Update Docker Compose configuration and environment variables

- Add environment variables for sdk_relay (WS_BIND_URL, HEALTH_PORT, HEALTH_BIND_ADDRESS)
- Fix Docker socket mounting for lecoffre-back
- Update documentation and scripts

.env.exemple

@@ -51,7 +51,7 @@ SIGNER_BASE_URL=https://dev3.4nkweb.com
 
 # IHM URLS
 # VITE_BOOTSTRAPURL=http://sdk_relay:8090/
-VITE_BOOTSTRAPURL=https://dev4.4nkweb.com/ws/
+VITE_BOOTSTRAPURL=https://dev3.4nkweb.com/ws/
 
 # Cartes de test Stripe
 SUCCES='4242 4242 4242 4242'

conf/nginx/dev4.4nkweb.com.conf

@@ -98,6 +98,15 @@ server {
         proxy_read_timeout 300;
     }
 
+    # API de transfert de fonds
+    location /api/v1/funds/ {
+        proxy_pass http://127.0.0.1:8080/api/v1/funds/;
+        include /etc/nginx/proxy_params;
+        proxy_read_timeout 300;
+        proxy_connect_timeout 300;
+        proxy_send_timeout 300;
+    }
+
     # ihm_client (root)
     location / {
         proxy_pass http://127.0.0.1:3003;

conf/nginx/dev4.4nkweb.com.conf.backup

@@ -0,0 +1,161 @@
+# HTTP server for ACME and initial proxying
+server {
+    listen 80;
+    server_name dev4.4nkweb.com;
+
+    # Forcer l'upgrade des requêtes HTTP en HTTPS pour éviter les contenus mixtes
+    add_header Content-Security-Policy "upgrade-insecure-requests" always;
+
+    # ACME HTTP-01 challenges
+    location /.well-known/acme-challenge/ {
+        root /var/www/letsencrypt;
+    }
+
+    # API backend - route /back/ vers /api/ du backend
+    location ~* ^/back/(.*)$ {
+        proxy_pass http://127.0.0.1:8080/api/$1;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Connection "";
+        proxy_buffering off;
+    }
+
+    # API direct - route /api/ vers le backend
+    # Autorisations CORS dynamiques pour origines connues
+    set $cors_origin "";
+    if ($http_origin ~* ^(http://local\.4nkweb\.com:3000|https://dev4\.4nkweb\.com)$) {
+        set $cors_origin $http_origin;
+    }
+
+    location /api/ {
+        # CORS pour développement local Next.js
+        proxy_hide_header Access-Control-Allow-Origin;
+        proxy_hide_header Access-Control-Allow-Credentials;
+        proxy_hide_header Access-Control-Allow-Headers;
+        proxy_hide_header Access-Control-Allow-Methods;
+
+        if ($request_method = OPTIONS) {
+            add_header Access-Control-Allow-Origin $cors_origin always;
+            add_header Access-Control-Allow-Credentials "true" always;
+            add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
+            add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
+            return 204;
+        }
+
+        add_header Access-Control-Allow-Origin $cors_origin always;
+        add_header Access-Control-Allow-Credentials "true" always;
+        add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
+        add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
+
+        proxy_pass http://127.0.0.1:8080/api/;
+        include /etc/nginx/proxy_params;
+        proxy_read_timeout 300;
+        proxy_connect_timeout 300;
+        proxy_send_timeout 300;
+    }
+
+    # Compat: certains clients appellent /apiv1 -> réécriture vers /api/v1
+    location ~* ^/apiv1/(.*)$ {
+        # CORS pour compatibilité
+        proxy_hide_header Access-Control-Allow-Origin;
+        proxy_hide_header Access-Control-Allow-Credentials;
+        proxy_hide_header Access-Control-Allow-Headers;
+        proxy_hide_header Access-Control-Allow-Methods;
+
+        if ($request_method = OPTIONS) {
+            add_header Access-Control-Allow-Origin $cors_origin always;
+            add_header Access-Control-Allow-Credentials "true" always;
+            add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
+            add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
+            return 204;
+        }
+
+        add_header Access-Control-Allow-Origin $cors_origin always;
+        add_header Access-Control-Allow-Credentials "true" always;
+        add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
+        add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
+
+        proxy_pass http://127.0.0.1:8080/api/v1/$1;
+        include /etc/nginx/proxy_params;
+        proxy_read_timeout 300;
+        proxy_connect_timeout 300;
+        proxy_send_timeout 300;
+    }
+
+    # WebSocket relay (sdk_relay)
+    location /ws/ {
+        proxy_pass http://127.0.0.1:8090/;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_read_timeout 300;
+    }
+
+    # ihm_client (root)
+    location / {
+        proxy_pass http://127.0.0.1:3003;
+        include /etc/nginx/proxy_params;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_read_timeout 300;
+    }
+
+    # favicon
+    location = /favicon.ico {
+        root /home/debian/lecoffre_node/conf/nginx/assets;
+        try_files /favicon.ico =404;
+        access_log off;
+        expires 30d;
+    }
+
+    # lecoffre frontend
+    location = /lecoffre {
+        proxy_pass http://127.0.0.2:3004/lecoffre;
+        include /etc/nginx/proxy_params;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Proto http;
+    }
+
+    location /lecoffre/ {
+        proxy_pass http://127.0.0.2:3004/lecoffre/;
+        include /etc/nginx/proxy_params;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Proto http;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_read_timeout 300;
+    }
+
+    # Next.js assets
+    location /_next/ {
+        proxy_pass http://127.0.0.2:3004/_next/;
+        include /etc/nginx/proxy_params;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Proto http;
+    }
+
+    # blindbit
+    location /blindbit/ {
+        proxy_pass http://127.0.0.1:8000/;
+        include /etc/nginx/proxy_params;
+    }
+
+    # signer (sdk_signer) avec support WebSocket
+    location /signer/ {
+        proxy_pass http://127.0.0.1:3001/;
+        include /etc/nginx/proxy_params;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_read_timeout 300;
+    }
+}

