diff --git a/.cursor/backup/dev4.4nkweb.com.conf.bak_1758126832 b/.cursor/backup/dev4.4nkweb.com.conf.bak_1758126832 new file mode 100644 index 0000000..94c400d --- /dev/null +++ b/.cursor/backup/dev4.4nkweb.com.conf.bak_1758126832 @@ -0,0 +1,337 @@ +# HTTP server for ACME and initial proxying +# HTTP server for ACME and initial proxying +server { +server { + listen 80; + listen 80; + server_name dev4.4nkweb.com; + server_name dev4.4nkweb.com; + + + # ACME HTTP-01 challenges + # ACME HTTP-01 challenges + location /.well-known/acme-challenge/ { + location /.well-known/acme-challenge/ { + root /var/www/letsencrypt; + root /var/www/letsencrypt; + } + } + + + # ihm_client (root) + # ihm_client (root) + location / { + location / { + proxy_pass http://127.0.0.1:3003; + proxy_pass http://127.0.0.1:3003; + include /etc/nginx/proxy_params; + include /etc/nginx/proxy_params; + proxy_http_version 1.1; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 300; + proxy_read_timeout 300; + } + } + + + # Favicon (global) + # Favicon (global) + location = /favicon.ico { + location = /favicon.ico { + root /home/debian/lecoffre_node/conf/nginx/assets; + root /home/debian/lecoffre_node/conf/nginx/assets; + try_files /favicon.ico =404; + try_files /favicon.ico =404; + access_log off; + access_log off; + expires 30d; + expires 30d; + } + } + + + # lecoffre-front + # lecoffre-front + location = /lecoffre { + location = /lecoffre { + proxy_pass http://127.0.0.2:3004/lecoffre; + proxy_pass http://127.0.0.2:3004/lecoffre; + include /etc/nginx/proxy_params; + include /etc/nginx/proxy_params; + proxy_set_header Host $host; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Prefix /lecoffre; + proxy_set_header X-Forwarded-Prefix /lecoffre; + proxy_read_timeout 300; + proxy_read_timeout 300; + } + } + location /lecoffre/ { + location /lecoffre/ { + proxy_pass http://127.0.0.2:3004; + proxy_pass http://127.0.0.2:3004; + include /etc/nginx/proxy_params; + include /etc/nginx/proxy_params; + proxy_set_header Host $host; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Prefix /lecoffre; + proxy_set_header X-Forwarded-Prefix /lecoffre; + proxy_read_timeout 300; + proxy_read_timeout 300; + } + } + + + # Next.js assets and HMR under basePath + # Next.js assets and HMR under basePath + location /lecoffre/_next/webpack-hmr { + location /lecoffre/_next/webpack-hmr { + proxy_http_version 1.1; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-Proto http; + proxy_buffering off; + proxy_buffering off; + proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr; + proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr; + proxy_read_timeout 600s; + proxy_read_timeout 600s; + } + } + + + location /lecoffre/_next/ { + location /lecoffre/_next/ { + proxy_pass http://127.0.0.2:3004/lecoffre/_next/; + proxy_pass http://127.0.0.2:3004/lecoffre/_next/; + include /etc/nginx/proxy_params; + include /etc/nginx/proxy_params; + proxy_read_timeout 300; + proxy_read_timeout 300; + } + } + + + # Favicon sous /lecoffre + # Favicon sous /lecoffre + location = /lecoffre/favicon.ico { + location = /lecoffre/favicon.ico { + root /home/debian/lecoffre_node/conf/nginx/assets; + root /home/debian/lecoffre_node/conf/nginx/assets; + try_files /favicon.ico =404; + try_files /favicon.ico =404; + access_log off; + access_log off; + expires 30d; + expires 30d; + } + } + + + # Next.js assets (served at root by the app) + # Next.js assets (served at root by the app) + location /_next/ { + location /_next/ { + proxy_pass http://127.0.0.2:3004/_next/; + proxy_pass http://127.0.0.2:3004/_next/; + include /etc/nginx/proxy_params; + include /etc/nginx/proxy_params; + proxy_read_timeout 300; + proxy_read_timeout 300; + } + } + + + # API backend + # API backend + location /back/ { + rewrite ^\/back\/(.