dev4: Nginx reverse proxy /lecoffre + correctifs; front prod build; ajout NODE_OPTIONS; docs & tests; fix 502

2025-09-16 16:56:21 +00:00 · 2025-09-16 16:56:21 +00:00 · 66ebb63ce8
commit 66ebb63ce8
parent 9d4189927d
6 changed files with 95 additions and 31 deletions
--- a/.env.exemple
+++ b/.env.exemple
@ -1,13 +1,14 @@
-# Variables d'environnement pour l'application back-end
+ #Variables d'environnement pour l'application back-end

 # Configuration IDNOT
-IDNOT_ANNUARY_BASE_URL=
+IDNOT_ANNUARY_BASE_URL=https://qual-api.notaires.fr/annuaire
 IDNOT_API_KEY=
 IDNOT_CLIENT_ID=
 IDNOT_CLIENT_SECRET=
-IDNOT_REDIRECT_URI=
-IDNOT_TOKEN_URL=
-IDNOT_API_BASE_URL=
+# IDNOT_REDIRECT_URI=http://local.4nkweb.com:3000/authorized-client
+IDNOT_REDIRECT_URI=https://dev4.4nkweb.com/lecofre/authorized-client
+IDNOT_TOKEN_URL=https://qual-connexion.idnot.fr/user/IdPOAuth2/token/idnot_idp_v1
+IDNOT_API_BASE_URL=https://qual-api.notaires.fr/annuaire

 # Configuration OVH
 OVH_APP_KEY=
@ -16,7 +17,7 @@ OVH_CONSUMER_KEY=
 OVH_SMS_SERVICE_NAME=

 # Configuration SMS Factor
-SMS_FACTOR_TOKEN=
+SMS_FACTOR_TOKEN=.

 # Configuration Mailchimp
 MAILCHIMP_API_KEY=
@ -27,34 +28,39 @@ MAILCHIMP_LIST_ID=
 STRIPE_SECRET_KEY=
 STRIPE_WEBHOOK_SECRET=
 STRIPE_STANDARD_SUBSCRIPTION_PRICE_ID=
-STRIPE_STANDARD_ANNUAL_SUBSCRIPTION_PRICE_ID=
+STRIPE_STANDARD_ANNUAL_SUBSCRIPTION_PRICE_ID=price_P9NsRP5xh1u9BqSFgkUDbQY
 STRIPE_UNLIMITED_SUBSCRIPTION_PRICE_ID=
 STRIPE_UNLIMITED_ANNUAL_SUBSCRIPTION_PRICE_ID=

 # Configuration serveur
-APP_HOST=
-PORT=
-API_BASE_URL=
-DEFAULT_STORAGE=
+APP_HOST=http://localhost:3000
+# API_BASE_URL=https://demo.4nkweb.com/back
+API_BASE_URL=https://dev4.4nkweb.com/back
+# DEFAULT_STORAGE=https://demo.4nkweb.com/storage
+DEFAULT_STORAGE=https://dev4.4nkweb.com/storage

 # Variables d'environnement pour l'application front-end
-NEXT_PUBLIC_4NK_URL=
-NEXT_PUBLIC_FRONT_APP_HOST=
-NEXT_PUBLIC_IDNOT_BASE_URL=
-NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=
+# NEXT_PUBLIC_4NK_URL=http://demo.4nkweb.com/
+NEXT_PUBLIC_4NK_URL=https://dev4.4nkweb.com/
+# NEXT_PUBLIC_FRONT_APP_HOST=https://demo.4nkweb.com
+NEXT_PUBLIC_FRONT_APP_HOST=https://dev4.4nkweb.com/lecoffre
+NEXT_PUBLIC_IDNOT_BASE_URL=https://qual-connexion.idnot.fr
+NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=/IdPOAuth2/authorize/idnot_idp_v1
 NEXT_PUBLIC_IDNOT_CLIENT_ID=
-NEXT_PUBLIC_BACK_API_PROTOCOL=
-NEXT_PUBLIC_ANK_BASE_REDIRECT_URI=
-
 NEXT_PUBLIC_BACK_API_PROTOCOL=http
 NEXT_PUBLIC_BACK_API_HOST=localhost
 NEXT_PUBLIC_BACK_API_PORT=8080
 NEXT_PUBLIC_BACK_API_ROOT_URL=/api
 NEXT_PUBLIC_BACK_API_VERSION=/v1
+# NEXT_PUBLIC_ANK_BASE_REDIRECT_URI='http://local.4nkweb.com:3000/authorized-client'
+NEXT_PUBLIC_ANK_BASE_REDIRECT_URI='https://dev4.4nkweb.com/lecoffre/authorized-client'

-#WS
-RELAY_URLS=ws://sdk_relay:8090
-SIGNER_WS_URL=https://demo.4nkweb.com/signer/
+# WS
+# RELAY_URLS=wss://demo.4nkweb.com/ws
+RELAY_URLS=wss://dev4.4nkweb.com/ws
+# SIGNER_WS_URL=https://dev4.4nkweb.com/signer/
+SIGNER_WS_URL=https://dev4.4nkweb.com/signer/

