4nk/lecoffre_node
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

align for IA agents + grafana

Browse Source
This commit is contained in:
Nicolas Cantu 2025-09-23 07:07:43 +00:00
parent 32f1c7946c
commit e3c3e4cd50
39 changed files with 78 additions and 1069 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

135
.env.master
View File

@ -1,129 +1,24 @@
# DOMAIN
DOMAIN=dev4.4nkweb.com
BOOTSTRAP_DOMAIN=dev3.4nkweb.com
LOCAL_DOMAIN=lecoffreio.4nkweb.com
LECOFFRE_BACK_DOMAIN=dev3.4nkweb.com
# GIT
GITEA_BASE_URL=git.4nkweb.com
GIT_TOKEN=8cde80690a5ffd737536d82a1ab16a765d5105df
GITEA_OWNER="nicolas.cantu,Omar"
GITEA_RUNNER_NAME=debian-runner
# Variables d'environnement pour l'application back-end
# Frontend runtime
NODE_OPTIONS=--max-old-space-size=4096
NODE_ENV=production
RUST_LOG=DEBUG
NODE_OPTIONS=--max-old-space-size=2048
# Configuration IDNOT
IDNOT_ANNUARY_BASE_URL=https://qual-api.notaires.fr/annuaire
IDNOT_REDIRECT_URI=http://${LOCAL_DOMAIN}/authorized-client
IDNOT_TOKEN_URL=https://qual-connexion.idnot.fr/user/IdPOAuth2/token/idnot_idp_v1
IDNOT_API_BASE_URL=https://qual-api.notaires.fr
# Configuration serveur
APP_HOST=dev4.4nkweb.com
API_BASE_URL=https://${DOMAIN}/back
DEFAULT_STORAGE=https://${DOMAIN}/storage
# Variables d'environnement pour l'application front-end
NEXT_PUBLIC_4NK_URL=https://${DOMAIN}
# Public URLs
NEXT_PUBLIC_4NK_IFRAME_URL=https://dev4.4nkweb.com
NEXT_PUBLIC_4NK_URL=https://dev4.4nkweb.com
NEXT_PUBLIC_FRONT_APP_HOST=https://dev4.4nkweb.com/lecoffre
NEXT_PUBLIC_IDNOT_BASE_URL=https://qual-connexion.idnot.fr
NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=/IdPOAuth2/authorize/idnot_idp_v1
# Backend API (via dev4 Nginx proxying to dev3)
NEXT_PUBLIC_BACK_API_PROTOCOL=https
NEXT_PUBLIC_BACK_API_HOST=${LECOFFRE_BACK_DOMAIN}
NEXT_PUBLIC_BACK_API_HOST=dev4.4nkweb.com
NEXT_PUBLIC_BACK_API_PORT=443
NEXT_PUBLIC_BACK_API_ROOT_URL=/api
NEXT_PUBLIC_BACK_API_VERSION=v1
NEXT_PUBLIC_ANK_BASE_REDIRECT_URI=https://${DOMAIN}/lecoffre/authorized-client
NEXT_PUBLIC_TARGET_ORIGIN=https://${DOMAIN}/lecoffre
NEXT_PUBLIC_4NK_IFRAME_URL=https://${DOMAIN}
NEXT_PUBLIC_IDNOT_REDIRECT_URI=https://${DOMAIN}/lecoffre/authorized-client
NEXT_PUBLIC_DOCAPOSTE_API_URL=
NEXT_PUBLIC_API_URL=https://${DOMAIN}/api
NEXT_PUBLIC_DEFAULT_VALIDATOR_ID=28c9a3a8151bef545ebf700ca5222c63d0031ad593097e95c1de202464304a99
NEXT_PUBLIC_DEFAULT_STORAGE_URLS=https://${DOMAIN}/storage
# WS
RELAY_URLS=wss://${DOMAIN}/ws/,wss://${BOOTSTRAP_DOMAIN}/ws/
# IdNot
NEXT_PUBLIC_IDNOT_BASE_URL=https://qual-connexion.idnot.fr
NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=/IdPOAuth2/authorize/
# NEXT_PUBLIC_IDNOT_CLIENT_ID is expected to be set in image/secrets
NEXT_PUBLIC_IDNOT_REDIRECT_URI_FIXED=http://local.4nkweb.com:3000/authorized-client
# SIGNER
SIGNER_WS_URL=ws://${BOOTSTRAP_DOMAIN}:9090
SIGNER_BASE_URL=https://${BOOTSTRAP_DOMAIN}
# IHM URLS
VITE_BOOTSTRAPURL=wss://${BOOTSTRAP_DOMAIN}/ws/
# Cartes de test Stripe
SUCCES='4242 4242 4242 4242'
DECLINED='4000 0025 0000 3155'
CORS_ALLOWED_ORIGINS=https://${DOMAIN}
core_url=http://bitcoin:38332
ws_url=0.0.0.0:8090
wallet_name=default
network=signet
blindbit_url=http://blindbit:8000
zmq_url=tcp://bitcoin:29000
storage=https://${DOMAIN}/storage
data_dir=/home/bitcoin/.4nk
bitcoin_data_dir=/home/bitcoin/.bitcoin
bootstrap_url=wss://${BOOTSTRAP_DOMAIN}/ws/
bootstrap_faucet=true
# ================== /!\ sensible =========================
# Configuration IDNOT
IDNOT_API_KEY=ba557f84-0bf6-4dbf-844f-df2767555e3e
IDNOT_CLIENT_ID=B3CE56353EDB15A9
IDNOT_CLIENT_SECRET=3F733549E879878344B6C949B366BB5CDBB2DB5B7F7AB7EBBEBB0F0DD0776D1C
NEXT_PUBLIC_IDNOT_CLIENT_ID=B3CE56353EDB15A9
SIGNER_API_KEY=your-api-key-change-this
VITE_JWT_SECRET_KEY=52b3d77617bb00982dfee15b08effd52cfe5b2e69b2f61cc4848cfe1e98c0bc9
# Configuration pour réduire les traces Docker
DOCKER_LOG_LEVEL=info
COMPOSE_LOG_LEVEL=WARNING
# ===========================================
# VARIABLES SDK_SIGNER (manquantes)
# ===========================================
SIGNER_PORT=9090
SIGNER_DATABASE_PATH=./data/server.db
SIGNER_RELAY_URLS=wss://${DOMAIN}/ws/,wss://${BOOTSTRAP_DOMAIN}/ws/
SIGNER_AUTO_RESTART=true
SIGNER_MAX_RESTARTS=3
SIGNER_LOG_LEVEL=info
# ===========================================
# VARIABLES SDK_RELAY (formatées pour docker-compose)
# ===========================================
SDK_RELAY_CORE_URL=http://bitcoin:38332
SDK_RELAY_WS_URL=0.0.0.0:8090
SDK_RELAY_WALLET_NAME=default
SDK_RELAY_NETWORK=signet
SDK_RELAY_ZMQ_URL=tcp://bitcoin:29000
SDK_RELAY_STORAGE=https://${DOMAIN}/storage
SDK_RELAY_DATA_DIR=/app/.4nk
SDK_RELAY_BITCOIN_DATA_DIR=/app/.bitcoin
SDK_RELAY_BOOTSTRAP_URL=wss://${BOOTSTRAP_DOMAIN}/ws/
SDK_RELAY_BOOTSTRAP_FAUCET=true
SDK_RELAY_BLINDBIT_URL=http://blindbit-oracle:8000
# ===========================================
# VARIABLES IHM_CLIENT (formatées pour docker-compose)
# ===========================================
VITE_API_BASE_URL=https://${DOMAIN}/back/api/v1
VITE_WS_URL=wss://${DOMAIN}/ws/
VITE_STORAGE_URL=https://${DOMAIN}/storage
VITE_SIGNER_URL=https://${DOMAIN}/signer
# ===========================================
# VARIABLES MONITORING
# ===========================================
GRAFANA_ADMIN_USER=admin
GRAFANA_ADMIN_PASSWORD=admin123
LOKI_URL=http://loki:3100
PROMTAIL_CONFIG_FILE=/etc/promtail/config.yml
# Back base for state endpoint (dev3)
NEXT_PUBLIC_BACK_BASE=https://dev3.4nkweb.com

