align for IA agents + grafana
This commit is contained in:
parent
4f26952088
commit
cf187f3ec3
@ -269,5 +269,70 @@ docker compose up -d
|
|||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
## 🌐 **Configuration Nginx - Règles et Routes**
|
||||||
|
|
||||||
|
### 📋 **Tableau Récapitulatif des Routes**
|
||||||
|
|
||||||
|
| Domaine | Port | Route | Destination | Protocole | Statut |
|
||||||
|
|---------|------|-------|-------------|-----------|--------|
|
||||||
|
| **dev4.4nkweb.com** | 80 | `/` | Redirection HTTPS | HTTP | ✅ Actif |
|
||||||
|
| **dev4.4nkweb.com** | 80 | `/.well-known/acme-challenge/` | Let's Encrypt | HTTP | ✅ Actif |
|
||||||
|
| **dev4.4nkweb.com** | 443 | `/grafana/` | Grafana (3005) | HTTPS | ✅ Actif |
|
||||||
|
| **dev4.4nkweb.com** | 443 | `/loki/` | Loki (3100) | HTTPS | ✅ Actif |
|
||||||
|
| **dev4.4nkweb.com** | 443 | `/status/` | Page statut | HTTPS | ✅ Actif |
|
||||||
|
| **dev4.4nkweb.com** | 443 | `/status/api` | API statut (3006) | HTTPS | ✅ Actif |
|
||||||
|
| **dev4.4nkweb.com** | 443 | `/api/` | Backend (8080) | HTTPS | ✅ Actif |
|
||||||
|
| **dev4.4nkweb.com** | 443 | `/ws/` | SDK Relay (8090) | HTTPS | ✅ Actif |
|
||||||
|
| **dev4.4nkweb.com** | 443 | `/signer/` | SDK Signer (3001) | HTTPS | ✅ Actif |
|
||||||
|
| **dev4.4nkweb.com** | 443 | `/blindbit/` | BlindBit (8000) | HTTPS | ✅ Actif |
|
||||||
|
| **dev4.4nkweb.com** | 443 | `/` | IHM Client (3003) | HTTPS | ✅ Actif |
|
||||||
|
| **local.4nkweb.com** | 80 | `/` | Redirection port 3000 | HTTP | ✅ Actif |
|
||||||
|
| **local.4nkweb.com** | 3000 | `/lecoffre/` | Frontend (3004) | HTTP | ✅ Actif |
|
||||||
|
| **local.4nkweb.com** | 3000 | `/authorized-client` | Frontend (3004) | HTTP | ✅ Actif |
|
||||||
|
|
||||||
|
### 🔧 **Configuration des Certificats SSL**
|
||||||
|
|
||||||
|
| Domaine | Certificat | Expiration | Statut |
|
||||||
|
|---------|------------|------------|--------|
|
||||||
|
| **dev4.4nkweb.com** | `/etc/letsencrypt/live/dev4.4nkweb.com/` | 15 Déc 2025 | ✅ Valide |
|
||||||
|
|
||||||
|
### 📁 **Fichiers de Configuration**
|
||||||
|
|
||||||
|
| Fichier | Description | Statut |
|
||||||
|
|---------|-------------|--------|
|
||||||
|
| `/etc/nginx/sites-enabled/dev4.4nkweb.com.conf` | HTTP + Redirection | ✅ Actif |
|
||||||
|
| `/etc/nginx/sites-enabled/dev4.4nkweb.com-https.conf` | HTTPS complet | ✅ Actif |
|
||||||
|
| `/etc/nginx/sites-enabled/local.4nkweb.com.conf` | Local HTTP | ✅ Actif |
|
||||||
|
| `/etc/nginx/sites-enabled/local.4nkweb.com-3000.conf` | Local port 3000 | ✅ Actif |
|
||||||
|
|
||||||
|
### 🧹 **Configuration Centralisée**
|
||||||
|
|
||||||
|
**Toutes les configurations Nginx sont centralisées dans `lecoffre_node/conf/nginx/` :**
|
||||||
|
- ✅ **Configurations projet** : Supprimées des autres projets
|
||||||
|
- ✅ **Configuration native** : Conservée dans `/etc/nginx/`
|
||||||
|
- ✅ **Liens symboliques** : Pointent vers `lecoffre_node/conf/nginx/`
|
||||||
|
- ✅ **Fichiers supprimés** : `ihm_client/nginx.dev.conf` (obsolète)
|
||||||
|
|
||||||
|
### ✅ **Statut Final**
|
||||||
|
|
||||||
|
1. **Configuration HTTPS active** : Le port 443 est en écoute ✅
|
||||||
|
2. **Fichiers nettoyés** : Tous les fichiers de sauvegarde supprimés ✅
|
||||||
|
3. **Configuration complète** : Tous les services accessibles en HTTPS ✅
|
||||||
|
4. **Redirection HTTP → HTTPS** : Fonctionnelle ✅
|
||||||
|
|
||||||
|
### 🎉 **Services HTTPS Opérationnels**
|
||||||
|
|
||||||
|
- ✅ **Grafana** : `https://dev4.4nkweb.com/grafana/`
|
||||||
|
- ✅ **Page de Statut** : `https://dev4.4nkweb.com/status/`
|
||||||
|
- ✅ **API de Statut** : `https://dev4.4nkweb.com/status/api`
|
||||||
|
- ✅ **Loki** : `https://dev4.4nkweb.com/loki/`
