Installation d'un Pod Cesium+

As tu également un nœud Duniter qui tourne ? Si non, quel nœud Duniter utilises tu ?

J’ai ajouté ces lignes à la doc d’installation :

Error Refused GET request to [/ws/event/user/…

  • Message:

    Refused GET request to [/ws/event/user/<pubkey>…
    
  • Cause:

    Cesium try to open a WebSocket on your pod throw HTTP v1.0, and not throw HTTP v1.1.

  • Solution:

    Configure your web server to force HTTP 1.1 connection.

    On a Nginx server:

    • Edit the web site configuration (usually at /etc/nginx/site-available/<site-name>);
    • Add this lines:
      server {
    
          server_name pod.domain.org;
    
          (...)
    
          location /ws/ {
              # Replace by your Pod local address:
              proxy_pass http://127.0.0.1:9200;
    
              proxy_http_version 1.1;
              proxy_set_header Upgrade $http_upgrade;
              proxy_set_header Connection 'upgrade';
              proxy_set_header Host $host;
              proxy_cache_bypass $http_upgrade;
              proxy_read_timeout 86400s;
              proxy_send_timeout 86400s;
          }
    }
    
    • Restart Nginx service;

Ah oui avec cette config Nginx je n’ai plus ces messages d’erreur et l’utilisation de mon pod sur cesium est beaucoup plus fluide !
Merci.
J’ai aussi un noeud duniter sur g1.mithril.re mais je n’arrive pas à voir la mention Cs+ sur mon noeud dans la page réseau de Cesium comme c’est le cas pour le tiens par exemple.


Il faut aussi que je regarde cette config de subscription également.
Merci pour ton aide.

Pour cela, il faut que tu déclare les endpoints Cesium+ dans ta config Duniter, afin qu’il les envoi sur le réseau Duniter :

duniter --addep "ES_CORE_API [ipv4] [ipv6] [dns] [port]"
duniter --addep "ES_USER_API [ipv4] [ipv6] [dns] [port]"
duniter --addep "ES_SUBSCRIPTION_API [ipv4] [ipv6] [dns] [port]"

(tu n’es pas obligé de mettre ipv4 et ipv6.

Ensuite, tu dois redémarrer ton noeud duniter, et vérifier sa fiche de pair : /network/peering.

Voir la mienne si besoin : https://g1.duniter.fr/network/peering

Bon pour l’instant je galère pour la liaison duniter <> ES.
Je rajoute cette configuration sur mon noeud duniter :

duniter --addep "ES_CORE_API g1.data.mithril.re 443"
duniter --addep "ES_USER_API g1.data.mithril.re 443"
duniter --addep "ES_SUBSCRIPTION_API g1.data.mithril.re 443"

Je redémarre le service mais je ne le vois pas apparaître dans la fiche de pair.

Je n’ai pas configuré la subscription sur ES, c’est peut-être à cause de ça.
J’essaie petit à petit…

C’est un problème Duniter, et non Cesium+, du coup.
Ta fiche de pair Duniter n’est effectivement pas à jour.

Peux tu ajouter l’option config, pour qu’elle soit sauvegarder (d’après duniter --help):

duniter config --addep "ES_CORE_API g1.data.mithril.re 443"
duniter config --addep "ES_USER_API g1.data.mithril.re 443"
duniter config --addep "ES_SUBSCRIPTION_API g1.data.mithril.re 443"

Puis redémarrer duniter

1 J'aime

C’est ça tu as raison, ça fonctionne bien maintenant !
Merci @kimamila !

Bravo à toi :

La Cesium+ Pod Team à augmenter nettement !

2 J'aimes

En revanche il faut que tu penses à mettre à jour en v1.6.4.
Je vois que tu es de la Réunion en plus : vous allez donc pouvoir utiliser ce noeud par défaut, depuis l’île.
(une pensée pour @Moul :slight_smile: )

1 J'aime

Ok je vais faire ça.
Je n’ai pas trouvé de doc sur la bonne façon de faire une mise à jour.
Je décompresse mon tar.gz de la 1.6.4 dans le dossier de l’ancienne version ?