69
.env.master.bak_20250922_115628 → .env.master.bak_20250922162513
View File

@ -1,7 +1,8 @@
# DOMAIN
DOMAIN=dev4.4nkweb.com
BOOTSTRAP_DOMAIN=dev3.4nkweb.com
LOCAL_DOMAIN=local.4nkweb.com
LOCAL_DOMAIN=lecoffreio.4nkweb.com
LECOFFRE_BACK_DOMAIN=dev3.4nkweb.com
# GIT
GITEA_BASE_URL=git.4nkweb.com
@ -9,26 +10,14 @@ GIT_TOKEN=8cde80690a5ffd737536d82a1ab16a765d5105df
GITEA_OWNER="nicolas.cantu,Omar"
GITEA_RUNNER_NAME=debian-runner
GITEA_OWNER, GITEA_REPO, GITEA_RUNNER_NAME (or pipeline to query)
Mailchimp
MAILCHIMP_API_KEY, MAILCHIMP_SERVER_PREFIX
Stripe
STRIPE_SECRET_KEY
STRIPE_STANDARD_SUBSCRIPTION_PRICE_ID
STRIPE_STANDARD_ANNUAL_SUBSCRIPTION_PRICE_ID
STRIPE_UNLIMITED_SUBSCRIPTION_PRICE_ID
STRIPE_UNLIMITED_ANNUAL_SUBSCRIPTION_PRICE_ID
OVH (if you want a real read-only check)
OVH_APPLICATION_KEY, OVH_APPLICATION_SECRET, OVH_CONSUMER_KEY, OVH_SERVICE_NAME
# Variables d'environnement pour l'application back-end
NODE_OPTIONS=--max-old-space-size=2048
NODE_ENV=production
RUST_LOG=DEBUG
NODE_OPTIONS=--max-old-space-size=2048
# Configuration IDNOT
IDNOT_ANNUARY_BASE_URL=https://qual-api.notaires.fr/annuaire
IDNOT_REDIRECT_URI=http://${LOCAL_DOMAIN}:3000/authorized-client
IDNOT_REDIRECT_URI=https://${LOCAL_DOMAIN}/authorized-client
IDNOT_TOKEN_URL=https://qual-connexion.idnot.fr/user/IdPOAuth2/token/idnot_idp_v1
IDNOT_API_BASE_URL=https://qual-api.notaires.fr
@ -43,7 +32,7 @@ NEXT_PUBLIC_FRONT_APP_HOST=https://dev4.4nkweb.com/lecoffre
NEXT_PUBLIC_IDNOT_BASE_URL=https://qual-connexion.idnot.fr
NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=/IdPOAuth2/authorize/idnot_idp_v1
NEXT_PUBLIC_BACK_API_PROTOCOL=https
NEXT_PUBLIC_BACK_API_HOST=${DOMAIN}
NEXT_PUBLIC_BACK_API_HOST=${LECOFFRE_BACK_DOMAIN}
NEXT_PUBLIC_BACK_API_PORT=443
NEXT_PUBLIC_BACK_API_ROOT_URL=/api
NEXT_PUBLIC_BACK_API_VERSION=v1
@ -69,8 +58,7 @@ VITE_BOOTSTRAPURL=wss://${BOOTSTRAP_DOMAIN}/ws/
# Cartes de test Stripe
SUCCES='4242 4242 4242 4242'
DECLINED='4000 0025 0000 3155'
ENABLE_SUBSCRIPTION_STUB=true
CORS_ALLOWED_ORIGINS=http://${LOCAL_DOMAIN}:3000,https://${DOMAIN}
CORS_ALLOWED_ORIGINS=https://${DOMAIN}
core_url=http://bitcoin:38332
ws_url=0.0.0.0:8090
@ -84,9 +72,6 @@ bitcoin_data_dir=/home/bitcoin/.bitcoin
bootstrap_url=wss://${BOOTSTRAP_DOMAIN}/ws/
bootstrap_faucet=true
RUST_LOG=DEBUG,
NODE_OPTIONS=--max-old-space-size=2048
# ================== /!\ sensible =========================
# Configuration IDNOT
@ -95,33 +80,6 @@ IDNOT_CLIENT_ID=B3CE56353EDB15A9
IDNOT_CLIENT_SECRET=3F733549E879878344B6C949B366BB5CDBB2DB5B7F7AB7EBBEBB0F0DD0776D1C
NEXT_PUBLIC_IDNOT_CLIENT_ID=B3CE56353EDB15A9
# Configuration OVH
OVH_APP_KEY=5ab0709bbb65ef26
OVH_APP_SECRET=de1fac1779d707d263a611a557cd5766
OVH_CONSUMER_KEY=5fe817829b8a9c780cfa2354f8312ece
OVH_SMS_SERVICE_NAME=sms-tt802880-1
OVH_APPLICATION_KEY=5ab0709bbb65ef26
OVH_APPLICATION_SECRET=de1fac1779d707d263a611a557cd5766
OVH_SERVICE_NAME=
# Configuration SMS Factor
SMS_FACTOR_TOKEN=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI4NzgzNiIsImlhdCI6MTcwMTMzOTY1Mi45NDUzOH0.GNoqLb5MDBWuniNlQjbr1PKolwxGqBZe_tf4IMObvHw
# Configuration Mailchimp
MAILCHIMP_API_KEY=md-VVfaml-ApIV4nsGgaJKl0A
MAILCHIMP_KEY=3fa54304bc766dfd0b8043a827b28a3a-us17
MAILCHIMP_LIST_ID=a48d9ad852
# Configuration Stripe
STRIPE_SECRET_KEY=sk_test_51OwKmMP5xh1u9BqSeFpqw0Yr15hHtFsh0pvRGaE0VERhlYtvw33ND1qiGA6Dy1DPmmV61B6BqIimlhuv7bwElhjF00PLQwD60n
STRIPE_PUBLISHABLE_KEY=
STRIPE_WEBHOOK_SECRET=
STRIPE_STANDARD_SUBSCRIPTION_PRICE_ID=price_1P66fuP5xh1u9BqSHj0O6Uy3
STRIPE_STANDARD_ANNUAL_SUBSCRIPTION_PRICE_ID=price_1P9NsRP5xh1u9BqSFgkUDbQY
STRIPE_UNLIMITED_SUBSCRIPTION_PRICE_ID=price_1P66RqP5xh1u9BqSuUzkQNac
STRIPE_UNLIMITED_ANNUAL_SUBSCRIPTION_PRICE_ID=price_1P9NpKP5xh1u9BqSApFogvUB
SIGNER_API_KEY=your-api-key-change-this
VITE_JWT_SECRET_KEY=52b3d77617bb00982dfee15b08effd52cfe5b2e69b2f61cc4848cfe1e98c0bc9
@ -130,7 +88,7 @@ DOCKER_LOG_LEVEL=info
COMPOSE_LOG_LEVEL=WARNING
# ===========================================
# VARIABLES SDK_SIGNER (manquantes)
# VARIABLES(manquantes)
# ===========================================
SIGNER_PORT=9090
SIGNER_DATABASE_PATH=./data/server.db
@ -146,13 +104,14 @@ SDK_RELAY_CORE_URL=http://bitcoin:38332
SDK_RELAY_WS_URL=0.0.0.0:8090
SDK_RELAY_WALLET_NAME=default
SDK_RELAY_NETWORK=signet
SDK_RELAY_BLINDBIT_URL=http://blindbit:8000
SDK_RELAY_ZMQ_URL=tcp://bitcoin:29000
SDK_RELAY_STORAGE=https://${DOMAIN}/storage
SDK_RELAY_DATA_DIR=/app/.4nk
SDK_RELAY_BITCOIN_DATA_DIR=/app/.bitcoin
SDK_RELAY_BOOTSTRAP_URL=wss://${BOOTSTRAP_DOMAIN}/ws/
SDK_RELAY_BOOTSTRAP_FAUCET=true
SDK_RELAY_BLINDBIT_URL=http://blindbit-oracle:8000
# ===========================================
# VARIABLES IHM_CLIENT (formatées pour docker-compose)
@ -171,7 +130,9 @@ LOKI_URL=http://loki:3100
PROMTAIL_CONFIG_FILE=/etc/promtail/config.yml
# ===========================================
# VARIABLES MANQUANTES POUR DOCKER-COMPOSE
# GRAFANA
# ===========================================
# Mailchimp
MAILCHIMP_SERVER_PREFIX=us17
GF_SECURITY_ADMIN_PASSWORD=Fuy8ZfxQI2xdSdoB8wsGxNjyU
GF_USERS_ALLOW_SIGN_UP=false
GF_SERVER_ROOT_URL=https://dev4.4nkweb.com/grafana/
GF_PLUGINS_PREINSTALL_SYNC=grafana-clock-panel,grafana-simple-json-datasource

