datasources:
- name: Loki
type: loki
access: proxy
url: http://loki:3100
uid: loki
isDefault: true
editable: true

12
conf/grafana/provisioning/datasources/loki.yml.temp
View File

@ -1,12 +0,0 @@
apiVersion: 1
datasources:
- name: Loki
type: loki
access: proxy
url: http://loki:3100
uid: loki
isDefault: true
editable: true
jsonData:
maxLines: 1000

48
conf/ihm_client/nginx.dev.conf
View File

@ -1,48 +0,0 @@
server {
listen 80;
server_name localhost;
# Redirection des requêtes HTTP vers Vite
location / {
proxy_pass http://localhost:3003;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
location /ws/ {
proxy_pass http://dev4.4nkweb.com:8090;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
proxy_read_timeout 86400;
}
location /storage/ {
rewrite ^/storage(/.*)$ $1 break;
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
location /api/ {
proxy_pass http://localhost:8091;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS headers
add_header Access-Control-Allow-Origin "*" always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, DELETE" always;
add_header Access-Control-Allow-Headers "Authorization,Content-Type,Accept,X-Requested-With" always;
}
}

13
conf/logrotate/bitcoin.conf
View File

@ -1,13 +0,0 @@
logs/bitcoin/*.log {
daily
missingok
rotate 7
compress
delaycompress
notifempty
create 644 root root
postrotate
# Redémarrer le service si nécessaire
docker restart bitcoin 2>/dev/null || true
endscript
}

13
conf/logrotate/blindbit.conf
View File

@ -1,13 +0,0 @@
logs/blindbit/*.log {
daily
missingok
rotate 7
compress
delaycompress
notifempty
create 644 root root
postrotate
# Redémarrer le service si nécessaire
docker restart blindbit 2>/dev/null || true
endscript
}

13
conf/logrotate/ihm_client.conf
View File

@ -1,13 +0,0 @@
logs/ihm_client/*.log {
daily
missingok
rotate 7
compress
delaycompress
notifempty
create 644 root root
postrotate
# Redémarrer le service si nécessaire
docker restart ihm_client 2>/dev/null || true
endscript
}

13
conf/logrotate/lecoffre-front.conf
View File

@ -1,13 +0,0 @@
logs/lecoffre-front/*.log {
daily
missingok
rotate 7
compress
delaycompress
notifempty
create 644 root root
postrotate
# Redémarrer le service si nécessaire
docker restart lecoffre-front 2>/dev/null || true
endscript
}

13
conf/logrotate/miner.conf
View File

@ -1,13 +0,0 @@
logs/miner/*.log {
daily
missingok
rotate 7
compress
delaycompress
notifempty
create 644 root root
postrotate
# Redémarrer le service si nécessaire
docker restart miner 2>/dev/null || true
endscript
}

13
conf/logrotate/nginx.conf
View File

@ -1,13 +0,0 @@
logs/nginx/*.log {
daily
missingok
rotate 7
compress
delaycompress
notifempty
create 644 root root
postrotate
# Redémarrer le service si nécessaire
docker restart nginx 2>/dev/null || true
endscript
}

13
conf/logrotate/sdk_relay.conf
View File

@ -1,13 +0,0 @@
logs/sdk_relay/*.log {
daily
missingok
rotate 7
compress
delaycompress
notifempty
create 644 root root
postrotate
# Redémarrer le service si nécessaire
docker restart sdk_relay 2>/dev/null || true
endscript
}

13
conf/logrotate/sdk_storage.conf
View File

@ -1,13 +0,0 @@
logs/sdk_storage/*.log {
daily
missingok
rotate 7
compress
delaycompress
notifempty
create 644 root root
postrotate
# Redémarrer le service si nécessaire
docker restart sdk_storage 2>/dev/null || true
endscript
}

13
conf/logrotate/tor.conf
View File

@ -1,13 +0,0 @@
logs/tor/*.log {
daily
missingok
rotate 7
compress
delaycompress
notifempty
create 644 root root
postrotate
# Redémarrer le service si nécessaire
docker restart tor 2>/dev/null || true
endscript
}

76
conf/loki/loki-config.yaml
View File

@ -1,76 +0,0 @@
auth_enabled: false
server:
http_listen_port: 3100
grpc_listen_port: 9096
http_listen_address: 0.0.0.0
grpc_listen_address: 0.0.0.0
common:
instance_addr: 0.0.0.0
path_prefix: /loki
storage:
filesystem:
chunks_directory: /loki/chunks
rules_directory: /loki/rules
replication_factor: 1
ring:
kvstore:
store: inmemory
schema_config:
configs:
- from: 2020-10-24
store: tsdb
object_store: filesystem
schema: v13
index:
prefix: index_
period: 24h
ruler:
alertmanager_url: http://localhost:9093
# Configuration de l'ingester - SEULEMENT le paramètre crucial
ingester:
lifecycler:
min_ready_duration: 5s # Réduit le délai de 15s à 5s
# Configuration des limites
limits_config:
reject_old_samples: true
reject_old_samples_max_age: 168h
max_cache_freshness_per_query: 10m
split_queries_by_interval: 15m
max_query_parallelism: 32
max_streams_per_user: 0
max_line_size: 256000
ingestion_rate_mb: 16
ingestion_burst_size_mb: 32
per_stream_rate_limit: 3MB
per_stream_rate_limit_burst: 15MB
max_entries_limit_per_query: 5000
max_query_series: 500
max_query_length: 721h
cardinality_limit: 100000
max_streams_matchers_per_query: 1000
max_concurrent_tail_requests: 10
# Configuration du storage
storage_config:
tsdb_shipper:
active_index_directory: /loki/tsdb-index
cache_location: /loki/tsdb-cache
filesystem:
directory: /loki/chunks
# Configuration du compactor
compactor:
working_directory: /loki/compactor
compaction_interval: 10m
retention_enabled: false
delete_request_store: filesystem
# Analytics désactivés
analytics:
reporting_enabled: false

30
conf/monitoring.conf
View File

@ -1,30 +0,0 @@
# Configuration centralisée du monitoring LeCoffre Node
# Généré automatiquement le $(date)
[monitoring]
# Services de monitoring
grafana_port=3000
loki_port=3100
promtail_enabled=true
[grafana]
admin_user=admin
admin_password=admin123
root_url=https://dev4.4nkweb.com/grafana/
dashboard_home=lecoffre-overview
[logs]
# Configuration des logs
log_retention_days=30
log_rotation=daily
log_compression=true
[services]
# Services surveillés
services=bitcoin,blindbit,sdk_relay,,sdk_storagelecoffre-front,ihm_client,tor,miner
[alerts]
# Configuration des alertes
error_threshold=10
warning_threshold=5
alert_email=

BIN
conf/nginx/assets/favicon.ico
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 590 B

15
conf/nginx/dev4.4nkweb.com-http.conf
View File

@ -1,15 +0,0 @@
# HTTP server for ACME and redirect to HTTPS
server {
listen 80 default_server;
server_name _;
# ACME HTTP-01 challenges
location /.well-known/acme-challenge/ {
root /var/www/letsencrypt;
}
# Redirection vers HTTPS pour toutes les autres requêtes
location / {
return 301 https://$server_name$request_uri;
}
}

