4nk/lecoffre_node
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ci: docker_tag=ext

Browse Source 
Nginx dev4: /back en HTTPS, recap routage, tests, vhosts locaux 3000
This commit is contained in:
Nicolas Cantu 2025-09-18 10:28:38 +00:00
parent b598068518
commit af89806d40
9 changed files with 609 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

337
.cursor/backup/dev4.4nkweb.com.conf.bak_1758126832 Normal file
View File

@ -0,0 +1,337 @@
# HTTP server for ACME and initial proxying
# HTTP server for ACME and initial proxying
server {
server {
listen 80;
listen 80;
server_name dev4.4nkweb.com;
server_name dev4.4nkweb.com;
# ACME HTTP-01 challenges
# ACME HTTP-01 challenges
location /.well-known/acme-challenge/ {
location /.well-known/acme-challenge/ {
root /var/www/letsencrypt;
root /var/www/letsencrypt;
}
}
# ihm_client (root)
# ihm_client (root)
location / {
location / {
proxy_pass http://127.0.0.1:3003;
proxy_pass http://127.0.0.1:3003;
include /etc/nginx/proxy_params;
include /etc/nginx/proxy_params;
proxy_http_version 1.1;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
proxy_read_timeout 300;
}
}
# Favicon (global)
# Favicon (global)
location = /favicon.ico {
location = /favicon.ico {
root /home/debian/lecoffre_node/conf/nginx/assets;
root /home/debian/lecoffre_node/conf/nginx/assets;
try_files /favicon.ico =404;
try_files /favicon.ico =404;
access_log off;
access_log off;
expires 30d;
expires 30d;
}
}
# lecoffre-front
# lecoffre-front
location = /lecoffre {
location = /lecoffre {
proxy_pass http://127.0.0.2:3004/lecoffre;
proxy_pass http://127.0.0.2:3004/lecoffre;
include /etc/nginx/proxy_params;
include /etc/nginx/proxy_params;
proxy_set_header Host $host;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Prefix /lecoffre;
proxy_set_header X-Forwarded-Prefix /lecoffre;
proxy_read_timeout 300;
proxy_read_timeout 300;
}
}
location /lecoffre/ {
location /lecoffre/ {
proxy_pass http://127.0.0.2:3004;
proxy_pass http://127.0.0.2:3004;
include /etc/nginx/proxy_params;
include /etc/nginx/proxy_params;
proxy_set_header Host $host;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Prefix /lecoffre;
proxy_set_header X-Forwarded-Prefix /lecoffre;
proxy_read_timeout 300;
proxy_read_timeout 300;
}
}
# Next.js assets and HMR under basePath
# Next.js assets and HMR under basePath
location /lecoffre/_next/webpack-hmr {
location /lecoffre/_next/webpack-hmr {
proxy_http_version 1.1;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Proto http;
proxy_buffering off;
proxy_buffering off;
proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr;
proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr;
proxy_read_timeout 600s;
proxy_read_timeout 600s;
}
}
location /lecoffre/_next/ {
location /lecoffre/_next/ {
proxy_pass http://127.0.0.2:3004/lecoffre/_next/;
proxy_pass http://127.0.0.2:3004/lecoffre/_next/;
include /etc/nginx/proxy_params;
include /etc/nginx/proxy_params;
proxy_read_timeout 300;
proxy_read_timeout 300;
}
}
# Favicon sous /lecoffre
# Favicon sous /lecoffre
location = /lecoffre/favicon.ico {
location = /lecoffre/favicon.ico {
root /home/debian/lecoffre_node/conf/nginx/assets;
root /home/debian/lecoffre_node/conf/nginx/assets;
