From 66ebb63ce8803e76060e646dfb5ec5dad6318561 Mon Sep 17 00:00:00 2001 From: Nicolas Cantu Date: Tue, 16 Sep 2025 16:56:21 +0000 Subject: [PATCH] dev4: Nginx reverse proxy /lecoffre + correctifs; front prod build; ajout NODE_OPTIONS; docs & tests; fix 502 --- .env.exemple | 52 ++++++++++++++++++--------------- conf/nginx/dev4.4nkweb.com.conf | 29 +++++++++++++----- docker-compose.yml | 7 ++++- docs/DEPLOIEMENT_dev4.md | 17 +++++++++++ docs/REX_502_lecoffre.md | 9 ++++++ tests/smoke_dev4.md | 12 ++++++++ 6 files changed, 95 insertions(+), 31 deletions(-) create mode 100644 docs/DEPLOIEMENT_dev4.md create mode 100644 docs/REX_502_lecoffre.md create mode 100644 tests/smoke_dev4.md diff --git a/.env.exemple b/.env.exemple index 075b62e..b96b7bf 100644 --- a/.env.exemple +++ b/.env.exemple @@ -1,13 +1,14 @@ -# Variables d'environnement pour l'application back-end + #Variables d'environnement pour l'application back-end # Configuration IDNOT -IDNOT_ANNUARY_BASE_URL= +IDNOT_ANNUARY_BASE_URL=https://qual-api.notaires.fr/annuaire IDNOT_API_KEY= IDNOT_CLIENT_ID= IDNOT_CLIENT_SECRET= -IDNOT_REDIRECT_URI= -IDNOT_TOKEN_URL= -IDNOT_API_BASE_URL= +# IDNOT_REDIRECT_URI=http://local.4nkweb.com:3000/authorized-client +IDNOT_REDIRECT_URI=https://dev4.4nkweb.com/lecofre/authorized-client +IDNOT_TOKEN_URL=https://qual-connexion.idnot.fr/user/IdPOAuth2/token/idnot_idp_v1 +IDNOT_API_BASE_URL=https://qual-api.notaires.fr/annuaire # Configuration OVH OVH_APP_KEY= @@ -16,7 +17,7 @@ OVH_CONSUMER_KEY= OVH_SMS_SERVICE_NAME= # Configuration SMS Factor -SMS_FACTOR_TOKEN= +SMS_FACTOR_TOKEN=. # Configuration Mailchimp MAILCHIMP_API_KEY= @@ -27,34 +28,39 @@ MAILCHIMP_LIST_ID= STRIPE_SECRET_KEY= STRIPE_WEBHOOK_SECRET= STRIPE_STANDARD_SUBSCRIPTION_PRICE_ID= -STRIPE_STANDARD_ANNUAL_SUBSCRIPTION_PRICE_ID= +STRIPE_STANDARD_ANNUAL_SUBSCRIPTION_PRICE_ID=price_P9NsRP5xh1u9BqSFgkUDbQY STRIPE_UNLIMITED_SUBSCRIPTION_PRICE_ID= STRIPE_UNLIMITED_ANNUAL_SUBSCRIPTION_PRICE_ID= # Configuration serveur -APP_HOST= -PORT= -API_BASE_URL= -DEFAULT_STORAGE= +APP_HOST=http://localhost:3000 +# API_BASE_URL=https://demo.4nkweb.com/back +API_BASE_URL=https://dev4.4nkweb.com/back +# DEFAULT_STORAGE=https://demo.4nkweb.com/storage +DEFAULT_STORAGE=https://dev4.4nkweb.com/storage # Variables d'environnement pour l'application front-end -NEXT_PUBLIC_4NK_URL= -NEXT_PUBLIC_FRONT_APP_HOST= -NEXT_PUBLIC_IDNOT_BASE_URL= -NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT= +# NEXT_PUBLIC_4NK_URL=http://demo.4nkweb.com/ +NEXT_PUBLIC_4NK_URL=https://dev4.4nkweb.com/ +# NEXT_PUBLIC_FRONT_APP_HOST=https://demo.4nkweb.com +NEXT_PUBLIC_FRONT_APP_HOST=https://dev4.4nkweb.com/lecoffre +NEXT_PUBLIC_IDNOT_BASE_URL=https://qual-connexion.idnot.fr +NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=/IdPOAuth2/authorize/idnot_idp_v1 NEXT_PUBLIC_IDNOT_CLIENT_ID= -NEXT_PUBLIC_BACK_API_PROTOCOL= -NEXT_PUBLIC_ANK_BASE_REDIRECT_URI= - NEXT_PUBLIC_BACK_API_PROTOCOL=http NEXT_PUBLIC_BACK_API_HOST=localhost NEXT_PUBLIC_BACK_API_PORT=8080 NEXT_PUBLIC_BACK_API_ROOT_URL=/api NEXT_PUBLIC_BACK_API_VERSION=/v1 +# NEXT_PUBLIC_ANK_BASE_REDIRECT_URI='http://local.4nkweb.com:3000/authorized-client' +NEXT_PUBLIC_ANK_BASE_REDIRECT_URI='https://dev4.4nkweb.com/lecoffre/authorized-client' -#WS -RELAY_URLS=ws://sdk_relay:8090 -SIGNER_WS_URL=https://demo.4nkweb.com/signer/ +# WS +# RELAY_URLS=wss://demo.4nkweb.com/ws +RELAY_URLS=wss://dev4.4nkweb.com/ws +# SIGNER_WS_URL=https://dev4.4nkweb.com/signer/ +SIGNER_WS_URL=https://dev4.4nkweb.com/signer/ -#IHM URLS -VITE_BOOTSTRAPURL=https://dev4.4nkweb.com/relay \ No newline at end of file +# IHM URLS +# VITE_BOOTSTRAPURL=http://sdk_relay:8090/ +VITE_BOOTSTRAPURL=https://dev4.4nkweb.com/ws \ No newline at end of file diff --git