diff --git a/.env.exemple b/.env.exemple index 5f80279..890dbc2 100644 --- a/.env.exemple +++ b/.env.exemple @@ -51,7 +51,7 @@ SIGNER_BASE_URL=https://dev3.4nkweb.com # IHM URLS # VITE_BOOTSTRAPURL=http://sdk_relay:8090/ -VITE_BOOTSTRAPURL=https://dev4.4nkweb.com/ws/ +VITE_BOOTSTRAPURL=https://dev3.4nkweb.com/ws/ # Cartes de test Stripe SUCCES='4242 4242 4242 4242' diff --git a/conf/nginx/dev4.4nkweb.com.conf b/conf/nginx/dev4.4nkweb.com.conf index 43bafad..80408aa 100644 --- a/conf/nginx/dev4.4nkweb.com.conf +++ b/conf/nginx/dev4.4nkweb.com.conf @@ -98,6 +98,15 @@ server { proxy_read_timeout 300; } + # API de transfert de fonds + location /api/v1/funds/ { + proxy_pass http://127.0.0.1:8080/api/v1/funds/; + include /etc/nginx/proxy_params; + proxy_read_timeout 300; + proxy_connect_timeout 300; + proxy_send_timeout 300; + } + # ihm_client (root) location / { proxy_pass http://127.0.0.1:3003; diff --git a/conf/nginx/dev4.4nkweb.com.conf.backup b/conf/nginx/dev4.4nkweb.com.conf.backup new file mode 100644 index 0000000..43bafad --- /dev/null +++ b/conf/nginx/dev4.4nkweb.com.conf.backup @@ -0,0 +1,161 @@ +# HTTP server for ACME and initial proxying +server { + listen 80; + server_name dev4.4nkweb.com; + + # Forcer l'upgrade des requêtes HTTP en HTTPS pour éviter les contenus mixtes + add_header Content-Security-Policy "upgrade-insecure-requests" always; + + # ACME HTTP-01 challenges + location /.well-known/acme-challenge/ { + root /var/www/letsencrypt; + } + + # API backend - route /back/ vers /api/ du backend + location ~* ^/back/(.*)$ { + proxy_pass http://127.0.0.1:8080/api/$1; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_buffering off; + } + + # API direct - route /api/ vers le backend + # Autorisations CORS dynamiques pour origines connues + set $cors_origin ""; + if ($http_origin ~* ^(http://local\.4nkweb\.com:3000|https://dev4\.4nkweb\.com)$) { + set $cors_origin $http_origin; + } + + location /api/ { + # CORS pour développement local Next.js + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Credentials; + proxy_hide_header Access-Control-Allow-Headers; + proxy_hide_header Access-Control-Allow-Methods; + + if ($request_method = OPTIONS) { + add_header Access-Control-Allow-Origin $cors_origin always; + add_header Access-Control-Allow-Credentials "true" always; + add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; + add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; + return 204; + } + + add_header Access-Control-Allow-Origin $cors_origin always; + add_header Access-Control-Allow-Credentials "true" always; + add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; + add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; + + proxy_pass http://127.0.0.1:8080/api/; + include /etc/nginx/proxy_params; + proxy_read_timeout 300; + proxy_connect_timeout 300; + proxy_send_timeout 300; + } + + # Compat: certains clients appellent /apiv1 -> réécriture vers /api/v1 + location ~* ^/apiv1/(.