ci: docker_tag=ext

2025-09-17 16:10:35 +00:00 · 2025-09-17 16:10:35 +00:00 · d9d5bea4b3
commit d9d5bea4b3
parent eac5b7bba8
14 changed files with 828 additions and 196 deletions
--- a/.env.bak_20250917_072313
+++ b/.env.bak_20250917_072313
@ -1,76 +0,0 @@
 # Variables d'environnement pour l'application back-end
 NODE_OPTIONS=--max-old-space-size=2048
 NODE_ENV=production
 # Configuration IDNOT
 IDNOT_ANNUARY_BASE_URL=https://qual-api.notaires.fr/annuaire
 IDNOT_API_KEY='ba557f84-0bf6-4dbf-844f-df2767555e3e'
 IDNOT_CLIENT_ID=B3CE56353EDB15A9
 IDNOT_CLIENT_SECRET=3F733549E879878344B6C949B366BB5CDBB2DB5B7F7AB7EBBEBB0F0DD0776D1C
 # IDNOT_REDIRECT_URI=http://local.4nkweb.com:3004/authorized-client
 IDNOT_REDIRECT_URI=https://dev4.4nkweb.com/lecoffre/authorized-client
 IDNOT_TOKEN_URL=https://qual-connexion.idnot.fr/user/IdPOAuth2/token/idnot_idp_v1
 IDNOT_API_BASE_URL=https://qual-api.notaires.fr/annuaire
 # Configuration OVH
 OVH_APP_KEY=5ab0709bbb65ef26
 OVH_APP_SECRET=de1fac1779d707d263a611a557cd5766
 OVH_CONSUMER_KEY=5fe817829b8a9c780cfa2354f8312ece
 OVH_SMS_SERVICE_NAME=sms-tt802880-1
 # Configuration SMS Factor
 SMS_FACTOR_TOKEN=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI4NzgzNiIsImlhdCI6MTcwMTMzOTY1Mi45NDUzOH0.GNoqLb5MDBWuniNlQjbr1PKolwxGqBZe_tf4IMObvHw
 # Configuration Mailchimp
 MAILCHIMP_API_KEY=md-VVfaml-ApIV4nsGgaJKl0A
 MAILCHIMP_KEY=3fa54304bc766dfd0b8043a827b28a3a-us17
 MAILCHIMP_LIST_ID=a48d9ad852
 # Configuration Stripe
 STRIPE_SECRET_KEY=sk_test_51OwKmMP5xh1u9BqSeFpqw0Yr15hHtFsh0pvRGaE0VERhlYtvw33ND1qiGA6Dy1DPmmV61B6BqIimlhuv7bwElhjF00PLQwD60n
 STRIPE_WEBHOOK_SECRET=
 STRIPE_STANDARD_SUBSCRIPTION_PRICE_ID=price_1P66fuP5xh1u9BqSHj0O6Uy3
 STRIPE_STANDARD_ANNUAL_SUBSCRIPTION_PRICE_ID=price_1P9NsRP5xh1u9BqSFgkUDbQY
 STRIPE_UNLIMITED_SUBSCRIPTION_PRICE_ID=price_1P66RqP5xh1u9BqSuUzkQNac
 STRIPE_UNLIMITED_ANNUAL_SUBSCRIPTION_PRICE_ID=price_1P9NpKP5xh1u9BqSApFogvUB
 # Configuration serveur
 APP_HOST=https://dev4.4nkweb.com/lecoffre
 # API_BASE_URL=https://demo.4nkweb.com/back
 API_BASE_URL=https://dev4.4nkweb.com/back
 # DEFAULT_STORAGE=https://demo.4nkweb.com/storage
 DEFAULT_STORAGE=https://dev4.4nkweb.com/storage
 # Variables d'environnement pour l'application front-end
 # NEXT_PUBLIC_4NK_URL=http://demo.4nkweb.com/
 NEXT_PUBLIC_4NK_URL=https://dev4.4nkweb.com/
 # NEXT_PUBLIC_FRONT_APP_HOST=https://demo.4nkweb.com
 NEXT_PUBLIC_FRONT_APP_HOST=https://dev4.4nkweb.com/lecoffre
 NEXT_PUBLIC_IDNOT_BASE_URL=https://qual-connexion.idnot.fr
 NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=/IdPOAuth2/authorize/idnot_idp_v1
 NEXT_PUBLIC_IDNOT_CLIENT_ID=B3CE56353EDB15A9
 NEXT_PUBLIC_BACK_API_PROTOCOL=https
 NEXT_PUBLIC_BACK_API_HOST=dev4.4nkweb.com
 NEXT_PUBLIC_BACK_API_PORT=443
 NEXT_PUBLIC_BACK_API_ROOT_URL=/back
 NEXT_PUBLIC_BACK_API_VERSION=/v1
 # NEXT_PUBLIC_ANK_BASE_REDIRECT_URI='http://local.4nkweb.com:3004/authorized-client'
 NEXT_PUBLIC_ANK_BASE_REDIRECT_URI='https://dev4.4nkweb.com/lecoffre/authorized-client'
 NEXT_PUBLIC_TARGET_ORIGIN = https://dev4.4nkweb.com/lecoffre
 NEXT_PUBLIC_DOCAPOSTE_API_URL=
 NEXT_PUBLIC_API_URL=https://dev4.4nkweb.com/back
 NEXT_PUBLIC_DEFAULT_VALIDATOR_ID=
 NEXT_PUBLIC_DEFAULT_STORAGE_URLS=https://dev4.4nkweb.com/storage
 NEXT_PUBLIC_HOTJAR_SITE_ID=
 NEXT_PUBLIC_HOTJAR_VERSION=
 # WS
 # RELAY_URLS=wss://demo.4nkweb.com/ws
 RELAY_URLS=wss://dev4.4nkweb.com/ws
 # SIGNER_WS_URL=https://dev4.4nkweb.com/signer/
 SIGNER_WS_URL=https://dev4.4nkweb.com/signer/
 # IHM URLS
 # VITE_BOOTSTRAPURL=http://sdk_relay:8090/
 VITE_BOOTSTRAPURL=https://dev4.4nkweb.com/ws/
--- a/.env.exemple
+++ b/.env.exemple
@ -5,7 +5,7 @@ NODE_ENV=production
 # Configuration IDNOT
 IDNOT_ANNUARY_BASE_URL=https://qual-api.notaires.fr/annuaire
 # IDNOT_REDIRECT_URI=http://local.4nkweb.com:3004/authorized-client
-IDNOT_REDIRECT_URI=https://dev4.4nkweb.com/lecoffre/authorized-client
+IDNOT_REDIRECT_URI=http://local.4nkweb.com:3000/authorized-client
 IDNOT_TOKEN_URL=https://qual-connexion.idnot.fr/user/IdPOAuth2/token/idnot_idp_v1
 IDNOT_API_BASE_URL=https://qual-api.notaires.fr/annuaire
@ -24,34 +24,40 @@ NEXT_PUBLIC_FRONT_APP_HOST=https://dev4.4nkweb.com/lecoffre
 NEXT_PUBLIC_FRONT_APP_PORT=443