|
||||||
|
- ✅ **IHM Client** : `https://dev4.4nkweb.com/`
|
||||||
|
- ✅ **API Backend** : `https://dev4.4nkweb.com/api/`
|
||||||
|
- ✅ **WebSocket Relay** : `https://dev4.4nkweb.com/ws/`
|
||||||
|
- ✅ **SDK Signer** : `https://dev4.4nkweb.com/signer/`
|
||||||
|
- ✅ **BlindBit** : `https://dev4.4nkweb.com/blindbit/`
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
**Met à jour ce document si tu détectes des incohérences ou pose des questions pour confirmer.**
|
**Met à jour ce document si tu détectes des incohérences ou pose des questions pour confirmer.**
|
||||||
**Propose des améliorations dans un document lecoffre_node/IA_agents/todo.md**
|
**Propose des améliorations dans un document lecoffre_node/IA_agents/todo.md**
|
||||||
15
conf/nginx/dev4.4nkweb.com-http.conf
Normal file
15
conf/nginx/dev4.4nkweb.com-http.conf
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
# HTTP server for ACME and redirect to HTTPS
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name dev4.4nkweb.com;
|
||||||
|
|
||||||
|
# ACME HTTP-01 challenges
|
||||||
|
location /.well-known/acme-challenge/ {
|
||||||
|
root /var/www/letsencrypt;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Redirection vers HTTPS pour toutes les autres requêtes
|
||||||
|
location / {
|
||||||
|
return 301 https://$server_name$request_uri;
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -1,115 +1,24 @@
|
|||||||
# HTTP server for ACME and initial proxying
|
# Configuration HTTPS pour dev4.4nkweb.com
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 443 ssl http2;
|
||||||
server_name dev4.4nkweb.com;
|
server_name dev4.4nkweb.com;
|
||||||
|
|
||||||
# Forcer l'upgrade des requêtes HTTP en HTTPS pour éviter les contenus mixtes
|
# Certificats SSL
|
||||||
add_header Content-Security-Policy "upgrade-insecure-requests" always;
|
ssl_certificate /etc/letsencrypt/live/dev4.4nkweb.com/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/dev4.4nkweb.com/privkey.pem;
|
||||||
|
|
||||||
# ACME HTTP-01 challenges
|
# Configuration SSL
|
||||||
location /.well-known/acme-challenge/ {
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
root /var/www/letsencrypt;
|
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
|
||||||
}
|
ssl_prefer_server_ciphers off;
|
||||||
|
ssl_session_cache shared:SSL:10m;
|
||||||
|
ssl_session_timeout 10m;
|
||||||
|
|
||||||
# API backend - route /back/ vers /api/ du backend
|
# Headers de sécurité
|
||||||
location ~* ^/back/(.*)$ {
|
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||||
proxy_pass http://127.0.0.1:8080/api/$1;
|
add_header X-Frame-Options DENY always;
|
||||||
proxy_http_version 1.1;
|
add_header X-Content-Type-Options nosniff always;
|
||||||
proxy_set_header Host $host;
|
add_header X-XSS-Protection "1; mode=block" always;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
proxy_set_header Connection "";
|
|
||||||
proxy_buffering off;
|
|
||||||
}
|
|
||||||
|
|
||||||
# API direct - route /api/ vers le backend
|
|
||||||
# Autorisations CORS dynamiques pour origines connues
|
|
||||||
set $cors_origin "";
|
|
||||||
if ($http_origin ~* ^(http://local\.4nkweb\.com:3000|https://dev4\.4nkweb\.com)$) {
|
|
||||||
set $cors_origin $http_origin;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /api/ {
|
|
||||||
# CORS pour développement local Next.js
|
|
||||||
proxy_hide_header Access-Control-Allow-Origin;
|
|
||||||
proxy_hide_header Access-Control-Allow-Credentials;
|
|
||||||
proxy_hide_header Access-Control-Allow-Headers;
|
|
||||||
proxy_hide_header Access-Control-Allow-Methods;
|
|
||||||
|
|
||||||
if ($request_method = OPTIONS) {
|
|
||||||
add_header Access-Control-Allow-Origin $cors_origin always;
|
|
||||||