63
.env.master.bak_20250922_121003 → .env.master.bak_20250922162546
View File

@ -1,7 +1,8 @@
# DOMAIN
DOMAIN=dev4.4nkweb.com
BOOTSTRAP_DOMAIN=dev3.4nkweb.com
LOCAL_DOMAIN=local.4nkweb.com
LOCAL_DOMAIN=lecoffreio.4nkweb.com
LECOFFRE_BACK_DOMAIN=dev3.4nkweb.com
# GIT
GITEA_BASE_URL=git.4nkweb.com
@ -10,12 +11,13 @@ GITEA_OWNER="nicolas.cantu,Omar"
GITEA_RUNNER_NAME=debian-runner
# Variables d'environnement pour l'application back-end
NODE_OPTIONS=--max-old-space-size=2048
NODE_ENV=production
RUST_LOG=DEBUG
NODE_OPTIONS=--max-old-space-size=2048
# Configuration IDNOT
IDNOT_ANNUARY_BASE_URL=https://qual-api.notaires.fr/annuaire
IDNOT_REDIRECT_URI=http://${LOCAL_DOMAIN}:3000/authorized-client
IDNOT_REDIRECT_URI=https:///lecoffre/authorized-client
IDNOT_TOKEN_URL=https://qual-connexion.idnot.fr/user/IdPOAuth2/token/idnot_idp_v1
IDNOT_API_BASE_URL=https://qual-api.notaires.fr
@ -30,7 +32,7 @@ NEXT_PUBLIC_FRONT_APP_HOST=https://dev4.4nkweb.com/lecoffre
NEXT_PUBLIC_IDNOT_BASE_URL=https://qual-connexion.idnot.fr
NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=/IdPOAuth2/authorize/idnot_idp_v1
NEXT_PUBLIC_BACK_API_PROTOCOL=https
NEXT_PUBLIC_BACK_API_HOST=${DOMAIN}
NEXT_PUBLIC_BACK_API_HOST=${LECOFFRE_BACK_DOMAIN}
NEXT_PUBLIC_BACK_API_PORT=443
NEXT_PUBLIC_BACK_API_ROOT_URL=/api
NEXT_PUBLIC_BACK_API_VERSION=v1
@ -56,8 +58,7 @@ VITE_BOOTSTRAPURL=wss://${BOOTSTRAP_DOMAIN}/ws/
# Cartes de test Stripe
SUCCES='4242 4242 4242 4242'
DECLINED='4000 0025 0000 3155'
ENABLE_SUBSCRIPTION_STUB=true
CORS_ALLOWED_ORIGINS=http://${LOCAL_DOMAIN}:3000,https://${DOMAIN}
CORS_ALLOWED_ORIGINS=https://${DOMAIN}
core_url=http://bitcoin:38332
ws_url=0.0.0.0:8090
@ -71,9 +72,6 @@ bitcoin_data_dir=/home/bitcoin/.bitcoin
bootstrap_url=wss://${BOOTSTRAP_DOMAIN}/ws/
bootstrap_faucet=true
RUST_LOG=DEBUG,
NODE_OPTIONS=--max-old-space-size=2048
# ================== /!\ sensible =========================
# Configuration IDNOT
@ -82,40 +80,6 @@ IDNOT_CLIENT_ID=B3CE56353EDB15A9
IDNOT_CLIENT_SECRET=3F733549E879878344B6C949B366BB5CDBB2DB5B7F7AB7EBBEBB0F0DD0776D1C
NEXT_PUBLIC_IDNOT_CLIENT_ID=B3CE56353EDB15A9
# Configuration OVH
OVH_APP_KEY=5ab0709bbb65ef26
OVH_APP_SECRET=de1fac1779d707d263a611a557cd5766
OVH_CONSUMER_KEY=5fe817829b8a9c780cfa2354f8312ece
OVH_SMS_SERVICE_NAME=sms-tt802880-1
OVH_APPLICATION_KEY=5ab0709bbb65ef26
OVH_APPLICATION_SECRET=de1fac1779d707d263a611a557cd5766
OVH_SERVICE_NAME=sms-tt802880-1
# Configuration SMS Factor
SMS_FACTOR_TOKEN=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI4NzgzNiIsImlhdCI6MTcwMTMzOTY1Mi45NDUzOH0.GNoqLb5MDBWuniNlQjbr1PKolwxGqBZe_tf4IMObvHw
# Configuration Mailchimp
MAILCHIMP_API_KEY=md-VVfaml-ApIV4nsGgaJKl0A
MAILCHIMP_KEY=3fa54304bc766dfd0b8043a827b28a3a-us17
MAILCHIMP_LIST_ID=a48d9ad852
# Configuration Stripe
STRIPE_SECRET_KEY=sk_test_51OwKmMP5xh1u9BqSeFpqw0Yr15hHtFsh0pvRGaE0VERhlYtvw33ND1qiGA6Dy1DPmmV61B6BqIimlhuv7bwElhjF00PLQwD60n
STRIPE_PUBLISHABLE_KEY=
STRIPE_WEBHOOK_SECRET=
STRIPE_STANDARD_SUBSCRIPTION_PRICE_ID=price_1P66fuP5xh1u9BqSHj0O6Uy3
STRIPE_STANDARD_ANNUAL_SUBSCRIPTION_PRICE_ID=price_1P9NsRP5xh1u9BqSFgkUDbQY
STRIPE_UNLIMITED_SUBSCRIPTION_PRICE_ID=price_1P66RqP5xh1u9BqSuUzkQNac
STRIPE_UNLIMITED_ANNUAL_SUBSCRIPTION_PRICE_ID=price_1P9NpKP5xh1u9BqSApFogvUB
STRIPE_price_1QMUuXP5xh1u9BqS26uzbJaF (créateurs)
STRIPE_price_1P9O6BP5xh1u9BqSelP9ZI52 (standard annuel)
STRIPE_price_1P9O68P5xh1u9BqSfNVdM8QL (starter annuel)
STRIPE_price_1P8ziKP5xh1u9BqSgtmZsaqi (starter mensuel - année)
STRIPE_price_1P8ziKP5xh1u9BqS0GajjcpG (starter mensuel - mois)
STRIPE_price_1P8ziGP5xh1u9BqSd2LGZeDd (Standard mensuel - année)
STRIPE_price_1P8ziGP5xh1u9BqSsvKOzk7A (Standard mensuel - mois)
SIGNER_API_KEY=your-api-key-change-this
VITE_JWT_SECRET_KEY=52b3d77617bb00982dfee15b08effd52cfe5b2e69b2f61cc4848cfe1e98c0bc9
@ -124,7 +88,7 @@ DOCKER_LOG_LEVEL=info
COMPOSE_LOG_LEVEL=WARNING
# ===========================================
# VARIABLES SDK_SIGNER (manquantes)
# VARIABLES(manquantes)
# ===========================================
SIGNER_PORT=9090
SIGNER_DATABASE_PATH=./data/server.db
@ -140,13 +104,14 @@ SDK_RELAY_CORE_URL=http://bitcoin:38332
SDK_RELAY_WS_URL=0.0.0.0:8090
SDK_RELAY_WALLET_NAME=default
SDK_RELAY_NETWORK=signet
SDK_RELAY_BLINDBIT_URL=http://blindbit:8000
SDK_RELAY_ZMQ_URL=tcp://bitcoin:29000
SDK_RELAY_STORAGE=https://${DOMAIN}/storage
SDK_RELAY_DATA_DIR=/app/.4nk
SDK_RELAY_BITCOIN_DATA_DIR=/app/.bitcoin
SDK_RELAY_BOOTSTRAP_URL=wss://${BOOTSTRAP_DOMAIN}/ws/
SDK_RELAY_BOOTSTRAP_FAUCET=true
SDK_RELAY_BLINDBIT_URL=http://blindbit-oracle:8000
# ===========================================
# VARIABLES IHM_CLIENT (formatées pour docker-compose)
@ -165,7 +130,9 @@ LOKI_URL=http://loki:3100
PROMTAIL_CONFIG_FILE=/etc/promtail/config.yml
# ===========================================
# VARIABLES MANQUANTES POUR DOCKER-COMPOSE
# GRAFANA
# ===========================================
# Mailchimp
MAILCHIMP_SERVER_PREFIX=us17
GF_SECURITY_ADMIN_PASSWORD=Fuy8ZfxQI2xdSdoB8wsGxNjyU
GF_USERS_ALLOW_SIGN_UP=false
GF_SERVER_ROOT_URL=https://dev4.4nkweb.com/grafana/
GF_PLUGINS_PREINSTALL_SYNC=grafana-clock-panel,grafana-simple-json-datasource

2
CHANGELOG.md
View File

@ -11,6 +11,6 @@
## [1.0.0]
### Version initiale
- Configuration Docker Compose complète
- Services : tor, bitcoin, blindbit, sdk_storage, sdk_relay, sdk_signer, ihm_client, lecoffre-front
- Services : tor, bitcoin, blindbit, sdk_storage, sdk_relay, ihm_client, lecoffre-front
- Configuration Nginx pour dev4.4nkweb.com
- Scripts de démarrage et validation

2
README.md
View File

@ -60,7 +60,6 @@ Internet → dev4.4nkweb.com (Nginx) → Services Locaux
| `lecoffre-front` | 3004 | ✅ | Interface utilisateur |
| `ihm_client` | 3003 | ✅ | Gestion des clés |
| `sdk_relay` | 8090-8091 | ✅ | Relay WebSocket |
| `sdk_signer` | 3001 | ✅ | Service de signature |
| `sdk_storage` | 8081 | ✅ | Stockage temporaire |
| `bitcoin-signet` | - | ✅ | Nœud Bitcoin |
| `blindbit-oracle` | 8000 | ✅ | Oracle Bitcoin |
@ -207,7 +206,6 @@ lecoffre_node/
| Projet | Branche | Description |
|--------|---------|-------------|
| `sdk_relay` | `ext` | Relay des transactions |
| `sdk_signer` | `ext` | Service de signature |
| `sdk_storage` | `ext` | Stockage temporaire |
| `ihm_client` | `ext` | Interface de gestion |
| `lecoffre-front` | `ext` | Frontend LeCoffre |

2
blindbit/Dockerfile
View File

@ -8,3 +8,5 @@ RUN apt-get update && apt-get install -y procps wget curl && \
# Revenir à l'utilisateur par défaut
USER root

12
conf/grafana/dashboards/lecoffre-overview.json
View File

@ -228,18 +228,6 @@
"dedupStrategy": "none",
"sortOrder": "Descending"
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "{job=~\"bitcoin|blindbit|sdk_relay|sdk_signer|sdk_storage|lecoffre-front|ihm_client|miner\"} |= \"error\" | logfmt",
"queryType": "",
"refId": "A"
}
],
"title": "Logs d'Erreur - Tous Services",
"type": "logs"
}

25
conf/grafana/dashboards/sdk-services.json
View File

@ -255,18 +255,6 @@
"mode": "single"
}
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "sum(rate({container=\"sdk_signer\"} |= \"signature\" [5m])) by (container)",
"queryType": "",
"refId": "A"
}
],
"title": "Signatures Signer",
"type": "timeseries"
},
@ -383,18 +371,6 @@
"textMode": "auto"
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "count_over_time({container=\"sdk_signer\"} |= \"ERROR\" [1h])",
"queryType": "",
"refId": "A"
}
],
"title": "Erreurs Signer (1h)",
"type": "stat"
},
@ -616,4 +592,3 @@
"version": 1,
"weekStart": ""
}

