diff --git a/IA_agents/flux.md b/IA_agents/flux.md
index 549040a..89f2b79 100644
--- a/IA_agents/flux.md
+++ b/IA_agents/flux.md
@@ -269,5 +269,70 @@ docker compose up -d
---
+## 🌐 **Configuration Nginx - Règles et Routes**
+
+### 📋 **Tableau Récapitulatif des Routes**
+
+| Domaine | Port | Route | Destination | Protocole | Statut |
+|---------|------|-------|-------------|-----------|--------|
+| **dev4.4nkweb.com** | 80 | `/` | Redirection HTTPS | HTTP | ✅ Actif |
+| **dev4.4nkweb.com** | 80 | `/.well-known/acme-challenge/` | Let's Encrypt | HTTP | ✅ Actif |
+| **dev4.4nkweb.com** | 443 | `/grafana/` | Grafana (3005) | HTTPS | ✅ Actif |
+| **dev4.4nkweb.com** | 443 | `/loki/` | Loki (3100) | HTTPS | ✅ Actif |
+| **dev4.4nkweb.com** | 443 | `/status/` | Page statut | HTTPS | ✅ Actif |
+| **dev4.4nkweb.com** | 443 | `/status/api` | API statut (3006) | HTTPS | ✅ Actif |
+| **dev4.4nkweb.com** | 443 | `/api/` | Backend (8080) | HTTPS | ✅ Actif |
+| **dev4.4nkweb.com** | 443 | `/ws/` | SDK Relay (8090) | HTTPS | ✅ Actif |
+| **dev4.4nkweb.com** | 443 | `/signer/` | SDK Signer (3001) | HTTPS | ✅ Actif |
+| **dev4.4nkweb.com** | 443 | `/blindbit/` | BlindBit (8000) | HTTPS | ✅ Actif |
+| **dev4.4nkweb.com** | 443 | `/` | IHM Client (3003) | HTTPS | ✅ Actif |
+| **local.4nkweb.com** | 80 | `/` | Redirection port 3000 | HTTP | ✅ Actif |
+| **local.4nkweb.com** | 3000 | `/lecoffre/` | Frontend (3004) | HTTP | ✅ Actif |
+| **local.4nkweb.com** | 3000 | `/authorized-client` | Frontend (3004) | HTTP | ✅ Actif |
+
+### 🔧 **Configuration des Certificats SSL**
+
+| Domaine | Certificat | Expiration | Statut |
+|---------|------------|------------|--------|
+| **dev4.4nkweb.com** | `/etc/letsencrypt/live/dev4.4nkweb.com/` | 15 Déc 2025 | ✅ Valide |
+
+### 📁 **Fichiers de Configuration**
+
+| Fichier | Description | Statut |
+|---------|-------------|--------|
+| `/etc/nginx/sites-enabled/dev4.4nkweb.com.conf` | HTTP + Redirection | ✅ Actif |
+| `/etc/nginx/sites-enabled/dev4.4nkweb.com-https.conf` | HTTPS complet | ✅ Actif |
+| `/etc/nginx/sites-enabled/local.4nkweb.com.conf` | Local HTTP | ✅ Actif |
+| `/etc/nginx/sites-enabled/local.4nkweb.com-3000.conf` | Local port 3000 | ✅ Actif |
+
+### 🧹 **Configuration Centralisée**
+
+**Toutes les configurations Nginx sont centralisées dans `lecoffre_node/conf/nginx/` :**
+- ✅ **Configurations projet** : Supprimées des autres projets
+- ✅ **Configuration native** : Conservée dans `/etc/nginx/`
+- ✅ **Liens symboliques** : Pointent vers `lecoffre_node/conf/nginx/`
+- ✅ **Fichiers supprimés** : `ihm_client/nginx.dev.conf` (obsolète)
+
+### ✅ **Statut Final**
+
+1. **Configuration HTTPS active** : Le port 443 est en écoute ✅
+2. **Fichiers nettoyés** : Tous les fichiers de sauvegarde supprimés ✅
+3. **Configuration complète** : Tous les services accessibles en HTTPS ✅
+4. **Redirection HTTP → HTTPS** : Fonctionnelle ✅
+
+### 🎉 **Services HTTPS Opérationnels**
+
+- ✅ **Grafana** : `https://dev4.4nkweb.com/grafana/`
+- ✅ **Page de Statut** : `https://dev4.4nkweb.com/status/`
+- ✅ **API de Statut** : `https://dev4.4nkweb.com/status/api`
+- ✅ **Loki** : `https://dev4.4nkweb.com/loki/`
+- ✅ **IHM Client** : `https://dev4.4nkweb.com/`
+- ✅ **API Backend** : `https://dev4.4nkweb.com/api/`
+- ✅ **WebSocket Relay** : `https://dev4.4nkweb.com/ws/`
+- ✅ **SDK Signer** : `https://dev4.4nkweb.com/signer/`
+- ✅ **BlindBit** : `https://dev4.4nkweb.com/blindbit/`
+
+---
+
**Met à jour ce document si tu détectes des incohérences ou pose des questions pour confirmer.**
**Propose des améliorations dans un document lecoffre_node/IA_agents/todo.md**
\ No newline at end of file
diff --git a/conf/nginx/dev4.4nkweb.com-http.conf b/conf/nginx/dev4.4nkweb.com-http.conf
new file mode 100644
index 0000000..804d8a0