add_header Access-Control-Allow-Credentials "true" always;
|
|
||||||
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
|
|
||||||
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
|
|
||||||
return 204;
|
|
||||||
}
|
|
||||||
|
|
||||||
add_header Access-Control-Allow-Origin $cors_origin always;
|
|
||||||
add_header Access-Control-Allow-Credentials "true" always;
|
|
||||||
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
|
|
||||||
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
|
|
||||||
|
|
||||||
proxy_pass http://127.0.0.1:8080/api/;
|
|
||||||
include /etc/nginx/proxy_params;
|
|
||||||
proxy_read_timeout 300;
|
|
||||||
proxy_connect_timeout 300;
|
|
||||||
proxy_send_timeout 300;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Compat: certains clients appellent /apiv1 -> réécriture vers /api/v1
|
|
||||||
location ~* ^/apiv1/(.*)$ {
|
|
||||||
# CORS pour compatibilité
|
|
||||||
proxy_hide_header Access-Control-Allow-Origin;
|
|
||||||
proxy_hide_header Access-Control-Allow-Credentials;
|
|
||||||
proxy_hide_header Access-Control-Allow-Headers;
|
|
||||||
proxy_hide_header Access-Control-Allow-Methods;
|
|
||||||
|
|
||||||
if ($request_method = OPTIONS) {
|
|
||||||
add_header Access-Control-Allow-Origin $cors_origin always;
|
|
||||||
add_header Access-Control-Allow-Credentials "true" always;
|
|
||||||
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
|
|
||||||
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
|
|
||||||
return 204;
|
|
||||||
}
|
|
||||||
|
|
||||||
add_header Access-Control-Allow-Origin $cors_origin always;
|
|
||||||
add_header Access-Control-Allow-Credentials "true" always;
|
|
||||||
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
|
|
||||||
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
|
|
||||||
|
|
||||||
proxy_pass http://127.0.0.1:8080/api/v1/$1;
|
|
||||||
include /etc/nginx/proxy_params;
|
|
||||||
proxy_read_timeout 300;
|
|
||||||
proxy_connect_timeout 300;
|
|
||||||
proxy_send_timeout 300;
|
|
||||||
}
|
|
||||||
|
|
||||||
# WebSocket relay (sdk_relay)
|
|
||||||
location /ws/ {
|
|
||||||
proxy_pass http://127.0.0.1:8090/;
|
|
||||||
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
|
|
||||||
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
|
|
||||||
proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol;
|
|
||||||
proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection "upgrade";
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
proxy_read_timeout 300;
|
|
||||||
}
|
|
||||||
|
|
||||||
# API de transfert de fonds
|
|
||||||
location /api/v1/funds/ {
|
|
||||||
proxy_pass http://127.0.0.1:8080/api/v1/funds/;
|
|
||||||
include /etc/nginx/proxy_params;
|
|
||||||
proxy_read_timeout 300;
|
|
||||||
proxy_connect_timeout 300;
|
|
||||||
proxy_send_timeout 300;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Grafana - Interface de monitoring (DOIT être avant location /)
|
# Grafana - Interface de monitoring (DOIT être avant location /)
|
||||||
location /grafana/ {
|
location /grafana/ {
|
||||||
@ -202,49 +111,82 @@ server {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# ihm_client (root) - DOIT être en dernier
|
# API backend - route /back/ vers /api/ du backend
|
||||||
location / {
|
location ~* ^/back/(.*)$ {
|
||||||
proxy_pass http://127.0.0.1:3003;
|
proxy_pass http://127.0.0.1:8080/api/$1;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header Connection "";
|
||||||
|
proxy_buffering off;
|
||||||
|
}
|
||||||
|
|
||||||
|
# API direct - route /api/ vers le backend
|
||||||
|
# Autorisations CORS dynamiques pour origines connues
|
||||||
|
set $cors_origin "";
|
||||||
|
if ($http_origin ~* ^(http://local\.4nkweb\.com:3000|https://dev4\.4nkweb\.com)$) {