12
conf/grafana/dashboards/services-overview.json
View File

@ -394,18 +394,6 @@
"dedupStrategy": "none",
"sortOrder": "Descending"
},
"targets": [
{
"datasource": {
"type": "loki",
"uid": "loki"
},
"editorMode": "code",
"expr": "{job=~\"lecoffre-front|ihm_client|sdk_relay|sdk_signer|sdk_storage\"} |= \"error\" | logfmt",
"queryType": "",
"refId": "A"
}
],
"title": "Logs d'Erreur - Services Applications",
"type": "logs"
}

3
conf/logrotate/lecoffre-back.conf
View File

@ -1,3 +0,0 @@
logs/lecoffre-back/*.log {
}

13
conf/logrotate/sdk_signer.conf
View File

@ -1,13 +0,0 @@
logs/sdk_signer/*.log {
daily
missingok
rotate 7
compress
delaycompress
notifempty
create 644 root root
postrotate
# Redémarrer le service si nécessaire
docker restart sdk_signer 2>/dev/null || true
endscript
}

2
conf/monitoring.conf
View File

@ -21,7 +21,7 @@ log_compression=true
[services]
# Services surveillés
services=bitcoin,blindbit,sdk_relay,sdk_signer,sdk_storagelecoffre-front,ihm_client,tor,miner
services=bitcoin,blindbit,sdk_relay,,sdk_storagelecoffre-front,ihm_client,tor,miner
[alerts]
# Configuration des alertes

55
conf/nginx/dev4.4nkweb.com-https.conf
View File

@ -134,35 +134,14 @@ server {
proxy_buffering off;
}
# API direct - route /api/ vers le backend
# Autorisations CORS dynamiques pour origines connues
set $cors_origin "";
if ($http_origin ~* ^(http://local\.4nkweb\.com:3000|https://dev4\.4nkweb\.com)$) {
set $cors_origin $http_origin;
}
# API direct - route /api/ vers le backend (dev3)
location /api/ {
# CORS pour développement local Next.js
proxy_hide_header Access-Control-Allow-Origin;
proxy_hide_header Access-Control-Allow-Credentials;
proxy_hide_header Access-Control-Allow-Headers;
proxy_hide_header Access-Control-Allow-Methods;
if ($request_method = OPTIONS) {
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
return 204;
}
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Content-Type, x-session-id, Authorization" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
proxy_pass http://localhost:8080/api/;
include /etc/nginx/proxy_params;
proxy_pass http://31.33.24.235:8080/api/;
proxy_set_header Host dev3.4nkweb.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
@ -185,10 +164,14 @@ server {
proxy_read_timeout 86400;
}
# API de transfert de fonds
# API de transfert de fonds (dev3)
location /api/v1/funds/ {
proxy_pass http://localhost:8080/api/v1/funds/;
include /etc/nginx/proxy_params;
proxy_pass http://31.33.24.235:8080/api/v1/funds/;
proxy_set_header Host dev3.4nkweb.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
@ -206,16 +189,6 @@ server {
include /etc/nginx/proxy_params;
}
# signer (sdk_signer) avec support WebSocket
location /signer/ {
proxy_pass http://localhost:3001/;
include /etc/nginx/proxy_params;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
}
# lecoffre-front - Application LeCoffre
# Forcer le trailing slash pour éviter les redirections et erreurs 500 côté Next.js
location = /lecoffre {

10
conf/nginx/dev4.4nkweb.com.conf
View File

@ -255,14 +255,4 @@ server {
include /etc/nginx/proxy_params;
}
# signer (sdk_signer) avec support WebSocket
location /signer/ {
proxy_pass http://localhost:3001/;
include /etc/nginx/proxy_params;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
}
}

64
conf/nginx/local.4nkweb.com-3000.conf
View File

@ -1,64 +0,0 @@
server {
listen 0.0.0.0:3000;
listen [::]:3000;
server_name dev3.4nkweb.com;
# HTTP pur: pas de HTTPS ni HSTS
# Favicon
location = /favicon.ico {
root /home/debian/lecoffre_node/conf/nginx/assets;
}
# Compat: callback ID.not sans basePath (toutes variantes et querystring)
location /authorized-client {
proxy_pass http://127.0.0.2:3004/lecoffre/authorized-client;
include /etc/nginx/proxy_params;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Prefix /lecoffre;
proxy_read_timeout 300;
}
# Entrée sans slash
location = /lecoffre {
proxy_pass http://127.0.0.2:3004;
include /etc/nginx/proxy_params;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Prefix /lecoffre;
proxy_read_timeout 300;
}
# BasePath /lecoffre
location /lecoffre/ {
proxy_pass http://127.0.0.2:3004;
include /etc/nginx/proxy_params;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Prefix /lecoffre;
proxy_read_timeout 300;
}
# HMR (si utilisé en local)
location /lecoffre/_next/webpack-hmr {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_buffering off;
proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr;
proxy_read_timeout 600s;
}
# Assets Next.js
location ~* ^(/_next/static/|/lecoffre/_next/static/|/.+\.(?:css|js|png|jpg|jpeg|gif|svg|ico|webp|woff2?))$ {
expires 7d;
add_header Cache-Control "public, max-age=604800, immutable" always;
proxy_pass http://127.0.0.2:3004$request_uri;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_read_timeout 300;
}
}

9
conf/nginx/local.4nkweb.com.conf
View File

@ -1,9 +0,0 @@
server {
listen 80;
server_name local.4nkweb.com;
# HTTP only: pas de redirection HTTPS, pas d'HSTS
location / {
return 302 http://local.4nkweb.com:3000$request_uri;
}
}

55
conf/nginx/local.lecoffreio.4nkweb-3000.conf
View File

@ -1,55 +0,0 @@
server {
listen 0.0.0.0:3000;
listen [::]:3000;
server_name local.lecoffreio.4nkweb;
# Ne jamais forcer HTTPS ni HSTS sur ce vhost local
# Pas de return 301, pas de add_header HSTS
# Favicon local par défaut
location = /favicon.ico {
root /home/debian/lecoffre_node/conf/nginx/assets;
}
# Entrée sans slash pour éviter les boucles
location = /lecoffre {
proxy_pass http://127.0.0.2:3004;
include /etc/nginx/proxy_params;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Prefix /lecoffre;
proxy_read_timeout 300;
}
# Sous-chemin Next.js (préserve le prefix)
location /lecoffre/ {
proxy_pass http://127.0.0.2:3004;
include /etc/nginx/proxy_params;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Prefix /lecoffre;
proxy_read_timeout 300;
}
# HMR en dev (si jamais on lutilise en local HTTP)
location /lecoffre/_next/webpack-hmr {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_buffering off;
proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr;
proxy_read_timeout 600s;
}
# Assets Next.js / cache léger côté proxy
location ~* ^(/_next/static/|/lecoffre/_next/static/|/.+\.(?:css|js|png|jpg|jpeg|gif|svg|ico|webp|woff2?))$ {
expires 7d;
add_header Cache-Control "public, max-age=604800, immutable" always;
proxy_pass http://127.0.0.2:3004$request_uri;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_read_timeout 300;
}
}

48
conf/nginx/local.lecoffreio.4nkweb.conf
View File

@ -1,48 +0,0 @@
server {
listen 80;
server_name local.lecoffreio.4nkweb;
# HTTP pur: pas de redirection vers HTTPS, pas d'HSTS
location = /favicon.ico {
root /home/debian/lecoffre_node/conf/nginx/assets;
}
location = /lecoffre {
proxy_pass http://127.0.0.2:3004;
include /etc/nginx/proxy_params;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Prefix /lecoffre;
proxy_read_timeout 300;
}
location /lecoffre/ {
proxy_pass http://127.0.0.2:3004;
include /etc/nginx/proxy_params;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Prefix /lecoffre;
proxy_read_timeout 300;
}
location /lecoffre/_next/webpack-hmr {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_buffering off;
proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr;
proxy_read_timeout 600s;
}
location ~* ^(/_next/static/|/lecoffre/_next/static/|/.+\.(?:css|js|png|jpg|jpeg|gif|svg|ico|webp|woff2?))$ {
expires 7d;
add_header Cache-Control "public, max-age=604800, immutable" always;
proxy_pass http://127.0.0.2:3004$request_uri;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto http;
proxy_read_timeout 300;
}
}

47
conf/nginx/nginx.conf
View File

@ -51,10 +51,6 @@ http {
limit_req_zone $binary_remote_addr zone=login:10m rate=1r/s;
# Upstream servers
upstream lecoffre_backend {
server localhost:8080;
keepalive 32;
}
upstream lecoffre_frontend {
server localhost:3004;
@ -86,11 +82,6 @@ http {
keepalive 32;
}
upstream sdk_signer {
server localhost:3001;
keepalive 32;
}
upstream blindbit {
server localhost:8000;
keepalive 32;
@ -296,19 +287,6 @@ http {
proxy_set_header X-Forwarded-Proto $scheme;
}
# signer (sdk_signer) avec support WebSocket
location /signer/ {
proxy_pass http://sdk_signer/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300;
}
# LeCoffre Front - Application principale
location /lecoffre/ {
proxy_pass http://lecoffre_frontend/;
@ -341,31 +319,6 @@ http {
proxy_read_timeout 300;
}
}
# Serveur pour redirections externes IdNot (port 3000)
server {
listen 3000 default_server;
listen [::]:3000 default_server;
server_name dev3.4nkweb.com;
# Headers de sécurité
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
# Page de statut des services
location /status/ {
alias /var/www/lecoffre/status/;
index index.html;
try_files $uri $uri/ /status/index.html;
location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ {
expires 1h;
add_header Cache-Control "public, immutable";
}
}
# API de statut des services
location /status/api {
limit_req zone=api burst=20 nodelay;