--- /dev/null
+++ b/conf/nginx/dev4.4nkweb.com-http.conf
@@ -0,0 +1,15 @@
+# HTTP server for ACME and redirect to HTTPS
+server {
+ listen 80;
+ server_name dev4.4nkweb.com;
+
+ # ACME HTTP-01 challenges
+ location /.well-known/acme-challenge/ {
+ root /var/www/letsencrypt;
+ }
+
+ # Redirection vers HTTPS pour toutes les autres requêtes
+ location / {
+ return 301 https://$server_name$request_uri;
+ }
+}
diff --git a/conf/nginx/dev4.4nkweb.com-https.conf b/conf/nginx/dev4.4nkweb.com-https.conf
index 0504e02..96dba03 100644
--- a/conf/nginx/dev4.4nkweb.com-https.conf
+++ b/conf/nginx/dev4.4nkweb.com-https.conf
@@ -1,115 +1,24 @@
-# HTTP server for ACME and initial proxying
+# Configuration HTTPS pour dev4.4nkweb.com
server {
- listen 80;
+ listen 443 ssl http2;
server_name dev4.4nkweb.com;
- # Forcer l'upgrade des requêtes HTTP en HTTPS pour éviter les contenus mixtes
- add_header Content-Security-Policy "upgrade-insecure-requests" always;
+ # Certificats SSL
+ ssl_certificate /etc/letsencrypt/live/dev4.4nkweb.com/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/dev4.4nkweb.com/privkey.pem;
- # ACME HTTP-01 challenges
- location /.well-known/acme-challenge/ {
- root /var/www/letsencrypt;
- }
+ # Configuration SSL
+ ssl_protocols TLSv1.2 TLSv1.3;
+ ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
+ ssl_prefer_server_ciphers off;
+ ssl_session_cache shared:SSL:10m;
+ ssl_session_timeout 10m;
- # API backend - route /back/ vers /api/ du backend
- location ~* ^/back/(.*)$ {
- proxy_pass http://127.0.0.1:8080/api/$1;
- proxy_http_version 1.1;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Connection "";
- proxy_buffering off;
- }
-
- # API direct - route /api/ vers le backend
- # Autorisations CORS dynamiques pour origines connues
- set $cors_origin "";
- if ($http_origin ~* ^(http://local\.4nkweb\.com:3000|https://dev4\.4nkweb\.com)$) {
- set $cors_origin $http_origin;
- }
-
- location /api/ {
- # CORS pour développement local Next.js
- proxy_hide_header Access-Control-Allow-Origin;
- proxy_hide_header Access-Control-Allow-Credentials;
- proxy_hide_header Access-Control-Allow-Headers;
- proxy_hide_header Access-Control-Allow-Methods;
-
- if ($request_method = OPTIONS) {
- add_header Access-Control-Allow-Origin $cors_origin always;
- add_header Access-Control-Allow-Credentials "true" always;
- add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
- add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
- return 204;
- }
-
- add_header Access-Control-Allow-Origin $cors_origin always;
- add_header Access-Control-Allow-Credentials "true" always;
- add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
- add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
-
- proxy_pass http://127.0.0.1:8080/api/;
- include /etc/nginx/proxy_params;
- proxy_read_timeout 300;
- proxy_connect_timeout 300;
- proxy_send_timeout 300;
- }
-
- # Compat: certains clients appellent /apiv1 -> réécriture vers /api/v1
- location ~* ^/apiv1/(.*)$ {
- # CORS pour compatibilité
- proxy_hide_header Access-Control-Allow-Origin;
- proxy_hide_header Access-Control-Allow-Credentials;
- proxy_hide_header Access-Control-Allow-Headers;
- proxy_hide_header Access-Control-Allow-Methods;
-
- if ($request_method = OPTIONS) {
- add_header Access-Control-Allow-Origin $cors_origin always;
- add_header Access-Control-Allow-Credentials "true" always;
- add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
- add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
- return 204;
- }
-
- add_header Access-Control-Allow-Origin $cors_origin always;
- add_header Access-Control-Allow-Credentials "true" always;
- add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
- add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