docker-compose.yml.backup

@@ -50,7 +50,7 @@ services:
         aliases:
           - blindbit
     ports:
-      - "127.0.0.1:8000:8000"
+      - "0.0.0.0:8000:8000"
     healthcheck:
       test: ["CMD-SHELL", "code=$(curl -s -o /dev/null -w '%{http_code}' http://localhost:8000/tweaks/1); [ \"$$code\" != \"000\" ]"]
       interval: 15s
@@ -69,8 +69,8 @@ services:
       - sdk_data:/home/bitcoin/.4nk
       - bitcoin_data:/home/bitcoin/.bitcoin
     ports:
-      - "127.0.0.1:8090:8090"
+      - "0.0.0.0:8090:8090"
-      - "127.0.0.1:8091:8091"
+      - "0.0.0.0:8091:8091"
     networks:
       btcnet:
         aliases:
@@ -97,7 +97,7 @@ services:
     env_file:
       - .env
     ports:
-      - "127.0.0.1:8080:8080"
+      - "0.0.0.0:8080:8080"
     networks:
       btcnet:
         aliases:
@@ -159,7 +159,7 @@ services:
     environment:
       - VITE_BOOTSTRAPURL=wss://dev4.4nkweb.com/ws/
     ports:
-      - "127.0.0.1:3003:3003"
+      - "0.0.0.0:3003:3003"
     networks:
       btcnet:
         aliases:
@@ -187,7 +187,7 @@ services:
     image: git.4nkweb.com/4nk/sdk_signer:latest
     container_name: sdk_signer
     ports:
-      - "127.0.0.1:3001:3001"
+      - "0.0.0.0:3001:3001"
     networks:
       btcnet:
         aliases:
@@ -206,7 +206,7 @@ services:
     image: git.4nkweb.com/4nk/sdk_storage:ext
     container_name: sdk_storage
     ports:
-      - "127.0.0.1:8081:8081"
+      - "0.0.0.0:8081:8081"
     networks:
       btcnet:
         aliases:

miner/.env.backup

@@ -0,0 +1,18 @@
+# Variables d'environnement pour le miner Signet
+RPC_HOST="bitcoin"
+RPC_PORT="38332"
+WATCHONLY_WALLET="watchonly"
+MINING_WALLET="mining_mnemonic"
+MINER_TAG="lecoffre"
+SIGNET_CHALLENGE="0020341c43803863c252df326e73574a27d7e19322992061017b0dc893e2eab90821"
+SIGNET_MAGIC="b066463d"
+MINING_FINGERPRINT="86936c07"
+MINING_PATH_PREFIX="48'/1'/0'/2'"
+COINBASE_INDEX="0"
+COINBASE_ADDRESS=tb1q3389vh0k8e9fckjft2pxavnw5qy8xpyvfep8nrhfd07jag3z6pdqpuz82a
+BITCOIN_CONTAINER="bitcoin-signet"
+CHALLENGE_ALLPUBS="wsh(sortedmulti(1,[fca68db6/48'/1'/0'/2']tpubDFeV77XRwb9Lob5tBxtPUpZEu9fsj7xS3roiut4BBPzpVvGCT3SShGWksqUYLqKBrt7xeKmmmgSrgbRiffcoS5KPiqyDWk5Kgvxek52XnNV/0/*,[5df7e4b0/48'/1'/0'/2']tpubDF4ix3sjhgzM7iJVfTUVnx3HJ8kvkAvk36sPv5JmsmQcfPPK5KkHxJSgixZAdcYEsGcvHacm1hW4iLksGoTZocJozuaA2BTNp3GEvW432qu/0/*,[ef9d9ce6/48'/1'/0'/2']tpubDFecZkh4Bn5qutowNUC7huYGQeN9VRbNUauhAEN2ofVPat1zZ2yzYg7aULxsdzh79AFz7rBTVQeu2BsBay88XrFLc5diENj4ibizrwPNMbM/0/*,[86936c07/48'/1'/0'/2']tpubDFUys3FLzC4cEqZsTEJHwmSCbeXSTFdPvisp6uD2XhfZPkTJgwHJdVyUXYcfLRrikRxA2MpBaZWE5kZCtHFc15aVtktsHMrTijDjq2dKRGK/0/*,[7f7d263a/48'/1'/0'/2']tpubDEXXuskdCWjFnHuhjHYiWhcCGkz5YGUAj1THU6BRGhvrmwoKohttocoXTCCE9udffumcou7ZYUR5RNqwHW4kw7Jv2UXUUSKeKqJd9xGmSCs/0/*,[154159b3/48'/1'/0'/2']tpubDE3Nt1GGDjm9b2LNXCsszTgXwHDcpmXYCAsZzR9Uy9suicjmA6RqFezD5o8EWHk1vrztkPreHbYXKqGAdupKJNcKWYViKsQNMfr4uW8vcWq/0/*,[46d93da5/48'/1'/0'/2']tpubDF9n9yTw6Ck34SueKLCbv1djAhShkSoTG2m3kATNXKUi5nJwtJ6URJCg4M1je81fyabsX4t6F2itrQinMuu3cYLbpLbVQwWBUwYA8pPyKdZ/0/*,[d3c3bc8f/48'/1'/0'/2']tpubDFGmZ3HuCwoKMhMV7fMWAG2MBz3zWtvupca6oCys9KwAYKiYMB9NHGNq9qvVgPgDgpDLSiCqnp71f7WsV9N1cLkzsjqW9gxJF9VQ9oSZcj9/0/*,[8e236875/48'/1'/0'/2']tpubDFmB8SZte1hp77FdUn8kbHu7doJzWXaRLNoZ2r7V4x5aQY5dL9AaCmrvUNZSPYHJKeqto8roTvUpwWFazfxHEg5DvMq8br266uuD1JKieWj/0/*,[a3a9eb52/48'/1'/0'/2']tpubDE9uNJtEiu5UTMSEkK5egjKH6pXmw2KSAQQ6AbRqVngdHZuPHwxBeiofypHrGmG1WkvAtgjjn7gmPddzaz3ymQj9m3CDFLGEB6Ao4xqripj/0/*,[d03aacca/48'/1'/0'/2']tpubDFQ8YU5mdgP8kJcwhC9HPRQe6W83FNs3BMVTqq5S4ywanEqhdRkpp2cYpro3XRXKJPi8d1d3m4L2JXWdNQFfs31x37S3zfPpd7pwKEwLAm7/0/*,[ce3600ea/48'/1'/0'/2']tpubDFa2XbnHLcVbGM8NAq1soFJmJqtEeePkXAcWxHL71eWasMJujtrKWeQVp7NHQY5euJL2bFuBkVQHk4uoDrVRfCEELLxJhHuNouPquffbmUy/0/*,[fe898c92/48'/1'/0'/2']tpubDDzSj7jfCzXHnZjYNQV6MTK4iuztXr3SeXrQMWNwNiswTGJFdT9QGyjPWMoYcoPY9HCYbLdcMGiDokrWDWWZEhg8HpbgebenhJujvTzMeeN/0/*,[d33c583b/48'/1'/0'/2']tpubDFAeQcDpVPCyjLujPV1Li9LXJwqDvbmESE7wAMEABhesJM4Lhd8pqMgpDVSmf4cpdsfZbDWkhfyxeyG3SaWcB4MqEqhbseQ8mk41PPHb57T/0/*,[facf6b1f/48'/1'/0'/2']tpubDFBTNmh8E5RA9ehaZg9wCHWZvRMKNawQNmmd6V9SQb3NUW9s9y5iupMmDxAbBFFrytzotW9hu8REgqSFg26Q8mcvBjSAaVz9QcNzmCxRJdv/0/*))"
+RELAY_ADDRESS=tb1pdnczsn2gspwq02mc7j2pe50rn67xd56lz7tahcfhgtgj8gp40utq6w6d03
+REWARD_SPLIT_RATIO=0.5
+
+MINING_XPRV="tprv8inwidD6qpNwMNY5ZadhYMn62d1WHvSVMRH2pPAj7RsAZGCY4YTiT1McMQSg5DAyijPBZ4HroX83vZQAevQkJSZUVH8kro9JnVbhTPBSAxL"