263
conf/nginx/dev4.4nkweb.com-https.conf
View File

@ -1,263 +0,0 @@
# Configuration HTTPS pour dev4.4nkweb.com
server {
listen 443 ssl;
http2 on;
server_name dev4.4nkweb.com;
include /home/debian/4NK_env/confs/lecoffre_node/nginx/logging.conf;
# Certificats SSL
ssl_certificate /etc/letsencrypt/live/dev4.4nkweb.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dev4.4nkweb.com/privkey.pem;
# Configuration SSL
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# Headers de sécurité
add_header Strict-Transport-Security "max-age=63072000" always;
add_header X-Frame-Options DENY always;
add_header X-Content-Type-Options nosniff always;
add_header X-XSS-Protection "1; mode=block" always;
# Grafana - Interface de monitoring (DOIT être avant location /)
location /grafana/ {
proxy_pass http://localhost:3005/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Configuration spécifique pour Grafana
proxy_set_header X-Grafana-Org-Id 1;
# Support des WebSockets pour les live updates
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# Buffer settings
proxy_buffering off;
proxy_request_buffering off;
}
# Loki API - API de logs (DOIT être avant location /)
location /loki/ {
proxy_pass http://localhost:3100/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS pour les requêtes depuis Grafana
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization";
if ($request_method = 'OPTIONS') {
return 204;
}
}
# Page de statut des services (DOIT être avant location /)
location /status {
# Redirection vers /status/
return 301 /status/;
}
location /status/ {
# Serveur statique pour la page HTML
alias /var/www/lecoffre/status/;
index index.html;
try_files $uri $uri/ /status/index.html;
# Headers de sécurité
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
# Cache pour les assets statiques
location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ {
expires 1h;
add_header Cache-Control "public, immutable";
}
}
# API de statut des services (DOIT être avant location /)
location /status/api {
proxy_pass http://localhost:3006/api;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS pour les requêtes AJAX
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization";
# Timeouts
proxy_connect_timeout 10s;
proxy_send_timeout 10s;
proxy_read_timeout 10s;
if ($request_method = 'OPTIONS') {
return 204;
}
}
# API backend - route /back/ vers /api/ du backend
location ~* ^/back/(.*)$ {
proxy_pass http://localhost:8080/api/$1;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_buffering off;
}
# API direct - route /api/ vers le backend
# Autorisations CORS dynamiques pour origines connues
set $cors_origin "";
if ($http_origin ~* ^(http://local\.4nkweb\.com:3000|https://dev4\.4nkweb\.com)$) {
set $cors_origin $http_origin;
}
location /api/ {
# CORS pour développement local Next.js
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Credentials;
proxy_hide_header Access-Control-Allow-Headers;
proxy_hide_header Access-Control-Allow-Methods;
if ($request_method = OPTIONS) {
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
return 204;
}
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
proxy_set_header X-Request-ID $x_request_id;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_pass http://dev3.4nkweb.com:8080/api/;
include /etc/nginx/proxy_params;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# WebSocket relay (sdk_relay)
location /ws/ {
proxy_pass http://localhost:8090/;
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol;
proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
}
# API de transfert de fonds
location /api/v1/funds/ {
proxy_pass http://dev3.4nkweb.com:8080/api/v1/funds/;
include /etc/nginx/proxy_params;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# favicon
location = /favicon.ico {
root /home/debian/4NK_env/confs/lecoffre_node/nginx/assets;
try_files /favicon.ico =404;
}
# blindbit
location /blindbit/ {
proxy_pass http://localhost:8000/;
include /etc/nginx/proxy_params;
}
# lecoffre-front - Application LeCoffre
location = /lecoffre { return 301 /lecoffre/; }
location ^~ /lecoffre/ {
# ensure no redirect here; only proxy to Next
add_header Cache-Control "no-store, no-cache, must-revalidate, max-age=0" always;
add_header Pragma "no-cache" always;
add_header Expires "-1" always;
proxy_hide_header ETag;
proxy_hide_header Last-Modified;
rewrite ^/lecoffre/(.*)$ /$1 break;
proxy_pass http://localhost:3004;
include /etc/nginx/proxy_params;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Request-ID $x_request_id;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_read_timeout 300;
proxy_send_timeout 300;
proxy_connect_timeout 300;
}
# HMR dev front
location ^~ /lecoffre-hmr/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
rewrite ^/lecoffre-hmr/(.*)$ /lecoffre/$1 break;
proxy_pass http://localhost:3000;
}
# ihm_client (root) - DOIT être en dernier
# Next.js assets for lecoffre-front
location ^~ /_next/ {
proxy_pass http://localhost:3004/_next/;
include /etc/nginx/proxy_params;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
add_header Cache-Control "public, max-age=31536000, immutable";
}
location / {
proxy_pass http://localhost:3003;
include /etc/nginx/proxy_params;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
}
}