10
conf/promtail/promtail.yml
View File

@ -39,16 +39,6 @@ scrape_configs:
service: sdk_relay
__path__: /var/log/lecoffre/sdk_relay/*.log
# SDK Signer Logs
- job_name: sdk_signer
static_configs:
- targets:
- localhost
labels:
job: sdk_signer
service: sdk_signer
__path__: /var/log/lecoffre/sdk_signer/*.log
# SDK Storage Logs
- job_name: sdk_storage
static_configs:

403
docker-compose.yml.backup
View File

@ -1,403 +0,0 @@
services:
tor:
image: btcpayserver/tor:0.4.8.10
container_name: tor-proxy
volumes:
- ./logs/tor:/var/log/tor
networks:
btcnet:
aliases:
- tor
healthcheck:
test: ["CMD", "sh", "-c", "if test -f /var/log/tor/tor.log && test -s /var/log/tor/tor.log; then echo 'Tor ready: SOCKS proxy listening on port 9050'; exit 0; else echo 'Tor starting: SOCKS proxy not yet ready'; exit 1; fi"]
interval: 10s
timeout: 5s
retries: 50
restart: unless-stopped
bitcoin:
image: git.4nkweb.com/4nk/bitcoin:latest
container_name: bitcoin-signet
depends_on:
tor:
condition: service_healthy
volumes:
- bitcoin_data:/home/bitcoin/.bitcoin
- ./conf/bitcoin/bitcoin.conf:/etc/bitcoin/bitcoin.conf:ro
- ./logs/bitcoin:/var/log/bitcoin
networks:
btcnet:
aliases:
- bitcoin
user: root
entrypoint: >
/bin/sh -c "
chown -R bitcoin:bitcoin /home/bitcoin/.bitcoin || echo 'warn: chown partiel (fichiers bind-mount Windows)';
exec su-exec bitcoin bitcoind -conf=/etc/bitcoin/bitcoin.conf -signet"
healthcheck:
test: ["CMD", "sh", "-c", "if bitcoin-cli -conf=/etc/bitcoin/bitcoin.conf getblockchaininfo > /dev/null 2>&1; then echo 'Bitcoin ready: RPC responding'; exit 0; else echo 'Bitcoin starting: RPC not ready'; exit 1; fi"]
interval: 30s
timeout: 10s
retries: 50
restart: unless-stopped
blindbit:
image: git.4nkweb.com/4nk/blindbit-oracle:dev
container_name: blindbit-oracle
depends_on:
bitcoin:
condition: service_healthy
volumes:
- blindbit_data:/root/.blindbit-oracle
- ./blindbit/blindbit.toml:/tmp/blindbit.toml:ro
- bitcoin_data:/home/bitcoin/.bitcoin
- ./logs/blindbit:/var/log/blindbit
entrypoint: >
sh -c "cp /tmp/blindbit.toml /root/.blindbit-oracle/blindbit.toml &&
./main -datadir /root/.blindbit-oracle"
networks:
btcnet:
aliases:
- blindbit
ports:
- "0.0.0.0:8000:8000"
healthcheck:
test: ["CMD", "sh", "-c", "if wget -q --spider http://localhost:8000/tweaks/1; then echo 'BlindBit ready: Oracle service responding'; exit 0; else echo 'BlindBit starting: Oracle service not yet ready'; exit 1; fi"]
interval: 15s
timeout: 5s
retries: 50
restart: unless-stopped
sdk_relay:
image: git.4nkweb.com/4nk/sdk_relay:ext
container_name: sdk_relay
depends_on:
blindbit:
condition: service_healthy
volumes:
- ./conf/relay/sdk_relay.conf:/app/.conf:ro
- sdk_data:/app/.4nk
- bitcoin_data:/app/.bitcoin
- ./scripts/funds:/scripts/funds:ro
- ./logs/sdk_relay:/var/log/sdk_relay
ports:
- "0.0.0.0:8090:8090"
- "0.0.0.0:8091:8091"
networks:
btcnet:
aliases:
- sdk_relay
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
environment:
- HOME=/app
- CORE_URL=${SDK_RELAY_CORE_URL}
- WS_URL=${SDK_RELAY_WS_URL}
- WALLET_NAME=${SDK_RELAY_WALLET_NAME}
- NETWORK=${SDK_RELAY_NETWORK}
- BLINDBIT_URL=${SDK_RELAY_BLINDBIT_URL}
- ZMQ_URL=${SDK_RELAY_ZMQ_URL}
- STORAGE=${SDK_RELAY_STORAGE}
- DATA_DIR=${SDK_RELAY_DATA_DIR}
- BITCOIN_DATA_DIR=${SDK_RELAY_BITCOIN_DATA_DIR}
- BOOTSTRAP_URL=${SDK_RELAY_BOOTSTRAP_URL}
- BOOTSTRAP_FAUCET=${SDK_RELAY_BOOTSTRAP_FAUCET}
- RUST_LOG=INFO
healthcheck:
test: ["CMD", "sh", "-c", "if curl -f http://localhost:8091/ >/dev/null 2>&1; then echo 'SDK Relay ready: WebSocket server responding'; exit 0; else echo 'SDK Relay IBD: Waiting for Bitcoin sync to complete'; exit 1; fi"]
interval: 30s
timeout: 10s
retries: 50
restart: unless-stopped
lecoffre-front:
image: git.4nkweb.com/4nk/lecoffre-front:ext
container_name: lecoffre-front
working_dir: /leCoffre-front
environment:
- NODE_OPTIONS=${NODE_OPTIONS}
- NODE_ENV=${NODE_ENV}
- NEXT_PUBLIC_4NK_URL=${NEXT_PUBLIC_4NK_URL}
- NEXT_PUBLIC_FRONT_APP_HOST=${NEXT_PUBLIC_FRONT_APP_HOST}
- NEXT_PUBLIC_IDNOT_BASE_URL=${NEXT_PUBLIC_IDNOT_BASE_URL}
- NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=${NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT}
- NEXT_PUBLIC_BACK_API_PROTOCOL=${NEXT_PUBLIC_BACK_API_PROTOCOL}
- NEXT_PUBLIC_BACK_API_HOST=${NEXT_PUBLIC_BACK_API_HOST}
- NEXT_PUBLIC_BACK_API_PORT=${NEXT_PUBLIC_BACK_API_PORT}
- NEXT_PUBLIC_BACK_API_ROOT_URL=${NEXT_PUBLIC_BACK_API_ROOT_URL}
- NEXT_PUBLIC_BACK_API_VERSION=${NEXT_PUBLIC_BACK_API_VERSION}
ports:
- "0.0.0.0:3004:3000"
volumes:
- ./logs/lecoffre-front:/var/log/lecoffre-front
networks:
btcnet:
aliases:
- lecoffre-front
depends_on:
lecoffre-back:
condition: service_healthy
ihm_client:
condition: service_healthy
sdk_storage:
condition: service_healthy
sdk_signer:
condition: service_healthy
user: lecoffreuser
command: ["node", "server.js"]
healthcheck:
test: ["CMD", "sh", "-c", "if ps aux | grep -v grep | grep next-server >/dev/null 2>&1; then echo 'LeCoffre Frontend ready: Next.js server running'; exit 0; else echo 'LeCoffre Frontend starting: Next.js server not yet ready'; exit 1; fi"]
interval: 30s
timeout: 10s
retries: 50
start_period: 30s
labels:
- "com.centurylinklabs.watchtower.enable=true"
restart: unless-stopped
ihm_client:
image: git.4nkweb.com/4nk/ihm_client:ext
container_name: ihm_client
environment:
- VITE_JWT_SECRET_KEY=${VITE_JWT_SECRET_KEY}
- VITE_API_BASE_URL=${VITE_API_BASE_URL}
- VITE_WS_URL=${VITE_WS_URL}
- VITE_STORAGE_URL=${VITE_STORAGE_URL}
- VITE_SIGNER_URL=${VITE_SIGNER_URL}
- VITE_BOOTSTRAPURL=wss://dev4.4nkweb.com/ws/
ports:
- "0.0.0.0:3003:3003"
volumes:
- ./logs/ihm_client:/var/log/ihm_client
networks:
btcnet:
aliases:
- ihm_client
depends_on:
sdk_relay:
condition: service_healthy
sdk_storage:
condition: service_healthy
sdk_signer:
condition: service_healthy
user: root
command: ["npm", "start"]
healthcheck:
test: ["CMD", "sh", "-c", "if curl -f http://localhost:3003/ >/dev/null 2>&1; then echo 'IHM Client ready: Vite dev server responding'; exit 0; else echo 'IHM Client starting: Vite dev server not yet ready'; exit 1; fi"]
interval: 30s
timeout: 10s
retries: 50
start_period: 30s
labels:
- "com.centurylinklabs.watchtower.enable=true"
restart: unless-stopped
sdk_signer:
image: git.4nkweb.com/4nk/sdk_signer:ext
container_name: sdk_signer
ports:
- "0.0.0.0:3001:9090"
volumes:
- ./logs/sdk_signer:/var/log/sdk_signer
networks:
btcnet:
aliases:
- sdk_signer
user: appuser
depends_on:
sdk_storage:
condition: service_healthy
command: ["node", "/app/dist/index.js"]
healthcheck:
test: ["CMD", "sh", "-c", "if curl -f http://localhost:9090/ >/dev/null 2>&1; then echo 'SDK Signer ready: WebSocket server responding'; exit 0; else echo 'SDK Signer starting: WebSocket server not yet ready'; exit 1; fi"]
interval: 30s
timeout: 10s
retries: 50
start_period: 30s
labels:
- "com.centurylinklabs.watchtower.enable=true"
restart: unless-stopped
environment:
- PORT=${SIGNER_PORT}
- API_KEY=${SIGNER_API_KEY}
- DATABASE_PATH=${SIGNER_DATABASE_PATH}
- RELAY_URLS=${SIGNER_RELAY_URLS}
- AUTO_RESTART=${SIGNER_AUTO_RESTART}
- MAX_RESTARTS=${SIGNER_MAX_RESTARTS}
- LOG_LEVEL=${SIGNER_LOG_LEVEL}
- SIGNER_WS_URL=ws://dev3.4nkweb.com:9090
- SIGNER_BASE_URL=https://dev3.4nkweb.com
sdk_storage:
image: git.4nkweb.com/4nk/sdk_storage:ext
container_name: sdk_storage
ports:
- "0.0.0.0:8081:8080"
volumes:
- ./logs/sdk_storage:/var/log/sdk_storage
healthcheck:
test: ["CMD", "sh", "-c", "if curl -f http://localhost:8080/health >/dev/null 2>&1; then echo 'SDK Storage ready: API responding'; exit 0; else echo 'SDK Storage starting: API not yet ready'; exit 1; fi"]
interval: 30s
timeout: 10s
retries: 50
start_period: 30s
networks:
btcnet:
aliases:
- sdk_storage
labels:
- "com.centurylinklabs.watchtower.enable=true"
restart: unless-stopped
watchtower:
image: containrrr/watchtower
container_name: watchtower
volumes:
- /var/run/docker.sock:/var/run/docker.sock
command: --interval 30 --label-enable
networks:
- btcnet
restart: unless-stopped
signet_miner:
build:
context: ./miner
container_name: signet_miner
depends_on:
bitcoin:
condition: service_healthy
env_file:
- ./miner/.env
volumes:
- bitcoin_data:/bitcoin:ro
- ./logs/miner:/var/log/miner
networks:
btcnet:
aliases:
- signet_miner
profiles: ["miner"]
restart: unless-stopped
grafana:
image: grafana/grafana:latest
container_name: grafana
ports:
- "0.0.0.0:3005:3000"
volumes:
- grafana_data:/var/lib/grafana
- ./conf/grafana/provisioning:/etc/grafana/provisioning
- ./conf/grafana/dashboards:/var/lib/grafana/dashboards
- ./conf/grafana/grafana.ini:/etc/grafana/grafana.ini:ro
- ./logs:/var/log/lecoffre:ro
environment:
- GF_SECURITY_ADMIN_PASSWORD=Fuy8ZfxQI2xdSdoB8wsGxNjyU
- GF_USERS_ALLOW_SIGN_UP=false
- GF_SERVER_ROOT_URL=https://dev4.4nkweb.com/grafana/
- GF_PLUGINS_PREINSTALL_SYNC=grafana-clock-panel,grafana-simple-json-datasource
networks:
btcnet:
aliases:
- grafana
depends_on:
loki:
condition: service_healthy
promtail:
condition: service_healthy
healthcheck:
test: ["CMD", "sh", "-c", "if curl -f http://localhost:3000/api/health >/dev/null 2>&1; then echo 'Grafana ready: Dashboard service responding'; exit 0; else echo 'Grafana starting: Dashboard service not yet ready'; exit 1; fi"]
interval: 30s
timeout: 10s
retries: 50
start_period: 60s
labels:
- "com.centurylinklabs.watchtower.enable=true"
restart: unless-stopped
loki:
image: grafana/loki:latest
container_name: loki
ports:
- "0.0.0.0:3100:3100"
volumes:
- loki_data:/loki
- ./conf/loki/loki-config.yaml:/etc/loki/loki-config.yaml:ro
command: -config.file=/etc/loki/loki-config.yaml
networks:
btcnet:
aliases:
- loki
healthcheck:
test: ["CMD", "wget", "-q", "--spider", "http://localhost:3100/ready"]
interval: 30s
timeout: 15s
retries: 50
start_period: 120s
restart: unless-stopped
promtail:
image: promtail-custom:ext
container_name: promtail
volumes:
- ./logs:/var/log/lecoffre:ro
- ./conf/promtail/promtail.yml:/etc/promtail/config.yml:ro
- /var/run/docker.sock:/var/run/docker.sock
command: -config.file=/etc/promtail/config.yml
networks:
btcnet:
aliases:
- promtail
depends_on:
loki:
condition: service_healthy
healthcheck:
test: ["CMD", "sh", "-c", "if [ -f /tmp/positions.yaml ]; then echo 'Promtail ready: Log collection service responding'; exit 0; else echo 'Promtail starting: Log collection service not yet ready'; exit 1; fi"]
interval: 30s
timeout: 10s
retries: 50
start_period: 30s
restart: unless-stopped
# Service de statut des services
status-api:
build:
context: ./web/status
dockerfile: Dockerfile.python
container_name: status-api
ports:
- "0.0.0.0:3006:3006"
volumes:
- ./web/status/api.py:/app/api.py:ro
networks:
btcnet:
aliases:
- status-api
healthcheck:
test: ["CMD", "sh", "-c", "if curl -f http://localhost:3006/api >/dev/null 2>&1; then echo 'Status API ready: Service monitoring API responding'; exit 0; else echo 'Status API starting: Service monitoring API not yet ready'; exit 1; fi"]
interval: 30s
timeout: 10s
retries: 50
start_period: 30s
labels:
- "com.centurylinklabs.watchtower.enable=true"
restart: unless-stopped
volumes:
bitcoin_data:
name: 4nk_node_bitcoin_data
blindbit_data:
sdk_data:
grafana_data:
loki_data:
networks:
btcnet:
name: 4nk_node_btcnet
driver: bridge
ipam:
config:
- subnet: 172.20.0.0/16