Oui c’est ma motivation première de pouvoir fournir un noeuds duniter et cesium+ sur l’île. Ca accélère pas mal nos clients cesium…
Le seul truc qui reste assez lent c’est l’affichage de la carte openstreetmap sur cesium et comme elle n’est pas centrée sur la Réunion, ça nous prends du temps d’avoir cette info.

Effectivement, il faudrait que je documente ca.
A moins que @bpresles ou toi ai du temps pour le faire ? Par exemple via une Merge Request
sur le gitlab du projet ?

EDIT : finalement j’ai trouvé le temps de le faire : la doc est à jour.

Mise à jour d’un Pod Cesium+

C’est assez simple :

  • Télécharger la nouvelle version
  • Dézipper dans un nouveau répertoire, par exemple dans /opt/cesium-plus-vX.Y.Z
  • Arrêter le Pod, s’il tourne : /bin/cesium-plus-pod stop
    (ou si dameon : sudo service cesium-plus-pod stop)
  • Depuis l’ancienne répertoire d’installation, copier :
    • le répertoire data qui contient toutes les données
    • le fichier config/elasiticsearch.yml (en conservant l’ancien, ou bien en faisant un diff avec le nouveau fichier, pour mettre ensuite à jour les nouvelles options, et conserver les anciennes).
cd path/to/old/cesium-plus-pod
cp -r data /path/to/new/cesium-plus-pod
diff config/elasticsearch.yml   /path/to/new/cesium-plus-pod/config/elasticsearch.yml
  • Relancer le Pod
  • Vérifier que tout se passe bien :
tail -f /path/to/new/cesium-plus-pod/logs/g1-es-data.log
1 J'aime

Ok merci @kimamila.
Si tu as besoin d’un coup de main n’hésites pas

Pour l’aide, je dis pas non, pour maintenir les docs déjà. Donc si tu vois une erreur ou manque, n’hésites pas améliorer.

Bonjour,
Je viens de tenter l’installation d’un pod cesium+ mais c’est pas bien configuré encore je pense:
J’ai nginx, duniter et cesium plus sur le même Debian.
j’accède bien à http://localhost:9200/node/summary

ma conf nginx:

server {
listen 443;
ssl on;
server_name cesiumplus.guenoel.fr;

ssl_certificate /etc/letsencrypt/live/cesiumplus.guenoel.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cesiumplus.guenoel.fr/privkey.pem;

location /ws/ {
# Replace by your Pod local address:
proxy_pass http://127.0.0.1:9200;

      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection 'upgrade';
      proxy_set_header Host $host;
      proxy_cache_bypass $http_upgrade;
      proxy_read_timeout 86400s;
      proxy_send_timeout 86400s;

}
}

une partie de la conf de elesticsearch.yml

cluster.name: guenoel  --> on met ce qu'on veut ici ?
Your ES cluster public host name (optional - required for publishing peering document)
cluster.remote.host: cesiumplus.guenoel.fr
cluster.remote.port: 9200

Use a descriptive name for the node:
node.name: node-guenoel    --> on met ce qu'on veut ici ?
Set the bind address to a specific IP (IPv4 or IPv6):
network.host: 192.168.0.23  --> c'est bien l'IP sur le LAN qu'il faut mettre ici ?

Set a custom port for HTTP:
http.port: 9200

Duniter node to connect with
duniter.host: g1.presles.fr  --> faut-il mettre obligatoirement mettre son propre noeud ?
duniter.port: 10900

Initial list of hosts to perform synchronization
duniter.p2p.includes.endpoints: [
ES_CORE_API g1.data.duniter.fr 443",
ES_USER_API g1.data.duniter.fr 443",
ES_SUBSCRIPTION_API g1.data.duniter.fr 443"
]

au lancement de cesium plus:

% ./elasticsearch
[2020-04-13 11:39:19,100][INFO ][node ] [node-guenoel] version[2.4.6], pid[12808], build[5376dca/2017-07-18T12:17:44Z]
[2020-04-13 11:39:19,101][INFO ][node ] [node-guenoel] initializing …
[2020-04-13 11:39:20,615][INFO ][plugins ] [node-guenoel] modules [reindex, lang-expression, lang-groovy], plugins [mapper-attachments, cesium-plus-pod-core, cesium-plus-pod-subscription, cesium-plus-pod-user], sites
[2020-04-13 11:39:20,752][INFO ][env ] [node-guenoel] using [1] data paths, mounts [[/ (/dev/sda1)]], net usable_space [21gb], net total_space [36.1gb], spins? [possibly], types [ext4]
[2020-04-13 11:39:20,752][INFO ][env ] [node-guenoel] heap size [1007.3mb], compressed ordinary object pointers [true]
[2020-04-13 11:39:21,274][INFO ][http ] [node-guenoel] Using [org.elasticsearch.http.netty.NettyHttpServerTransport] as http transport, overridden by [cesium-plus-core]
[2020-04-13 11:39:25,940][WARN ][org.duniter.elasticsearch.PluginSettings] [node-guenoel] No keyring in config. salt/password (or keyring) is need to signed user event documents. Will use a generated key [6exMUBSyqfZcuqwHXBtWLEg6HgfuqDSvcuUPNzGCuN2k]
[2020-04-13 11:39:27,081][INFO ][duniter.network ] [node-guenoel] Adding {ES_CORE_API} as published endpoint, inside the peering document.
[2020-04-13 11:39:27,212][INFO ][duniter.security ] [node-guenoel] Enable security on all indices
[2020-04-13 11:39:27,832][INFO ][node ] [node-guenoel] initialized
[2020-04-13 11:39:27,832][INFO ][node ] [node-guenoel] starting …
[2020-04-13 11:39:27,834][INFO ][duniter.network ] [node-guenoel] Adding {ES_USER_API} as published endpoint, inside the peering document.
[2020-04-13 11:39:27,859][INFO ][duniter.network ] [node-guenoel] Adding {ES_SUBSCRIPTION_API} as published endpoint, inside the peering document.
[2020-04-13 11:39:27,979][INFO ][org.duniter.elasticsearch.PluginSettings] [node-guenoel] Starts i18n with locale [fr] at [/home/guenoel/cesium-plus-pod-1.6.5/data/i18n]
[2020-04-13 11:39:28,256][INFO ][transport ] [node-guenoel] publish_address {127.0.0.1:9300}, bound_addresses {127.0.0.1:9300}
[2020-04-13 11:39:28,268][INFO ][discovery ] [node-guenoel] guenoel/8tknCjFIR0ubF9uUaRp-OQ
[2020-04-13 11:39:31,366][INFO ][cluster.service ] [node-guenoel] new_master {node-guenoel}{8tknCjFIR0ubF9uUaRp-OQ}{127.0.0.1}{127.0.0.1:9300}, reason: zen-disco-join(elected_as_master, [0] joins received)
[2020-04-13 11:39:31,466][INFO ][http ] [node-guenoel] publish_address {127.0.0.1:9200}, bound_addresses {127.0.0.1:9200}
[2020-04-13 11:39:31,466][INFO ][node ] [node-guenoel] started
[2020-04-13 11:39:32,383][INFO ][gateway ] [node-guenoel] recovered [11] indices into cluster_state
[2020-04-13 11:39:41,384][INFO ][duniter.user ] [node-guenoel] Starting user jobs… {blockchain user events:true}, {blockchain admin events:true}
[2020-04-13 11:39:41,408][INFO ][duniter.subscription ] [node-guenoel] Starting subscription jobs… {enable:true}
[2020-04-13 11:39:41,410][INFO ][duniter.user.event.blockchain] [node-guenoel] [g1] Checking user events…
[2020-04-13 11:39:41,436][INFO ][duniter.core ] [node-guenoel] Starting core jobs… {blockchain: block:true, peer:true, pending:true}, {p2p: synchro:true, websocket:true, emit_peering:true}, {doc_stats:true}
[2020-04-13 11:39:41,460][WARN ][duniter.subscription ] [node-guenoel] Impossible de traiter les abonnements email: la fonction d’envoi d’email est désactivée dans la configuration
[2020-04-13 11:39:41,647][INFO ][duniter.user.event.blockchain] [node-guenoel] [g1] Checking user events [OK] no error detected, in 237 ms
[2020-04-13 11:39:43,711][INFO ][duniter.core ] [node-guenoel] [g1] Indexing blockchain…
[2020-04-13 11:39:43,713][INFO ][duniter.blockchain ] [node-guenoel] [g1] [BASIC_MERKLED_API g1.presles.fr 443] Indexing last blocks…