258
conf/nginx/dev4.4nkweb.com.conf
View File

@ -1,258 +0,0 @@
# HTTP server for ACME and redirect to HTTPS
server {
listen 80;
server_name dev4.4nkweb.com http://dev4.4nkweb.com;
# ACME HTTP-01 challenges
location /.well-known/acme-challenge/ {
root /var/www/letsencrypt;
}
# Redirection vers HTTPS pour toutes les autres requêtes
location / {
return 301 https://$server_name$request_uri;
}
# API backend - route /back/ vers /api/ du backend
location ~* ^/back/(.*)$ {
proxy_pass http://localhost:8080/api/$1;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_buffering off;
}
# API direct - route /api/ vers le backend
# Autorisations CORS dynamiques pour origines connues
set $cors_origin "";
if ($http_origin ~* ^(http://local\.4nkweb\.com:3000|https://dev4\.4nkweb\.com)$) {
set $cors_origin $http_origin;
}
location /api/ {
# CORS pour développement local Next.js
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Credentials;
proxy_hide_header Access-Control-Allow-Headers;
proxy_hide_header Access-Control-Allow-Methods;
if ($request_method = OPTIONS) {
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
return 204;
}
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
proxy_pass http://localhost:8080/api/;
include /etc/nginx/proxy_params;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# Compat: certains clients appellent /apiv1 -> réécriture vers /api/v1
location ~* ^/apiv1/(.*)$ {
# CORS pour compatibilité
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Credentials;
proxy_hide_header Access-Control-Allow-Headers;
proxy_hide_header Access-Control-Allow-Methods;
if ($request_method = OPTIONS) {
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
return 204;
}
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
proxy_pass http://localhost:8080/api/v1/$1;
include /etc/nginx/proxy_params;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# WebSocket relay (sdk_relay)
location /ws/ {
proxy_pass http://localhost:8090/;
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol;
proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 300;
}
# API de transfert de fonds
location /api/v1/funds/ {
proxy_pass http://localhost:8080/api/v1/funds/;
include /etc/nginx/proxy_params;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# Grafana - Interface de monitoring (DOIT être avant location /)
location /grafana/ {
proxy_pass http://localhost:3005/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Configuration spécifique pour Grafana
proxy_set_header X-Grafana-Org-Id 1;
# Support des WebSockets pour les live updates
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# Buffer settings
proxy_buffering off;
proxy_request_buffering off;
}
# Loki API - API de logs (DOIT être avant location /)
location /loki/ {
proxy_pass http://localhost:3100/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS pour les requêtes depuis Grafana
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization";
if ($request_method = 'OPTIONS') {
return 204;
}
}
# Page de statut des services (DOIT être avant location /)
location /status {
# Redirection vers /status/
return 301 /status/;
}
location /status/ {
# Serveur statique pour la page HTML
alias /var/www/lecoffre/status/;
index index.html;
try_files $uri $uri/ /status/index.html;
# Headers de sécurité
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
# Cache pour les assets statiques
location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ {
expires 1h;
add_header Cache-Control "public, immutable";
}
}
# API de statut des services (DOIT être avant location /)
location /status/api {
proxy_pass http://localhost:3006/api;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS pour les requêtes AJAX
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization";
# Timeouts
proxy_connect_timeout 10s;
proxy_send_timeout 10s;
proxy_read_timeout 10s;
if ($request_method = 'OPTIONS') {
return 204;
}
}
# ihm_client (root) - DOIT être en dernier
location / {
proxy_pass http://localhost:3003;
include /etc/nginx/proxy_params;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
}
# favicon
location = /favicon.ico {
root /home/debian/4NK_env/confs/lecoffre_node/nginx/assets;
try_files /favicon.ico =404;
access_log off;
expires 30d;
}
# lecoffre frontend
location = /lecoffre {
proxy_pass http://127.0.0.2:3004/lecoffre;
include /etc/nginx/proxy_params;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
}
location /lecoffre/ {
proxy_pass http://127.0.0.2:3004/lecoffre/;
include /etc/nginx/proxy_params;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
}
# Next.js assets
location /_next/ {
proxy_pass http://127.0.0.2:3004/_next/;
include /etc/nginx/proxy_params;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
}
# blindbit
location /blindbit/ {
proxy_pass http://localhost:8000/;
include /etc/nginx/proxy_params;
}
}

49
conf/nginx/grafana.conf
View File

@ -1,49 +0,0 @@
# Configuration Nginx pour Grafana
server {
listen 80;
server_name dev4.4nkweb.com;
# Proxy pour Grafana
location /grafana/ {
proxy_pass http://127.0.0.1:3005/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Configuration spécifique pour Grafana
proxy_set_header X-Grafana-Org-Id 1;
# Support des WebSockets pour les live updates
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# Buffer settings
proxy_buffering off;
proxy_request_buffering off;
}
# Proxy pour Loki (API)
location /loki/ {
proxy_pass http://127.0.0.1:3100/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS pour les requêtes depuis Grafana
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization";
if ($request_method = 'OPTIONS') {
return 204;
}
}
}

39
conf/nginx/logging.conf
View File

@ -1,39 +0,0 @@
# Logging configuration for lecoffre front
log_format lecoffre_json escape=json
'{'
'"time":"$time_iso8601",'
'"request_id":"$request_id",'
'"remote_addr":"$remote_addr",'
'"host":"$host",'
'"method":"$request_method",'
'"uri":"$uri",'
'"args":"$args",'
'"status":$status,'
'"bytes":$body_bytes_sent,'
'"referer":"$http_referer",'
'"user_agent":"$http_user_agent",'
'"request_time":$request_time,'
'"upstream_addr":"$upstream_addr",'
'"upstream_status":"$upstream_status",'
'"upstream_connect_time":"$upstream_connect_time",'
'"upstream_header_time":"$upstream_header_time",'
'"upstream_response_time":"$upstream_response_time",'
'"x_forwarded_for":"$http_x_forwarded_for"'
'}';
# Default access and error logs for the front site
access_log /home/debian/4NK_env/logs/nginx/lecoffre_front_access.log lecoffre_json;
error_log /home/debian/4NK_env/logs/nginx/lecoffre_front_error.log warn;
# Map incoming X-Request-ID or generate one
map $http_x_request_id $x_request_id {
default $http_x_request_id;
"" $request_id;
}
# These headers should be set in each proxy location of the vhost
# proxy_set_header X-Request-ID $x_request_id;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header X-Forwarded-Host $host;

