diff --git a/.env.bak_20250917_072313 b/.env.bak_20250917_072313 deleted file mode 100644 index 45e2166..0000000 --- a/.env.bak_20250917_072313 +++ /dev/null @@ -1,76 +0,0 @@ -# Variables d'environnement pour l'application back-end -NODE_OPTIONS=--max-old-space-size=2048 -NODE_ENV=production - -# Configuration IDNOT -IDNOT_ANNUARY_BASE_URL=https://qual-api.notaires.fr/annuaire -IDNOT_API_KEY='ba557f84-0bf6-4dbf-844f-df2767555e3e' -IDNOT_CLIENT_ID=B3CE56353EDB15A9 -IDNOT_CLIENT_SECRET=3F733549E879878344B6C949B366BB5CDBB2DB5B7F7AB7EBBEBB0F0DD0776D1C -# IDNOT_REDIRECT_URI=http://local.4nkweb.com:3004/authorized-client -IDNOT_REDIRECT_URI=https://dev4.4nkweb.com/lecoffre/authorized-client -IDNOT_TOKEN_URL=https://qual-connexion.idnot.fr/user/IdPOAuth2/token/idnot_idp_v1 -IDNOT_API_BASE_URL=https://qual-api.notaires.fr/annuaire - -# Configuration OVH -OVH_APP_KEY=5ab0709bbb65ef26 -OVH_APP_SECRET=de1fac1779d707d263a611a557cd5766 -OVH_CONSUMER_KEY=5fe817829b8a9c780cfa2354f8312ece -OVH_SMS_SERVICE_NAME=sms-tt802880-1 - -# Configuration SMS Factor -SMS_FACTOR_TOKEN=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI4NzgzNiIsImlhdCI6MTcwMTMzOTY1Mi45NDUzOH0.GNoqLb5MDBWuniNlQjbr1PKolwxGqBZe_tf4IMObvHw - -# Configuration Mailchimp -MAILCHIMP_API_KEY=md-VVfaml-ApIV4nsGgaJKl0A -MAILCHIMP_KEY=3fa54304bc766dfd0b8043a827b28a3a-us17 -MAILCHIMP_LIST_ID=a48d9ad852 - -# Configuration Stripe -STRIPE_SECRET_KEY=sk_test_51OwKmMP5xh1u9BqSeFpqw0Yr15hHtFsh0pvRGaE0VERhlYtvw33ND1qiGA6Dy1DPmmV61B6BqIimlhuv7bwElhjF00PLQwD60n -STRIPE_WEBHOOK_SECRET= -STRIPE_STANDARD_SUBSCRIPTION_PRICE_ID=price_1P66fuP5xh1u9BqSHj0O6Uy3 -STRIPE_STANDARD_ANNUAL_SUBSCRIPTION_PRICE_ID=price_1P9NsRP5xh1u9BqSFgkUDbQY -STRIPE_UNLIMITED_SUBSCRIPTION_PRICE_ID=price_1P66RqP5xh1u9BqSuUzkQNac -STRIPE_UNLIMITED_ANNUAL_SUBSCRIPTION_PRICE_ID=price_1P9NpKP5xh1u9BqSApFogvUB - -# Configuration serveur -APP_HOST=https://dev4.4nkweb.com/lecoffre -# API_BASE_URL=https://demo.4nkweb.com/back -API_BASE_URL=https://dev4.4nkweb.com/back -# DEFAULT_STORAGE=https://demo.4nkweb.com/storage -DEFAULT_STORAGE=https://dev4.4nkweb.com/storage - -# Variables d'environnement pour l'application front-end -# NEXT_PUBLIC_4NK_URL=http://demo.4nkweb.com/ -NEXT_PUBLIC_4NK_URL=https://dev4.4nkweb.com/ -# NEXT_PUBLIC_FRONT_APP_HOST=https://demo.4nkweb.com -NEXT_PUBLIC_FRONT_APP_HOST=https://dev4.4nkweb.com/lecoffre -NEXT_PUBLIC_IDNOT_BASE_URL=https://qual-connexion.idnot.fr -NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=/IdPOAuth2/authorize/idnot_idp_v1 -NEXT_PUBLIC_IDNOT_CLIENT_ID=B3CE56353EDB15A9 -NEXT_PUBLIC_BACK_API_PROTOCOL=https -NEXT_PUBLIC_BACK_API_HOST=dev4.4nkweb.com -NEXT_PUBLIC_BACK_API_PORT=443 -NEXT_PUBLIC_BACK_API_ROOT_URL=/back -NEXT_PUBLIC_BACK_API_VERSION=/v1 -# NEXT_PUBLIC_ANK_BASE_REDIRECT_URI='http://local.4nkweb.com:3004/authorized-client' -NEXT_PUBLIC_ANK_BASE_REDIRECT_URI='https://dev4.4nkweb.com/lecoffre/authorized-client' -NEXT_PUBLIC_TARGET_ORIGIN = https://dev4.4nkweb.com/lecoffre - -NEXT_PUBLIC_DOCAPOSTE_API_URL= -NEXT_PUBLIC_API_URL=https://dev4.4nkweb.com/back -NEXT_PUBLIC_DEFAULT_VALIDATOR_ID= -NEXT_PUBLIC_DEFAULT_STORAGE_URLS=https://dev4.4nkweb.com/storage -NEXT_PUBLIC_HOTJAR_SITE_ID= -NEXT_PUBLIC_HOTJAR_VERSION= - -# WS -# RELAY_URLS=wss://demo.4nkweb.com/ws -RELAY_URLS=wss://dev4.4nkweb.com/ws -# SIGNER_WS_URL=https://dev4.4nkweb.com/signer/ -SIGNER_WS_URL=https://dev4.4nkweb.com/signer/ - -# IHM URLS -# VITE_BOOTSTRAPURL=http://sdk_relay:8090/ -VITE_BOOTSTRAPURL=https://dev4.4nkweb.com/ws/ \ No newline at end of file diff --git a/.env.exemple b/.env.exemple index 17ef3e5..5d6c161 100644 --- a/.env.exemple +++ b/.env.exemple @@ -5,7 +5,7 @@ NODE_ENV=production # Configuration IDNOT IDNOT_ANNUARY_BASE_URL=https://qual-api.notaires.fr/annuaire # IDNOT_REDIRECT_URI=http://local.4nkweb.com:3004/authorized-client -IDNOT_REDIRECT_URI=https://dev4.4nkweb.com/lecoffre/authorized-client +IDNOT_REDIRECT_URI=http://local.4nkweb.com:3000/authorized-client IDNOT_TOKEN_URL=https://qual-connexion.idnot.fr/user/IdPOAuth2/token/idnot_idp_v1 IDNOT_API_BASE_URL=https://qual-api.notaires.fr/annuaire @@ -24,34 +24,40 @@ NEXT_PUBLIC_FRONT_APP_HOST=https://dev4.4nkweb.com/lecoffre NEXT_PUBLIC_FRONT_APP_PORT=443 NEXT_PUBLIC_IDNOT_BASE_URL=https://qual-connexion.idnot.fr NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=/IdPOAuth2/authorize/idnot_idp_v1 -NEXT_PUBLIC_BACK_API_PROTOCOL=https:// +NEXT_PUBLIC_BACK_API_PROTOCOL=https NEXT_PUBLIC_BACK_API_HOST=dev4.4nkweb.com NEXT_PUBLIC_BACK_API_PORT=443 -NEXT_PUBLIC_BACK_API_ROOT_URL=/back +NEXT_PUBLIC_BACK_API_ROOT_URL=/api NEXT_PUBLIC_BACK_API_VERSION=v1 # NEXT_PUBLIC_ANK_BASE_REDIRECT_URI='http://local.4nkweb.com:3004/authorized-client' NEXT_PUBLIC_ANK_BASE_REDIRECT_URI=https://dev4.4nkweb.com/lecoffre/authorized-client NEXT_PUBLIC_TARGET_ORIGIN=https://dev4.4nkweb.com/lecoffre NEXT_PUBLIC_4NK_IFRAME_URL=https://dev4.4nkweb.com -NEXT_PUBLIC_IDNOT_REDIRECT_URI=http://local.lecoffreio.4nkweb:3000/authorized-client +NEXT_PUBLIC_IDNOT_REDIRECT_URI=http://local.4nkweb.com:3000/authorized-client NEXT_PUBLIC_DOCAPOSTE_API_URL= -NEXT_PUBLIC_API_URL=https://dev4.4nkweb.com/back +NEXT_PUBLIC_API_URL=https://dev4.4nkweb.com/api NEXT_PUBLIC_DEFAULT_VALIDATOR_ID=28c9a3a8151bef545ebf700ca5222c63d0031ad593097e95c1de202464304a99 NEXT_PUBLIC_DEFAULT_STORAGE_URLS=https://dev4.4nkweb.com/storage NEXT_PUBLIC_HOTJAR_SITE_ID=0 -NEXT_PUBLIC_HOTJAR_VERSION=1.0.9 +NEXT_PUBLIC_HOTJAR_VERSION= +SIGNER_BASE_URL=https://dev3.4nkweb.com/signer/ # WS # RELAY_URLS=wss://demo.4nkweb.com/ws RELAY_URLS=wss://dev4.4nkweb.com/ws # SIGNER_WS_URL=https://dev4.4nkweb.com/signer/ -SIGNER_WS_URL=https://dev4.4nkweb.com/signer/ +SIGNER_WS_URL=https://dev3.4nkweb.com/signer/ + # IHM URLS # VITE_BOOTSTRAPURL=http://sdk_relay:8090/ VITE_BOOTSTRAPURL=https://dev4.4nkweb.com/ws/ +# Cartes de test Stripe +SUCCES= 4242 4242 4242 4242 #Paiement réussi +DECLINED= 4000 0025 0000 3155 #Paiement refusé + # ================================= /!\ sensible ======================== IDNOT_API_KEY= @@ -79,4 +85,6 @@ STRIPE_WEBHOOK_SECRET= STRIPE_STANDARD_SUBSCRIPTION_PRICE_ID= STRIPE_STANDARD_ANNUAL_SUBSCRIPTION_PRICE_ID= STRIPE_UNLIMITED_SUBSCRIPTION_PRICE_ID= -STRIPE_UNLIMITED_ANNUAL_SUBSCRIPTION_PRICE_ID= \ No newline at end of file +STRIPE_UNLIMITED_ANNUAL_SUBSCRIPTION_PRICE_ID= + +SIGNER_API_KEY=your_signer_api_key_here \ No newline at end of file diff --git a/conf/nginx/dev4.4nkweb.com-https.conf b/conf/nginx/dev4.4nkweb.com-https.conf index 2b054f4..c375edc 100644 --- a/conf/nginx/dev4.4nkweb.com-https.conf +++ b/conf/nginx/dev4.4nkweb.com-https.conf @@ -4,21 +4,8 @@ server { ssl_certificate /etc/letsencrypt/live/dev4.4nkweb.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/dev4.4nkweb.com/privkey.pem; include /etc/nginx/proxy_params; - location = /lecoffre { - proxy_pass http://127.0.0.2:3004/lecoffre; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Prefix /lecoffre; - } - location /lecoffre/ { - proxy_pass http://127.0.0.2:3004; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Prefix /lecoffre; - } + # Root → ihm_client location / { proxy_pass http://127.0.0.1:3003; include /etc/nginx/proxy_params; @@ -28,12 +15,59 @@ server { proxy_read_timeout 300; } - location /lecoffre/_next/ { - proxy_pass http://127.0.0.2:3004/lecoffre/_next/; + # lecoffre-front (préserver le préfixe) + location = /lecoffre { + proxy_pass http://127.0.0.2:3004; + include /etc/nginx/proxy_params; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Prefix /lecoffre; proxy_read_timeout 300; } + location /lecoffre/ { + proxy_pass http://127.0.0.2:3004; + include /etc/nginx/proxy_params; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Prefix /lecoffre; + proxy_read_timeout 300; + } + + # Next.js assets sous basePath + location /lecoffre/_next/webpack-hmr { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto https; + proxy_buffering off; + proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr; + proxy_read_timeout 600s; + } + location /lecoffre/_next/ { + proxy_pass http://127.0.0.2:3004/lecoffre/_next/; + include /etc/nginx/proxy_params; + proxy_read_timeout 300; + } + + # signer (sdk_signer) avec support WebSocket + location /signer/ { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto https; + proxy_pass http://127.0.0.1:3001/; + proxy_read_timeout 600s; + proxy_buffering off; + } + + # Next.js assets au root si nécessaire location /_next/ { proxy_pass http://127.0.0.2:3004/_next/; + include /etc/nginx/proxy_params; proxy_read_timeout 300; } } diff --git a/conf/nginx/dev4.4nkweb.com.conf b/conf/nginx/dev4.4nkweb.com.conf index e09c07b..94c400d 100644 --- a/conf/nginx/dev4.4nkweb.com.conf +++ b/conf/nginx/dev4.4nkweb.com.conf @@ -1,156 +1,337 @@ # HTTP server for ACME and initial proxying +# HTTP server for ACME and initial proxying server { +server { + listen 80; listen 80; server_name dev4.4nkweb.com; + server_name dev4.4nkweb.com; + # ACME HTTP-01 challenges + # ACME HTTP-01 challenges + location /.well-known/acme-challenge/ { location /.well-known/acme-challenge/ { root /var/www/letsencrypt; + root /var/www/letsencrypt; } + } + # ihm_client (root) + # ihm_client (root) + location / { location / { proxy_pass http://127.0.0.1:3003; + proxy_pass http://127.0.0.1:3003; + include /etc/nginx/proxy_params; include /etc/nginx/proxy_params; proxy_http_version 1.1; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 300; proxy_read_timeout 300; } + } + # Favicon (global) + # Favicon (global) + location = /favicon.ico { location = /favicon.ico { root /home/debian/lecoffre_node/conf/nginx/assets; - try_files /favicon.ico =404; - access_log off; - expires 30d; - } - - # lecoffre-front - location = /lecoffre { - proxy_pass http://127.0.0.2:3004/lecoffre; - include /etc/nginx/proxy_params; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto http; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Prefix /lecoffre; - proxy_read_timeout 300; - } - location /lecoffre/ { - proxy_pass http://127.0.0.2:3004; - include /etc/nginx/proxy_params; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto http; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Prefix /lecoffre; - proxy_read_timeout 300; - } - - # Next.js assets and HMR under basePath - location /lecoffre/_next/webpack-hmr { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto http; - proxy_buffering off; - proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr; - proxy_read_timeout 600s; - } - - location /lecoffre/_next/ { - proxy_pass http://127.0.0.2:3004/lecoffre/_next/; - include /etc/nginx/proxy_params; - proxy_read_timeout 300; - } - - # Favicon sous /lecoffre - location = /lecoffre/favicon.ico { root /home/debian/lecoffre_node/conf/nginx/assets; try_files /favicon.ico =404; + try_files /favicon.ico =404; + access_log off; access_log off; expires 30d; + expires 30d; } + } + + + # lecoffre-front + # lecoffre-front + location = /lecoffre { + location = /lecoffre { + proxy_pass http://127.0.0.2:3004/lecoffre; + proxy_pass http://127.0.0.2:3004/lecoffre; + include /etc/nginx/proxy_params; + include /etc/nginx/proxy_params; + proxy_set_header Host $host; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Prefix /lecoffre; + proxy_set_header X-Forwarded-Prefix /lecoffre; + proxy_read_timeout 300; + proxy_read_timeout 300; + } + } + location /lecoffre/ { + location /lecoffre/ { + proxy_pass http://127.0.0.2:3004; + proxy_pass http://127.0.0.2:3004; + include /etc/nginx/proxy_params; + include /etc/nginx/proxy_params; + proxy_set_header Host $host; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Prefix /lecoffre; + proxy_set_header X-Forwarded-Prefix /lecoffre; + proxy_read_timeout 300; + proxy_read_timeout 