-
- proxy_pass http://127.0.0.1:8080/api/v1/$1;
- include /etc/nginx/proxy_params;
- proxy_read_timeout 300;
- proxy_connect_timeout 300;
- proxy_send_timeout 300;
- }
-
- # WebSocket relay (sdk_relay)
- location /ws/ {
- proxy_pass http://127.0.0.1:8090/;
- proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
- proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
- proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol;
- proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_read_timeout 300;
- }
-
- # API de transfert de fonds
- location /api/v1/funds/ {
- proxy_pass http://127.0.0.1:8080/api/v1/funds/;
- include /etc/nginx/proxy_params;
- proxy_read_timeout 300;
- proxy_connect_timeout 300;
- proxy_send_timeout 300;
- }
+ # Headers de sécurité
+ add_header Strict-Transport-Security "max-age=63072000" always;
+ add_header X-Frame-Options DENY always;
+ add_header X-Content-Type-Options nosniff always;
+ add_header X-XSS-Protection "1; mode=block" always;
# Grafana - Interface de monitoring (DOIT être avant location /)
location /grafana/ {
@@ -160,18 +69,18 @@ server {
# Redirection vers /status/
return 301 /status/;
}
-
+
location /status/ {
# Serveur statique pour la page HTML
alias /var/www/lecoffre/status/;
index index.html;
try_files $uri $uri/ /status/index.html;
-
+
# Headers de sécurité
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
-
+
# Cache pour les assets statiques
location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ {
expires 1h;
@@ -202,49 +111,82 @@ server {
}
}
- # ihm_client (root) - DOIT être en dernier
- location / {
- proxy_pass http://127.0.0.1:3003;
+ # API backend - route /back/ vers /api/ du backend
+ location ~* ^/back/(.*)$ {
+ proxy_pass http://127.0.0.1:8080/api/$1;
+ proxy_http_version 1.1;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header Connection "";
+ proxy_buffering off;
+ }
+
+ # API direct - route /api/ vers le backend
+ # Autorisations CORS dynamiques pour origines connues
+ set $cors_origin "";
+ if ($http_origin ~* ^(http://local\.4nkweb\.com:3000|https://dev4\.4nkweb\.com)$) {
+ set $cors_origin $http_origin;
+ }
+
+ location /api/ {
+ # CORS pour développement local Next.js
+ proxy_hide_header Access-Control-Allow-Origin;
+ proxy_hide_header Access-Control-Allow-Credentials;
+ proxy_hide_header Access-Control-Allow-Headers;
+ proxy_hide_header Access-Control-Allow-Methods;
+
+ if ($request_method = OPTIONS) {
+ add_header Access-Control-Allow-Origin $cors_origin always;
+ add_header Access-Control-Allow-Credentials "true" always;
+ add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
+ add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
+ return 204;
+ }
+
+ add_header Access-Control-Allow-Origin $cors_origin always;
+ add_header Access-Control-Allow-Credentials "true" always;
+ add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
+ add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
+
+ proxy_pass http://127.0.0.1:8080/api/;
include /etc/nginx/proxy_params;
+ proxy_read_timeout 300;
+ proxy_connect_timeout 300;
+ proxy_send_timeout 300;
+ }
+
+ # WebSocket relay (sdk_relay)
+ location /ws/ {
+ proxy_pass http://127.0.0.1:8090/;
+ proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
+ proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
+ proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol;
+ proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
+ proxy_read_timeout 86400;
+ }
+
+ # API de transfert de fonds
+ location /api/v1/funds/ {
+ proxy_pass http://127.0.0.1:8080/api/v1/funds/;
+ include /etc/nginx/proxy_params;
proxy_read_timeout 300;
+ proxy_connect_timeout 300;
+ proxy_send_timeout 300;
}
# favicon
location = /favicon.ico {
root /home/debian/lecoffre_node/conf/nginx/assets;