470
conf/nginx/nginx.conf
View File

@ -1,470 +0,0 @@
user www-data;
worker_processes auto;
pid /app/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 1024;
use epoll;
multi_accept on;
}
http {
# Configuration de base
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
# MIME types
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Logging
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /app/logs/nginx/access.log main;
error_log /app/logs/nginx/error.log warn;
# Gzip compression
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types
text/plain
text/css
text/xml
text/javascript
application/json
application/javascript
application/xml+rss
application/atom+xml
image/svg+xml;
# Rate limiting
limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;
limit_req_zone $binary_remote_addr zone=login:10m rate=1r/s;
# Upstream servers
upstream lecoffre_frontend {
server localhost:3004;
keepalive 32;
}
upstream ihm_client {
server localhost:3003;
keepalive 32;
}
upstream grafana {
server localhost:3005;
keepalive 32;
}
upstream loki {
server localhost:3100;
keepalive 32;
}
upstream status_api {
server localhost:3006;
keepalive 32;
}
upstream sdk_relay {
server localhost:8090;
keepalive 32;
}
upstream blindbit {
server localhost:8000;
keepalive 32;
}
# Serveur principal HTTP (port 80)
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
# Redirection automatique vers HTTPS si disponible
return 301 https://$host$request_uri;
}
# Serveur HTTPS (port 443)
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name _;
# Certificats SSL (auto-signés pour le développement)
ssl_certificate /app/ssl/nginx-selfsigned.crt;
ssl_certificate_key /app/ssl/nginx-selfsigned.key;
# Configuration SSL
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# Headers de sécurité
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
# Page de statut des services
location /status/ {
alias /var/www/lecoffre/status/;
index index.html;
try_files $uri $uri/ /status/index.html;
location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ {
expires 1h;
add_header Cache-Control "public, immutable";
}
}
# API de statut des services
location /status/api {
limit_req zone=api burst=20 nodelay;
proxy_pass http://status_api/api;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization";
if ($request_method = 'OPTIONS') {
return 204;
}
}
# Grafana - Interface de monitoring
location /grafana/ {
proxy_pass http://grafana/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Grafana-Org-Id 1;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering off;
proxy_request_buffering off;
}
# Loki API - API de logs
location /loki/ {
limit_req zone=api burst=10 nodelay;
proxy_pass http://loki/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS pour Grafana
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization";
if ($request_method = 'OPTIONS') {
return 204;
}
}
# API backend - routes /back/ vers /api/
location ~* ^/back/(.*)$ {
limit_req zone=api burst=20 nodelay;
proxy_pass http://lecoffre_backend/api/$1;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_buffering off;
}
# API direct - routes /api/
location /api/ {
limit_req zone=api burst=20 nodelay;
# CORS dynamique
set $cors_origin "";
if ($http_origin ~* ^(http://localhost:3000|http://local\.4nkweb\.com:3000|https://dev4\.4nkweb\.com)$) {
set $cors_origin $http_origin;
}
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Credentials;
proxy_hide_header Access-Control-Allow-Headers;
proxy_hide_header Access-Control-Allow-Methods;
if ($request_method = OPTIONS) {
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
return 204;
}
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
proxy_pass http://lecoffre_backend/api/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# WebSocket relay (sdk_relay)
location /ws/ {
proxy_pass http://sdk_relay/;
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol;
proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
}
# API de transfert de fonds
location /api/v1/funds/ {
limit_req zone=api burst=5 nodelay;
proxy_pass http://lecoffre_backend/api/v1/funds/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# favicon
location = /favicon.ico {
root /var/www/lecoffre/assets;
try_files /favicon.ico =404;
}
# blindbit
location /blindbit/ {
proxy_pass http://blindbit/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# LeCoffre Front - Application principale
# Redirige /lecoffre -> /lecoffre/
location = /lecoffre {
return 301 /lecoffre/;
}
location /lecoffre/ {
proxy_pass http://lecoffre_frontend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
# Configuration spécifique pour Next.js
proxy_buffering off;
proxy_request_buffering off;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
}
# ihm_client (root) - DOIT être en dernier
location / {
proxy_pass http://ihm_client;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
}
}
# API de statut des services
location /status/api {
limit_req zone=api burst=20 nodelay;
proxy_pass http://status_api/api;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization";
if ($request_method = 'OPTIONS') {
return 204;
}
}
# Grafana - Interface de monitoring
location /grafana/ {
proxy_pass http://grafana/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Grafana-Org-Id 1;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_buffering off;
proxy_request_buffering off;
}
# API backend - routes /back/ vers /api/
location ~* ^/back/(.*)$ {
limit_req zone=api burst=20 nodelay;
proxy_pass http://lecoffre_backend/api/$1;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_buffering off;
}
# API direct - routes /api/
location /api/ {
limit_req zone=api burst=20 nodelay;
# CORS dynamique pour développement local
set $cors_origin "";
if ($http_origin ~* ^(http://local\.4nkweb\.com:3000|http://localhost:3000|https://dev4\.4nkweb\.com)$) {
set $cors_origin $http_origin;
}
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Credentials;
proxy_hide_header Access-Control-Allow-Headers;
proxy_hide_header Access-Control-Allow-Methods;
if ($request_method = OPTIONS) {
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
return 204;
}
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
proxy_pass http://lecoffre_backend/api/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# WebSocket relay (sdk_relay)
location /ws/ {
proxy_pass http://sdk_relay/;
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol;
proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
}
# LeCoffre Front - Application principale
# Redirige /lecoffre -> /lecoffre/
location = /lecoffre {
return 301 /lecoffre/;
}
location /lecoffre/ {
proxy_pass http://lecoffre_frontend/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
# Configuration spécifique pour Next.js
proxy_buffering off;
proxy_request_buffering off;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
}
# ihm_client (root) - DOIT être en dernier
location / {
proxy_pass http://ihm_client;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
}
}
}

15
conf/nginx_backups_host/dev4.4nkweb.com-http.conf
View File

@ -1,15 +0,0 @@
# HTTP server for ACME and redirect to HTTPS
server {
listen 80;
server_name dev4.4nkweb.com;
# ACME HTTP-01 challenges
location /.well-known/acme-challenge/ {
root /var/www/letsencrypt;
}
# Redirection vers HTTPS pour toutes les autres requêtes
location / {
return 301 https://$server_name$request_uri;
}
}

226
conf/nginx_backups_host/dev4.4nkweb.com-https.conf
View File

@ -1,226 +0,0 @@
# Configuration HTTPS pour dev4.4nkweb.com
server {
listen 443 ssl http2;
server_name dev4.4nkweb.com;
# Certificats SSL
ssl_certificate /etc/letsencrypt/live/dev4.4nkweb.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dev4.4nkweb.com/privkey.pem;
# Configuration SSL
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# Headers de sécurité
add_header Strict-Transport-Security "max-age=63072000" always;
add_header X-Frame-Options DENY always;
add_header X-Content-Type-Options nosniff always;
add_header X-XSS-Protection "1; mode=block" always;
# Grafana - Interface de monitoring (DOIT être avant location /)
location /grafana/ {
proxy_pass http://localhost:3005/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Configuration spécifique pour Grafana
proxy_set_header X-Grafana-Org-Id 1;
# Support des WebSockets pour les live updates
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# Buffer settings
proxy_buffering off;
proxy_request_buffering off;
}
# Loki API - API de logs (DOIT être avant location /)
location /loki/ {
proxy_pass http://localhost:3100/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS pour les requêtes depuis Grafana
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization";
if ($request_method = 'OPTIONS') {
return 204;
}
}
# Page de statut des services (DOIT être avant location /)
location /status {
# Redirection vers /status/
return 301 /status/;
}
location /status/ {
# Serveur statique pour la page HTML
alias /var/www/lecoffre/status/;
index index.html;
try_files $uri $uri/ /status/index.html;
# Headers de sécurité
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
# Cache pour les assets statiques
location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ {
expires 1h;
add_header Cache-Control "public, immutable";
}
}
# API de statut des services (DOIT être avant location /)
location /status/api {
proxy_pass http://localhost:3006/api;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS pour les requêtes AJAX
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization";
# Timeouts
proxy_connect_timeout 10s;
proxy_send_timeout 10s;
proxy_read_timeout 10s;
if ($request_method = 'OPTIONS') {
return 204;
}
}
# API backend - route /back/ vers /api/ du backend
location ~* ^/back/(.*)$ {
proxy_pass http://localhost:8080/api/$1;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_buffering off;
}
# API direct - route /api/ vers le backend
# Autorisations CORS dynamiques pour origines connues
set $cors_origin "";
if ($http_origin ~* ^(http://local\.4nkweb\.com:3000|https://dev4\.4nkweb\.com)$) {
set $cors_origin $http_origin;
}
location /api/ {
# CORS pour développement local Next.js
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Credentials;
proxy_hide_header Access-Control-Allow-Headers;
proxy_hide_header Access-Control-Allow-Methods;
if ($request_method = OPTIONS) {
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
return 204;
}
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
proxy_pass http://dev3.4nkweb.com:8080/api/;
include /etc/nginx/proxy_params;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# WebSocket relay (sdk_relay)
location /ws/ {
proxy_pass http://localhost:8090/;
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol;
proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
}
# API de transfert de fonds
location /api/v1/funds/ {
proxy_pass http://dev3.4nkweb.com:8080/api/v1/funds/;
include /etc/nginx/proxy_params;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# favicon
location = /favicon.ico {
root /home/debian/4NK_env/confs/lecoffre_node/nginx/assets;
try_files /favicon.ico =404;
}
# blindbit
location /blindbit/ {
proxy_pass http://localhost:8000/;
include /etc/nginx/proxy_params;
}
# lecoffre-front - Application LeCoffre
location = /lecoffre { return 301 /lecoffre/; }
location ^~ /lecoffre/ {
# ensure no redirect here; only proxy to Next
add_header Cache-Control "no-store, no-cache, must-revalidate, max-age=0" always;
add_header Pragma "no-cache" always;
add_header Expires "-1" always;
proxy_hide_header ETag;
proxy_hide_header Last-Modified;
proxy_pass http://localhost:3004;
include /etc/nginx/proxy_params;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
proxy_send_timeout 300;
proxy_connect_timeout 300;
}
# ihm_client (root) - DOIT être en dernier
location / {
proxy_pass http://localhost:3003;
include /etc/nginx/proxy_params;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
}
}