300; + } + } + + + # Next.js assets and HMR under basePath + # Next.js assets and HMR under basePath + location /lecoffre/_next/webpack-hmr { + location /lecoffre/_next/webpack-hmr { + proxy_http_version 1.1; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-Proto http; + proxy_buffering off; + proxy_buffering off; + proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr; + proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr; + proxy_read_timeout 600s; + proxy_read_timeout 600s; + } + } + + + location /lecoffre/_next/ { + location /lecoffre/_next/ { + proxy_pass http://127.0.0.2:3004/lecoffre/_next/; + proxy_pass http://127.0.0.2:3004/lecoffre/_next/; + include /etc/nginx/proxy_params; + include /etc/nginx/proxy_params; + proxy_read_timeout 300; + proxy_read_timeout 300; + } + } + + + # Favicon sous /lecoffre + # Favicon sous /lecoffre + location = /lecoffre/favicon.ico { + location = /lecoffre/favicon.ico { + root /home/debian/lecoffre_node/conf/nginx/assets; + root /home/debian/lecoffre_node/conf/nginx/assets; + try_files /favicon.ico =404; + try_files /favicon.ico =404; + access_log off; + access_log off; + expires 30d; + expires 30d; + } + } + # Next.js assets (served at root by the app) + # Next.js assets (served at root by the app) + location /_next/ { location /_next/ { proxy_pass http://127.0.0.2:3004/_next/; + proxy_pass http://127.0.0.2:3004/_next/; + include /etc/nginx/proxy_params; include /etc/nginx/proxy_params; proxy_read_timeout 300; + proxy_read_timeout 300; + } } - # lecoffre-back + + # API backend + # API backend location /back/ { - proxy_pass http://127.0.0.1:8080/; - include /etc/nginx/proxy_params; - proxy_read_timeout 300; + rewrite ^\/back\/(.*)$ \/api\/\1 break; + proxy_pass http:\/\/127.0.0.1:8080; + location /back/ { + location /back/ { + rewrite ^\/back\/(.*)$ \/api\/\1 break; + proxy_pass http:\/\/127.0.0.1:8080; + location /back/ { + proxy_pass http://127.0.0.1:8080/back/; + proxy_http_version 1.1; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_set_header Connection ""; + proxy_buffering off; + proxy_buffering off; } + } + # API alias → même backend que /back + # API alias → même backend que /back + location /api/ { location /api/ { proxy_pass http://127.0.0.1:8080/; + proxy_pass http://127.0.0.1:8080/; + include /etc/nginx/proxy_params; include /etc/nginx/proxy_params; proxy_read_timeout 300; + proxy_read_timeout 300; } + } + # blindbit + # blindbit + location /blindbit/ { location /blindbit/ { proxy_pass http://127.0.0.1:8000/; + proxy_pass http://127.0.0.1:8000/; + include /etc/nginx/proxy_params; include /etc/nginx/proxy_params; proxy_read_timeout 300; + proxy_read_timeout 300; + } } - # signer (sdk_signer) + + # signer (sdk_signer) avec support WebSocket + # signer (sdk_signer) avec support WebSocket location /signer/ { + location /signer/ { + proxy_http_version 1.1; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-Proto http; proxy_pass http://127.0.0.1:3001/; - include /etc/nginx/proxy_params; - proxy_read_timeout 300; + proxy_pass http://127.0.0.1:3001/; + proxy_read_timeout 600s; + proxy_read_timeout 600s; + proxy_buffering off; + proxy_buffering off; } + } + # storage (sdk_storage) + # storage (sdk_storage) + location /storage/ { location /storage/ { proxy_pass http://127.0.0.1:8081/; + proxy_pass http://127.0.0.1:8081/; + include /etc/nginx/proxy_params; include /etc/nginx/proxy_params; proxy_read_timeout 300; - } - - # WebSocket relay on /ws → 8090 - location = /ws { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto http; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Real-IP $remote_addr; - proxy_buffering off; - proxy_pass http://127.0.0.1:8090/; - proxy_read_timeout 600s; - } - - location /ws/ { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto http; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Real-IP $remote_addr; - proxy_buffering off; - # Strip /ws prefix