try_files /favicon.ico =404;
try_files /favicon.ico =404;
access_log off;
access_log off;
expires 30d;
expires 30d;
}
}
# Next.js assets (served at root by the app)
# Next.js assets (served at root by the app)
location /_next/ {
location /_next/ {
proxy_pass http://127.0.0.2:3004/_next/;
proxy_pass http://127.0.0.2:3004/_next/;
include /etc/nginx/proxy_params;
include /etc/nginx/proxy_params;
proxy_read_timeout 300;
proxy_read_timeout 300;
}
}
# API backend
# API backend
location /back/ {
rewrite ^\/back\/(.*)$ \/api\/\1 break;
proxy_pass http:\/\/127.0.0.1:8080;
location /back/ {
location /back/ {
rewrite ^\/back\/(.*)$ \/api\/\1 break;
proxy_pass http:\/\/127.0.0.1:8080;
location /back/ {
proxy_pass http://127.0.0.1:8080/back/;
proxy_http_version 1.1;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_set_header Connection "";
proxy_buffering off;
proxy_buffering off;
}
}
# API alias → même backend que /back
# API alias → même backend que /back
location /api/ {
location /api/ {
proxy_pass http://127.0.0.1:8080/;
proxy_pass http://127.0.0.1:8080/;
include /etc/nginx/proxy_params;
include /etc/nginx/proxy_params;
proxy_read_timeout 300;
proxy_read_timeout 300;
}
}
# blindbit
# blindbit
location /blindbit/ {
location /blindbit/ {
proxy_pass http://127.0.0.1:8000/;
proxy_pass http://127.0.0.1:8000/;
include /etc/nginx/proxy_params;
include /etc/nginx/proxy_params;
proxy_read_timeout 300;
proxy_read_timeout 300;
}
}
# signer (sdk_signer) avec support WebSocket
# signer (sdk_signer) avec support WebSocket
location /signer/ {
location /signer/ {
proxy_http_version 1.1;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Proto http;
proxy_pass http://127.0.0.1:3001/;
proxy_pass http://127.0.0.1:3001/;
proxy_read_timeout 600s;
proxy_read_timeout 600s;
proxy_buffering off;
proxy_buffering off;
}
}
# storage (sdk_storage)
# storage (sdk_storage)
location /storage/ {
location /storage/ {
proxy_pass http://127.0.0.1:8081/;
proxy_pass http://127.0.0.1:8081/;
include /etc/nginx/proxy_params;
include /etc/nginx/proxy_params;
proxy_read_timeout 300;
proxy_read_timeout 300;
}
}
# WebSocket relay on /ws → 8090
# WebSocket relay on /ws → 8090
location = /ws {
location = /ws {
proxy_http_version 1.1;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_buffering off;
proxy_buffering off;
proxy_pass http://127.0.0.1:8090/;
proxy_pass http://127.0.0.1:8090/;
proxy_read_timeout 600s;
proxy_read_timeout 600s;
}
}
location /ws/ {
location /ws/ {
proxy_http_version 1.1;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_buffering off;
proxy_buffering off;
# Strip /ws prefix when proxying to backend root
# Strip /ws prefix when proxying to backend root
proxy_pass http://127.0.0.1:8090/;
proxy_pass http://127.0.0.1:8090/;
proxy_read_timeout 600s;
proxy_read_timeout 600s;
}
}
# Next.js HMR websocket for lecoffre-front
# Next.js HMR websocket for lecoffre-front
location /_next/webpack-hmr {
location /_next/webpack-hmr {
proxy_http_version 1.1;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Proto http;
proxy_buffering off;
proxy_buffering off;
proxy_pass http://127.0.0.2:3004/_next/webpack-hmr;
proxy_pass http://127.0.0.2:3004/_next/webpack-hmr;
proxy_read_timeout 300;
proxy_read_timeout 300;
}
}
}
}