*)$ \/api\/\1 break; + proxy_pass http:\/\/127.0.0.1:8080; + location /back/ { + location /back/ { + rewrite ^\/back\/(.*)$ \/api\/\1 break; + proxy_pass http:\/\/127.0.0.1:8080; + location /back/ { + proxy_pass http://127.0.0.1:8080/back/; + proxy_http_version 1.1; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_set_header Connection ""; + proxy_buffering off; + proxy_buffering off; + } + } + + + # API alias → même backend que /back + # API alias → même backend que /back + location /api/ { + location /api/ { + proxy_pass http://127.0.0.1:8080/; + proxy_pass http://127.0.0.1:8080/; + include /etc/nginx/proxy_params; + include /etc/nginx/proxy_params; + proxy_read_timeout 300; + proxy_read_timeout 300; + } + } + + + # blindbit + # blindbit + location /blindbit/ { + location /blindbit/ { + proxy_pass http://127.0.0.1:8000/; + proxy_pass http://127.0.0.1:8000/; + include /etc/nginx/proxy_params; + include /etc/nginx/proxy_params; + proxy_read_timeout 300; + proxy_read_timeout 300; + } + } + + + # signer (sdk_signer) avec support WebSocket + # signer (sdk_signer) avec support WebSocket + location /signer/ { + location /signer/ { + proxy_http_version 1.1; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-Proto http; + proxy_pass http://127.0.0.1:3001/; + proxy_pass http://127.0.0.1:3001/; + proxy_read_timeout 600s; + proxy_read_timeout 600s; + proxy_buffering off; + proxy_buffering off; + } + } + + + # storage (sdk_storage) + # storage (sdk_storage) + location /storage/ { + location /storage/ { + proxy_pass http://127.0.0.1:8081/; + proxy_pass http://127.0.0.1:8081/; + include /etc/nginx/proxy_params; + include /etc/nginx/proxy_params; + proxy_read_timeout 300; + proxy_read_timeout 300; + } + } + + + # WebSocket relay on /ws → 8090 + # WebSocket relay on /ws → 8090 + location = /ws { + location = /ws { + proxy_http_version 1.1; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_buffering off; + proxy_buffering off; + proxy_pass http://127.0.0.1:8090/; + proxy_pass http://127.0.0.1:8090/; + proxy_read_timeout 600s; + proxy_read_timeout 600s; + } + } + + + location /ws/ { + location /ws/ { + proxy_http_version 1.1; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_buffering off; + proxy_buffering off; + # Strip /ws prefix when proxying to backend root + # Strip /ws prefix when proxying to backend root + proxy_pass http://127.0.0.1:8090/; + proxy_pass http://127.0.0.1:8090/; + proxy_read_timeout 600s; + proxy_read_timeout 600s; + } + } + + + # Next.js HMR websocket for lecoffre-front + # Next.js HMR websocket for lecoffre-front + location /_next/webpack-hmr { + location /_next/webpack-hmr { + proxy_http_version 1.1; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-Proto http; + proxy_buffering off; + proxy_buffering off; + proxy_pass http://127.0.0.2:3004/_next/webpack-hmr; + proxy_pass http://127.0.0.2:3004/_next/webpack-hmr; + proxy_read_timeout 300; + proxy_read_timeout 300; + } + } +} +} diff --git a/.cursor/backup/dev4.4nkweb.com.conf.broken_1758127192 b/.cursor/backup/dev4.4nkweb.com.conf.broken_1758127192 new file mode 100644 index 0000000..5605916 --- /dev/null +++ b/.cursor/backup/dev4.4nkweb.com.conf.broken_1758127192 @@ -0,0 +1,75 @@ +# HTTP server for ACME and initial proxying +server { + listen 80; + server_name dev4.4nkweb.com; + + # ACME HTTP-01 challenges + location /.well-known/acme-challenge/ { + root /var/www/letsencrypt; + } + # ihm_client (root) + + # API direct - route /api/ vers le backend + location /api/ { + proxy_pass http://127.0.0.1:8080/api/; + include /etc/nginx/proxy_params; + proxy_read_timeout 300; + proxy_connect_timeout 300; + proxy_send_timeout 300; + } + + # API backend - route /back/ vers /api/ du backend + location ~* ^/back/(.