try_files /favicon.ico =404;
- access_log off;
- expires 30d;
- }
-
- # lecoffre frontend
- location = /lecoffre {
- proxy_pass http://127.0.0.2:3004/lecoffre;
- include /etc/nginx/proxy_params;
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-Proto http;
- }
-
- location /lecoffre/ {
- proxy_pass http://127.0.0.2:3004/lecoffre/;
- include /etc/nginx/proxy_params;
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-Proto http;
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_read_timeout 300;
- }
-
- # Next.js assets
- location /_next/ {
- proxy_pass http://127.0.0.2:3004/_next/;
- include /etc/nginx/proxy_params;
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-Proto http;
}
# blindbit
@@ -263,4 +205,13 @@ server {
proxy_read_timeout 300;
}
-}
+ # ihm_client (root) - DOIT être en dernier
+ location / {
+ proxy_pass http://127.0.0.1:3003;
+ include /etc/nginx/proxy_params;
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ proxy_read_timeout 300;
+ }
+}
\ No newline at end of file
diff --git a/conf/nginx/dev4.4nkweb.com.conf b/conf/nginx/dev4.4nkweb.com.conf
index 17b7d0f..a41ddc1 100644
--- a/conf/nginx/dev4.4nkweb.com.conf
+++ b/conf/nginx/dev4.4nkweb.com.conf
@@ -1,16 +1,18 @@
-# HTTP server for ACME and initial proxying
+# HTTP server for ACME and redirect to HTTPS
server {
listen 80;
server_name dev4.4nkweb.com;
- # Forcer l'upgrade des requêtes HTTP en HTTPS pour éviter les contenus mixtes
- add_header Content-Security-Policy "upgrade-insecure-requests" always;
-
# ACME HTTP-01 challenges
location /.well-known/acme-challenge/ {
root /var/www/letsencrypt;
}
+ # Redirection vers HTTPS pour toutes les autres requêtes
+ location / {
+ return 301 https://$server_name$request_uri;
+ }
+
# API backend - route /back/ vers /api/ du backend
location ~* ^/back/(.*)$ {
proxy_pass http://127.0.0.1:8080/api/$1;
diff --git a/conf/nginx/dev4.4nkweb.com.conf.backup b/conf/nginx/dev4.4nkweb.com.conf.backup
deleted file mode 100644
index 80408aa..0000000
--- a/conf/nginx/dev4.4nkweb.com.conf.backup
+++ /dev/null
@@ -1,170 +0,0 @@
-# HTTP server for ACME and initial proxying
-server {
- listen 80;
- server_name dev4.4nkweb.com;
-
- # Forcer l'upgrade des requêtes HTTP en HTTPS pour éviter les contenus mixtes
- add_header Content-Security-Policy "upgrade-insecure-requests" always;
-
- # ACME HTTP-01 challenges
- location /.well-known/acme-challenge/ {
- root /var/www/letsencrypt;
- }
-
- # API backend - route /back/ vers /api/ du backend
- location ~* ^/back/(.*)$ {
- proxy_pass http://127.0.0.1:8080/api/$1;
- proxy_http_version 1.1;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Connection "";
- proxy_buffering off;
- }
-
- # API direct - route /api/ vers le backend
- # Autorisations CORS dynamiques pour origines connues
- set $cors_origin "";
- if ($http_origin ~* ^(http://local\.4nkweb\.com:3000|https://dev4\.4nkweb\.com)$) {
- set $cors_origin $http_origin;
- }
-
- location /api/ {
- # CORS pour développement local Next.js
- proxy_hide_header Access-Control-Allow-Origin;
- proxy_hide_header Access-Control-Allow-Credentials;
- proxy_hide_header Access-Control-Allow-Headers;
- proxy_hide_header Access-Control-Allow-Methods;
-
- if ($request_method = OPTIONS) {
- add_header Access-Control-Allow-Origin $cors_origin always;
- add_header Access-Control-Allow-Credentials "true" always;
- add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
- add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
- return 204;
- }
-
- add_header Access-Control-Allow-Origin $cors_origin always;
- add_header Access-Control-Allow-Credentials "true" always;
- add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
- add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
-
- proxy_pass http://127.0.0.1:8080/api/;