 NEXT_PUBLIC_IDNOT_BASE_URL=https://qual-connexion.idnot.fr
 NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=/IdPOAuth2/authorize/idnot_idp_v1
-NEXT_PUBLIC_BACK_API_PROTOCOL=https://
+NEXT_PUBLIC_BACK_API_PROTOCOL=https
 NEXT_PUBLIC_BACK_API_HOST=dev4.4nkweb.com
 NEXT_PUBLIC_BACK_API_PORT=443
-NEXT_PUBLIC_BACK_API_ROOT_URL=/back
+NEXT_PUBLIC_BACK_API_ROOT_URL=/api
 NEXT_PUBLIC_BACK_API_VERSION=v1
 # NEXT_PUBLIC_ANK_BASE_REDIRECT_URI='http://local.4nkweb.com:3004/authorized-client'
 NEXT_PUBLIC_ANK_BASE_REDIRECT_URI=https://dev4.4nkweb.com/lecoffre/authorized-client
 NEXT_PUBLIC_TARGET_ORIGIN=https://dev4.4nkweb.com/lecoffre
 NEXT_PUBLIC_4NK_IFRAME_URL=https://dev4.4nkweb.com
-NEXT_PUBLIC_IDNOT_REDIRECT_URI=http://local.lecoffreio.4nkweb:3000/authorized-client
+NEXT_PUBLIC_IDNOT_REDIRECT_URI=http://local.4nkweb.com:3000/authorized-client
 NEXT_PUBLIC_DOCAPOSTE_API_URL=
-NEXT_PUBLIC_API_URL=https://dev4.4nkweb.com/back
+NEXT_PUBLIC_API_URL=https://dev4.4nkweb.com/api
 NEXT_PUBLIC_DEFAULT_VALIDATOR_ID=28c9a3a8151bef545ebf700ca5222c63d0031ad593097e95c1de202464304a99
 NEXT_PUBLIC_DEFAULT_STORAGE_URLS=https://dev4.4nkweb.com/storage
 NEXT_PUBLIC_HOTJAR_SITE_ID=0
-NEXT_PUBLIC_HOTJAR_VERSION=1.0.9
+NEXT_PUBLIC_HOTJAR_VERSION=
 SIGNER_BASE_URL=https://dev3.4nkweb.com/signer/
 # WS
 # RELAY_URLS=wss://demo.4nkweb.com/ws
 RELAY_URLS=wss://dev4.4nkweb.com/ws
 # SIGNER_WS_URL=https://dev4.4nkweb.com/signer/
-SIGNER_WS_URL=https://dev4.4nkweb.com/signer/
+SIGNER_WS_URL=https://dev3.4nkweb.com/signer/
 # IHM URLS
 # VITE_BOOTSTRAPURL=http://sdk_relay:8090/
 VITE_BOOTSTRAPURL=https://dev4.4nkweb.com/ws/
 # Cartes de test Stripe
 SUCCES= 4242 4242 4242 4242   #Paiement réussi
 DECLINED= 4000 0025 0000 3155   #Paiement refusé
 # ================================= /!\ sensible ========================
 IDNOT_API_KEY=
@ -80,3 +86,5 @@ STRIPE_STANDARD_SUBSCRIPTION_PRICE_ID=
 STRIPE_STANDARD_ANNUAL_SUBSCRIPTION_PRICE_ID=
 STRIPE_UNLIMITED_SUBSCRIPTION_PRICE_ID=
 STRIPE_UNLIMITED_ANNUAL_SUBSCRIPTION_PRICE_ID=
 SIGNER_API_KEY=your_signer_api_key_here
--- a/conf/nginx/dev4.4nkweb.com-https.conf
+++ b/conf/nginx/dev4.4nkweb.com-https.conf
@ -4,21 +4,8 @@ server {
    ssl_certificate     /etc/letsencrypt/live/dev4.4nkweb.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/dev4.4nkweb.com/privkey.pem;
    include /etc/nginx/proxy_params;
    location = /lecoffre {
        proxy_pass http://127.0.0.2:3004/lecoffre;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Prefix /lecoffre;
    }
    location /lecoffre/ {
        proxy_pass http://127.0.0.2:3004;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Prefix /lecoffre;
    }
    # Root → ihm_client
    location / {
        proxy_pass http://127.0.0.1:3003;
        include /etc/nginx/proxy_params;
@ -28,12 +15,59 @@ server {
        proxy_read_timeout 300;
    }
    # lecoffre-front (préserver le préfixe)
    location = /lecoffre {
        proxy_pass http://127.0.0.2:3004;
        include /etc/nginx/proxy_params;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Prefix /lecoffre;
        proxy_read_timeout 300;
    }
    location /lecoffre/ {
        proxy_pass http://127.0.0.2:3004;
        include /etc/nginx/proxy_params;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Prefix /lecoffre;
        proxy_read_timeout 300;
    }
    # Next.js assets sous basePath
    location /lecoffre/_next/webpack-hmr {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto https;
        proxy_buffering off;
        proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr;
        proxy_read_timeout 600s;
    }
    location /lecoffre/_next/ {
        proxy_pass http://127.0.0.2:3004/lecoffre/_next/;
        include /etc/nginx/proxy_params;
        proxy_read_timeout 300;
    }
    # signer (sdk_signer) avec support WebSocket
    location /signer/ {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto https;
        proxy_pass http://127.0.0.1:3001/;
        proxy_read_timeout 600s;
        proxy_buffering off;
    }
    # Next.js assets au root si nécessaire
    location /_next/ {
        proxy_pass http://127.0.0.2:3004/_next/;
        include /etc/nginx/proxy_params;
        proxy_read_timeout 300;
    }
 }
