fix: redirection local.4nkweb.com:3000 vers dev4.4nkweb.com/lecoffre

- Ajout configuration Nginx pour redirection HTTP 301
- Mise à jour docker-compose.yml: lecoffre-front sur 127.0.0.2:3004
- Configuration HTTPS dev4.4nkweb.com avec proxy vers lecoffre-front
- Documentation solution DNS côté client pour ERR_CONNECTION_REFUSED
- Tests de fumée mis à jour avec vérification DNS

Résout: redirection automatique depuis IDNot vers lecoffre

conf/nginx/dev4.4nkweb.com-https.conf

@@ -1,162 +0,0 @@
-server {
-    listen 80;
-    server_name dev4.4nkweb.com;
-    return 301 https://$host$request_uri;
-}
-
-server {
-    listen 443 ssl http2;
-    server_name dev4.4nkweb.com;
-
-    ssl_certificate     /etc/letsencrypt/live/dev4.4nkweb.com/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/dev4.4nkweb.com/privkey.pem;
-
-    # Security headers (basic hardening)
-    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
-    add_header X-Frame-Options "SAMEORIGIN" always;
-    add_header X-Content-Type-Options "nosniff" always;
-    add_header Referrer-Policy "no-referrer" always;
-    add_header Permissions-Policy "geolocation=(), microphone=(), camera=()" always;
-    # Minimal CSP allowing Next.js static and same-origin; adjust later if needed
-    add_header Content-Security-Policy "default-src 'self'; img-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' https: wss:; font-src 'self' data:" always;
-
-    # ihm_client (root)
-    location / {
-        proxy_pass http://127.0.0.1:3003;
-        include /etc/nginx/proxy_params;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_read_timeout 300;
-    }
-
-    # Favicon (global)
-    location = /favicon.ico {
-        root /home/debian/lecoffre_node/conf/nginx/assets;
-        try_files /favicon.ico =404;
-        access_log off;
-        expires 30d;
-    }
-
-    # Static assets long cache (root and /lecoffre)
-    location ~* ^(/_next/static/|/lecoffre/_next/static/|/.+\.(?:css|js|png|jpg|jpeg|gif|svg|ico|webp|woff2?))$ {
-        expires 30d;
-        add_header Cache-Control "public, max-age=2592000, immutable" always;
-        proxy_pass http://127.0.0.1:3000$request_uri;
-        proxy_set_header Host $host;
-        proxy_set_header X-Forwarded-Proto https;
-        proxy_read_timeout 300;
-    }
-
-    # lecoffre-front
-    location /lecoffre/ {
-        proxy_pass http://127.0.0.1:3000/;
-        include /etc/nginx/proxy_params;
-        proxy_set_header Host $host;
-        proxy_set_header X-Forwarded-Proto https;
-        proxy_set_header X-Forwarded-Host $host;
-        proxy_set_header X-Forwarded-Prefix /lecoffre;
-        proxy_read_timeout 300;
-    }
-
-    # Next.js assets and HMR under basePath
-    location /lecoffre/_next/webpack-hmr {
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_set_header Host $host;
-        proxy_set_header X-Forwarded-Proto https;
-        proxy_buffering off;
-        proxy_pass http://127.0.0.1:3000/_next/webpack-hmr;
-        proxy_read_timeout 600s;
-    }
-
-    location /lecoffre/_next/ {
-        proxy_pass http://127.0.0.1:3000/_next/;
-        include /etc/nginx/proxy_params;
-        proxy_read_timeout 300;
-    }
-
-    # Favicon sous /lecoffre
-    location = /lecoffre/favicon.ico {
-        root /home/debian/lecoffre_node/conf/nginx/assets;
-        try_files /favicon.ico =404;
-        access_log off;
-        expires 30d;
-    }
-
-    # Next.js assets (served at root by the app)
-    location /_next/ {
-        proxy_pass http://127.0.0.1:3000/_next/;
-        include /etc/nginx/proxy_params;
-        proxy_read_timeout 300;
-    }
-
-    # lecoffre-back
-    location /back/ {
-        proxy_pass http://127.0.0.1:8080/;
-        include /etc/nginx/proxy_params;
-        proxy_read_timeout 300;
-    }
-
-    # blindbit
-    location /blindbit/ {
-        proxy_pass http://127.0.0.1:8000/;
-        include /etc/nginx/proxy_params;
-        proxy_read_timeout 300;
-    }
-
-    # signer (sdk_signer)
-    location /signer/ {
-        proxy_pass http://127.0.0.1:3001/;
-        include /etc/nginx/proxy_params;
-        proxy_read_timeout 300;
-    }
-
-    # storage (sdk_storage)
-    location /storage/ {
-        proxy_pass http://127.0.0.1:8081/;
-        include /etc/nginx/proxy_params;
-        proxy_read_timeout 300;
-    }
-
-    # WebSocket relay on /ws → 8090
-    location = /ws {
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_set_header Host $host;
-        proxy_set_header X-Forwarded-Proto https;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_buffering off;
-        proxy_pass http://127.0.0.1:8090/;
-        proxy_read_timeout 600s;
-    }
-
-    location /ws/ {
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_set_header Host $host;
-        proxy_set_header X-Forwarded-Proto https;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_buffering off;
-        # Strip /ws prefix when proxying to backend root
-        proxy_pass http://127.0.0.1:8090/;
-        proxy_read_timeout 600s;
-    }
-
-    # Next.js HMR websocket for lecoffre-front
-    location /_next/webpack-hmr {
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_set_header Host $host;
-        proxy_set_header X-Forwarded-Proto https;
-        proxy_buffering off;
-        proxy_pass http://127.0.0.1:3000/_next/webpack-hmr;
-        proxy_read_timeout 300;
-    }
-}