75
.cursor/backup/dev4.4nkweb.com.conf.broken_1758127192 Normal file
View File

@ -0,0 +1,75 @@
# HTTP server for ACME and initial proxying
server {
listen 80;
server_name dev4.4nkweb.com;
# ACME HTTP-01 challenges
location /.well-known/acme-challenge/ {
root /var/www/letsencrypt;
}
# ihm_client (root)
# API direct - route /api/ vers le backend
location /api/ {
proxy_pass http://127.0.0.1:8080/api/;
include /etc/nginx/proxy_params;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# API backend - route /back/ vers /api/ du backend
location ~* ^/back/(.*)$ {
proxy_pass http://127.0.0.1:8080/api/$1;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_buffering off;
}
# API direct - route /api/ vers le backend
location /api/ {
proxy_pass http://127.0.0.1:8080/api/;
include /etc/nginx/proxy_params;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
location / {
proxy_pass http://127.0.0.1:3003;
include /etc/nginx/proxy_params;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
# Favicon (global)
location = /favicon.ico {
root /home/debian/lecoffre_node/conf/nginx/assets;
try_files /favicon.ico =404;
access_log off;
expires 30d;
# lecoffre-front
location = /lecoffre {
proxy_pass http://127.0.0.2:3004/lecoffre;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Prefix /lecoffre;
location /lecoffre/ {
proxy_pass http://127.0.0.2:3004;
# Next.js assets and HMR under basePath
location /lecoffre/_next/webpack-hmr {
proxy_buffering off;
proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr;
proxy_read_timeout 600s;
location /lecoffre/_next/ {
proxy_pass http://127.0.0.2:3004/lecoffre/_next/;
# Favicon sous /lecoffre
location = /lecoffre/favicon.ico {
# Next.js assets (served at root by the app)
location /_next/ {
proxy_pass http://127.0.0.2:3004/_next/;

84
.cursor/backup/ssl-dev4.4nkweb.com.conf.bak_1758127242 Normal file
View File

@ -0,0 +1,84 @@
server {
listen 443 ssl http2;
server_name dev4.4nkweb.com;
ssl_certificate /etc/letsencrypt/live/dev4.4nkweb.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dev4.4nkweb.com/privkey.pem;
include /etc/nginx/proxy_params;
# API backend
location /back/ {
proxy_pass http://127.0.0.1:8080/back/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_buffering off;
}
# Root → ihm_client
location / {
proxy_pass http://127.0.0.1:3003;
include /etc/nginx/proxy_params;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
}
# lecoffre-front (préserver le préfixe)
location = /lecoffre {
proxy_pass http://127.0.0.2:3004;
include /etc/nginx/proxy_params;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Prefix /lecoffre;
proxy_read_timeout 300;
}
location /lecoffre/ {
proxy_pass http://127.0.0.2:3004;
include /etc/nginx/proxy_params;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Prefix /lecoffre;
proxy_read_timeout 300;
}
# Next.js assets sous basePath
location /lecoffre/_next/webpack-hmr {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_buffering off;
proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr;
proxy_read_timeout 600s;
}
location /lecoffre/_next/ {
proxy_pass http://127.0.0.2:3004/lecoffre/_next/;
include /etc/nginx/proxy_params;
proxy_read_timeout 300;
}
# signer (sdk_signer) avec support WebSocket
location /signer/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://127.0.0.1:3001/;
proxy_read_timeout 600s;
proxy_buffering off;
}
# Next.js assets au root si nécessaire
location /_next/ {
proxy_pass http://127.0.0.2:3004/_next/;
include /etc/nginx/proxy_params;
proxy_read_timeout 300;
}
}

20
.cursor/nginx_fix.conf Normal file
View File

@ -0,0 +1,20 @@
# API backend - route /back/ vers /api/ du backend
location ~* ^/back/(.*)$ {
proxy_pass http://127.0.0.1:8080/api/$1;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_buffering off;
}
# API direct - route /api/ vers le backend
location /api/ {
proxy_pass http://127.0.0.1:8080/api/;
include /etc/nginx/proxy_params;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}

2
.env.exemple
View File

@ -39,8 +39,6 @@ NEXT_PUBLIC_DOCAPOSTE_API_URL=
NEXT_PUBLIC_API_URL=https://dev4.4nkweb.com/api NEXT_PUBLIC_API_URL=https://dev4.4nkweb.com/api
NEXT_PUBLIC_DEFAULT_VALIDATOR_ID=28c9a3a8151bef545ebf700ca5222c63d0031ad593097e95c1de202464304a99 NEXT_PUBLIC_DEFAULT_VALIDATOR_ID=28c9a3a8151bef545ebf700ca5222c63d0031ad593097e95c1de202464304a99
NEXT_PUBLIC_DEFAULT_STORAGE_URLS=https://dev4.4nkweb.com/storage NEXT_PUBLIC_DEFAULT_STORAGE_URLS=https://dev4.4nkweb.com/storage
NEXT_PUBLIC_HOTJAR_SITE_ID=0
NEXT_PUBLIC_HOTJAR_VERSION=
SIGNER_BASE_URL=https://dev3.4nkweb.com/signer/ SIGNER_BASE_URL=https://dev3.4nkweb.com/signer/
# WS # WS