|
||||||
|
set $cors_origin $http_origin;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /api/ {
|
||||||
|
# CORS pour développement local Next.js
|
||||||
|
proxy_hide_header Access-Control-Allow-Origin;
|
||||||
|
proxy_hide_header Access-Control-Allow-Credentials;
|
||||||
|
proxy_hide_header Access-Control-Allow-Headers;
|
||||||
|
proxy_hide_header Access-Control-Allow-Methods;
|
||||||
|
|
||||||
|
if ($request_method = OPTIONS) {
|
||||||
|
add_header Access-Control-Allow-Origin $cors_origin always;
|
||||||
|
add_header Access-Control-Allow-Credentials "true" always;
|
||||||
|
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
|
||||||
|
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
|
||||||
|
return 204;
|
||||||
|
}
|
||||||
|
|
||||||
|
add_header Access-Control-Allow-Origin $cors_origin always;
|
||||||
|
add_header Access-Control-Allow-Credentials "true" always;
|
||||||
|
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
|
||||||
|
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
|
||||||
|
|
||||||
|
proxy_pass http://127.0.0.1:8080/api/;
|
||||||
include /etc/nginx/proxy_params;
|
include /etc/nginx/proxy_params;
|
||||||
|
proxy_read_timeout 300;
|
||||||
|
proxy_connect_timeout 300;
|
||||||
|
proxy_send_timeout 300;
|
||||||
|
}
|
||||||
|
|
||||||
|
# WebSocket relay (sdk_relay)
|
||||||
|
location /ws/ {
|
||||||
|
proxy_pass http://127.0.0.1:8090/;
|
||||||
|
proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
|
||||||
|
proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
|
||||||
|
proxy_set_header Sec-WebSocket-Protocol $http_sec_websocket_protocol;
|
||||||
|
proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection "upgrade";
|
proxy_set_header Connection "upgrade";
|
||||||
|
proxy_read_timeout 86400;
|
||||||
|
}
|
||||||
|
|
||||||
|
# API de transfert de fonds
|
||||||
|
location /api/v1/funds/ {
|
||||||
|
proxy_pass http://127.0.0.1:8080/api/v1/funds/;
|
||||||
|
include /etc/nginx/proxy_params;
|
||||||
proxy_read_timeout 300;
|
proxy_read_timeout 300;
|
||||||
|
proxy_connect_timeout 300;
|
||||||
|
proxy_send_timeout 300;
|
||||||
}
|
}
|
||||||
|
|
||||||
# favicon
|
# favicon
|
||||||
location = /favicon.ico {
|
location = /favicon.ico {
|
||||||
root /home/debian/lecoffre_node/conf/nginx/assets;
|
root /home/debian/lecoffre_node/conf/nginx/assets;
|
||||||
try_files /favicon.ico =404;
|
try_files /favicon.ico =404;
|
||||||
access_log off;
|
|
||||||
expires 30d;
|
|
||||||
}
|
|
||||||
|
|
||||||
# lecoffre frontend
|
|
||||||
location = /lecoffre {
|
|
||||||
proxy_pass http://127.0.0.2:3004/lecoffre;
|
|
||||||
include /etc/nginx/proxy_params;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Forwarded-Proto http;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /lecoffre/ {
|
|
||||||
proxy_pass http://127.0.0.2:3004/lecoffre/;
|
|
||||||
include /etc/nginx/proxy_params;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Forwarded-Proto http;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection "upgrade";
|
|
||||||
proxy_read_timeout 300;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Next.js assets
|
|
||||||
location /_next/ {
|
|
||||||
proxy_pass http://127.0.0.2:3004/_next/;
|
|
||||||
include /etc/nginx/proxy_params;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Forwarded-Proto http;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# blindbit
|
# blindbit
|
||||||
@ -263,4 +205,13 @@ server {
|
|||||||
proxy_read_timeout 300;
|
proxy_read_timeout 300;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# ihm_client (root) - DOIT être en dernier
|
||||||
|
location / {
|
||||||
|
proxy_pass http://127.0.0.1:3003;
|