1 J'aime

Salut @guenoel, et bravo !
Je penses que tu as fait juste des petites erreurs :

  • sur network.host : il faut que tu mette l’interface réseau qui va écouter sur le port http.port. Dans ton cas, comme tu as un nginx sur la même machine, tu peux mettre :

    network.host: 127.0.0.1    (ou localhost)
    
  • cluster.remote.port : c’est le port où ton Pod est accessible, depuis l’extérieur. Dans ton cas, c’est donc 443 (à cause de ton nginx)

  • dans ta conf nginx, tu redirige seulement les accès à /ws, sur ton Pod Cs+. Tu peux à la place tout rediriger. En effet, pour fonctionner, Cesium va appeller beaucoup d’autres chemin (/user/profile, etc).

Tu vas devoir ensuite relancer le Pod, puis nginx.
Tu peux vérifier que tout est OK en appellant :

Concernant tes autres questions :

  • node.name : sert à identifier ton noeud ES, si tu en lance plusieurs (ex: node-1 node-2 etc) pour avoir un cluster local de plusieurs noeuds (utile surtout si tu veux booster tes performances).
    En d’autres termes tu peux avoir plusieurs Pods localement, visible de l’extérieur comme un seul Pod.
  • cluster.name : C’est le nom de ton cluster locale ES, au cas ou ton réseau local avait plusieurs cluster ES, pour éviter que les données ne mélangent entre les cluster. Par exemple : un cluster avec des Pod gchange, et un autre avec des pod Cesium+.
1 J'aime

Salut !

Merci pour tes réponses !
Ca c’est accessible depuis l extérieur
https://cesiumplus.guenoel.fr/node/summary
https://cesiumplus.guenoel.fr/network/peering

  • j’avais mis network.host: 127.0.0.1 ce matin (mieux reveillé)
  • je viens de changer le port en 443 (ben oui remote = distant = depuis l exterieur = 443)
  • Pour nginx j’ai remplacé /ws/ par /
    et j’ai ajouté: root /le_chemin_complet_du_dossier_cesium_plus/ avant location
    Auriez vous un cesiumplus.conf complet de votre nginx pour que je me fasse une idée de comment configurer ?

Sinon apparemment il manque encore des choses. Tant que je suis pas affiché dans la liste des noeuds cesium+ ca veut dire c’est pas encore bon

Lancement du pod:

[2020-04-13 22:48:08,964][INFO ][node ] [node-guenoel] version[2.4.6], pid[31895], build[5376dca/2017-07-18T12:17:44Z]
[2020-04-13 22:48:08,965][INFO ][node ] [node-guenoel] initializing …
[2020-04-13 22:48:11,521][INFO ][plugins ] [node-guenoel] modules [reindex, lang-expression, lang-groovy], plugins [mapper-attachments, cesium-plus-pod-core, cesium-plus-pod-subscription, cesium-plus-pod-user], sites
[2020-04-13 22:48:11,744][INFO ][env ] [node-guenoel] using [1] data paths, mounts [[/ (/dev/sda1)]], net usable_space [21gb], net total_space [36.1gb], spins? [possibly], types [ext4]
[2020-04-13 22:48:11,745][INFO ][env ] [node-guenoel] heap size [1007.3mb], compressed ordinary object pointers [true]
[2020-04-13 22:48:12,720][INFO ][http ] [node-guenoel] Using [org.elasticsearch.http.netty.NettyHttpServerTransport] as http transport, overridden by [cesium-plus-core]
[2020-04-13 22:48:20,637][INFO ][duniter.network ] [node-guenoel] Adding {ES_CORE_API} as published endpoint, inside the peering document.
[2020-04-13 22:48:20,778][INFO ][duniter.security ] [node-guenoel] Enable security on all indices
[2020-04-13 22:48:21,439][INFO ][node ] [node-guenoel] initialized
[2020-04-13 22:48:21,441][INFO ][node ] [node-guenoel] starting …
[2020-04-13 22:48:21,453][INFO ][duniter.network ] [node-guenoel] Adding {ES_USER_API} as published endpoint, inside the peering document.
[2020-04-13 22:48:21,474][INFO ][duniter.network ] [node-guenoel] Adding {ES_SUBSCRIPTION_API} as published endpoint, inside the peering document.
[2020-04-13 22:48:21,680][INFO ][org.duniter.elasticsearch.PluginSettings] [node-guenoel] Starts i18n with locale [fr] at [/home/guenoel/cesium-plus-pod-1.6.5/data/i18n]
[2020-04-13 22:48:22,111][INFO ][transport ] [node-guenoel] publish_address {127.0.0.1:9300}, bound_addresses {127.0.0.1:9300}
[2020-04-13 22:48:22,132][INFO ][discovery ] [node-guenoel] guenoel/JpAD_wFESNWU5UEa-mxvHw
[2020-04-13 22:48:25,304][INFO ][cluster.service ] [node-guenoel] new_master {node-guenoel}{JpAD_wFESNWU5UEa-mxvHw}{127.0.0.1}{127.0.0.1:9300}, reason: zen-disco-join(elected_as_master, [0] joins received)
[2020-04-13 22:48:25,386][INFO ][http ] [node-guenoel] publish_address {127.0.0.1:9200}, bound_addresses {127.0.0.1:9200}
[2020-04-13 22:48:25,386][INFO ][node ] [node-guenoel] started
[2020-04-13 22:48:26,740][INFO ][gateway ] [node-guenoel] recovered [11] indices into cluster_state
[2020-04-13 22:48:35,337][INFO ][duniter.user ] [node-guenoel] Starting user jobs… {blockchain user events:true}, {blockchain admin events:true}
[2020-04-13 22:48:35,352][INFO ][duniter.user.event.blockchain] [node-guenoel] [g1] Checking user events…
[2020-04-13 22:48:35,356][INFO ][duniter.subscription ] [node-guenoel] Starting subscription jobs… {enable:true}
[2020-04-13 22:48:35,374][INFO ][duniter.core ] [node-guenoel] Starting core jobs… {blockchain: block:true, peer:true, pending:true}, {p2p: synchro:true, websocket:true, emit_peering:true}, {doc_stats:true}
[2020-04-13 22:48:35,400][WARN ][duniter.subscription ] [node-guenoel] Impossible de traiter les abonnements email: la fonction d’envoi d’email est désactivée dans la configuration
[2020-04-13 22:48:35,584][INFO ][duniter.user.event.blockchain] [node-guenoel] [g1] Checking user events [OK] no error detected, in 229 ms
[2020-04-13 22:48:37,296][INFO ][duniter.core ] [node-guenoel] [g1] Indexing blockchain…
[2020-04-13 22:48:37,305][INFO ][duniter.blockchain ] [node-guenoel] [g1] > [BASIC_MERKLED_API localhost 10901] Indexing last blocks…

une fois il à fait ça après :