--- a/conf/nginx/dev4.4nkweb.com.conf
+++ b/conf/nginx/dev4.4nkweb.com.conf
@ -1,156 +1,337 @@
 # HTTP server for ACME and initial proxying
 # HTTP server for ACME and initial proxying
 server {
 server {
    listen 80;
    listen 80;
    server_name dev4.4nkweb.com;
    server_name dev4.4nkweb.com;
    # ACME HTTP-01 challenges
    # ACME HTTP-01 challenges
    location /.well-known/acme-challenge/ {
    location /.well-known/acme-challenge/ {
        root /var/www/letsencrypt;
        root /var/www/letsencrypt;
    }
    }
    # ihm_client (root)
    # ihm_client (root)
    location / {
    location / {
        proxy_pass http://127.0.0.1:3003;
        proxy_pass http://127.0.0.1:3003;
        include /etc/nginx/proxy_params;
        include /etc/nginx/proxy_params;
        proxy_http_version 1.1;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Connection "upgrade";
        proxy_read_timeout 300;
        proxy_read_timeout 300;
    }
    }
    # Favicon (global)
    # Favicon (global)
    location = /favicon.ico {
    location = /favicon.ico {
        root /home/debian/lecoffre_node/conf/nginx/assets;
        try_files /favicon.ico =404;
        access_log off;
        expires 30d;
    }
    # lecoffre-front
    location = /lecoffre {
        proxy_pass http://127.0.0.2:3004/lecoffre;
        include /etc/nginx/proxy_params;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Prefix /lecoffre;
        proxy_read_timeout 300;
    }
    location /lecoffre/ {
        proxy_pass http://127.0.0.2:3004;
        include /etc/nginx/proxy_params;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Prefix /lecoffre;
        proxy_read_timeout 300;
    }
    # Next.js assets and HMR under basePath
    location /lecoffre/_next/webpack-hmr {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_buffering off;
        proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr;
        proxy_read_timeout 600s;
    }
    location /lecoffre/_next/ {
        proxy_pass http://127.0.0.2:3004/lecoffre/_next/;
        include /etc/nginx/proxy_params;
        proxy_read_timeout 300;
    }
    # Favicon sous /lecoffre
    location = /lecoffre/favicon.ico {
        root /home/debian/lecoffre_node/conf/nginx/assets;
        try_files /favicon.ico =404;
        try_files /favicon.ico =404;
        access_log off;
        access_log off;
        expires 30d;
        expires 30d;
    }
    }
    # lecoffre-front
    # lecoffre-front
    location = /lecoffre {
    location = /lecoffre {
        proxy_pass http://127.0.0.2:3004/lecoffre;
        proxy_pass http://127.0.0.2:3004/lecoffre;
        include /etc/nginx/proxy_params;
        include /etc/nginx/proxy_params;
        proxy_set_header Host $host;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_set_header X-Forwarded-Proto http;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Prefix /lecoffre;
        proxy_set_header X-Forwarded-Prefix /lecoffre;
        proxy_read_timeout 300;
        proxy_read_timeout 300;
    }
    }
    location /lecoffre/ {
    location /lecoffre/ {
        proxy_pass http://127.0.0.2:3004;
        proxy_pass http://127.0.0.2:3004;
        include /etc/nginx/proxy_params;
        include /etc/nginx/proxy_params;
        proxy_set_header Host $host;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_set_header X-Forwarded-Proto http;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Prefix /lecoffre;
        proxy_set_header X-Forwarded-Prefix /lecoffre;
        proxy_read_timeout 300;
        proxy_read_timeout 300;
    }
    }
    # Next.js assets and HMR under basePath
    # Next.js assets and HMR under basePath
    location /lecoffre/_next/webpack-hmr {
    location /lecoffre/_next/webpack-hmr {
        proxy_http_version 1.1;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_set_header X-Forwarded-Proto http;
        proxy_buffering off;
        proxy_buffering off;
        proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr;
        proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr;
        proxy_read_timeout 600s;
        proxy_read_timeout 600s;
    }
    }
    location /lecoffre/_next/ {
    location /lecoffre/_next/ {
        proxy_pass http://127.0.0.2:3004/lecoffre/_next/;