-#IHM URLS
-VITE_BOOTSTRAPURL=https://dev4.4nkweb.com/relay
+# IHM URLS
+# VITE_BOOTSTRAPURL=http://sdk_relay:8090/
+VITE_BOOTSTRAPURL=https://dev4.4nkweb.com/ws
--- a/conf/nginx/dev4.4nkweb.com.conf
+++ b/conf/nginx/dev4.4nkweb.com.conf
@ -30,13 +30,28 @@ server {
    location /lecoffre/ {
        proxy_pass http://127.0.0.1:3000/;
        include /etc/nginx/proxy_params;
-        # Sub-filter to ensure assets/links are prefixed with /lecoffre
-        proxy_set_header Accept-Encoding "";
-        sub_filter_types text/html application/javascript text/css;
-        sub_filter_once off;
-        sub_filter 'href="/' 'href="/lecoffre/';
-        sub_filter 'src="/' 'src="/lecoffre/';
-        sub_filter 'content="/' 'content="/lecoffre/';
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Proto http;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Prefix /lecoffre;
+        proxy_read_timeout 300;
+    }
+
+    # Next.js assets and HMR under basePath
+    location /lecoffre/_next/webpack-hmr {
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Proto http;
+        proxy_buffering off;
+        proxy_pass http://127.0.0.1:3000/_next/webpack-hmr;
+        proxy_read_timeout 600s;
+    }
+
+    location /lecoffre/_next/ {
+        proxy_pass http://127.0.0.1:3000/_next/;
+        include /etc/nginx/proxy_params;
        proxy_read_timeout 300;
    }

--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -78,6 +78,7 @@ services:
        max-size: "10m"
        max-file: "3"
    environment:
+    - NODE_OPTIONS=--max-old-space-size=2048
      - HOME=/home/bitcoin
      - RUST_LOG=DEBUG
    entrypoint: >
@ -112,6 +113,9 @@ services:
    container_name: lecoffre-front
    env_file:
      - .env
+    environment:
+      - NODE_ENV=production
+      - NODE_OPTIONS=--max-old-space-size=2048
    ports:
      - "3000:3000"
    networks:
@ -121,6 +125,7 @@ services:
    labels:
      - "com.centurylinklabs.watchtower.enable=true"
    restart: unless-stopped
+    command: ["sh", "-lc", "npm run build && npm run start"]

  ihm_client:
    image: git.4nkweb.com/4nk/ihm_client:dev
@ -185,4 +190,4 @@ networks:
    driver: bridge
    ipam:
      config:
-        - subnet: 172.20.0.0/16
+        - subnet: 172.20.0.0/16
--- a/docs/DEPLOIEMENT_dev4.md
+++ b/docs/DEPLOIEMENT_dev4.md
@ -0,0 +1,17 @@
+# Déploiement dev4.4nkweb.com
+
+- Nginx: vhost dev4.4nkweb.com HTTP et HTTPS, reverse proxy:
+  - /signer vers 3001
+  - / vers ihm_client sur 3003
+  - /lecoffre vers lecoffre-front sur 3000
+  - /back vers lecoffre-back sur 8080
+  - /blindbit vers blindbit sur 8000
+  - /storage vers sdk_storage sur 8081
+  - /ws WebSocket relay
+- Certificats: Lets Encrypt
+- Next.js: basePath /lecoffre, build production, NODE_OPTIONS max-old-space-size 2048
+- Extraits .env pertinents:
+  - RELAY_URLS wss://dev4.4nkweb.com/ws
+  - SIGNER_WS_URL https://dev4.4nkweb.com/signer/
+  - VITE_BOOTSTRAPURL https://dev4.4nkweb.com/ws
+- Correction 502: build Next terminé, Nginx OK
--- a/docs/REX_502_lecoffre.md
+++ b/docs/REX_502_lecoffre.md
@ -0,0 +1,9 @@
+# REX technique: 502 sur /lecoffre
+
+- Symptôme: 502 Bad Gateway via Nginx, recv failed
+- Cause: build Next.js initial non terminé; mémoire Node insuffisante
+- Actions:
+  - Ajout NODE_OPTIONS max-old-space-size 2048 au service lecoffre-front
+  - Relance propre du conteneur (stop, rm, up)
+  - Vérification présence .next et démarrage next start
+  - Test via curl: HTTP 200 sur /lecoffre
--- a/tests/smoke_dev4.md
+++ b/tests/smoke_dev4.md
@ -0,0 +1,12 @@
+# Tests de fumée dev4
+
+HTTP/HTTPS
+- GET / (ihm_client) attend 200
+- GET /lecoffre/ attend 200
+- GET /back/health attend 200
+- GET /storage/health attend 200
+WebSocket
+- wss://dev4.4nkweb.com/ws handshake OK
+Nginx
+- Certificats valides
+- Pas derreurs critiques dans error.log