*)$ { + proxy_pass http://127.0.0.1:8080/api/$1; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_buffering off; + } + + # API direct - route /api/ vers le backend + location /api/ { + proxy_pass http://127.0.0.1:8080/api/; + include /etc/nginx/proxy_params; + proxy_read_timeout 300; + proxy_connect_timeout 300; + proxy_send_timeout 300; + } + + location / { + proxy_pass http://127.0.0.1:3003; + include /etc/nginx/proxy_params; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 300; + # Favicon (global) + location = /favicon.ico { + root /home/debian/lecoffre_node/conf/nginx/assets; + try_files /favicon.ico =404; + access_log off; + expires 30d; + # lecoffre-front + location = /lecoffre { + proxy_pass http://127.0.0.2:3004/lecoffre; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Prefix /lecoffre; + location /lecoffre/ { + proxy_pass http://127.0.0.2:3004; + # Next.js assets and HMR under basePath + location /lecoffre/_next/webpack-hmr { + proxy_buffering off; + proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr; + proxy_read_timeout 600s; + location /lecoffre/_next/ { + proxy_pass http://127.0.0.2:3004/lecoffre/_next/; + # Favicon sous /lecoffre + location = /lecoffre/favicon.ico { + # Next.js assets (served at root by the app) + location /_next/ { + proxy_pass http://127.0.0.2:3004/_next/; diff --git a/.cursor/backup/ssl-dev4.4nkweb.com.conf.bak_1758127242 b/.cursor/backup/ssl-dev4.4nkweb.com.conf.bak_1758127242 new file mode 100644 index 0000000..b58f7fb --- /dev/null +++ b/.cursor/backup/ssl-dev4.4nkweb.com.conf.bak_1758127242 @@ -0,0 +1,84 @@ +server { + listen 443 ssl http2; + server_name dev4.4nkweb.com; + ssl_certificate /etc/letsencrypt/live/dev4.4nkweb.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/dev4.4nkweb.com/privkey.pem; + include /etc/nginx/proxy_params; + + # API backend + location /back/ { + proxy_pass http://127.0.0.1:8080/back/; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_buffering off; + } + # Root → ihm_client + location / { + proxy_pass http://127.0.0.1:3003; + include /etc/nginx/proxy_params; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 300; + } + + # lecoffre-front (préserver le préfixe) + location = /lecoffre { + proxy_pass http://127.0.0.2:3004; + include /etc/nginx/proxy_params; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Prefix /lecoffre; + proxy_read_timeout 300; + } + location /lecoffre/ { + proxy_pass http://127.0.0.2:3004; + include /etc/nginx/proxy_params; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Prefix /lecoffre; + proxy_read_timeout 300; + } + + # Next.js assets sous basePath + location /lecoffre/_next/webpack-hmr { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto https; + proxy_buffering off; + proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr; + proxy_read_timeout 600s; + } + location /lecoffre/_next/ { + proxy_pass http://127.0.0.2:3004/lecoffre/_next/; + include /etc/nginx/proxy_params; + proxy_read_timeout 300; + } + + # signer (sdk_signer) avec support WebSocket + location /signer/ { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto https; + proxy_pass http://127.0.0.1:3001/; + proxy_read_timeout 600s; + proxy_buffering off; + } + + # Next.js assets au root si nécessaire + location /_next/ { + proxy_pass http://127.0.0.2:3004/_next/; + include /etc/nginx/proxy_params; + proxy_read_timeout 300; + } +} diff --git a/.cursor/nginx_fix.conf b/.cursor/nginx_fix.conf new file mode 100644 index 0000000..54e00d2 --- /dev/null +++ b/.cursor/nginx_fix.conf @@ -0,0 +1,20 @@ + # API backend - route /back/ vers /api/ du backend + location ~* ^/back/(.