[2020-04-13 23:11:57,525][WARN ][monitor.jvm ] [node-guenoel] [gc][young][1414][6] duration [1.2s], collections [1]/[2.2s], total [1.2s]/[1.5s], memory [168.4mb]->[39.7mb]/[1007.3mb], all_pools {[young] [133.1mb]->[365.8kb]/[133.1mb]}{[survivor] [16.6mb]->[13mb]/[16.6mb]}{[old] [18.6mb]->[26.2mb]/[857.6mb]}
[2020-04-13 23:16:29,571][WARN ][duniter.security ] [node-guenoel] Refused HEAD request to [/node/summary]
[2020-04-13 23:16:29,926][WARN ][duniter.security ] [node-guenoel] Refused HEAD request to [/network/peering]
[2020-04-13 23:17:53,282][WARN ][duniter.security ] [node-guenoel] Refused HEAD request to [/node/summary]
[2020-04-13 23:17:53,368][WARN ][duniter.security ] [node-guenoel] Refused HEAD request to [/network/peering]
[2020-04-13 23:19:47,774][WARN ][duniter.security ] [node-guenoel] Refused HEAD request to [/node/summary]
[2020-04-13 23:19:47,907][WARN ][duniter.security ] [node-guenoel] Refused HEAD request to [/network/peering]

Non, a mon avis c’est simplement que mon Pod Cs+ n’est plus joignable :confused: (encore un soucis avec Orange ! faut que j’aille à mon boulot pour vérifier). Du coup, le tien ne sais pas a qui envoyer sa fiche de pair. Tu vois ?
Tu peux donc remplacer dans la conf par celui de @bpresles par exemple.

OK
network.host: 127.0.0.1
duniter.host: localhost
duniter.p2p.includes.endpoints: [
« ES_CORE_API g1.data.presles.fr 443 »,
« ES_USER_API g1.data.presles.fr 443 »,
« ES_SUBSCRIPTION_API g1.data.presles.fr 443 »
]
je décommente ou pas ça: ?
duniter.p2p.includes.pubkeys: [
« ici c’est ma clé publique ou celle de presles ? »
]

Toujours « block »:"0- dans https://cesiumplus.guenoel.fr/network/peering
Je crois que je vais abandonner ce projet jusqu’à la prochaine assistance

tu peux laisser vide. Il s’agit d’un autre moyen de collecter les peers, par leur pubkey.
Tu peux laisser en commentaire (ou vide)

mais non, t’inquietes. Dis toi quand allant au bout tu nous aide, car cela nous oblige à formaliser d’avantage, corriger les coquilles, etc.

Voici le fichier config/elasticsearch.yml d’un Pod (celui du Sou) :

# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: g1-es-data

cluster.remote.host: g1.data.le-sou.org
cluster.remote.port: 443

# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: es-g1-01
#
# Add custom attributes to the node:
#
# node.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
# path.data: /path/to/data
#
# Path to log files:
#
# path.logs: /path/to/logs
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
# bootstrap.mlockall: true
#
# Make sure that the `ES_HEAP_SIZE` environment variable is set to about half the memory
# available on the system and that the owner of the process is allowed to use this limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: 127.0.0.1
#
# Set a custom port for HTTP:
#
http.port: 9701