1
scripts/README.md
View File

@ -195,7 +195,6 @@ Les données sont persistées dans les volumes Docker suivants :
- `4nk_node_bitcoin_data` : Données Bitcoin Signet
- `4nk_node_blindbit_data` : Données BlindBit Oracle
- `4nk_node_sdk_data` : Données SDK Relay
- `4nk_node_sdk_signer_data` : Données SDK Signer
- `4nk_node_sdk_storage_data` : Données SDK Storage
- `4nk_node_grafana_data` : Données Grafana
- `4nk_node_loki_data` : Données Loki

13
scripts/backup-data.sh
View File

@ -14,6 +14,8 @@ NC='\033[0m' # No Color
BACKUP_DIR="./backups"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
BACKUP_NAME="lecoffre_backup_${TIMESTAMP}"
HOST_UID=$(id -u)
HOST_GID=$(id -g)
echo -e "${BLUE}========================================${NC}"
echo -e "${BLUE} LeCoffre Node - Data Backup${NC}"
@ -35,10 +37,11 @@ backup_volume() {
if docker volume inspect "$volume_name" >/dev/null 2>&1; then
docker run --rm \
-e HOST_UID="$HOST_UID" -e HOST_GID="$HOST_GID" \
-v "$volume_name":/source:ro \
-v "$(pwd)/$BACKUP_DIR/$BACKUP_NAME":/backup \
alpine:latest \
sh -c "mkdir -p /backup$backup_path && cp -r /source/* /backup$backup_path/ 2>/dev/null || true && chmod -R 755 /backup$backup_path 2>/dev/null || true"
sh -c "mkdir -p /backup$backup_path && cp -r /source/* /backup$backup_path/ 2>/dev/null || true && chmod -R 755 /backup$backup_path 2>/dev/null || true && chown -R \$HOST_UID:\$HOST_GID /backup$backup_path 2>/dev/null || true"
echo -e "${GREEN}$description backed up${NC}"
else
echo -e "${YELLOW}⚠ Volume $volume_name not found${NC}"
@ -52,7 +55,6 @@ mkdir -p "$BACKUP_DIR/$BACKUP_NAME"
backup_volume "4nk_node_bitcoin_data" "/bitcoin" "Bitcoin Signet Data"
backup_volume "4nk_node_blindbit_data" "/blindbit" "BlindBit Oracle Data"
backup_volume "4nk_node_sdk_data" "/sdk" "SDK Relay Data"
backup_volume "4nk_node_sdk_signer_data" "/sdk_signer" "SDK Signer Data"
backup_volume "4nk_node_sdk_storage_data" "/sdk_storage" "SDK Storage Data"
backup_volume "4nk_node_grafana_data" "/grafana" "Grafana Data"
backup_volume "4nk_node_loki_data" "/loki" "Loki Data"
@ -60,11 +62,8 @@ backup_volume "4nk_node_loki_data" "/loki" "Loki Data"
# Créer une archive compressée
echo -e "${BLUE}Creating compressed archive...${NC}"
cd "$BACKUP_DIR"
tar -czf "${BACKUP_NAME}.tar.gz" "$BACKUP_NAME" 2>/dev/null || {
echo -e "${YELLOW}Warning: Some files could not be archived due to permissions${NC}"
tar -czf "${BACKUP_NAME}.tar.gz" "$BACKUP_NAME" --ignore-failed-read 2>/dev/null || true
}
rm -rf "$BACKUP_NAME"
tar -czf "${BACKUP_NAME}.tar.gz" "$BACKUP_NAME" --ignore-failed-read 2>/dev/null || true
rm -rf "$BACKUP_NAME" || sudo rm -rf "$BACKUP_NAME" || true
cd ..
# Afficher les informations de sauvegarde