*)$ { + proxy_pass http://127.0.0.1:8080/api/$1; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_buffering off; + } + + # API direct - route /api/ vers le backend + location /api/ { + proxy_pass http://127.0.0.1:8080/api/; + include /etc/nginx/proxy_params; + proxy_read_timeout 300; + proxy_connect_timeout 300; + proxy_send_timeout 300; + } diff --git a/.env.exemple b/.env.exemple index 5cf2517..405d73b 100644 --- a/.env.exemple +++ b/.env.exemple @@ -39,8 +39,6 @@ NEXT_PUBLIC_DOCAPOSTE_API_URL= NEXT_PUBLIC_API_URL=https://dev4.4nkweb.com/api NEXT_PUBLIC_DEFAULT_VALIDATOR_ID=28c9a3a8151bef545ebf700ca5222c63d0031ad593097e95c1de202464304a99 NEXT_PUBLIC_DEFAULT_STORAGE_URLS=https://dev4.4nkweb.com/storage -NEXT_PUBLIC_HOTJAR_SITE_ID=0 -NEXT_PUBLIC_HOTJAR_VERSION= SIGNER_BASE_URL=https://dev3.4nkweb.com/signer/ # WS diff --git a/conf/nginx/dev4.4nkweb.com-https.conf b/conf/nginx/dev4.4nkweb.com-https.conf index 8461656..c375edc 100644 --- a/conf/nginx/dev4.4nkweb.com-https.conf +++ b/conf/nginx/dev4.4nkweb.com-https.conf @@ -5,27 +5,6 @@ server { ssl_certificate_key /etc/letsencrypt/live/dev4.4nkweb.com/privkey.pem; include /etc/nginx/proxy_params; - # API backend - route /back/ vers /api/ du backend - location ~* ^/back/(.*)$ { - proxy_pass http://127.0.0.1:8080/api/$1; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Connection ""; - proxy_buffering off; - } - - # API direct - route /api/ vers le backend - location /api/ { - proxy_pass http://127.0.0.1:8080/api/; - include /etc/nginx/proxy_params; - proxy_read_timeout 300; - proxy_connect_timeout 300; - proxy_send_timeout 300; - } - # Root → ihm_client location / { proxy_pass http://127.0.0.1:3003; diff --git a/docker-compose.yml b/docker-compose.yml index f841272..789680d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -127,7 +127,7 @@ services: restart: unless-stopped ihm_client: - image: git.4nkweb.com/4nk/ihm_client:dev + image: git.4nkweb.com/4nk/ihm_client:ext container_name: ihm_client env_file: - .env diff --git a/docs/analyse.md b/docs/analyse.md new file mode 100644 index 0000000..5dc0f45 --- /dev/null +++ b/docs/analyse.md @@ -0,0 +1,27 @@ +### Objet +Analyse synthétique de l’orchestrateur `lecoffre_node` (Docker Compose + Nginx locaux). + +### Services et ordre de démarrage +- **tor** → **bitcoin** → **blindbit** → **sdk_relay** → **sdk_signer**/**sdk_storage** → **ihm_client** → **lecoffre-back** → **lecoffre-front** + +### Détails par service (extraits) +- **bitcoin**: image `git.4nkweb.com/4nk/bitcoin:latest`, volume `4nk_node_bitcoin_data`, healthcheck `getblockchaininfo` +- **blindbit**: oracle, ports `127.0.0.1:8000`, healthcheck HTTP, dépend de `bitcoin` +- **sdk_relay**: ports `127.0.0.1:8090`, logs vers `/home/bitcoin/.4nk/logs/sdk_relay.log`, healthcheck `/health` +- **lecoffre-back**: image `git.4nkweb.com/4nk/lecoffre-back-mini:ext`, ports `127.0.0.1:8080` +- **lecoffre-front**: image `git.4nkweb.com/4nk/lecoffre-front:ext`, ports `127.0.0.2:3004:3000` +- **sdk_signer**: ports `127.0.0.1:3001` +- **sdk_storage**: ports `127.0.0.1:8081` +- **watchtower**: mise à jour images via labels + +### Réseau et volumes +- **Réseau**: `btcnet` (bridge) avec IPAM `172.20.0.0/16` +- **Volumes**: `4nk_node_bitcoin_data`, `blindbit_data`, `sdk_data` + +### Nginx local +- **Conf**: `conf/nginx/*` (vhosts locaux et dev4) pour proxy et basePath `/lecoffre` + +### Points d’attention +- **Tags d’images**: homogénéiser (`latest`, `dev`, `ext`) selon politique CI +- **Exposition locale**: vérif des binds `127.0.0.1` vs `127.0.0.2` +- **Watchtower**: intervalle 30s, labels présents sur services applicatifs diff --git a/docs/env_matrix.md