http.cors.allow-origin: "/.*/"
http.cors.enabled: true

# Internal transport layer
#
# transport.tcp.port: 9210-9220
#
# For more information, see the documentation at:
# <http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html>
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when new node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
# discovery.zen.ping.unicast.hosts: ["host1", "host2"]
discovery.zen.ping.unicast.hosts: ["127.0.0.1"]
#
# Prevent the "split brain" by configuring the majority of nodes (total number of nodes / 2 + 1):
#
# discovery.zen.minimum_master_nodes: 3
#
# For more information, see the documentation at:
# <http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-discovery.html>
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
# gateway.recover_after_nodes: 3
#
# For more information, see the documentation at:
# <http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-gateway.html>
#
# ---------------------------------- Various -----------------------------------
#
# Disable starting multiple nodes on a single system:
#
# node.max_local_storage_nodes: 1
#
# Require explicit names when deleting indices:
#
# action.destructive_requires_name: true
#
# Security to isolate plugin classpath - /!\ WARNING: should be DISABLE for Duniter4j
#
security.manager.enabled: false
#
# ---------------------------------- Duniter4j ---------------------------------
#
# Enable duniter4j plugins
#
# duniter.enabled: false
#
# Delete then create all indices at startup - /!\ WARNING: DO NOT set to true in production
#
# duniter.indices.reload: true
#
# Default string analyzer
#
duniter.string.analyzer: french
#
# Enabling blockchain synchronization
#
duniter.blockchain.enable: true
#
# Force blockchain full synchronization - /!\ WARNING: all user events will be reset to 'unread'
#
#duniter.blockchain.reload: true
#duniter.blockchain.reload.from: 92500
#
# Duniter node address
#
duniter.host: 127.0.0.1
duniter.port: 10901
# duniter.useSsl: true
#
# Compute statistics on indices (each hour) ? (default: true)
#
# duniter.stats.enable: false
#
# ---------------------------------- Duniter4j security module -------------------
#
# Keyring, use to sign emitted documents (user events, subscription, etc.).
# If not set, random keys will be generated.
#
duniter.keyring.salt: '*****'
duniter.keyring.password: '*****'
#
# Enable security - will restrict HTTP access to only Duniter4j known indices - /!\ WARNING: should be enable for production use
#
duniter.security.enable: true
#
# ---------------------------------- Duniter4j P2P module -------------------------
#
# Enable P2P synchronize between ES peers ? (default: true)
#
duniter.p2p.enable: true
#
# Enable P2P websocket direct synchronisation ? (default: true)
#
#duniter.p2p.ws.enable: true
#
# Max peer time offset, in seconds (max peer's clock error) - use to request peer's data. (default: 3600 = 1hour)
#
duniter.p2p.peerTimeOffset: 7200
#
# Enable discovery on network peers, to automatically synchronize this peers (default: true)
#
duniter.p2p.discovery.enable: true
#
# Pass an initial list of hosts to perform synchronization when new node is started:
#
duniter.p2p.includes.endpoints: [
  "ES_CORE_API g1.data.duniter.fr 443",
  "ES_USER_API g1.data.duniter.fr 443",
  "ES_SUBSCRIPTION_API g1.data.duniter.fr 443"
]
#duniter.p2p.ping.endpoints: [
#   "g1:ES_USER_API server.e-is.pro 9222",
#   "g1:ES_SUBSCRIPTION_API server.e-is.pro 9222"
#]
#
# Pass a list of pubkeys to always synchronize (default: <empty>)
#
#duniter.p2p.includes.pubkeys: [
#  "38MEAZN68Pz1DTvT3tqgxx4yQP6snJCQhPqEFxbDk4aE"
#]
#
# Enable a full synchro. This will compare each documents from other peers.
#
duniter.p2p.fullResyncAtStartup: true
#
# Enable publishing of pod endpoints to the network (see the peer document in Duniter protocol). (Default: '${duniter.p2p.enable}')
#
duniter.p2p.peering.enable: true
#
# Define targeted API (for peers selection) where to send the peer document (if peering is enable). (Default: ["ES_CORE_API"])
# This API should accept a POST request to '/network/peering' (will send a see the Duniter protocol)
#
duniter.p2p.peering.targetedApis: [
  "ES_CORE_API"
]