21
conf/nginx/dev4.4nkweb.com-https.conf
View File

@ -5,27 +5,6 @@ server {
ssl_certificate_key /etc/letsencrypt/live/dev4.4nkweb.com/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/dev4.4nkweb.com/privkey.pem;
include /etc/nginx/proxy_params; include /etc/nginx/proxy_params;
# API backend - route /back/ vers /api/ du backend
location ~* ^/back/(.*)$ {
proxy_pass http://127.0.0.1:8080/api/$1;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_buffering off;
}
# API direct - route /api/ vers le backend
location /api/ {
proxy_pass http://127.0.0.1:8080/api/;
include /etc/nginx/proxy_params;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# Root → ihm_client # Root → ihm_client
location / { location / {
proxy_pass http://127.0.0.1:3003; proxy_pass http://127.0.0.1:3003;

2
docker-compose.yml
View File

@ -127,7 +127,7 @@ services:
restart: unless-stopped restart: unless-stopped
ihm_client: ihm_client:
image: git.4nkweb.com/4nk/ihm_client:dev image: git.4nkweb.com/4nk/ihm_client:ext
container_name: ihm_client container_name: ihm_client
env_file: env_file:
- .env - .env

27
docs/analyse.md Normal file
View File

@ -0,0 +1,27 @@
### Objet
Analyse synthétique de lorchestrateur `lecoffre_node` (Docker Compose + Nginx locaux).
### Services et ordre de démarrage
- **tor****bitcoin****blindbit****sdk_relay****sdk_signer**/**sdk_storage** → **ihm_client****lecoffre-back** → **lecoffre-front**
### Détails par service (extraits)
- **bitcoin**: image `git.4nkweb.com/4nk/bitcoin:latest`, volume `4nk_node_bitcoin_data`, healthcheck `getblockchaininfo`
- **blindbit**: oracle, ports `127.0.0.1:8000`, healthcheck HTTP, dépend de `bitcoin`
- **sdk_relay**: ports `127.0.0.1:8090`, logs vers `/home/bitcoin/.4nk/logs/sdk_relay.log`, healthcheck `/health`
- **lecoffre-back**: image `git.4nkweb.com/4nk/lecoffre-back-mini:ext`, ports `127.0.0.1:8080`
- **lecoffre-front**: image `git.4nkweb.com/4nk/lecoffre-front:ext`, ports `127.0.0.2:3004:3000`
- **sdk_signer**: ports `127.0.0.1:3001`
- **sdk_storage**: ports `127.0.0.1:8081`
- **watchtower**: mise à jour images via labels
### Réseau et volumes
- **Réseau**: `btcnet` (bridge) avec IPAM `172.20.0.0/16`
- **Volumes**: `4nk_node_bitcoin_data`, `blindbit_data`, `sdk_data`
### Nginx local
- **Conf**: `conf/nginx/*` (vhosts locaux et dev4) pour proxy et basePath `/lecoffre`
### Points dattention
- **Tags dimages**: homogénéiser (`latest`, `dev`, `ext`) selon politique CI
- **Exposition locale**: vérif des binds `127.0.0.1` vs `127.0.0.2`
- **Watchtower**: intervalle 30s, labels présents sur services applicatifs