when proxying to backend root - proxy_pass http://127.0.0.1:8090/; - proxy_read_timeout 600s; - } - - # Next.js HMR websocket for lecoffre-front - location /_next/webpack-hmr { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Proto http; - proxy_buffering off; - proxy_pass http://127.0.0.2:3004/_next/webpack-hmr; proxy_read_timeout 300; } + } + + + # WebSocket relay on /ws → 8090 + # WebSocket relay on /ws → 8090 + location = /ws { + location = /ws { + proxy_http_version 1.1; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_buffering off; + proxy_buffering off; + proxy_pass http://127.0.0.1:8090/; + proxy_pass http://127.0.0.1:8090/; + proxy_read_timeout 600s; + proxy_read_timeout 600s; + } + } + + + location /ws/ { + location /ws/ { + proxy_http_version 1.1; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Real-IP $remote_addr; + proxy_buffering off; + proxy_buffering off; + # Strip /ws prefix when proxying to backend root + # Strip /ws prefix when proxying to backend root + proxy_pass http://127.0.0.1:8090/; + proxy_pass http://127.0.0.1:8090/; + proxy_read_timeout 600s; + proxy_read_timeout 600s; + } + } + + + # Next.js HMR websocket for lecoffre-front + # Next.js HMR websocket for lecoffre-front + location /_next/webpack-hmr { + location /_next/webpack-hmr { + proxy_http_version 1.1; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-Proto http; + proxy_buffering off; + proxy_buffering off; + proxy_pass http://127.0.0.2:3004/_next/webpack-hmr; + proxy_pass http://127.0.0.2:3004/_next/webpack-hmr; + proxy_read_timeout 300; + proxy_read_timeout 300; + } + } +} } diff --git a/conf/nginx/dev4.4nkweb.com.conf.bak_1758117811 b/conf/nginx/dev4.4nkweb.com.conf.bak_1758117811 new file mode 100644 index 0000000..4b72de2 --- /dev/null +++ b/conf/nginx/dev4.4nkweb.com.conf.bak_1758117811 @@ -0,0 +1,166 @@ +# HTTP server for ACME and initial proxying +server { + listen 80; + server_name dev4.4nkweb.com; + + # ACME HTTP-01 challenges + location /.well-known/acme-challenge/ { + root /var/www/letsencrypt; + } + + # ihm_client (root) + location / { + proxy_pass http://127.0.0.1:3003; + include /etc/nginx/proxy_params; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 300; + } + + # Favicon (global) + location = /favicon.ico { + root /home/debian/lecoffre_node/conf/nginx/assets; + try_files /favicon.ico =404; + access_log off; + expires 30d; + } + + # lecoffre-front + location = /lecoffre { + proxy_pass http://127.0.0.2:3004/lecoffre; + include /etc/nginx/proxy_params; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Prefix /lecoffre; + proxy_read_timeout 300; + } + location /lecoffre/ { + proxy_pass http://127.0.0.2:3004; + include /etc/nginx/proxy_params; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Prefix /lecoffre; + proxy_read_timeout 300; + } + + # Next.js assets and HMR under basePath + location /lecoffre/_next/webpack-hmr { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_buffering off; + proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr; + proxy_read_timeout 600s; + } + + location /lecoffre/_next/ { + proxy_pass http://127.0.0.2:3004/lecoffre/_next/; + include /etc/nginx/proxy_params; + proxy_read_timeout 300; + } + + # Favicon sous /lecoffre + location = /lecoffre/favicon.ico { + root /home/debian/lecoffre_node/conf/nginx/assets; + try_files /favicon.ico =404; + access_log off; + expires 30d; + } + + # Next.js assets (served at root by the app) + location /_next/ { + proxy_pass http://127.0.0.2:3004/_next/; + include /etc/nginx/proxy_params; + proxy_read_timeout 300; + } + + # API backend + location /back/ { + proxy_pass http://127.0.0.1:8080/back/; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Connection ""; + proxy_buffering off; + } + + # API alias → même backend que /back + location /api/ { + proxy_pass http://127.0.0.1:8080/; + include /etc/nginx/proxy_params; + proxy_read_timeout 