2
scripts/build-project.sh
View File

@ -7,7 +7,6 @@
# - bitcoin: Bitcoin Signet
# - blindbit: BlindBit Oracle
# - sdk_relay: SDK Relay
# - sdk_signer: SDK Signer
# - sdk_storage: SDK Storage
# - lecoffre-front: LeCoffre Frontend
# - ihm_client: IHM Client
@ -47,7 +46,6 @@ if [[ $# -lt 1 ]]; then
echo " - lecoffre-front"
echo " - sdk_relay"
echo " - sdk_storage"
echo " - sdk_signer"
echo ""
echo "Exemples:"
echo " $0 ihm_client"

1
scripts/collect-logs.sh
View File

@ -29,7 +29,6 @@ else
"bitcoin-signet:bitcoin"
"blindbit-oracle:blindbit"
"sdk_relay:sdk_relay"
"sdk_signer:sdk_signer"
"sdk_storage:sdk_storage"
"lecoffre-back:lecoffre-back"
"lecoffre-front:lecoffre-front"

2
scripts/deploy-grafana.sh
View File

@ -74,7 +74,7 @@ start_monitoring() {
check_config
# Créer les dossiers nécessaires
mkdir -p logs/{bitcoin,blindbit,sdk_relay,sdk_signer,sdk_storagelecoffre-front,ihm_client,tor,miner,nginx}
mkdir -p logs/{bitcoin,blindbit,sdk_relaysdk_storagelecoffre-front,ihm_client,tor,miner,nginx}
# Démarrer les services de monitoring
log_info "Démarrage de Loki..."

18
scripts/healthchecks/sdk-signer-progress.sh
View File

@ -2,21 +2,3 @@
# Healthcheck for SDK Signer
# Prefer checking the HTTP endpoint first; fall back to log-based progress hints
# 1) If HTTP endpoint responds with an acceptable status, we're healthy
HTTP_CODE=$(curl -s -o /dev/null -w '%{http_code}' http://localhost:9090/ 2>/dev/null || echo "000")
if [ "$HTTP_CODE" = "200" ] || [ "$HTTP_CODE" = "101" ] || [ "$HTTP_CODE" = "426" ]; then
echo "SDK Signer ready: HTTP $HTTP_CODE"
exit 0
fi
# 2) If not yet responding, try to surface a recent meaningful log line
signer_logs=$(tail -20 /var/log/sdk_signer/sdk_signer.log 2>/dev/null | grep -E "(Disconnected|reconnect|error|connected|waiting|connecting|handshake|Initialized|Background sync)" | tail -1 || true)
if [ -n "$signer_logs" ]; then
echo "SDK Signer conn: $signer_logs"
exit 1
fi
# 3) Default: still starting up
echo 'SDK Signer starting: WebSocket server initializing'
exit 1

1
scripts/restore-data.sh
View File

@ -81,7 +81,6 @@ restore_volume() {
restore_volume "4nk_node_bitcoin_data" "/bitcoin" "Bitcoin Signet Data"
restore_volume "4nk_node_blindbit_data" "/blindbit" "BlindBit Oracle Data"
restore_volume "4nk_node_sdk_data" "/sdk" "SDK Relay Data"
restore_volume "4nk_node_sdk_signer_data" "/sdk_signer" "SDK Signer Data"
restore_volume "4nk_node_sdk_storage_data" "/sdk_storage" "SDK Storage Data"
restore_volume "4nk_node_grafana_data" "/grafana" "Grafana Data"
restore_volume "4nk_node_loki_data" "/loki" "Loki Data"

8
scripts/setup-logs.sh
View File

@ -8,12 +8,12 @@ set -e
echo "🔧 Configuration de la centralisation des logs..."
# Créer les dossiers de logs
mkdir -p logs/{bitcoin,blindbit,sdk_relay,sdk_signer,sdk_storagelecoffre-front,ihm_client,tor,miner,nginx}
mkdir -p logs/{bitcoin,blindbit,sdk_relaysdk_storagelecoffre-front,ihm_client,tor,miner,nginx}
# Créer des fichiers de log de test pour chaque service
echo "📝 Création des fichiers de log de test..."
for service in bitcoin blindbit sdk_relay sdk_signer sdk_storage lecoffre-front ihm_client tor miner nginx; do
for service in bitcoin blindbit sdk_relaysdk_storage lecoffre-front ihm_client tor miner nginx; do
log_file="logs/${service}/${service}.log"
echo "$(date): Test log entry for ${service}" > "$log_file"
echo "$(date): Service ${service} started successfully" >> "$log_file"
@ -23,7 +23,7 @@ done
# Créer des fichiers de log avec rotation
echo "🔄 Configuration de la rotation des logs..."
for service in bitcoin blindbit sdk_relay sdk_signer sdk_storage lecoffre-front ihm_client tor miner nginx; do
for service in bitcoin blindbit sdk_relaysdk_storage lecoffre-front ihm_client tor miner nginx; do
logrotate_config="conf/logrotate/${service}.conf"
mkdir -p conf/logrotate
@ -72,7 +72,7 @@ else
# Collecter les logs de tous les services
echo "📊 Collecte des logs de tous les services..."
for service in bitcoin-signet blindbit-oracle sdk_relay sdk_signer sdk_storage lecoffre-front ihm_client tor-proxy signet_miner; do
for service in bitcoin-signet blindbit-oracle sdk_relaysdk_storage lecoffre-front ihm_client tor-proxy signet_miner; do
if docker ps --format "table {{.Names}}" | grep -q "^${service}$"; then
echo "📝 Collecte des logs pour $service..."
mkdir -p "$LOG_DIR/${service##*-}" # Enlever le préfixe si nécessaire

17
scripts/start.sh
View File

@ -103,22 +103,6 @@ show_detailed_progress() {
echo -e " ${RED}SDK Relay: Not running${NC}"
fi
# SDK Signer
if docker ps --format '{{.Names}}' | grep -q "sdk_signer"; then
local ws_response=$(curl -s -o /dev/null -w '%{http_code}' http://localhost:9090/ 2>/dev/null || echo "000")
if [ "$ws_response" = "101" ] || [ "$ws_response" = "426" ]; then
echo -e " ${GREEN}SDK Signer: Ready${NC}"
else
local signer_logs=$(docker logs sdk_signer --tail 5 2>/dev/null | grep -E "(Disconnected|reconnect|error|connected|waiting|connecting)" | tail -1 || echo "")
if [ -n "$signer_logs" ]; then
echo -e " ${YELLOW}SDK Signer Conn: $signer_logs${NC}"
else
echo -e " ${YELLOW}SDK Signer: Starting...${NC}"
fi
fi
else
echo -e " ${RED}SDK Signer: Not running${NC}"
fi
# URLs publiques HTTPS
echo -e "${CYAN}Public URLs Status:${NC}"
@ -237,7 +221,6 @@ services=(
"blindbit:BlindBit Oracle"
"sdk_storage:SDK Storage"
"sdk_relay:SDK Relay"
"sdk_signer:SDK Signer"
"lecoffre-front:LeCoffre Frontend"
"ihm_client:IHM Client"
"grafana:Grafana"

6
scripts/sync-monitoring-config.sh
View File

@ -28,7 +28,7 @@ log_info "🔄 Synchronisation de la configuration de monitoring..."
# Créer la structure de dossiers
log_info "Création de la structure de dossiers..."
mkdir -p conf/{grafana/{provisioning/{datasources,dashboards},dashboards},promtail,logrotate,nginx}
mkdir -p logs/{bitcoin,blindbit,sdk_relay,sdk_signer,sdk_storagelecoffre-front,ihm_client,tor,miner,nginx}
mkdir -p logs/{bitcoin,blindbit,sdk_relaysdk_storagelecoffre-front,ihm_client,tor,miner,nginx}
# Copier la configuration Nginx si elle n'existe pas
if [ ! -f "conf/nginx/grafana.conf" ]; then
@ -89,7 +89,7 @@ fi
# Créer des fichiers de log de test pour chaque service
log_info "Création des fichiers de log de test..."
for service in bitcoin blindbit sdk_relay sdk_signer sdk_storage lecoffre-front ihm_client tor miner nginx; do
for service in bitcoin blindbit sdk_relaysdk_storage lecoffre-front ihm_client tor miner nginx; do
log_file="logs/${service}/${service}.log"
if [ ! -f "$log_file" ]; then
echo "$(date): Test log entry for ${service}" > "$log_file"
@ -156,7 +156,7 @@ log_compression=true
[services]
# Services surveillés
services=bitcoin,blindbit,sdk_relay,sdk_signer,sdk_storagelecoffre-front,ihm_client,tor,miner
services=bitcoin,blindbit,sdk_relaysdk_storagelecoffre-front,ihm_client,tor,miner
[alerts]
# Configuration des alertes

2
scripts/test-dashboards.sh
View File

@ -70,7 +70,7 @@ test_loki_api() {
test_service_logs() {
echo "📋 Test des logs des services"
services=("bitcoin-signet" "blindbit-oracle" "sdk_relay" "sdk_signer" "sdk_storage" "lecoffre-front" "ihm_client" "signet_miner")
services=("bitcoin-signet" "blindbit-oracle" "sdk_relay""sdk_storage" "lecoffre-front" "ihm_client" "signet_miner")
for service in "${services[@]}"; do
echo " 🔍 Test des logs: $service"