49
conf/nginx_backups_host/grafana.conf
View File

@ -1,49 +0,0 @@
# Configuration Nginx pour Grafana
server {
listen 80;
server_name dev4.4nkweb.com;
# Proxy pour Grafana
location /grafana/ {
proxy_pass http://127.0.0.1:3005/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Configuration spécifique pour Grafana
proxy_set_header X-Grafana-Org-Id 1;
# Support des WebSockets pour les live updates
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# Buffer settings
proxy_buffering off;
proxy_request_buffering off;
}
# Proxy pour Loki (API)
location /loki/ {
proxy_pass http://127.0.0.1:3100/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS pour les requêtes depuis Grafana
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Content-Type, Authorization";
if ($request_method = 'OPTIONS') {
return 204;
}
}
}

64
conf/nginx_backups_host/local.4nkweb.com-3000.conf
View File

@ -1,64 +0,0 @@
server {
listen 0.0.0.0:3000;
listen [::]:3000;
server_name local.4nkweb.com;
# HTTP pur: pas de HTTPS ni HSTS
# Favicon
location = /favicon.ico {
root /home/debian/lecoffre_node/conf/nginx/assets;
}
# Compat: callback ID.not sans basePath (toutes variantes et querystring)
location /authorized-client {
proxy_pass http://127.0.0.2:3004/lecoffre/authorized-client;
include /etc/nginx/proxy_params;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Prefix /lecoffre;
proxy_read_timeout 300;
}
# Entrée sans slash
location = /lecoffre {
proxy_pass http://127.0.0.2:3004;
include /etc/nginx/proxy_params;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Prefix /lecoffre;
proxy_read_timeout 300;
}
# BasePath /lecoffre
location /lecoffre/ {
proxy_pass http://127.0.0.2:3004;
include /etc/nginx/proxy_params;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Prefix /lecoffre;
proxy_read_timeout 300;
}
# HMR (si utilisé en local)
location /lecoffre/_next/webpack-hmr {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_buffering off;
proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr;
proxy_read_timeout 600s;
}
# Assets Next.js
location ~* ^(/_next/static/|/lecoffre/_next/static/|/.+\.(?:css|js|png|jpg|jpeg|gif|svg|ico|webp|woff2?))$ {
expires 7d;
add_header Cache-Control "public, max-age=604800, immutable" always;
proxy_pass http://127.0.0.2:3004$request_uri;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_read_timeout 300;
}
}

9
conf/nginx_backups_host/local.4nkweb.com.conf
View File

@ -1,9 +0,0 @@
server {
listen 80;
server_name local.4nkweb.com;
# HTTP only: pas de redirection HTTPS, pas d'HSTS
location / {
return 302 http://local.4nkweb.com:3000$request_uri;
}
}

84
conf/nginx_backups_host/nginx.conf
View File

@ -1,84 +0,0 @@
user www-data;
worker_processes auto;
worker_cpu_affinity auto;
pid /run/nginx.pid;
error_log /var/log/nginx/error.log;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
server_tokens off; # Recommended practice is to turn this off
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3 (POODLE), TLS 1.0, 1.1
ssl_prefer_server_ciphers off; # Don't force server cipher order.
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}

107
conf/promtail/promtail.yml
View File

@ -1,107 +0,0 @@
server:
http_listen_port: 9080
grpc_listen_port: 0
positions:
filename: /tmp/positions.yaml
clients:
- url: http://loki:3100/loki/api/v1/push
scrape_configs:
# Bitcoin Signet Logs
- job_name: bitcoin
static_configs:
- targets:
- localhost
labels:
job: bitcoin
service: bitcoin-signet
__path__: /home/debian/4NK_env/logs/bitcoin/*.log
# Blindbit Oracle Logs
- job_name: blindbit
static_configs:
- targets:
- localhost
labels:
job: blindbit
service: blindbit-oracle
__path__: /home/debian/4NK_env/logs/blindbit/*.log
# SDK Relay Logs
- job_name: sdk_relay
static_configs:
- targets:
- localhost
labels:
job: sdk_relay
service: sdk_relay
__path__: /home/debian/4NK_env/logs/sdk_relay/*.log
# SDK Storage Logs
- job_name: sdk_storage
static_configs:
- targets:
- localhost
labels:
job: sdk_storage
service: sdk_storage
__path__: /home/debian/4NK_env/logs/sdk_storage/*.log
# LeCoffre Frontend Logs
- job_name: lecoffre-front
static_configs:
- targets:
- localhost
labels:
job: lecoffre-front
service: lecoffre-front
__path__: /home/debian/4NK_env/logs/lecoffre-front/*.log
# IHM Client Logs
- job_name: ihm_client
static_configs:
- targets:
- localhost
labels:
job: ihm_client
service: ihm_client
__path__: /home/debian/4NK_env/logs/ihm_client/*.log
# Miner Logs
- job_name: miner
static_configs:
- targets:
- localhost
labels:
job: miner
service: signet_miner
__path__: /home/debian/4NK_env/logs/miner/*.log
# Tor Logs
- job_name: tor
static_configs:
- targets:
- localhost
labels:
job: tor
service: tor-proxy
__path__: /home/debian/4NK_env/logs/tor/*.log
# Docker Container Logs
- job_name: docker
docker_sd_configs:
- host: unix:///var/run/docker.sock
refresh_interval: 5s
filters:
- name: label
values: ["com.centurylinklabs.watchtower.enable=true"]
relabel_configs:
- source_labels: ['__meta_docker_container_name']
regex: '/?(.*)'
target_label: 'container_name'
- source_labels: ['__meta_docker_container_log_stream']
target_label: 'logstream'
- source_labels: ['__meta_docker_container_label_logging_job_name']
target_label: 'job'

11
conf/relay/sdk_relay.conf
View File

@ -1,11 +0,0 @@
core_url=http://bitcoin:38332
ws_url=0.0.0.0:8090
wallet_name=default
network=signet
blindbit_url=http://blindbit-oracle:8000
zmq_url=tcp://bitcoin:29000
storage=https://dev4.4nkweb.com/storage
data_dir=/app/.4nk
bitcoin_data_dir=/app/.bitcoin
bootstrap_url=
bootstrap_faucet=false