||||||
|
include /etc/nginx/proxy_params;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
proxy_read_timeout 300;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
@ -1,16 +1,18 @@
|
|||||||
# HTTP server for ACME and initial proxying
|
# HTTP server for ACME and redirect to HTTPS
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
server_name dev4.4nkweb.com;
|
server_name dev4.4nkweb.com;
|
||||||
|
|
||||||
# Forcer l'upgrade des requêtes HTTP en HTTPS pour éviter les contenus mixtes
|
|
||||||
add_header Content-Security-Policy "upgrade-insecure-requests" always;
|
|
||||||
|
|
||||||
# ACME HTTP-01 challenges
|
# ACME HTTP-01 challenges
|
||||||
location /.well-known/acme-challenge/ {
|
location /.well-known/acme-challenge/ {
|
||||||
root /var/www/letsencrypt;
|
root /var/www/letsencrypt;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Redirection vers HTTPS pour toutes les autres requêtes
|
||||||
|
location / {
|
||||||
|
return 301 https://$server_name$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
# API backend - route /back/ vers /api/ du backend
|
# API backend - route /back/ vers /api/ du backend
|
||||||
location ~* ^/back/(.*)$ {
|
location ~* ^/back/(.*)$ {
|
||||||
proxy_pass http://127.0.0.1:8080/api/$1;
|
proxy_pass http://127.0.0.1:8080/api/$1;
|
||||||
|
|||||||
@ -1,170 +0,0 @@
|
|||||||
# HTTP server for ACME and initial proxying
|
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
server_name dev4.4nkweb.com;
|
|
||||||
|
|
||||||
# Forcer l'upgrade des requêtes HTTP en HTTPS pour éviter les contenus mixtes
|
|
||||||
add_header Content-Security-Policy "upgrade-insecure-requests" always;
|
|
||||||
|
|
||||||
# ACME HTTP-01 challenges
|
|
||||||
location /.well-known/acme-challenge/ {
|
|
||||||
root /var/www/letsencrypt;
|
|
||||||
}
|
|
||||||
|
|
||||||
# API backend - route /back/ vers /api/ du backend
|
|
||||||
location ~* ^/back/(.*)$ {
|
|
||||||
proxy_pass http://127.0.0.1:8080/api/$1;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
proxy_set_header Connection "";
|
|
||||||
proxy_buffering off;
|
|
||||||
}
|
|
||||||
|
|
||||||
# API direct - route /api/ vers le backend
|
|
||||||
# Autorisations CORS dynamiques pour origines connues
|
|
||||||
set $cors_origin "";
|
|
||||||
if ($http_origin ~* ^(http://local\.4nkweb\.com:3000|https://dev4\.4nkweb\.com)$) {
|
|
||||||
set $cors_origin $http_origin;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /api/ {
|
|
||||||
# CORS pour développement local Next.js
|
|
||||||
proxy_hide_header Access-Control-Allow-Origin;
|
|
||||||
proxy_hide_header Access-Control-Allow-Credentials;
|
|
||||||
proxy_hide_header Access-Control-Allow-Headers;
|
|
||||||
proxy_hide_header Access-Control-Allow-Methods;
|
|
||||||
|
|
||||||
if ($request_method = OPTIONS) {
|
|
||||||
add_header Access-Control-Allow-Origin $cors_origin always;
|
|
||||||
add_header Access-Control-Allow-Credentials "true" always;
|
|
||||||
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
|
|
||||||
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
|
|
||||||
return 204;
|
|
||||||
}
|
|
||||||
|
|
||||||
add_header Access-Control-Allow-Origin $cors_origin always;
|
|
||||||
add_header Access-Control-Allow-Credentials "true" always;
|
|
||||||
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
|
|
||||||
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
|
|
||||||
|
|
||||||
proxy_pass http://127.0.0.1:8080/api/;
|
|
||||||
include /etc/nginx/proxy_params;
|
|
||||||
proxy_read_timeout 300;
|
|
||||||
proxy_connect_timeout 300;
|
|
||||||
proxy_send_timeout 300;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Compat: certains clients appellent /apiv1 -> réécriture vers /api/v1