        proxy_pass http://127.0.0.2:3004/lecoffre/_next/;
        include /etc/nginx/proxy_params;
        include /etc/nginx/proxy_params;
        proxy_read_timeout 300;
        proxy_read_timeout 300;
    }
    }
    # Favicon sous /lecoffre
    # Favicon sous /lecoffre
    location = /lecoffre/favicon.ico {
    location = /lecoffre/favicon.ico {
        root /home/debian/lecoffre_node/conf/nginx/assets;
        root /home/debian/lecoffre_node/conf/nginx/assets;
        try_files /favicon.ico =404;
        try_files /favicon.ico =404;
        access_log off;
        access_log off;
        expires 30d;
        expires 30d;
    }
    }
    # Next.js assets (served at root by the app)
    # Next.js assets (served at root by the app)
    location /_next/ {
    location /_next/ {
        proxy_pass http://127.0.0.2:3004/_next/;
        proxy_pass http://127.0.0.2:3004/_next/;
        include /etc/nginx/proxy_params;
        include /etc/nginx/proxy_params;
        proxy_read_timeout 300;
        proxy_read_timeout 300;
    }
    }
-    # lecoffre-back
+
    # API backend
    # API backend
    location /back/ {
-        proxy_pass http://127.0.0.1:8080/;
+        rewrite ^\/back\/(.*)$ \/api\/\1 break;
-        include /etc/nginx/proxy_params;
+        proxy_pass http:\/\/127.0.0.1:8080;
-        proxy_read_timeout 300;
+    location /back/ {
    location /back/ {
        rewrite ^\/back\/(.*)$ \/api\/\1 break;
        proxy_pass http:\/\/127.0.0.1:8080;
    location /back/ {
        proxy_pass http://127.0.0.1:8080/back/;
        proxy_http_version 1.1;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Connection "";
        proxy_set_header Connection "";
        proxy_buffering off;
        proxy_buffering off;
    }
    }
    # API alias → même backend que /back
    # API alias → même backend que /back
    location /api/ {
    location /api/ {
        proxy_pass http://127.0.0.1:8080/;
        proxy_pass http://127.0.0.1:8080/;
        include /etc/nginx/proxy_params;
        include /etc/nginx/proxy_params;
        proxy_read_timeout 300;
        proxy_read_timeout 300;
    }
    }
    # blindbit
    # blindbit
    location /blindbit/ {
    location /blindbit/ {
        proxy_pass http://127.0.0.1:8000/;
        proxy_pass http://127.0.0.1:8000/;
        include /etc/nginx/proxy_params;
        include /etc/nginx/proxy_params;
        proxy_read_timeout 300;
        proxy_read_timeout 300;
    }
    }
-    # signer (sdk_signer)
+
    # signer (sdk_signer) avec support WebSocket
    # signer (sdk_signer) avec support WebSocket
    location /signer/ {
    location /signer/ {
        proxy_http_version 1.1;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_set_header X-Forwarded-Proto http;
        proxy_pass http://127.0.0.1:3001/;
-        include /etc/nginx/proxy_params;
+        proxy_pass http://127.0.0.1:3001/;
-        proxy_read_timeout 300;
+        proxy_read_timeout 600s;
        proxy_read_timeout 600s;
        proxy_buffering off;
        proxy_buffering off;
    }
    }
    # storage (sdk_storage)
    # storage (sdk_storage)
    location /storage/ {
    location /storage/ {
        proxy_pass http://127.0.0.1:8081/;
        proxy_pass http://127.0.0.1:8081/;
        include /etc/nginx/proxy_params;
        include /etc/nginx/proxy_params;
        proxy_read_timeout 300;
    }
    # WebSocket relay on /ws → 8090
    location = /ws {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_buffering off;
        proxy_pass http://127.0.0.1:8090/;
        proxy_read_timeout 600s;
    }
    location /ws/ {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_buffering off;
        # Strip /ws prefix when proxying to backend root
        proxy_pass http://127.0.0.1:8090/;
        proxy_read_timeout 600s;
    }
    # Next.js HMR websocket for lecoffre-front
    location /_next/webpack-hmr {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_buffering off;
        proxy_pass http://127.0.0.2:3004/_next/webpack-hmr;
        proxy_read_timeout 300;
    }
    }
    # WebSocket relay on /ws → 8090
    # WebSocket relay on /ws → 8090
    location = /ws {
    location = /ws {