52
conf/supervisor/supervisord.conf
View File

@ -1,52 +0,0 @@
[supervisord]
nodaemon=true
user=root
logfile=/var/log/supervisor/supervisord.log
pidfile=/var/run/supervisord.pid
childlogdir=/var/log/supervisor
[unix_http_server]
file=/var/run/supervisor.sock
chmod=0700
[supervisorctl]
serverurl=unix:///var/run/supervisor.sock
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
[program:nginx]
command=/usr/sbin/nginx -g "daemon off;"
autostart=true
autorestart=true
stderr_logfile=/var/log/supervisor/nginx.err.log
stdout_logfile=/var/log/supervisor/nginx.out.log
user=root
[program:docker-compose]
command=/app/scripts/startup.sh
directory=/app
autostart=true
autorestart=true
stderr_logfile=/var/log/supervisor/docker-compose.err.log
stdout_logfile=/var/log/supervisor/docker-compose.out.log
user=appuser
environment=HOME="/app"
[program:cron]
command=/usr/sbin/cron -f
autostart=true
autorestart=true
stderr_logfile=/var/log/supervisor/cron.err.log
stdout_logfile=/var/log/supervisor/cron.out.log
user=root
[program:logrotate]
command=/usr/sbin/logrotate /etc/logrotate.d/lecoffre
autostart=true
autorestart=false
startsecs=0
exitcodes=0
user=root

21
conf/tor/torrc
View File

@ -1,21 +0,0 @@
# Configuration Tor pour LeCoffre Node
# Écoute sur 127.0.0.1 pour la sécurité
# Port SOCKS pour les connexions sortantes
SOCKSPort 127.0.0.1:9050
# Port de contrôle (désactivé pour la sécurité)
# ControlPort 127.0.0.1:9051
# Configuration de base
Log notice file /var/log/tor/tor.log
DataDirectory /var/lib/tor
# Configuration réseau
ClientOnly 1
SafeLogging 1
WarnUnsafeSocks 1
# Désactiver les services cachés
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:80

95
confs/README.md
View File

@ -1,95 +0,0 @@
# Configuration Centralisée - LeCoffre Node
Ce dossier contient toutes les configurations centralisées pour les services du projet LeCoffre Node.
## Structure
```
conf/
├── bitcoin/ # Configuration Bitcoin Signet
│ └── bitcoin.conf
├── relay/ # Configuration SDK Relay
│ └── sdk_relay.conf
├── nginx/ # Configurations Nginx (déjà existantes)
│ └── ...
├── ihm_client/ # Configuration IHM Client
│ └── nginx.dev.conf
├── lecoffre-front/ # Configuration LeCoffre Frontend
└── miner/ # Configuration du mineur
```
## Scripts de Gestion
Les configurations et le déploiement sont gérés via des scripts centralisés :
- `scripts/sync-configs.sh` : Synchronise toutes les configurations
- `scripts/startup-sequence.sh` : Script principal avec déploiement complet
- `scripts/pre-build.sh` : Prépare l'environnement avant build Docker
## Avantages
1. **Centralisation** : Toutes les configurations au même endroit
2. **Cohérence** : Gestion uniforme des paramètres
3. **Maintenance** : Modifications centralisées
4. **Versioning** : Suivi des changements de configuration
5. **Backup** : Sauvegarde centralisée
## Utilisation
### Synchronisation manuelle
```bash
# Synchroniser tous les projets
./scripts/sync-configs.sh
# Synchroniser un projet spécifique
./scripts/sync-configs.sh ihm_client
```
### Déploiement complet
```bash
# Déployer tous les projets
./scripts/startup-sequence.sh deploy
# Déployer un projet spécifique
./scripts/startup-sequence.sh deploy-project ihm_client
# Déployer avec push des images Docker
PUSH_DOCKER_IMAGES=true ./scripts/startup-sequence.sh deploy
```
### Préparation avant build
```bash
# Préparer l'environnement avant build Docker
./scripts/pre-build.sh
```
### Commandes de maintenance
```bash
# Mettre à jour toutes les dépendances
./scripts/startup-sequence.sh update-deps
# Vérifier les fichiers ignore
./scripts/startup-sequence.sh check-ignore
# Nettoyer les fichiers non suivis
./scripts/startup-sequence.sh clean-untracked
# Compiler tous les projets
./scripts/startup-sequence.sh compile-all
# Exécuter tous les tests
./scripts/startup-sequence.sh test-all
```
### Modification d'une configuration
1. Éditer le fichier dans `conf/[service]/`
2. Synchroniser avec `./scripts/sync-configs.sh [service]`
3. Redémarrer le service concerné
## Services Concernés
- **Bitcoin Signet** : Configuration du nœud Bitcoin
- **SDK Relay** : Configuration du relais WebSocket
- **IHM Client** : Configuration Nginx pour l'interface client
- **LeCoffre Front/Back** : Configurations des services web
- **Mineur** : Configuration du minage Bitcoin

77
docker-compose.certificator.yml
View File

@ -1,77 +0,0 @@
version: '3.8'
services:
certificator:
build:
context: ../4NK_certificator
dockerfile: Dockerfile
container_name: 4nk_certificator
environment:
- RUST_LOG=info
ports:
- "0.0.0.0:8082:8082"
volumes:
- /home/debian/4NK_env/lecoffre_node/confs/4nk_certificator/certificator.toml:/app/config.toml:ro
- certificator_data:/app/data
- /home/debian/4NK_env/lecoffre_node/logs/4nk_certificator:/var/log/4nk_certificator
networks:
- btcnet
depends_on:
- certificator_db
- certificator_redis
- sdk_relay
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8082/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 30s
restart: unless-stopped
labels:
- "com.centurylinklabs.watchtower.enable=true"
certificator_db:
image: postgres:15-alpine
container_name: 4nk_certificator_db
environment:
POSTGRES_DB: certificator_db
POSTGRES_USER: certificator
POSTGRES_PASSWORD: ${CERTIFICATOR_DB_PASSWORD:-secure_password_change_me}
volumes:
- certificator_pgdata:/var/lib/postgresql/data
networks:
- btcnet
healthcheck:
test: ["CMD-SHELL", "pg_isready -U certificator"]
interval: 10s
timeout: 5s
retries: 5
restart: unless-stopped
certificator_redis:
image: redis:7-alpine
container_name: 4nk_certificator_redis
command: redis-server --appendonly yes
volumes:
- certificator_redis:/data
networks:
- btcnet
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 5s
retries: 5
restart: unless-stopped
volumes:
certificator_data:
name: certificator_data
certificator_pgdata:
name: certificator_pgdata
certificator_redis:
name: certificator_redis
networks:
btcnet:
external: true
name: 4nk_node_btcnet