65
docs/env_matrix.md Normal file
View File

@ -0,0 +1,65 @@
### Objet
Matrice des variables denvironnement pour `lecoffre-front`, `lecoffre-back-mini` et orchestrations `lecoffre_node`, avec cohérence Nginx/basePath.
### Variables côté Front (Next.js)
- **Exposition**: `NEXT_PUBLIC_*` via `next.config.js` (env/publicRuntimeConfig/serverRuntimeConfig)
- **Consommation**: `src/front/Config/VariablesFront.ts` et services API
- NEXT_PUBLIC_BACK_API_PROTOCOL: protocole back (ex: `http`)
- NEXT_PUBLIC_BACK_API_HOST: hôte back (ex: `127.0.0.1` ou `dev4.4nkweb.com`)
- NEXT_PUBLIC_BACK_API_PORT: port back (ex: `8080`)
- NEXT_PUBLIC_BACK_API_ROOT_URL: préfixe API (ex: `/api`)
- NEXT_PUBLIC_BACK_API_VERSION: version API (ex: `/v1`)
- NEXT_PUBLIC_FRONT_APP_HOST: URL publique du front (utilisée pour ID.not redirect)
- NEXT_PUBLIC_FRONT_APP_PORT: port front si nécessaire
- NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT: endpoint authorize (ex: `/user/auth`)
- NEXT_PUBLIC_IDNOT_CLIENT_ID: client_id ID.not
- NEXT_PUBLIC_IDNOT_BASE_URL: base URL ID.not
- NEXT_PUBLIC_IDNOT_REDIRECT_URI: redirect URI explicite; fallback vers `${FRONT_APP_HOST}/authorized-client`
- NEXT_PUBLIC_DOCAPOSTE_API_URL: base API Docaposte
- NEXT_PUBLIC_HOTJAR_SITE_ID / NEXT_PUBLIC_HOTJAR_VERSION: télémétrie
- NEXT_PUBLIC_4NK_URL / NEXT_PUBLIC_4NK_IFRAME_URL: intégrations 4NK
- NEXT_PUBLIC_API_URL: éventuellement raccourci général dAPI
- NEXT_PUBLIC_DEFAULT_VALIDATOR_ID / NEXT_PUBLIC_DEFAULT_STORAGE_URLS: valeurs par défaut SDK
### Variables côté Back (Express)
- PORT: port découte (défaut 8080)
- DEFAULT_STORAGE: URL de stockage par défaut (défaut `https://dev3.4nkweb.com/storage`)
- APP_HOST: URL front (défaut `http://localhost:3000`) utilisé aussi par `stripe`
- STRIPE_SECRET_KEY / STRIPE_WEBHOOK_SECRET
- IDNOT_CLIENT_ID / IDNOT_CLIENT_SECRET / IDNOT_REDIRECT_URI / IDNOT_TOKEN_URL
- IDNOT_API_KEY / IDNOT_API_BASE_URL / IDNOT_ANNUARY_BASE_URL
### Orchestration Docker / Nginx (lecoffre_node)
- Compose publie:
- `lecoffre-back`: `127.0.0.1:8080` (proxy Nginx `/api/` et `/back/`)
- `lecoffre-front`: `127.0.0.2:3004` (front Next.js)
- Services SDK: `sdk_relay` (8090), `sdk_signer` (3001), `sdk_storage` (8081), `blindbit` (8000)
- Nginx `dev4.4nkweb.com.conf`:
- `/api/``http://127.0.0.1:8080/api/`
- `/back/(.*)``http://127.0.0.1:8080/api/$1`
- `/``http://127.0.0.1:3003` (ihm_client)
- `/lecoffre` et `/lecoffre/``http://127.0.0.2:3004/lecoffre/`
- `/_next/``http://127.0.0.2:3004/_next/`
### Cohérence basePath Nginx/Next
- Next.js `basePath: '/lecoffre'` (voir `next.config.js`)
- Nginx proxy `/lecoffre` et `/_next/` vers le front sur 3004
- Impacts: routes, assets statiques, liens internes doivent inclure le `basePath`
### Qui consomme quoi
- Front:
- API back: `NEXT_PUBLIC_BACK_API_*` utilisés par `BaseApiService`, `Auth` (IdNot), Admin APIs (Subscriptions, Stripe)
- ID.not: `NEXT_PUBLIC_IDNOT_*` via `Auth` et composants de login
- Télémétrie/Intégrations: Hotjar, Docaposte, 4NK
- Back:
- ID.not: `IDNOT_*` (auth, user/office, annuaire)
- Stripe: `STRIPE_*` (routes `/subscriptions/*`, webhook)
- Réseau front: `APP_HOST` pour callbacks/URLs
- Nginx/Compose:
- Route HTTP publique et correspondances de ports/containers
### Recommandations
- Aligner `APP_HOST` (back) avec lURL publique réelle du front (incluant basePath dans les redirections si nécessaire)
- Vérifier que `NEXT_PUBLIC_*` ne contiennent aucun secret
- Centraliser un `.env`/CI par environnement (local/dev/staging/prod) et lister explicitement les valeurs attendues