|
|
||||||
location ~* ^/apiv1/(.*)$ {
|
|
||||||
# CORS pour compatibilité
|
|
||||||
proxy_hide_header Access-Control-Allow-Origin;
|
|
||||||
proxy_hide_header Access-Control-Allow-Credentials;
|
|
||||||
proxy_hide_header Access-Control-Allow-Headers;
|
|
||||||
proxy_hide_header Access-Control-Allow-Methods;
|
|
||||||
|
|
||||||
if ($request_method = OPTIONS) {
|
|
||||||
add_header Access-Control-Allow-Origin $cors_origin always;
|
|
||||||
add_header Access-Control-Allow-Credentials "true" always;
|
|
||||||
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
|
|
||||||
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
|
|
||||||
return 204;
|
|
||||||
}
|
|
||||||
|
|
||||||
add_header Access-Control-Allow-Origin $cors_origin always;
|
|
||||||
add_header Access-Control-Allow-Credentials "true" always;
|
|
||||||
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
|
|
||||||
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
|
|
||||||
|
|
||||||
proxy_pass http://127.0.0.1:8080/api/v1/$1;
|
|
||||||
include /etc/nginx/proxy_params;
|
|
||||||
proxy_read_timeout 300;
|
|
||||||
proxy_connect_timeout 300;
|
|
||||||
proxy_send_timeout 300;
|
|
||||||
}
|
|
||||||
|
|
||||||
# WebSocket relay (sdk_relay)
|
|
||||||
location /ws/ {
|
|
||||||
proxy_pass http://127.0.0.1:8090/;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection "upgrade";
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
proxy_read_timeout 300;
|
|
||||||
}
|
|
||||||
|
|
||||||
# API de transfert de fonds
|
|
||||||
location /api/v1/funds/ {
|
|
||||||
proxy_pass http://127.0.0.1:8080/api/v1/funds/;
|
|
||||||
include /etc/nginx/proxy_params;
|
|
||||||
proxy_read_timeout 300;
|
|
||||||
proxy_connect_timeout 300;
|
|
||||||
proxy_send_timeout 300;
|
|
||||||
}
|
|
||||||
|
|
||||||
# ihm_client (root)
|
|
||||||
location / {
|
|
||||||
proxy_pass http://127.0.0.1:3003;
|
|
||||||
include /etc/nginx/proxy_params;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection "upgrade";
|
|
||||||
proxy_read_timeout 300;
|
|
||||||
}
|
|
||||||
|
|
||||||
# favicon
|
|
||||||
location = /favicon.ico {
|
|
||||||
root /home/debian/lecoffre_node/conf/nginx/assets;
|
|
||||||
try_files /favicon.ico =404;
|
|
||||||
access_log off;
|
|
||||||
expires 30d;
|
|
||||||
}
|
|
||||||
|
|
||||||
# lecoffre frontend
|
|
||||||
location = /lecoffre {
|
|
||||||
proxy_pass http://127.0.0.2:3004/lecoffre;
|
|
||||||
include /etc/nginx/proxy_params;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Forwarded-Proto http;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /lecoffre/ {
|
|
||||||
proxy_pass http://127.0.0.2:3004/lecoffre/;
|
|
||||||
include /etc/nginx/proxy_params;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Forwarded-Proto http;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection "upgrade";
|
|
||||||
proxy_read_timeout 300;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Next.js assets
|
|
||||||
location /_next/ {
|
|
||||||
proxy_pass http://127.0.0.2:3004/_next/;
|
|
||||||
include /etc/nginx/proxy_params;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Forwarded-Proto http;
|
|
||||||
}
|
|
||||||
|
|
||||||
# blindbit
|
|
||||||
location /blindbit/ {
|
|
||||||
proxy_pass http://127.0.0.1:8000/;
|
|
||||||
include /etc/nginx/proxy_params;
|
|
||||||
}
|
|
||||||
|
|
||||||
# signer (sdk_signer) avec support WebSocket
|
|
||||||
location /signer/ {
|
|
||||||
proxy_pass http://127.0.0.1:3001/;
|
|
||||||
include /etc/nginx/proxy_params;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection "upgrade";
|
|
||||||
proxy_read_timeout 300;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
Loading…
x
Reference in New Issue
Block a user