5
scripts/update-healthchecks.sh
View File

@ -62,10 +62,5 @@ replace_healthcheck "sdk_relay" \
'["CMD", "sh", "-c", "if curl -f http://localhost:8091/ >/dev/null 2>&1; then echo '\''SDK Relay ready: WebSocket server responding'\''; exit 0; else echo '\''SDK Relay IBD: Waiting for Bitcoin sync to complete'\''; exit 1; fi"]' \
'["CMD", "sh", "-c", "relay_logs=\$(tail -10 /var/log/sdk_relay/sdk_relay.log 2>/dev/null | grep -E \"(IBD|blocks|headers|waiting|scanning)\" | tail -1 || echo \"\"); if [ -n \"\$relay_logs\" ]; then echo \"SDK Relay sync: \$relay_logs\"; exit 1; else if curl -f http://localhost:8091/ >/dev/null 2>&1; then echo '\''SDK Relay ready: WebSocket server responding'\''; exit 0; else echo '\''SDK Relay starting: WebSocket server not yet ready'\''; exit 1; fi; fi"]'
# Mettre à jour SDK Signer
replace_healthcheck "sdk_signer" \
'["CMD", "sh", "-c", "if curl -f http://localhost:9090/ >/dev/null 2>&1; then echo '\''SDK Signer ready: WebSocket server responding'\''; exit 0; else echo '\''SDK Signer starting: WebSocket server not yet ready'\''; exit 1; fi"]' \
'["CMD", "sh", "-c", "signer_logs=\$(tail -10 /var/log/sdk_signer/sdk_signer.log 2>/dev/null | grep -E \"(Disconnected|reconnect|error|connected|waiting)\" | tail -1 || echo \"\"); if [ -n \"\$signer_logs\" ]; then echo \"SDK Signer conn: \$signer_logs\"; exit 1; else if curl -f http://localhost:9090/ >/dev/null 2>&1; then echo '\''SDK Signer ready: WebSocket server responding'\''; exit 0; else echo '\''SDK Signer starting: WebSocket server not yet ready'\''; exit 1; fi; fi"]'
echo "Healthchecks mis à jour avec succès!"
echo "Sauvegarde créée: $BACKUP_FILE"

2
scripts/validate-deployment.sh
View File

@ -97,7 +97,6 @@ echo -e "${CYAN}=== Volume Validation ===${NC}"
check_volume "4nk_node_bitcoin_data" "Bitcoin Signet Data"
check_volume "4nk_node_blindbit_data" "BlindBit Oracle Data"
check_volume "4nk_node_sdk_data" "SDK Relay Data"
check_volume "4nk_node_sdk_signer_data" "SDK Signer Data"
check_volume "4nk_node_sdk_storage_data" "SDK Storage Data"
check_volume "4nk_node_grafana_data" "Grafana Data"
check_volume "4nk_node_loki_data" "Loki Data"
@ -110,7 +109,6 @@ check_service "bitcoin-signet" "Bitcoin Signet" "" ""
check_service "blindbit-oracle" "BlindBit Oracle" "http://localhost:8000/tweaks/1" "200"
check_service "sdk_storage" "SDK Storage" "http://localhost:8081/health" "200"
check_service "sdk_relay" "SDK Relay" "http://localhost:8091/" "200"
check_service "sdk_signer" "SDK Signer" "http://localhost:3001/" "101,426,200"
check_service "lecoffre-front" "LeCoffre Frontend" "http://localhost:3004/lecoffre/" "200,301,302,307,308"
check_service "ihm_client" "IHM Client" "http://localhost:3003/" "200"
check_service "grafana" "Grafana" "http://localhost:3005/api/health" "200"

2
tests/smoke_dev4.md
View File

@ -20,10 +20,8 @@ Nginx
- Pas derreurs critiques dans error.log
Résultats (17/09/2025)
- / → 200
- /lecoffre/ → 404
- /lecoffre/404 → 404 (avec `runtimeConfig` présent et `assetPrefix` = /lecoffre)
- /back/ → 200
- /blindbit/ → 200
- /signer/ → 200
- /storage/ → 404

14
tests/smoke_local_http.md
View File

@ -1,14 +0,0 @@
### Smoke tests - local.lecoffreio.4nkweb (HTTP)
- **/lecoffre/**: doit répondre 200 (pas de redirection HTTPS)
- **/_next/** et **/lecoffre/_next/**: assets servis, codes 200/304
- **favicon**: `http://local.lecoffreio.4nkweb:3000/favicon.ico` répond 200 si présent
Commandes de vérification:
```bash
curl -I -H "Host: local.lecoffreio.4nkweb" http://127.0.0.1:3000/lecoffre/
curl -I -H "Host: local.lecoffreio.4nkweb" http://127.0.0.1:3000/lecoffre/_next/static/chunks/main.js
```

1
web/status/api.js
View File

@ -21,7 +21,6 @@ const services = [
{ name: 'Bitcoin Signet', container: 'bitcoin', port: 8332, protocol: 'RPC' },
{ name: 'BlindBit Oracle', container: 'blindbit', port: 8000, protocol: 'HTTP' },
{ name: 'SDK Relay', container: 'sdk_relay', port: 8090, protocol: 'WebSocket' },
{ name: 'SDK Signer', container: 'sdk_signer', port: 9090, protocol: 'WebSocket' },
{ name: 'SDK Storage', container: 'sdk_storage', port: 8080, protocol: 'HTTP' },
{ name: 'LeCoffre Backend', container: 'lecoffre-back', port: 8080, protocol: 'HTTP' },
{ name: 'LeCoffre Frontend', container: 'lecoffre-front', port: 3000, protocol: 'HTTP' },

10
web/status/api.py
View File

@ -258,7 +258,6 @@ class StatusAPIHandler(BaseHTTPRequestHandler):
{"name": "Bitcoin Signet", "container": "bitcoin-signet", "protocol": "RPC", "port": 8332, "health": lambda: exec_health("bitcoin-signet", "/scripts/healthchecks/bitcoin-progress.sh")},
{"name": "BlindBit Oracle", "container": "blindbit-oracle", "protocol": "HTTP", "port": 8000, "health": lambda: exec_health("blindbit-oracle", "/scripts/healthchecks/blindbit-progress.sh")},
{"name": "SDK Relay", "container": "sdk_relay", "protocol": "WebSocket", "port": 8090, "health": lambda: exec_health("sdk_relay", "/scripts/healthchecks/sdk-relay-progress.sh")},
{"name": "SDK Signer", "container": "sdk_signer", "protocol": "WebSocket", "port": 9090, "health": lambda: exec_health("sdk_signer", "/scripts/healthchecks/sdk-signer-progress.sh")},
{"name": "SDK Storage", "container": "sdk_storage", "protocol": "HTTP", "port": 8080, "probe": lambda: http_probe("http://sdk_storage:8080/health")},
{"name": "LeCoffre Frontend", "container": "lecoffre-front", "protocol": "HTTP", "port": 3000},
{"name": "IHM Client", "container": "ihm_client", "protocol": "HTTP", "port": 3003},
@ -552,15 +551,6 @@ class StatusAPIHandler(BaseHTTPRequestHandler):
# Miner wallet: try default 'miner' else listwallets
miner_wallet = "miner"
wallets["Miner Signet"] = btc_wallet_balance(miner_wallet)
# SDK Signer wallet name from its container env
signer_env = get_container_env("sdk_signer")
signer_wallet = signer_env.get("SIGNER_WALLET_NAME") or env_map.get("SIGNER_WALLET_NAME")
if not signer_wallet:
# optional conf path example
signer_conf = get_file_in_container("sdk_signer", "/app/.conf")
signer_wallet = parse_wallet_name_from_conf(signer_conf)
if signer_wallet:
wallets["Signer Bootstrap"] = btc_wallet_balance(signer_wallet)
relay_bootstrap_wallet = env_map.get("RELAY_BOOTSTRAP_WALLET_NAME")
if relay_bootstrap_wallet:
wallets["Relay Bootstrap"] = btc_wallet_balance(relay_bootstrap_wallet)

1
web/status/working-api.js
View File

@ -18,7 +18,6 @@ app.get('/api', (req, res) => {
{ name: 'Bitcoin Signet', status: 'running', image: 'btcpayserver/bitcoin:27.1', ip: '172.20.0.2', port: '8332', protocol: 'RPC', uptime: '2h 15m', health: 'healthy' },
{ name: 'BlindBit Oracle', status: 'running', image: 'blindbit/oracle:latest', ip: '172.20.0.3', port: '8000', protocol: 'HTTP', uptime: '2h 10m', health: 'healthy' },
{ name: 'SDK Relay', status: 'running', image: 'sdk_relay:ext', ip: '172.20.0.4', port: '8090', protocol: 'WebSocket', uptime: '2h 5m', health: 'healthy' },
{ name: 'SDK Signer', status: 'running', image: 'sdk_signer:ext', ip: '172.20.0.5', port: '9090', protocol: 'WebSocket', uptime: '2h 0m', health: 'healthy' },
{ name: 'SDK Storage', status: 'running', image: 'sdk_storage:ext', ip: '172.20.0.6', port: '8080', protocol: 'HTTP', uptime: '1h 55m', health: 'healthy' },
{ name: 'LeCoffre Frontend', status: 'running', image: 'lecoffre-front:ext', ip: '172.20.0.8', port: '3000', protocol: 'HTTP', uptime: '1h 45m', health: 'healthy' },
{ name: 'IHM Client', status: 'running', image: 'ihm_client:ext', ip: '172.20.0.9', port: '3001', protocol: 'HTTP', uptime: '1h 40m', health: 'healthy' },