        proxy_http_version 1.1;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_set_header X-Forwarded-Proto http;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_buffering off;
        proxy_buffering off;
        proxy_pass http://127.0.0.1:8090/;
        proxy_pass http://127.0.0.1:8090/;
        proxy_read_timeout 600s;
        proxy_read_timeout 600s;
    }
    }
    location /ws/ {
    location /ws/ {
        proxy_http_version 1.1;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_set_header X-Forwarded-Proto http;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_buffering off;
        proxy_buffering off;
        # Strip /ws prefix when proxying to backend root
        # Strip /ws prefix when proxying to backend root
        proxy_pass http://127.0.0.1:8090/;
        proxy_pass http://127.0.0.1:8090/;
        proxy_read_timeout 600s;
        proxy_read_timeout 600s;
    }
    }
    # Next.js HMR websocket for lecoffre-front
    # Next.js HMR websocket for lecoffre-front
    location /_next/webpack-hmr {
    location /_next/webpack-hmr {
        proxy_http_version 1.1;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_set_header X-Forwarded-Proto http;
        proxy_buffering off;
        proxy_buffering off;
        proxy_pass http://127.0.0.2:3004/_next/webpack-hmr;
        proxy_pass http://127.0.0.2:3004/_next/webpack-hmr;
        proxy_read_timeout 300;
        proxy_read_timeout 300;
    }
    }
 }
 }
--- a/conf/nginx/dev4.4nkweb.com.conf.bak_1758117811
+++ b/conf/nginx/dev4.4nkweb.com.conf.bak_1758117811
@ -0,0 +1,166 @@
 # HTTP server for ACME and initial proxying
 server {
    listen 80;
    server_name dev4.4nkweb.com;
    # ACME HTTP-01 challenges
    location /.well-known/acme-challenge/ {
        root /var/www/letsencrypt;
    }
    # ihm_client (root)
    location / {
        proxy_pass http://127.0.0.1:3003;
        include /etc/nginx/proxy_params;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_read_timeout 300;
    }
    # Favicon (global)
    location = /favicon.ico {
        root /home/debian/lecoffre_node/conf/nginx/assets;
        try_files /favicon.ico =404;
        access_log off;
        expires 30d;
    }
    # lecoffre-front
    location = /lecoffre {
        proxy_pass http://127.0.0.2:3004/lecoffre;
        include /etc/nginx/proxy_params;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Prefix /lecoffre;
        proxy_read_timeout 300;
    }
    location /lecoffre/ {
        proxy_pass http://127.0.0.2:3004;
        include /etc/nginx/proxy_params;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Prefix /lecoffre;
        proxy_read_timeout 300;
    }
    # Next.js assets and HMR under basePath
    location /lecoffre/_next/webpack-hmr {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_buffering off;
        proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr;
        proxy_read_timeout 600s;
    }
    location /lecoffre/_next/ {
        proxy_pass http://127.0.0.2:3004/lecoffre/_next/;
        include /etc/nginx/proxy_params;
        proxy_read_timeout 300;
    }
    # Favicon sous /lecoffre
    location = /lecoffre/favicon.ico {
        root /home/debian/lecoffre_node/conf/nginx/assets;
        try_files /favicon.ico =404;
        access_log off;
        expires 30d;
    }
    # Next.js assets (served at root by the app)
    location /_next/ {
        proxy_pass http://127.0.0.2:3004/_next/;
        include /etc/nginx/proxy_params;
        proxy_read_timeout 300;
    }
    # API backend
    location /back/ {
        proxy_pass http://127.0.0.1:8080/back/;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Connection "";
        proxy_buffering off;
    }
    # API alias → même backend que /back
    location /api/ {
        proxy_pass http://127.0.0.1:8080/;
        include /etc/nginx/proxy_params;
        proxy_read_timeout 300;
    }
    # blindbit
    location /blindbit/ {
        proxy_pass http://127.0.0.1:8000/;
        include /etc/nginx/proxy_params;
        proxy_read_timeout 300;
    }
    # signer (sdk_signer) avec support WebSocket
    location /signer/ {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_pass http://127.0.0.1:3001/;
        proxy_read_timeout 600s;