300; + } + + # blindbit + location /blindbit/ { + proxy_pass http://127.0.0.1:8000/; + include /etc/nginx/proxy_params; + proxy_read_timeout 300; + } + + # signer (sdk_signer) avec support WebSocket + location /signer/ { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_pass http://127.0.0.1:3001/; + proxy_read_timeout 600s; + proxy_buffering off; + } + + # storage (sdk_storage) + location /storage/ { + proxy_pass http://127.0.0.1:8081/; + include /etc/nginx/proxy_params; + proxy_read_timeout 300; + } + + # WebSocket relay on /ws → 8090 + location = /ws { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + proxy_buffering off; + proxy_pass http://127.0.0.1:8090/; + proxy_read_timeout 600s; + } + + location /ws/ { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + proxy_buffering off; + # Strip /ws prefix when proxying to backend root + proxy_pass http://127.0.0.1:8090/; + proxy_read_timeout 600s; + } + + # Next.js HMR websocket for lecoffre-front + location /_next/webpack-hmr { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_buffering off; + proxy_pass http://127.0.0.2:3004/_next/webpack-hmr; + proxy_read_timeout 300; + } +} diff --git a/conf/nginx/local.4nkweb.com-3000.conf b/conf/nginx/local.4nkweb.com-3000.conf index f6841c3..a4ea511 100644 --- a/conf/nginx/local.4nkweb.com-3000.conf +++ b/conf/nginx/local.4nkweb.com-3000.conf @@ -1,7 +1,64 @@ server { listen 0.0.0.0:3000; + listen [::]:3000; server_name local.4nkweb.com; - - # Redirection vers HTTPS avec le chemin /lecoffre - return 301 https://dev4.4nkweb.com/lecoffre$request_uri; + + # HTTP pur: pas de HTTPS ni HSTS + + # Favicon + location = /favicon.ico { + root /home/debian/lecoffre_node/conf/nginx/assets; + } + + # Compat: callback ID.not sans basePath (toutes variantes et querystring) + location /authorized-client { + proxy_pass http://127.0.0.2:3004/lecoffre/authorized-client; + include /etc/nginx/proxy_params; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-Prefix /lecoffre; + proxy_read_timeout 300; + } + + # Entrée sans slash + location = /lecoffre { + proxy_pass http://127.0.0.2:3004; + include /etc/nginx/proxy_params; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-Prefix /lecoffre; + proxy_read_timeout 300; + } + + # BasePath /lecoffre + location /lecoffre/ { + proxy_pass http://127.0.0.2:3004; + include /etc/nginx/proxy_params; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-Prefix /lecoffre; + proxy_read_timeout 300; + } + + # HMR (si utilisé en local) + location /lecoffre/_next/webpack-hmr { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_buffering off; + proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr; + proxy_read_timeout 600s; + } + + # Assets Next.js + location ~* ^(/_next/static/|/lecoffre/_next/static/|/.+\.(?:css|js|png|jpg|jpeg|gif|svg|ico|webp|woff2?))$ { + expires 7d; + add_header Cache-Control "public, max-age=604800, immutable" always; + proxy_pass http://127.0.0.2:3004$request_uri; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_read_timeout 300; + } } diff --git a/conf/nginx/local.4nkweb.com.conf b/conf/nginx/local.4nkweb.com.conf new file mode 100644 index 0000000..fb6b90b --- /dev/null +++ b/conf/nginx/local.4nkweb.com.conf @@ -0,0 +1,9 @@ +server { + listen 80; + server_name local.4nkweb.com; + + # HTTP only: pas de redirection HTTPS, pas d'HSTS + location / { + return 302 http://local.4nkweb.com:3000$request_uri; + } +} diff --git a/conf/nginx/local.lecoffreio.4nkweb-3000.conf b/conf/nginx/local.lecoffreio.4nkweb-3000.conf new file mode 100644 index 0000000..ac33f36 --- /dev/null +++ b/conf/nginx/local.lecoffreio.4nkweb-3000.conf @@ -0,0 +1,55 @@ +server { + listen 0.0.0.0:3000; + listen [::]:3000; + server_name local.lecoffreio.4nkweb; + + # Ne jamais forcer HTTPS ni HSTS sur ce vhost local + # Pas de return 301, pas de add_header HSTS + + # Favicon local par défaut + location = /favicon.ico { + root /home/debian/lecoffre_node/conf/nginx/assets; + } + + # Entrée sans slash pour éviter les boucles + location = /lecoffre { + proxy_pass http://127.0.0.2:3004; + include /etc/nginx/proxy_params; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-Prefix /lecoffre; + proxy_read_timeout 300; + } + + # Sous-chemin Next.js (préserve le prefix) + location /lecoffre/ { + proxy_pass http://127.0.0.2:3004; + include /etc/nginx/proxy_params; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-Prefix /lecoffre; + proxy_read_timeout 300; + } + + # HMR en dev (si jamais on l’utilise en local HTTP) + location /lecoffre/_next/webpack-hmr { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_buffering off; + proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr; + proxy_read_timeout 600s; + } + + # Assets Next.js / cache léger côté proxy + location ~* ^(/_next/static/|/lecoffre/_next/static/|/.+\.(?:css|js|png|jpg|jpeg|gif|svg|ico|webp|woff2?))$ { + expires 7d; + add_header Cache-Control "public, max-age=604800, immutable" always; + proxy_pass http://127.0.0.2:3004$request_uri; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_read_timeout 300; + } +} diff --git a/conf/nginx/local.lecoffreio.4nkweb-3000.conf.bak b/conf/nginx/local.lecoffreio.4nkweb-3000.conf.bak new file mode 100644 index 0000000..e45ab0f --- /dev/null +++ b/conf/nginx/local.lecoffreio.4nkweb-3000.conf.bak @@ -0,0 +1,54 @@ +server { + listen 127.0.0.1:3000; + server_name local.lecoffreio.4nkweb; + + # Ne jamais forcer HTTPS ni HSTS sur ce vhost local + # Pas de return 301, pas de add_header HSTS + + # Favicon local par défaut + location = /favicon.ico { + root /home/debian/lecoffre_node/conf/nginx/assets; + } + + # Entrée sans slash pour éviter les boucles + location = /lecoffre { + proxy_pass http://127.0.0.2:3004; + include /etc/nginx/proxy_params; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-Prefix /lecoffre; + proxy_read_timeout 300; + } + + # Sous-chemin Next.js (préserve le prefix) + location /lecoffre/ { + proxy_pass http://127.0.0.2:3004; + include /etc/nginx/proxy_params; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-Prefix /lecoffre; + proxy_read_timeout 300; + } + + # HMR en dev (si jamais on l’utilise en local HTTP) + location /lecoffre/_next/webpack-hmr { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_buffering off; + proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr; + proxy_read_timeout 600s; + } + + # Assets Next.js / cache léger côté proxy + location ~* ^(/_next/static/|/lecoffre/_next/static/|/.+\.(?:css|js|png|jpg|jpeg|gif|svg|ico|webp|woff2?))$ { + expires 7d; + add_header Cache-Control "public, max-age=604800, immutable" always; + proxy_pass http://127.0.0.2:3004$request_uri; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_read_timeout 300; + } +} diff --git a/conf/nginx/local.lecoffreio.4nkweb.conf b/conf/nginx/local.lecoffreio.4nkweb.conf new file mode 100644 index 0000000..996144d --- /dev/null +++ b/conf/nginx/local.lecoffreio.4nkweb.conf @@ -0,0 +1,48 @@ +server { + listen 80; + server_name local.lecoffreio.4nkweb; + + # HTTP pur: pas de redirection vers HTTPS, pas d'HSTS + + location = /favicon.ico { + root /home/debian/lecoffre_node/conf/nginx/assets; + } + + location = /lecoffre { + proxy_pass http://127.0.0.2:3004; + include /etc/nginx/proxy_params; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-Prefix /lecoffre; + proxy_read_timeout 300; + } + + location /lecoffre/ { + proxy_pass http://127.0.0.2:3004; + include /etc/nginx/proxy_params; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-Prefix /lecoffre; + proxy_read_timeout 300; + } + + location /lecoffre/_next/webpack-hmr { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_buffering off; + proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr; + proxy_read_timeout 600s; + } + + location ~* ^(/_next/static/|/lecoffre/_next/static/|/.+\.