*)$ { + # CORS pour compatibilité + proxy_hide_header Access-Control-Allow-Origin; + proxy_hide_header Access-Control-Allow-Credentials; + proxy_hide_header Access-Control-Allow-Headers; + proxy_hide_header Access-Control-Allow-Methods; + + if ($request_method = OPTIONS) { + add_header Access-Control-Allow-Origin $cors_origin always; + add_header Access-Control-Allow-Credentials "true" always; + add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; + add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; + return 204; + } + + add_header Access-Control-Allow-Origin $cors_origin always; + add_header Access-Control-Allow-Credentials "true" always; + add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always; + add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; + + proxy_pass http://127.0.0.1:8080/api/v1/$1; + include /etc/nginx/proxy_params; + proxy_read_timeout 300; + proxy_connect_timeout 300; + proxy_send_timeout 300; + } + + # WebSocket relay (sdk_relay) + location /ws/ { + proxy_pass http://127.0.0.1:8090/; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 300; + } + + # ihm_client (root) + location / { + proxy_pass http://127.0.0.1:3003; + include /etc/nginx/proxy_params; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 300; + } + + # favicon + location = /favicon.ico { + root /home/debian/lecoffre_node/conf/nginx/assets; + try_files /favicon.ico =404; + access_log off; + expires 30d; + } + + # lecoffre frontend + location = /lecoffre { + proxy_pass http://127.0.0.2:3004/lecoffre; + include /etc/nginx/proxy_params; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + } + + location /lecoffre/ { + proxy_pass http://127.0.0.2:3004/lecoffre/; + include /etc/nginx/proxy_params; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 300; + } + + # Next.js assets + location /_next/ { + proxy_pass http://127.0.0.2:3004/_next/; + include /etc/nginx/proxy_params; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + } + + # blindbit + location /blindbit/ { + proxy_pass http://127.0.0.1:8000/; + include /etc/nginx/proxy_params; + } + + # signer (sdk_signer) avec support WebSocket + location /signer/ { + proxy_pass http://127.0.0.1:3001/; + include /etc/nginx/proxy_params; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 300; + } +} diff --git a/docker-compose.yml.backup b/docker-compose.yml.backup index 5713086..e79b2fb 100644 --- a/docker-compose.yml.backup +++ b/docker-compose.yml.backup @@ -50,7 +50,7 @@ services: aliases: - blindbit ports: - - "127.0.0.1:8000:8000" + - "0.0.0.0:8000:8000" healthcheck: test: ["CMD-SHELL", "code=$(curl -s -o /dev/null -w '%{http_code}' http://localhost:8000/tweaks/1); [ \"$$code\" != \"000\" ]"] interval: 15s @@ -69,8 +69,8 @@ services: - sdk_data:/home/bitcoin/.4nk - bitcoin_data:/home/bitcoin/.bitcoin ports: - - "127.0.0.1:8090:8090" - - "127.0.0.1:8091:8091" + - "0.0.0.0:8090:8090" + - "0.0.0.0:8091:8091" networks: btcnet: aliases: @@ -97,7 +97,7 @@ services: env_file: - .env ports: - - "127.0.0.1:8080:8080" + - "0.0.0.0:8080:8080" networks: btcnet: aliases: @@ -159,7 +159,7 @@ services: environment: - VITE_BOOTSTRAPURL=wss://dev4.4nkweb.com/ws/ ports: - - "127.0.0.1:3003:3003" + - "0.0.0.0:3003:3003" networks: btcnet: aliases: @@ -187,7 +187,7 @@ services: image: git.4nkweb.com/4nk/sdk_signer:latest container_name: sdk_signer ports: - - "127.0.0.1:3001:3001" + - "0.0.0.0:3001:3001" networks: btcnet: aliases: @@ -206,7 +206,7 @@ services: image: git.4nkweb.com/4nk/sdk_storage:ext container_name: sdk_storage ports: - - "127.0.0.1:8081:8081" + - "0.0.0.0:8081:8081" networks: btcnet: aliases: diff --git a/miner/.env.backup b/miner/.env.backup new file mode 100644 index 0000000..372119d --- /dev/null +++ b/miner/.env.backup @@ -0,0 +1,18 @@ +# Variables d'environnement pour le miner Signet +RPC_HOST="bitcoin" +RPC_PORT="38332" +WATCHONLY_WALLET="watchonly" +MINING_WALLET="mining_mnemonic" +MINER_TAG="lecoffre" +SIGNET_CHALLENGE="0020341c43803863c252df326e73574a27d7e19322992061017b0dc893e2eab90821" +SIGNET_MAGIC="b066463d" +MINING_FINGERPRINT="86936c07" +MINING_PATH_PREFIX="48'/1'/0'/2'" +COINBASE_INDEX="0" +COINBASE_ADDRESS=tb1q3389vh0k8e9fckjft2pxavnw5qy8xpyvfep8nrhfd07jag3z6pdqpuz82a +BITCOIN_CONTAINER="bitcoin-signet" +CHALLENGE_ALLPUBS="wsh(sortedmulti(1,[fca68db6/48'/1'/0'/2']tpubDFeV77XRwb9Lob5tBxtPUpZEu9fsj7xS3roiut4BBPzpVvGCT3SShGWksqUYLqKBrt7xeKmmmgSrgbRiffcoS5KPiqyDWk5Kgvxek52XnNV/0/*,[5df7e4b0/48'/1'/0'/2']tpubDF4ix3sjhgzM7iJVfTUVnx3HJ8kvkAvk36sPv5JmsmQcfPPK5KkHxJSgixZAdcYEsGcvHacm1hW4iLksGoTZocJozuaA2BTNp3GEvW432qu/0/*,[ef9d9ce6/48'/1'/0'/2']tpubDFecZkh4Bn5qutowNUC7huYGQeN9VRbNUauhAEN2ofVPat1zZ2yzYg7aULxsdzh79AFz7rBTVQeu2BsBay88XrFLc5diENj4ibizrwPNMbM/0/*,[86936c07/48'/1'/0'/2']tpubDFUys3FLzC4cEqZsTEJHwmSCbeXSTFdPvisp6uD2XhfZPkTJgwHJdVyUXYcfLRrikRxA2MpBaZWE5kZCtHFc15aVtktsHMrTijDjq2dKRGK/0/*,[7f7d263a/48'/1'/0'/2']tpubDEXXuskdCWjFnHuhjHYiWhcCGkz5YGUAj1THU6BRGhvrmwoKohttocoXTCCE9udffumcou7ZYUR5RNqwHW4kw7Jv2UXUUSKeKqJd9xGmSCs/0/*,[154159b3/48'/1'/0'/2']tpubDE3Nt1GGDjm9b2LNXCsszTgXwHDcpmXYCAsZzR9Uy9suicjmA6RqFezD5o8EWHk1vrztkPreHbYXKqGAdupKJNcKWYViKsQNMfr4uW8vcWq/0/*,[46d93da5/48'/1'/0'/2']tpubDF9n9yTw6Ck34SueKLCbv1djAhShkSoTG2m3kATNXKUi5nJwtJ6URJCg4M1je81fyabsX4t6F2itrQinMuu3cYLbpLbVQwWBUwYA8pPyKdZ/0/*,[d3c3bc8f/48'/1'/0'/2']tpubDFGmZ3HuCwoKMhMV7fMWAG2MBz3zWtvupca6oCys9KwAYKiYMB9NHGNq9qvVgPgDgpDLSiCqnp71f7WsV9N1cLkzsjqW9gxJF9VQ9oSZcj9/0/*,[8e236875/48'/1'/0'/2']tpubDFmB8SZte1hp77FdUn8kbHu7doJzWXaRLNoZ2r7V4x5aQY5dL9AaCmrvUNZSPYHJKeqto8roTvUpwWFazfxHEg5DvMq8br266uuD1JKieWj/0/*,[a3a9eb52/48'/1'/0'/2']tpubDE9uNJtEiu5UTMSEkK5egjKH6pXmw2KSAQQ6AbRqVngdHZuPHwxBeiofypHrGmG1WkvAtgjjn7gmPddzaz3ymQj9m3CDFLGEB6Ao4xqripj/0/*,[d03aacca/48'/1'/0'/2']tpubDFQ8YU5mdgP8kJcwhC9HPRQe6W83FNs3BMVTqq5S4ywanEqhdRkpp2cYpro3XRXKJPi8d1d3m4L2JXWdNQFfs31x37S3zfPpd7pwKEwLAm7/0/*,[ce3600ea/48'/1'/0'/2']tpubDFa2XbnHLcVbGM8NAq1soFJmJqtEeePkXAcWxHL71eWasMJujtrKWeQVp7NHQY5euJL2bFuBkVQHk4uoDrVRfCEELLxJhHuNouPquffbmUy/0/*,[fe898c92/48'/1'/0'/2']tpubDDzSj7jfCzXHnZjYNQV6MTK4iuztXr3SeXrQMWNwNiswTGJFdT9QGyjPWMoYcoPY9HCYbLdcMGiDokrWDWWZEhg8HpbgebenhJujvTzMeeN/0/*,[d33c583b/48'/1'/0'/2']tpubDFAeQcDpVPCyjLujPV1Li9LXJwqDvbmESE7wAMEABhesJM4Lhd8pqMgpDVSmf4cpdsfZbDWkhfyxeyG3SaWcB4MqEqhbseQ8mk41PPHb57T/0/*,[facf6b1f/48'/1'/0'/2']tpubDFBTNmh8E5RA9ehaZg9wCHWZvRMKNawQNmmd6V9SQb3NUW9s9y5iupMmDxAbBFFrytzotW9hu8REgqSFg26Q8mcvBjSAaVz9QcNzmCxRJdv/0/*))" +RELAY_ADDRESS=tb1pdnczsn2gspwq02mc7j2pe50rn67xd56lz7tahcfhgtgj8gp40utq6w6d03 +REWARD_SPLIT_RATIO=0.5 + +MINING_XPRV="tprv8inwidD6qpNwMNY5ZadhYMn62d1WHvSVMRH2pPAj7RsAZGCY4YTiT1McMQSg5DAyijPBZ4HroX83vZQAevQkJSZUVH8kro9JnVbhTPBSAxL"