        proxy_buffering off;
    }
    # storage (sdk_storage)
    location /storage/ {
        proxy_pass http://127.0.0.1:8081/;
        include /etc/nginx/proxy_params;
        proxy_read_timeout 300;
    }
    # WebSocket relay on /ws → 8090
    location = /ws {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_buffering off;
        proxy_pass http://127.0.0.1:8090/;
        proxy_read_timeout 600s;
    }
    location /ws/ {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_buffering off;
        # Strip /ws prefix when proxying to backend root
        proxy_pass http://127.0.0.1:8090/;
        proxy_read_timeout 600s;
    }
    # Next.js HMR websocket for lecoffre-front
    location /_next/webpack-hmr {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_buffering off;
        proxy_pass http://127.0.0.2:3004/_next/webpack-hmr;
        proxy_read_timeout 300;
    }
 }
--- a/conf/nginx/local.4nkweb.com-3000.conf
+++ b/conf/nginx/local.4nkweb.com-3000.conf
@ -1,7 +1,64 @@
 server {
    listen 0.0.0.0:3000;
    listen [::]:3000;
    server_name local.4nkweb.com;
-    # Redirection vers HTTPS avec le chemin /lecoffre
+    # HTTP pur: pas de HTTPS ni HSTS
-    return 301 https://dev4.4nkweb.com/lecoffre$request_uri;
+
    # Favicon
    location = /favicon.ico {
        root /home/debian/lecoffre_node/conf/nginx/assets;
    }
    # Compat: callback ID.not sans basePath (toutes variantes et querystring)
    location /authorized-client {
        proxy_pass http://127.0.0.2:3004/lecoffre/authorized-client;
        include /etc/nginx/proxy_params;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_set_header X-Forwarded-Prefix /lecoffre;
        proxy_read_timeout 300;
    }
    # Entrée sans slash
    location = /lecoffre {
        proxy_pass http://127.0.0.2:3004;
        include /etc/nginx/proxy_params;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_set_header X-Forwarded-Prefix /lecoffre;
        proxy_read_timeout 300;
    }
    # BasePath /lecoffre
    location /lecoffre/ {
        proxy_pass http://127.0.0.2:3004;
        include /etc/nginx/proxy_params;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_set_header X-Forwarded-Prefix /lecoffre;
        proxy_read_timeout 300;
    }
    # HMR (si utilisé en local)
    location /lecoffre/_next/webpack-hmr {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_buffering off;
        proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr;
        proxy_read_timeout 600s;
    }
    # Assets Next.js
    location ~* ^(/_next/static/|/lecoffre/_next/static/|/.+\.(?:css|js|png|jpg|jpeg|gif|svg|ico|webp|woff2?))$ {
        expires 7d;
        add_header Cache-Control "public, max-age=604800, immutable" always;
        proxy_pass http://127.0.0.2:3004$request_uri;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_read_timeout 300;
    }
 }
--- a/conf/nginx/local.4nkweb.com.conf
+++ b/conf/nginx/local.4nkweb.com.conf
@ -0,0 +1,9 @@
 server {
    listen 80;
    server_name local.4nkweb.com;
    # HTTP only: pas de redirection HTTPS, pas d'HSTS
    location / {
        return 302 http://local.4nkweb.com:3000$request_uri;
    }
 }
--- a/conf/nginx/local.lecoffreio.4nkweb-3000.conf
+++ b/conf/nginx/local.lecoffreio.4nkweb-3000.conf
@ -0,0 +1,55 @@
 server {
    listen 0.0.0.0:3000;
    listen [::]:3000;
    server_name local.lecoffreio.4nkweb;
    # Ne jamais forcer HTTPS ni HSTS sur ce vhost local
    # Pas de return 301, pas de add_header HSTS
    # Favicon local par défaut
    location = /favicon.ico {
        root /home/debian/lecoffre_node/conf/nginx/assets;
    }
    # Entrée sans slash pour éviter les boucles
    location = /lecoffre {
        proxy_pass http://127.0.0.2:3004;
        include /etc/nginx/proxy_params;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_set_header X-Forwarded-Prefix /lecoffre;
        proxy_read_timeout 300;
    }
    # Sous-chemin Next.js (préserve le prefix)
    location /lecoffre/ {
        proxy_pass http://127.0.0.2:3004;
        include /etc/nginx/proxy_params;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_set_header X-Forwarded-Prefix /lecoffre;
        proxy_read_timeout 300;
    }
    # HMR en dev (si jamais on l’utilise en local HTTP)