conf/nginx/dev4.4nkweb.com.conf

@@ -28,7 +28,7 @@ server {
 
     # lecoffre-front
     location /lecoffre/ {
-        proxy_pass http://127.0.0.1:3000/;
+        proxy_pass http://127.0.0.2:3000/;
         include /etc/nginx/proxy_params;
         proxy_set_header Host $host;
         proxy_set_header X-Forwarded-Proto http;
@@ -45,12 +45,12 @@ server {
         proxy_set_header Host $host;
         proxy_set_header X-Forwarded-Proto http;
         proxy_buffering off;
-        proxy_pass http://127.0.0.1:3000/_next/webpack-hmr;
+        proxy_pass http://127.0.0.2:3000/_next/webpack-hmr;
         proxy_read_timeout 600s;
     }
 
     location /lecoffre/_next/ {
-        proxy_pass http://127.0.0.1:3000/_next/;
+        proxy_pass http://127.0.0.2:3000/_next/;
         include /etc/nginx/proxy_params;
         proxy_read_timeout 300;
     }
@@ -65,7 +65,7 @@ server {
 
     # Next.js assets (served at root by the app)
     location /_next/ {
-        proxy_pass http://127.0.0.1:3000/_next/;
+        proxy_pass http://127.0.0.2:3000/_next/;
         include /etc/nginx/proxy_params;
         proxy_read_timeout 300;
     }
@@ -134,7 +134,7 @@ server {
         proxy_set_header Host $host;
         proxy_set_header X-Forwarded-Proto http;
         proxy_buffering off;
-        proxy_pass http://127.0.0.1:3000/_next/webpack-hmr;
+        proxy_pass http://127.0.0.2:3000/_next/webpack-hmr;
         proxy_read_timeout 300;
     }
 }

conf/nginx/local.4nkweb.com-3000.conf

@@ -0,0 +1,7 @@
+server {
+    listen 127.0.0.1:3000;
+    server_name local.4nkweb.com;
+    return 301 https://dev4.4nkweb.com/lecoffre$request_uri;
+}
+
+

docker-compose.yml

@@ -117,7 +117,7 @@ services:
       - NODE_ENV=production
       - NODE_OPTIONS=--max-old-space-size=2048
     ports:
-      - "3000:3000"
+      - "127.0.0.2:3004:3000"
     networks:
       btcnet:
         aliases:

docs/DEPLOIEMENT_dev4.md

@@ -15,3 +15,74 @@
   - SIGNER_WS_URL https://dev4.4nkweb.com/signer/
   - VITE_BOOTSTRAPURL https://dev4.4nkweb.com/ws
 - Correction 502: build Next terminé, Nginx OK
+
+## Redirection locale depuis local.4nkweb.com:3000
+
+Objectif: lorsque l'utilisateur accède à `http://local.4nkweb.com:3000/...`, répondre par une redirection HTTP vers `https://dev4.4nkweb.com/lecoffre/...` sans modifier l'image Docker du front.
+
+- Mapping Docker: `lecoffre-front` publié sur `127.0.0.2:3000` (même port, IP loopback dédiée)
+  - Fichier: `docker-compose.yml`
+  - Ligne modifiée: section `lecoffre-front.ports` → `- "127.0.0.2:3000:3000"`
+- Nginx (hôte):
+  - Proxy vers `127.0.0.2:3000` pour `/lecoffre/` et assets `_next`
+    - Fichier: `conf/nginx/dev4.4nkweb.com.conf`
+    - Lignes modifiées: `proxy_pass http://127.0.0.2:3000/...`
+  - Nouveau vhost de redirection pour `local.4nkweb.com` en écoute sur `127.0.0.1:3000`
+    - Fichier: `conf/nginx/local.4nkweb.com-3000.conf`
+    - Contenu: `return 301 https://dev4.4nkweb.com/lecoffre$request_uri;`
+
+Séquence d'application:
+1. Tester la conf Nginx: `sudo nginx -t`
+2. Recharger Nginx: `sudo systemctl reload nginx`
+3. Redéployer le service front: `docker compose up -d lecoffre-front`
+4. Vérifier:
+   - `curl -I http://local.4nkweb.com:3000/` → `301` Location `https://dev4.4nkweb.com/lecoffre/`
+   - `curl -I http://local.4nkweb.com:3000/authorized-client?code=...` → `301` Location `https://dev4.4nkweb.com/lecoffre/authorized-client?code=...`
+
+Rollback simple:
+1. Revenir au mapping initial du front: `ports: ["3000:3000"]`
+2. Dans `conf/nginx/dev4.4nkweb.com.conf`, restaurer les `proxy_pass` sur `127.0.0.1:3000`
+3. Supprimer (ou commenter) `conf/nginx/local.4nkweb.com-3000.conf`
+4. `sudo nginx -t && sudo systemctl reload nginx`
+5. `docker compose up -d lecoffre-front`
+
+## Résolution du problème DNS côté client
+
+**Problème** : Si vous obtenez `ERR_CONNECTION_REFUSED` dans votre navigateur, c'est que `local.4nkweb.com` résout vers `127.0.0.1` sur votre machine locale au lieu de pointer vers le serveur.
+
+**Solution** : Modifiez votre fichier hosts local pour que `local.4nkweb.com` pointe vers l'IP du serveur (`92.243.24.12`).
+
+### Sur Windows
+Ajoutez dans `C:\Windows\System32\drivers\etc\hosts` :
+```
+92.243.24.12    local.4nkweb.com
+```
+
+Puis videz le cache DNS :
+```cmd
+ipconfig /flushdns
+```
+
+### Sur Linux
+Ajoutez dans `/etc/hosts` :
+```
+92.243.24.12    local.4nkweb.com
+```
+
+Puis redémarrez le service DNS :
+```bash
+sudo systemctl restart systemd-resolved
+```
+
+### Sur Mac
+Ajoutez dans `/etc/hosts` :
+```
+92.243.24.12    local.4nkweb.com
+```
+
+Puis videz le cache DNS :
+```bash
+sudo dscacheutil -flushcache
+```
+
+Après ces modifications, `http://local.4nkweb.com:3000/authorized-client?code=...` devrait rediriger correctement vers `https://dev4.4nkweb.com/lecoffre/authorized-client?code=...`.

tests/smoke_dev4.md

@@ -7,6 +7,14 @@ HTTP/HTTPS
 - GET /storage/health attend 200
 WebSocket
 - wss://dev4.4nkweb.com/ws handshake OK
+
+Redirections
+- GET http://local.4nkweb.com:3000/ attend 301 → Location: https://dev4.4nkweb.com/lecoffre/
+- GET http://local.4nkweb.com:3000/authorized-client?code=... attend 301 → Location: https://dev4.4nkweb.com/lecoffre/authorized-client?code=...
+
+DNS côté client
+- local.4nkweb.com doit résoudre vers 92.243.24.12 (pas 127.0.0.1)
+- Test: nslookup local.4nkweb.com sur machine cliente
 Nginx
 - Certificats valides
 - Pas derreurs critiques dans error.log