b/docs/env_matrix.md new file mode 100644 index 0000000..9a89f34 --- /dev/null +++ b/docs/env_matrix.md @@ -0,0 +1,65 @@ +### Objet +Matrice des variables d’environnement pour `lecoffre-front`, `lecoffre-back-mini` et orchestrations `lecoffre_node`, avec cohérence Nginx/basePath. + +### Variables côté Front (Next.js) +- **Exposition**: `NEXT_PUBLIC_*` via `next.config.js` (env/publicRuntimeConfig/serverRuntimeConfig) +- **Consommation**: `src/front/Config/VariablesFront.ts` et services API + +- NEXT_PUBLIC_BACK_API_PROTOCOL: protocole back (ex: `http`) +- NEXT_PUBLIC_BACK_API_HOST: hôte back (ex: `127.0.0.1` ou `dev4.4nkweb.com`) +- NEXT_PUBLIC_BACK_API_PORT: port back (ex: `8080`) +- NEXT_PUBLIC_BACK_API_ROOT_URL: préfixe API (ex: `/api`) +- NEXT_PUBLIC_BACK_API_VERSION: version API (ex: `/v1`) +- NEXT_PUBLIC_FRONT_APP_HOST: URL publique du front (utilisée pour ID.not redirect) +- NEXT_PUBLIC_FRONT_APP_PORT: port front si nécessaire +- NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT: endpoint authorize (ex: `/user/auth`) +- NEXT_PUBLIC_IDNOT_CLIENT_ID: client_id ID.not +- NEXT_PUBLIC_IDNOT_BASE_URL: base URL ID.not +- NEXT_PUBLIC_IDNOT_REDIRECT_URI: redirect URI explicite; fallback vers `${FRONT_APP_HOST}/authorized-client` +- NEXT_PUBLIC_DOCAPOSTE_API_URL: base API Docaposte +- NEXT_PUBLIC_HOTJAR_SITE_ID / NEXT_PUBLIC_HOTJAR_VERSION: télémétrie +- NEXT_PUBLIC_4NK_URL / NEXT_PUBLIC_4NK_IFRAME_URL: intégrations 4NK +- NEXT_PUBLIC_API_URL: éventuellement raccourci général d’API +- NEXT_PUBLIC_DEFAULT_VALIDATOR_ID / NEXT_PUBLIC_DEFAULT_STORAGE_URLS: valeurs par défaut SDK + +### Variables côté Back (Express) +- PORT: port d’écoute (défaut 8080) +- DEFAULT_STORAGE: URL de stockage par défaut (défaut `https://dev3.4nkweb.com/storage`) +- APP_HOST: URL front (défaut `http://localhost:3000`) – utilisé aussi par `stripe` +- STRIPE_SECRET_KEY / STRIPE_WEBHOOK_SECRET +- IDNOT_CLIENT_ID / IDNOT_CLIENT_SECRET / IDNOT_REDIRECT_URI / IDNOT_TOKEN_URL +- IDNOT_API_KEY / IDNOT_API_BASE_URL / IDNOT_ANNUARY_BASE_URL + +### Orchestration Docker / Nginx (lecoffre_node) +- Compose publie: + - `lecoffre-back`: `127.0.0.1:8080` (proxy Nginx `/api/` et `/back/`) + - `lecoffre-front`: `127.0.0.2:3004` (front Next.js) + - Services SDK: `sdk_relay` (8090), `sdk_signer` (3001), `sdk_storage` (8081), `blindbit` (8000) +- Nginx `dev4.4nkweb.com.conf`: + - `/api/` → `http://127.0.0.1:8080/api/` + - `/back/(.*)` → `http://127.0.0.1:8080/api/$1` + - `/` → `http://127.0.0.1:3003` (ihm_client) + - `/lecoffre` et `/lecoffre/` → `http://127.0.0.2:3004/lecoffre/` + - `/_next/` → `http://127.0.0.2:3004/_next/` + +### Cohérence basePath Nginx/Next +- Next.js `basePath: '/lecoffre'` (voir `next.config.js`) +- Nginx proxy `/lecoffre` et `/_next/` vers le front sur 3004 +- Impacts: routes, assets statiques, liens internes doivent inclure le `basePath` + +### Qui consomme quoi +- Front: + - API back: `NEXT_PUBLIC_BACK_API_*` utilisés par `BaseApiService`, `Auth` (IdNot), Admin APIs (Subscriptions, Stripe) + - ID.not: `NEXT_PUBLIC_IDNOT_*` via `Auth` et composants de login + - Télémétrie/Intégrations: Hotjar, Docaposte, 4NK +- Back: + - ID.not: `IDNOT_*` (auth, user/office, annuaire) + - Stripe: `STRIPE_*` (routes `/subscriptions/*`, webhook) + - Réseau front: `APP_HOST` pour callbacks/URLs +- Nginx/Compose: + - Route HTTP publique et correspondances de ports/containers + +### Recommandations +- Aligner `APP_HOST` (back) avec l’URL publique réelle du front (incluant basePath dans les redirections si nécessaire) +- Vérifier que `NEXT_PUBLIC_*` ne contiennent aucun secret +- Centraliser un `.env`/CI par environnement (local/dev/staging/prod) et lister explicitement les valeurs attendues