(?:css|js|png|jpg|jpeg|gif|svg|ico|webp|woff2?))$ { + expires 7d; + add_header Cache-Control "public, max-age=604800, immutable" always; + proxy_pass http://127.0.0.2:3004$request_uri; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_read_timeout 300; + } +} diff --git a/docker-compose.yml b/docker-compose.yml index 53e83d9..f841272 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -96,7 +96,7 @@ services: restart: unless-stopped lecoffre-back: - image: git.4nkweb.com/4nk/lecoffre-back-mini:dev + image: git.4nkweb.com/4nk/lecoffre-back-mini:ext container_name: lecoffre-back env_file: - .env diff --git a/docs/local_http_vhost.md b/docs/local_http_vhost.md new file mode 100644 index 0000000..ba4b9cc --- /dev/null +++ b/docs/local_http_vhost.md @@ -0,0 +1,83 @@ +### Vhost local HTTP pour `local.lecoffreio.4nkweb` + +Objectif: servir l’IHM en HTTP pur (sans HTTPS ni HSTS) pour le domaine local `local.lecoffreio.4nkweb` sur le port 3000. + +#### Configuration Nginx + +Fichier: `conf/nginx/local.lecoffreio.4nkweb-3000.conf` + +```nginx +server { + listen 127.0.0.1:3000; + server_name local.lecoffreio.4nkweb; + + # Pas de redirection HTTPS ni HSTS + + location = /favicon.ico { + root /home/debian/lecoffre_node/conf/nginx/assets; + } + + location = /lecoffre { + proxy_pass http://127.0.0.2:3004; + include /etc/nginx/proxy_params; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-Prefix /lecoffre; + proxy_read_timeout 300; + } + + location /lecoffre/ { + proxy_pass http://127.0.0.2:3004; + include /etc/nginx/proxy_params; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_set_header X-Forwarded-Prefix /lecoffre; + proxy_read_timeout 300; + } + + location /lecoffre/_next/webpack-hmr { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_buffering off; + proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr; + proxy_read_timeout 600s; + } + + location ~* ^(/_next/static/|/lecoffre/_next/static/|/.+\.(?:css|js|png|jpg|jpeg|gif|svg|ico|webp|woff2?))$ { + expires 7d; + add_header Cache-Control "public, max-age=604800, immutable" always; + proxy_pass http://127.0.0.2:3004$request_uri; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto http; + proxy_read_timeout 300; + } +} +``` + +Activation: lien symbolique vers `/etc/nginx/sites-enabled/local.lecoffreio.4nkweb-3000.conf` puis `sudo nginx -t && sudo systemctl reload nginx`. + +#### DNS local + +Ajouter dans `/etc/hosts`: + +``` +127.0.0.1 local.lecoffreio.4nkweb +``` + +#### Variables d’environnement recommandées (local HTTP) + +``` +NEXT_PUBLIC_4NK_URL=http://local.lecoffreio.4nkweb:3000 +NEXT_PUBLIC_FRONT_APP_HOST=local.lecoffreio.4nkweb +NEXT_PUBLIC_FRONT_APP_PORT=3000 +NEXT_PUBLIC_FRONT_APP_ROOT_URL=/lecoffre +NEXT_PUBLIC_ANK_BASE_REDIRECT_URI=http://local.lecoffreio.4nkweb:3000/authorized-client +NEXT_PUBLIC_4NK_IFRAME_URL=http://local.lecoffreio.4nkweb:3000/lecoffre +``` + +Note cookies: en HTTP, les cookies marqués `Secure` ne sont pas envoyés. Adapter la config backend en conséquence pour ce domaine local. + + diff --git a/lecoffre-front-src b/lecoffre-front-src deleted file mode 160000 index 186f8f1..0000000 --- a/lecoffre-front-src +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 186f8f10757abd44d3e1883f8d05d7a8ab208009 diff --git a/tests/smoke_local_http.md b/tests/smoke_local_http.md new file mode 100644 index 0000000..ad720b3 --- /dev/null +++ b/tests/smoke_local_http.md @@ -0,0 +1,14 @@ +### Smoke tests - local.lecoffreio.4nkweb (HTTP) + +- **/lecoffre/**: doit répondre 200 (pas de redirection HTTPS) +- **/_next/** et **/lecoffre/_next/**: assets servis, codes 200/304 +- **favicon**: `http://local.lecoffreio.4nkweb:3000/favicon.ico` répond 200 si présent + +Commandes de vérification: + +```bash +curl -I -H "Host: local.lecoffreio.4nkweb" http://127.0.0.1:3000/lecoffre/ +curl -I -H "Host: local.lecoffreio.4nkweb" http://127.0.0.1:3000/lecoffre/_next/static/chunks/main.js +``` + +