    location /lecoffre/_next/webpack-hmr {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_buffering off;
        proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr;
        proxy_read_timeout 600s;
    }
    # Assets Next.js / cache léger côté proxy
    location ~* ^(/_next/static/|/lecoffre/_next/static/|/.+\.(?:css|js|png|jpg|jpeg|gif|svg|ico|webp|woff2?))$ {
        expires 7d;
        add_header Cache-Control "public, max-age=604800, immutable" always;
        proxy_pass http://127.0.0.2:3004$request_uri;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_read_timeout 300;
    }
 }
--- a/conf/nginx/local.lecoffreio.4nkweb-3000.conf.bak
+++ b/conf/nginx/local.lecoffreio.4nkweb-3000.conf.bak
@ -0,0 +1,54 @@
 server {
    listen 127.0.0.1:3000;
    server_name local.lecoffreio.4nkweb;
    # Ne jamais forcer HTTPS ni HSTS sur ce vhost local
    # Pas de return 301, pas de add_header HSTS
    # Favicon local par défaut
    location = /favicon.ico {
        root /home/debian/lecoffre_node/conf/nginx/assets;
    }
    # Entrée sans slash pour éviter les boucles
    location = /lecoffre {
        proxy_pass http://127.0.0.2:3004;
        include /etc/nginx/proxy_params;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_set_header X-Forwarded-Prefix /lecoffre;
        proxy_read_timeout 300;
    }
    # Sous-chemin Next.js (préserve le prefix)
    location /lecoffre/ {
        proxy_pass http://127.0.0.2:3004;
        include /etc/nginx/proxy_params;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_set_header X-Forwarded-Prefix /lecoffre;
        proxy_read_timeout 300;
    }
    # HMR en dev (si jamais on l’utilise en local HTTP)
    location /lecoffre/_next/webpack-hmr {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_buffering off;
        proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr;
        proxy_read_timeout 600s;
    }
    # Assets Next.js / cache léger côté proxy
    location ~* ^(/_next/static/|/lecoffre/_next/static/|/.+\.(?:css|js|png|jpg|jpeg|gif|svg|ico|webp|woff2?))$ {
        expires 7d;
        add_header Cache-Control "public, max-age=604800, immutable" always;
        proxy_pass http://127.0.0.2:3004$request_uri;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_read_timeout 300;
    }
 }
--- a/conf/nginx/local.lecoffreio.4nkweb.conf
+++ b/conf/nginx/local.lecoffreio.4nkweb.conf
@ -0,0 +1,48 @@
 server {
    listen 80;
    server_name local.lecoffreio.4nkweb;
    # HTTP pur: pas de redirection vers HTTPS, pas d'HSTS
    location = /favicon.ico {
        root /home/debian/lecoffre_node/conf/nginx/assets;
    }
    location = /lecoffre {
        proxy_pass http://127.0.0.2:3004;
        include /etc/nginx/proxy_params;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_set_header X-Forwarded-Prefix /lecoffre;
        proxy_read_timeout 300;
    }
    location /lecoffre/ {
        proxy_pass http://127.0.0.2:3004;
        include /etc/nginx/proxy_params;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_set_header X-Forwarded-Prefix /lecoffre;
        proxy_read_timeout 300;
    }
    location /lecoffre/_next/webpack-hmr {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_buffering off;
        proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr;
        proxy_read_timeout 600s;
    }
    location ~* ^(/_next/static/|/lecoffre/_next/static/|/.+\.(?:css|js|png|jpg|jpeg|gif|svg|ico|webp|woff2?))$ {
        expires 7d;
        add_header Cache-Control "public, max-age=604800, immutable" always;
        proxy_pass http://127.0.0.2:3004$request_uri;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_read_timeout 300;
    }
 }
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -96,7 +96,7 @@ services:
    restart: unless-stopped
  lecoffre-back:
-    image: git.4nkweb.com/4nk/lecoffre-back-mini:dev
+    image: git.4nkweb.com/4nk/lecoffre-back-mini:ext
    container_name: lecoffre-back
    env_file:
      - .env
--- a/docs/local_http_vhost.md
+++ b/docs/local_http_vhost.md
@ -0,0 +1,83 @@
 ### Vhost local HTTP pour `local.lecoffreio.4nkweb`
 Objectif: servir l’IHM en HTTP pur (sans HTTPS ni HSTS) pour le domaine local `local.lecoffreio.4nkweb` sur le port 3000.