- include /etc/nginx/proxy_params;
- proxy_read_timeout 300;
- proxy_connect_timeout 300;
- proxy_send_timeout 300;
- }
-
- # Compat: certains clients appellent /apiv1 -> réécriture vers /api/v1
- location ~* ^/apiv1/(.*)$ {
- # CORS pour compatibilité
- proxy_hide_header Access-Control-Allow-Origin;
- proxy_hide_header Access-Control-Allow-Credentials;
- proxy_hide_header Access-Control-Allow-Headers;
- proxy_hide_header Access-Control-Allow-Methods;
-
- if ($request_method = OPTIONS) {
- add_header Access-Control-Allow-Origin $cors_origin always;
- add_header Access-Control-Allow-Credentials "true" always;
- add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
- add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
- return 204;
- }
-
- add_header Access-Control-Allow-Origin $cors_origin always;
- add_header Access-Control-Allow-Credentials "true" always;
- add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
- add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
-
- proxy_pass http://127.0.0.1:8080/api/v1/$1;
- include /etc/nginx/proxy_params;
- proxy_read_timeout 300;
- proxy_connect_timeout 300;
- proxy_send_timeout 300;
- }
-
- # WebSocket relay (sdk_relay)
- location /ws/ {
- proxy_pass http://127.0.0.1:8090/;
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_read_timeout 300;
- }
-
- # API de transfert de fonds
- location /api/v1/funds/ {
- proxy_pass http://127.0.0.1:8080/api/v1/funds/;
- include /etc/nginx/proxy_params;
- proxy_read_timeout 300;
- proxy_connect_timeout 300;
- proxy_send_timeout 300;
- }
-
- # ihm_client (root)
- location / {
- proxy_pass http://127.0.0.1:3003;
- include /etc/nginx/proxy_params;
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_read_timeout 300;
- }
-
- # favicon
- location = /favicon.ico {
- root /home/debian/lecoffre_node/conf/nginx/assets;
- try_files /favicon.ico =404;
- access_log off;
- expires 30d;
- }
-
- # lecoffre frontend
- location = /lecoffre {
- proxy_pass http://127.0.0.2:3004/lecoffre;
- include /etc/nginx/proxy_params;
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-Proto http;
- }
-
- location /lecoffre/ {
- proxy_pass http://127.0.0.2:3004/lecoffre/;
- include /etc/nginx/proxy_params;
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-Proto http;
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_read_timeout 300;
- }
-
- # Next.js assets
- location /_next/ {
- proxy_pass http://127.0.0.2:3004/_next/;
- include /etc/nginx/proxy_params;
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-Proto http;
- }
-
- # blindbit
- location /blindbit/ {
- proxy_pass http://127.0.0.1:8000/;
- include /etc/nginx/proxy_params;
- }
-
- # signer (sdk_signer) avec support WebSocket
- location /signer/ {
- proxy_pass http://127.0.0.1:3001/;
- include /etc/nginx/proxy_params;
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_read_timeout 300;
- }
-}
diff --git a/scripts/setup-logs.sh b/scripts/setup-logs.sh
index c1efb82..03307cb 100755
--- a/scripts/setup-logs.sh
+++ b/scripts/setup-logs.sh
@@ -26,7 +26,7 @@ echo "🔄 Configuration de la rotation des logs..."
for service in bitcoin blindbit sdk_relay sdk_signer sdk_storage lecoffre-back lecoffre-front ihm_client tor miner nginx; do
logrotate_config="conf/logrotate/${service}.conf"
mkdir -p conf/logrotate
-
+
cat > "$logrotate_config" << EOF
logs/${service}/*.log {
daily
@@ -71,7 +71,7 @@ if [ $# -eq 1 ]; then
else
# Collecter les logs de tous les services
echo "📊 Collecte des logs de tous les services..."
-
+
for service in bitcoin-signet blindbit-oracle sdk_relay sdk_signer sdk_storage lecoffre-back lecoffre-front ihm_client tor-proxy signet_miner; do
if docker ps --format "table {{.Names}}" | grep -q "^${service}$"; then
echo "📝 Collecte des logs pour $service..."