51
docker-compose.yml
View File

@ -3,7 +3,7 @@ services:
image: btcpayserver/tor:0.4.8.10 image: btcpayserver/tor:0.4.8.10
container_name: tor-proxy container_name: tor-proxy
volumes: volumes:
- /home/debian/4NK_env/lecoffre_node/logs/tor:/var/log/tor - /home/debian/4NK_env/projects/lecoffre/lecoffre_node/logs/tor:/var/log/tor
- /home/debian/4NK_env/scripts/lecoffre_node/healthchecks:/scripts/healthchecks:ro - /home/debian/4NK_env/scripts/lecoffre_node/healthchecks:/scripts/healthchecks:ro
networks: networks:
btcnet: btcnet:
@ -24,8 +24,8 @@ services:
condition: service_healthy condition: service_healthy
volumes: volumes:
- bitcoin_data:/home/bitcoin/.bitcoin - bitcoin_data:/home/bitcoin/.bitcoin
- /home/debian/4NK_env/lecoffre_node/confs/bitcoin/bitcoin.conf:/etc/bitcoin/bitcoin.conf:ro - /home/debian/4NK_env/projects/lecoffre/lecoffre_node/confs/bitcoin/bitcoin.conf:/etc/bitcoin/bitcoin.conf:ro
- /home/debian/4NK_env/lecoffre_node/logs/bitcoin:/var/log/bitcoin - /home/debian/4NK_env/projects/lecoffre/lecoffre_node/logs/bitcoin:/var/log/bitcoin
- /home/debian/4NK_env/scripts/lecoffre_node/healthchecks:/scripts/healthchecks:ro - /home/debian/4NK_env/scripts/lecoffre_node/healthchecks:/scripts/healthchecks:ro
networks: networks:
btcnet: btcnet:
@ -51,9 +51,9 @@ services:
condition: service_healthy condition: service_healthy
volumes: volumes:
- blindbit_data:/root/.blindbit-oracle - blindbit_data:/root/.blindbit-oracle
- /home/debian/4NK_env/lecoffre_node/confs/blindbit-oracle/blindbit.toml:/tmp/blindbit.toml:ro - /home/debian/4NK_env/projects/lecoffre/lecoffre_node/confs/blindbit-oracle/blindbit.toml:/tmp/blindbit.toml:ro
- bitcoin_data:/home/bitcoin/.bitcoin - bitcoin_data:/home/bitcoin/.bitcoin
- /home/debian/4NK_env/lecoffre_node/logs/blindbit:/var/log/blindbit - /home/debian/4NK_env/projects/lecoffre/lecoffre_node/logs/blindbit:/var/log/blindbit
- /home/debian/4NK_env/scripts/lecoffre_node/healthchecks:/scripts/healthchecks:ro - /home/debian/4NK_env/scripts/lecoffre_node/healthchecks:/scripts/healthchecks:ro
entrypoint: > entrypoint: >
sh -c "mkdir -p /root/.blindbit-oracle && sh -c "mkdir -p /root/.blindbit-oracle &&
@ -80,16 +80,16 @@ services:
image: git.4nkweb.com/4nk/sdk_relay:ext image: git.4nkweb.com/4nk/sdk_relay:ext
container_name: sdk_relay container_name: sdk_relay
env_file: env_file:
- /home/debian/4NK_env/lecoffre_node/confs/sdk_relay/.env - /home/debian/4NK_env/projects/lecoffre/lecoffre_node/confs/sdk_relay/.env
depends_on: depends_on:
blindbit: blindbit:
condition: service_healthy condition: service_healthy
volumes: volumes:
- /home/debian/4NK_env/lecoffre_node/confs/relay/sdk_relay.conf:/app/.conf:ro - /home/debian/4NK_env/projects/lecoffre/lecoffre_node/confs/relay/sdk_relay.conf:/app/.conf:ro
- sdk_data:/app/.4nk - sdk_data:/app/.4nk
- bitcoin_data:/app/.bitcoin - bitcoin_data:/app/.bitcoin
- /home/debian/4NK_env/scripts/lecoffre_node/funds:/scripts/funds:ro - /home/debian/4NK_env/scripts/lecoffre_node/funds:/scripts/funds:ro
- /home/debian/4NK_env/lecoffre_node/logs/sdk_relay:/var/log/sdk_relay - /home/debian/4NK_env/projects/lecoffre/lecoffre_node/logs/sdk_relay:/var/log/sdk_relay
- /home/debian/4NK_env/scripts/lecoffre_node/healthchecks:/scripts/healthchecks:ro - /home/debian/4NK_env/scripts/lecoffre_node/healthchecks:/scripts/healthchecks:ro
ports: ports:
- "0.0.0.0:8090:8090" - "0.0.0.0:8090:8090"
@ -118,11 +118,11 @@ services:
container_name: lecoffre-front container_name: lecoffre-front
working_dir: /leCoffre-front working_dir: /leCoffre-front
env_file: env_file:
- /home/debian/4NK_env/lecoffre_node/confs/lecoffre-front/.env - /home/debian/4NK_env/projects/lecoffre/lecoffre_node/confs/lecoffre-front/.env
ports: ports:
- "0.0.0.0:3004:8080" - "0.0.0.0:3004:8080"
volumes: volumes:
- /home/debian/4NK_env/lecoffre_node/logs/lecoffre-front:/var/log/lecoffre-front - /home/debian/4NK_env/projects/lecoffre/lecoffre_node/logs/lecoffre-front:/var/log/lecoffre-front
networks: networks:
btcnet: btcnet:
aliases: aliases:
@ -148,7 +148,7 @@ services:
image: git.4nkweb.com/4nk/ihm_client:ext image: git.4nkweb.com/4nk/ihm_client:ext
container_name: ihm_client container_name: ihm_client
env_file: env_file:
- /home/debian/4NK_env/lecoffre_node/confs/ihm_client/.env - /home/debian/4NK_env/projects/lecoffre/lecoffre_node/confs/ihm_client/.env
environment: environment:
- VITE_JWT_SECRET_KEY - VITE_JWT_SECRET_KEY
- VITE_API_BASE_URL - VITE_API_BASE_URL
@ -159,7 +159,7 @@ services:
ports: ports:
- "0.0.0.0:3003:3003" - "0.0.0.0:3003:3003"
volumes: volumes:
- /home/debian/4NK_env/lecoffre_node/logs/ihm_client:/var/log/ihm_client - /home/debian/4NK_env/projects/lecoffre/lecoffre_node/logs/ihm_client:/var/log/ihm_client
networks: networks:
btcnet: btcnet:
aliases: aliases:
@ -188,7 +188,7 @@ services:
- "0.0.0.0:8081:8080" - "0.0.0.0:8081:8080"
volumes: volumes:
- sdk_storage_data:/app/data - sdk_storage_data:/app/data
- /home/debian/4NK_env/lecoffre_node/logs/sdk_storage:/var/log/sdk_storage - /home/debian/4NK_env/projects/lecoffre/lecoffre_node/logs/sdk_storage:/var/log/sdk_storage
healthcheck: healthcheck:
test: ["CMD", "sh", "-c", "if curl -f http://localhost:8080/health >/dev/null 2>&1; then echo 'SDK Storage ready: API responding'; exit 0; else echo 'SDK Storage starting: API not yet ready'; exit 1; fi"] test: ["CMD", "sh", "-c", "if curl -f http://localhost:8080/health >/dev/null 2>&1; then echo 'SDK Storage ready: API responding'; exit 0; else echo 'SDK Storage starting: API not yet ready'; exit 1; fi"]
interval: 30s interval: 30s
@ -215,16 +215,16 @@ services:
signet_miner: signet_miner:
build: build:
context: ./miner context: ../../../4NK_modules/4NK_miner
container_name: signet_miner container_name: signet_miner
depends_on: depends_on:
bitcoin: bitcoin:
condition: service_healthy condition: service_healthy
env_file: env_file:
- /home/debian/4NK_env/lecoffre_node/confs/lecoffre_node/.env - /home/debian/4NK_env/projects/lecoffre/lecoffre_node/confs/lecoffre_node/.env
volumes: volumes:
- bitcoin_data:/bitcoin:ro - bitcoin_data:/bitcoin:ro
- /home/debian/4NK_env/lecoffre_node/logs/miner:/var/log/miner - /home/debian/4NK_env/projects/lecoffre/lecoffre_node/logs/miner:/var/log/miner
networks: networks:
btcnet: btcnet:
aliases: aliases:
@ -239,10 +239,10 @@ services:
- "0.0.0.0:3005:3000" - "0.0.0.0:3005:3000"
volumes: volumes:
- grafana_data:/var/lib/grafana - grafana_data:/var/lib/grafana
- /home/debian/4NK_env/lecoffre_node/confs/grafana/provisioning:/etc/grafana/provisioning - /home/debian/4NK_env/projects/lecoffre/lecoffre_node/confs/grafana/provisioning:/etc/grafana/provisioning
- /home/debian/4NK_env/lecoffre_node/confs/grafana/dashboards:/var/lib/grafana/dashboards - /home/debian/4NK_env/projects/lecoffre/lecoffre_node/confs/grafana/dashboards:/var/lib/grafana/dashboards
- /home/debian/4NK_env/lecoffre_node/confs/grafana/grafana.ini:/etc/grafana/grafana.ini:ro - /home/debian/4NK_env/projects/lecoffre/lecoffre_node/confs/grafana/grafana.ini:/etc/grafana/grafana.ini:ro
- /home/debian/4NK_env/lecoffre_node/logs:/var/log/lecoffre:ro - /home/debian/4NK_env/projects/lecoffre/lecoffre_node/logs:/var/log/lecoffre:ro
environment: environment:
- GF_SECURITY_ADMIN_PASSWORD=Fuy8ZfxQI2xdSdoB8wsGxNjyU - GF_SECURITY_ADMIN_PASSWORD=Fuy8ZfxQI2xdSdoB8wsGxNjyU
- GF_USERS_ALLOW_SIGN_UP=false - GF_USERS_ALLOW_SIGN_UP=false
@ -274,7 +274,7 @@ services:
- "0.0.0.0:3100:3100" - "0.0.0.0:3100:3100"
volumes: volumes:
- loki_data:/loki - loki_data:/loki
- /home/debian/4NK_env/lecoffre_node/confs/loki/loki-config.yaml:/etc/loki/loki-config.yaml:ro - /home/debian/4NK_env/projects/lecoffre/lecoffre_node/confs/loki/loki-config.yaml:/etc/loki/loki-config.yaml:ro
command: -config.file=/etc/loki/loki-config.yaml command: -config.file=/etc/loki/loki-config.yaml
networks: networks:
btcnet: btcnet:
@ -292,8 +292,8 @@ services:
image: grafana/promtail:latest image: grafana/promtail:latest
container_name: promtail container_name: promtail
volumes: volumes:
- /home/debian/4NK_env/lecoffre_node/logs:/home/debian/4NK_env/lecoffre_node/logs:ro - /home/debian/4NK_env/projects/lecoffre/lecoffre_node/logs:/home/debian/4NK_env/projects/lecoffre/lecoffre_node/logs:ro
- /home/debian/4NK_env/lecoffre_node/confs/promtail/promtail.yml:/etc/promtail/config.yml:ro - /home/debian/4NK_env/projects/lecoffre/lecoffre_node/confs/promtail/promtail.yml:/etc/promtail/config.yml:ro
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
command: -config.file=/etc/promtail/config.yml command: -config.file=/etc/promtail/config.yml
networks: networks:
@ -314,7 +314,7 @@ services:
# Service de statut des services # Service de statut des services
status-api: status-api:
build: build:
context: ./web/status context: ../../../4NK_modules/4NK_web_status
dockerfile: Dockerfile.python dockerfile: Dockerfile.python
container_name: status-api container_name: status-api
env_file: env_file:
@ -322,9 +322,8 @@ services:
ports: ports:
- "0.0.0.0:3006:3006" - "0.0.0.0:3006:3006"
volumes: volumes:
- ./web/status/api.py:/app/api.py:ro
- /var/run/docker.sock:/var/run/docker.sock:ro - /var/run/docker.sock:/var/run/docker.sock:ro
- /home/debian/4NK_env/lecoffre_node/logs:/var/log/lecoffre:ro - /home/debian/4NK_env/projects/lecoffre/lecoffre_node/logs:/var/log/lecoffre:ro
- /home/debian/4NK_env/scripts/lecoffre_node/healthchecks:/scripts/healthchecks:ro - /home/debian/4NK_env/scripts/lecoffre_node/healthchecks:/scripts/healthchecks:ro
networks: networks:
btcnet: btcnet:

4
miner/miner.env
View File

@ -1,4 +0,0 @@
# Configuration du miner signet
# COINBASE_ADDRESS= # Générer automatiquement
RELAY_ADDRESS=tsp1qqd8k3twmuq3awxjmfukhma36j4la8gzsa8t0dgfms3cfglt2gkz6wqsqpd3d2q4quq59agtyfsr7gj9t07qt0nlrlrzgmhvpn5enfm76fud6sm0y
REWARD_SPLIT_RATIO=0.5

11
relay/sdk_relay.conf
View File

@ -1,11 +0,0 @@
core_url=http://bitcoin:38332
ws_url=0.0.0.0:8090
wallet_name=default
network=signet
blindbit_url=http://blindbit-oracle:8000
zmq_url=tcp://bitcoin:29000
storage=https://dev4.4nkweb.com/storage
data_dir=/app/.4nk
bitcoin_data_dir=/app/.bitcoin
bootstrap_url=
bootstrap_faucet=false

16
relay/sdk_relay.conf.exemple
View File

@ -1,16 +0,0 @@
core_url="http://bitcoin:38332"
ws_url="0.0.0.0:8090"
wallet_name="default"
network="signet"
blindbit_url="http://localhost:8000"
zmq_url="tcp://bitcoin:29000"
storage="https://dev4.4nkweb.com/storage"
data_dir="/home/bitcoin/.4nk"
bitcoin_data_dir="/home/bitcoin/.bitcoin"
bootstrap_url="ws://dev3.4nkweb.com:8090"
bootstrap_faucet=true
RUST_LOG="DEBUG,reqwest=DEBUG,tokio_tungstenite=DEBUG"
NODE_OPTIONS="--max-old-space-size=2048"
SIGNER_API_KEY="your-api-key-change-this"
VITE_JWT_SECRET_KEY="52b3d77617bb00982dfee15b08effd52cfe5b2e69b2f61cc4848cfe1e98c0bc9"