 #### Configuration Nginx
 Fichier: `conf/nginx/local.lecoffreio.4nkweb-3000.conf`
 ```nginx
 server {
    listen 127.0.0.1:3000;
    server_name local.lecoffreio.4nkweb;
    # Pas de redirection HTTPS ni HSTS
    location = /favicon.ico {
        root /home/debian/lecoffre_node/conf/nginx/assets;
    }
    location = /lecoffre {
        proxy_pass http://127.0.0.2:3004;
        include /etc/nginx/proxy_params;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_set_header X-Forwarded-Prefix /lecoffre;
        proxy_read_timeout 300;
    }
    location /lecoffre/ {
        proxy_pass http://127.0.0.2:3004;
        include /etc/nginx/proxy_params;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_set_header X-Forwarded-Prefix /lecoffre;
        proxy_read_timeout 300;
    }
    location /lecoffre/_next/webpack-hmr {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_buffering off;
        proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr;
        proxy_read_timeout 600s;
    }
    location ~* ^(/_next/static/|/lecoffre/_next/static/|/.+\.(?:css|js|png|jpg|jpeg|gif|svg|ico|webp|woff2?))$ {
        expires 7d;
        add_header Cache-Control "public, max-age=604800, immutable" always;
        proxy_pass http://127.0.0.2:3004$request_uri;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto http;
        proxy_read_timeout 300;
    }
 }
 ```
 Activation: lien symbolique vers `/etc/nginx/sites-enabled/local.lecoffreio.4nkweb-3000.conf` puis `sudo nginx -t && sudo systemctl reload nginx`.
 #### DNS local
 Ajouter dans `/etc/hosts`:
 ```
 127.0.0.1 local.lecoffreio.4nkweb
 ```
 #### Variables d’environnement recommandées (local HTTP)
 ```
 NEXT_PUBLIC_4NK_URL=http://local.lecoffreio.4nkweb:3000
 NEXT_PUBLIC_FRONT_APP_HOST=local.lecoffreio.4nkweb
 NEXT_PUBLIC_FRONT_APP_PORT=3000
 NEXT_PUBLIC_FRONT_APP_ROOT_URL=/lecoffre
 NEXT_PUBLIC_ANK_BASE_REDIRECT_URI=http://local.lecoffreio.4nkweb:3000/authorized-client
 NEXT_PUBLIC_4NK_IFRAME_URL=http://local.lecoffreio.4nkweb:3000/lecoffre
 ```
 Note cookies: en HTTP, les cookies marqués `Secure` ne sont pas envoyés. Adapter la config backend en conséquence pour ce domaine local.
--- a/1
+++ b/1
@ -1 +0,0 @@
 Subproject commit 186f8f10757abd44d3e1883f8d05d7a8ab208009
--- a/tests/smoke_local_http.md
+++ b/tests/smoke_local_http.md
@ -0,0 +1,14 @@
 ### Smoke tests - local.lecoffreio.4nkweb (HTTP)
 - **/lecoffre/**: doit répondre 200 (pas de redirection HTTPS)
 - **/_next/** et **/lecoffre/_next/**: assets servis, codes 200/304
 - **favicon**: `http://local.lecoffreio.4nkweb:3000/favicon.ico` répond 200 si présent
 Commandes de vérification:
 ```bash
 curl -I -H "Host: local.lecoffreio.4nkweb" http://127.0.0.1:3000/lecoffre/
 curl -I -H "Host: local.lecoffreio.4nkweb" http://127.0.0.1:3000/lecoffre/_next/static/chunks/main.js
 ```
		`@ -1 +0,0 @@`
			`Subproject commit 186f8f10757abd44d3e1883f8d05d7a8ab208009`