diff --git a/web/status/index.html b/web/status/index.html
index 1f28f79..1c57989 100644
--- a/web/status/index.html
+++ b/web/status/index.html
@@ -10,14 +10,14 @@
padding: 0;
box-sizing: border-box;
}
-
+
body {
font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
min-height: 100vh;
padding: 20px;
}
-
+
.container {
max-width: 1400px;
margin: 0 auto;
@@ -26,24 +26,24 @@
box-shadow: 0 20px 40px rgba(0, 0, 0, 0.1);
overflow: hidden;
}
-
+
.header {
background: linear-gradient(135deg, #2c3e50 0%, #3498db 100%);
color: white;
padding: 30px;
text-align: center;
}
-
+
.header h1 {
font-size: 2.5em;
margin-bottom: 10px;
}
-
+
.header p {
font-size: 1.1em;
opacity: 0.9;
}
-
+
.refresh-btn {
background: #27ae60;
color: white;
@@ -55,26 +55,26 @@
margin: 20px 0;
transition: all 0.3s ease;
}
-
+
.refresh-btn:hover {
background: #229954;
transform: translateY(-2px);
}
-
+
.last-update {
text-align: center;
color: #666;
margin-bottom: 20px;
font-style: italic;
}
-
+
.services-grid {
display: grid;
grid-template-columns: repeat(auto-fit, minmax(400px, 1fr));
gap: 20px;
padding: 20px;
}
-
+
.service-card {
background: white;
border-radius: 10px;
@@ -82,11 +82,11 @@
overflow: hidden;
transition: transform 0.3s ease;
}
-
+
.service-card:hover {
transform: translateY(-5px);
}
-
+
.service-header {
padding: 20px;
border-bottom: 1px solid #eee;
@@ -94,13 +94,13 @@
justify-content: space-between;
align-items: center;
}
-
+
.service-name {
font-size: 1.3em;
font-weight: bold;
color: #2c3e50;
}
-
+
.status-badge {
padding: 8px 16px;
border-radius: 20px;
@@ -108,31 +108,31 @@
text-transform: uppercase;
font-size: 0.8em;
}
-
+
.status-running {
background: #d4edda;
color: #155724;
}
-
+
.status-stopped {
background: #f8d7da;
color: #721c24;
}
-
+
.status-error {
background: #f8d7da;
color: #721c24;
}
-
+
.status-unknown {
background: #fff3cd;
color: #856404;
}
-
+
.service-details {
padding: 20px;
}
-
+
.detail-row {
display: flex;
justify-content: space-between;
@@ -140,30 +140,30 @@
padding: 8px 0;
border-bottom: 1px solid #f8f9fa;
}
-
+
.detail-label {
font-weight: bold;
color: #495057;
}
-
+
.detail-value {
color: #6c757d;
word-break: break-all;
}
-
+
.network-info {
background: #f8f9fa;
padding: 15px;
border-radius: 8px;
margin-top: 15px;
}
-
+
.network-title {
font-weight: bold;
color: #495057;
margin-bottom: 10px;
}
-
+
.external-services {
background: #e8f4fd;
padding: 20px;
@@ -171,13 +171,13 @@
border-radius: 10px;
border-left: 5px solid #3498db;
}
-
+
.external-title {
font-size: 1.5em;
color: #2c3e50;
margin-bottom: 15px;
}
-
+
.external-service {
background: white;
padding: 15px;
@@ -185,13 +185,13 @@
border-radius: 8px;
box-shadow: 0 2px 5px rgba(0, 0, 0, 0.1);
}
-
+
.loading {
text-align: center;
padding: 40px;
color: #666;
}
-
+
.spinner {
border: 4px solid #f3f3f3;
border-top: 4px solid #3498db;
@@ -201,12 +201,12 @@
animation: spin 2s linear infinite;
margin: 0 auto 20px;
}
-
+
@keyframes spin {
0% { transform: rotate(0deg); }
100% { transform: rotate(360deg); }
}
-
+
.error-message {
background: #f8d7da;
color: #721c24;
@@ -215,7 +215,7 @@
margin: 20px;
text-align: center;
}
-
+
.footer {
background: #2c3e50;
color: white;
@@ -223,17 +223,17 @@
padding: 20px;
font-size: 0.9em;
}
-
+
@media (max-width: 768px) {
.services-grid {
grid-template-columns: 1fr;
padding: 10px;
}
-
+
.header h1 {
font-size: 2em;
}
-
+
.detail-row {
flex-direction: column;
gap: 5px;
@@ -248,31 +248,31 @@
Status des Services et Connexions
-
+
Dernière mise à jour: Chargement...
-
+
Chargement des informations des services...
-
+
Erreur lors du chargement des données
-
+
-
+
🌐 Services Externes Connectés
-
+
@@ -307,18 +307,18 @@
document.getElementById('loading').style.display = 'block';
document.getElementById('errorMessage').style.display = 'none';
document.getElementById('servicesContainer').style.display = 'none';
-
+
try {
const response = await fetch('/status/api');
const data = await response.json();
-
+
displayServices(data.services);
displayExternalServices(data.external);
updateTime();
-
+
document.getElementById('loading').style.display = 'none';
document.getElementById('servicesContainer').style.display = 'grid';
-
+
} catch (error) {
console.error('Erreur:', error);
document.getElementById('loading').style.display = 'none';