a/conf/nginx/dev4.4nkweb.com.conf b/conf/nginx/dev4.4nkweb.com.conf index e8ca0fb..c907591 100644 --- a/conf/nginx/dev4.4nkweb.com.conf +++ b/conf/nginx/dev4.4nkweb.com.conf @@ -30,13 +30,28 @@ server { location /lecoffre/ { proxy_pass http://127.0.0.1:3000/; include /etc/nginx/proxy_params; - # Sub-filter to ensure assets/links are prefixed with /lecoffre - proxy_set_header Accept-Encoding ""; - sub_filter_types text/html application/javascript text/css; - sub_filter_once off; - sub_filter 'href="/' 'href="/lecoffre/'; - sub_filter 'src="/' 'src="/lecoffre/'; - sub_filter 'content="/' 'content="/lecoffre/'; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Prefix /lecoffre; + proxy_read_timeout 300; + } + + # Next.js assets and HMR under basePath + location /lecoffre/_next/webpack-hmr { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_buffering off; + proxy_pass http://127.0.0.1:3000/_next/webpack-hmr; + proxy_read_timeout 600s; + } + + location /lecoffre/_next/ { + proxy_pass http://127.0.0.1:3000/_next/; + include /etc/nginx/proxy_params; proxy_read_timeout 300; } diff --git a/docker-compose.yml b/docker-compose.yml index 5dd0992..7430970 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -78,6 +78,7 @@ services: max-size: "10m" max-file: "3" environment: + - NODE_OPTIONS=--max-old-space-size=2048 - HOME=/home/bitcoin - RUST_LOG=DEBUG entrypoint: > @@ -112,6 +113,9 @@ services: container_name: lecoffre-front env_file: - .env + environment: + - NODE_ENV=production + - NODE_OPTIONS=--max-old-space-size=2048 ports: - "3000:3000" networks: @@ -121,6 +125,7 @@ services: labels: - "com.centurylinklabs.watchtower.enable=true" restart: unless-stopped + command: ["sh", "-lc", "npm run build && npm run start"] ihm_client: image: git.4nkweb.com/4nk/ihm_client:dev @@ -185,4 +190,4 @@ networks: driver: bridge ipam: config: - - subnet: 172.20.0.0/16 \ No newline at end of file + - subnet: 172.20.0.0/16 diff --git a/docs/DEPLOIEMENT_dev4.md b/docs/DEPLOIEMENT_dev4.md new file mode 100644 index 0000000..28e17c8 --- /dev/null +++ b/docs/DEPLOIEMENT_dev4.md @@ -0,0 +1,17 @@ +# Déploiement dev4.4nkweb.com + +- Nginx: vhost dev4.4nkweb.com HTTP et HTTPS, reverse proxy: + - /signer vers 3001 + - / vers ihm_client sur 3003 + - /lecoffre vers lecoffre-front sur 3000 + - /back vers lecoffre-back sur 8080 + - /blindbit vers blindbit sur 8000 + - /storage vers sdk_storage sur 8081 + - /ws WebSocket relay +- Certificats: Lets Encrypt +- Next.js: basePath /lecoffre, build production, NODE_OPTIONS max-old-space-size 2048 +- Extraits .env pertinents: + - RELAY_URLS wss://dev4.4nkweb.com/ws + - SIGNER_WS_URL https://dev4.4nkweb.com/signer/ + - VITE_BOOTSTRAPURL https://dev4.4nkweb.com/ws +- Correction 502: build Next terminé, Nginx OK diff --git a/docs/REX_502_lecoffre.md b/docs/REX_502_lecoffre.md new file mode 100644 index 0000000..5f471ff --- /dev/null +++ b/docs/REX_502_lecoffre.md @@ -0,0 +1,9 @@ +# REX technique: 502 sur /lecoffre + +- Symptôme: 502 Bad Gateway via Nginx, recv failed +- Cause: build Next.js initial non terminé; mémoire Node insuffisante +- Actions: + - Ajout NODE_OPTIONS max-old-space-size 2048 au service lecoffre-front + - Relance propre du conteneur (stop, rm, up) + - Vérification présence .next et démarrage next start + - Test via curl: HTTP 200 sur /lecoffre diff --git a/tests/smoke_dev4.md b/tests/smoke_dev4.md new file mode 100644 index 0000000..a296b5e --- /dev/null +++ b/tests/smoke_dev4.md @@ -0,0 +1,12 @@ +# Tests de fumée dev4 + +HTTP/HTTPS +- GET / (ihm_client) attend 200 +- GET /lecoffre/ attend 200 +- GET /back/health attend 200 +- GET /storage/health attend 200 +WebSocket +- wss://dev4.4nkweb.com/ws handshake OK +Nginx +- Certificats valides +- Pas derreurs critiques dans error.log