#
# Define cluster API to publish (if peering is enable). By default, all compatible API
#
# duniter.p2p.peering.publishedApis: [
#  "ES_CORE_API", "ES_USER_API", "ES_SUBSCRIPTION_API"
# ]
#
# Interval for publishing peer document to the network, in seconds. (Default: 7200 =2h)
#
#duniter.p2p.peering.interval: 7200
#
#
# ---------------------------------- Duniter4j document moderation ---------------
#
# Filter too old document, if time older that 'maxPastDelta' (in seconds). Default: 7200 (=2h)
#
#duniter.document.time.maxPastDelta: 7200
#duniter.document.time.maxPastDelta: 535680000
#
# Filter document in the futur, if time greater that 'maxFutureDelta' (in seconds). Default: 600 (10m)
#
# duniter.document.time.maxFutureDelta: 600
#
# Allow admin (define in duniter.keyring) to delete documents ? (default: true)
#
# duniter.document.moderators.admin: false
#
# Public keys of moderators. Moderators can delete any user documents (profile, page comment, etc.) (default: <empty>)
#
duniter.document.moderators.pubkeys: [
  '38MEAZN68Pz1DTvT3tqgxx4yQP6snJCQhPqEFxbDk4aE', # Benoit Lavenier
  '47JpfrGkoHJWtumeu7f67fbAxkvaHYVQBNo5GszNs61Z', # Bertrand Presles
  'HmH5beJqKGMeotcQUrSW7Wo5tKvAksHmfYXfiSQ9EbWz'  # Le Sou Mayennais
]
# ---------------------------------- Duniter4j Mail module -----------------------
#
# Enable mail module ?
#
duniter.mail.enable: true
#
# Mail: SMTP server configuration (host and port)
#
duniter.mail.smtp.host: '127.0.0.1'
duniter.mail.smtp.port: 25
#
# Mail: SMTP server SSL security
#
# duniter.mail.smtp.ssl: true
# duniter.mail.smtp.starttls: true
#
# Mail: SMTP server authentication
#
# duniter.mail.smtp.username:
# duniter.mail.smtp.password:
#
# Mail: 'from' address
#
duniter.mail.from: 'cesium@le-sou.org'
#
# Mail: admin address
#
duniter.mail.admin: 'benoit.lavenier@e-is.pro'
#
# Mail: subject prefix
#
duniter.mail.subject.prefix: '[LeSou / Ğ1]'
#
# ---------------------------------- Duniter4j Subscription module -------------------
#
# Enable subscription module (Need to enable mail features)
#
duniter.subscription.enable: true
#
# Email subscription: Day of the week to trigger weekly (default: 2 = monday)
#
# duniter.subscription.email.dayOfWeek: 2
#
# Email subscription: Hour in day to trigger daily email subscription (default: 3 AM)
#
duniter.subscription.email.hourOfDay: 2
#
# Email subscription: URL to a Cesium site, for links in the email content (default: https://g1.duniter.fr)
#
duniter.subscription.email.link.url: 'https://g1.le-sou.org'
# ---------------------------------- Cesium+ Pod > Share module -------------------
#
#
# Share title: `og:site_name` (default: 'Cesium')
#
duniter.share.site.name: 'Cesium - Ğ1'
#
# URL to a page (default: https://g1.duniter.fr/#/app/page/view/{id}/{title} )
# Note: available variables are {id} and {title}
#
duniter.share.page.link.url: 'https://g1.le-sou.org/#/app/page/view/{id}/{title}'
#
# URL to a user profile (default: https://g1.duniter.fr/#/app/wot/{pubkey}/{title} )
# Note: available variables are {pubkey} and {title}
#
duniter.share.user.link.url: 'https://g1.le-sou.org/#/app/wot/{pubkey}/{title}'
#
# Default image to share (min size of 200x200px) for `og:image` (default: https://g1.duniter.fr/img/logo_200px.png)
#
duniter.share.image.default.url: 'https://g1.le-sou.org/img/logo_200px.png'

Et la conf nginx associée :

# Map pour gérer les upgrade de connection (version HTTP)
map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }

# Format des logs
log_format upstreamlog '$remote_addr - $remote_user [$time_local] '
                       '"$request" $status $body_bytes_sent '
                       '"$http_referer" "$http_user_agent" "$upstream_addr - $upstream_response_time"';

# Permet de définir un pool de noeuds ES, pour que nginx répartisse la charge
# Ici, je n'en ai qu'un seul
upstream es-g1 {
        least_conn;
        #ip_hash;
        server 127.0.0.1:9701 weight=3;
}

server {
        listen 443;
        listen [::]:443;

        server_name g1.data.le-sou.org;

        # Inclusion de config par default pour le https
        include includes/ssl.conf;

        root /var/www/le-sou.org/cesium;
        index index.html;

        #allow large uploads of files
        client_max_body_size 20m;

        location /ws/ {
                proxy_pass http://es-g1;
                proxy_next_upstream error timeout http_500 http_502;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_http_version 1.1;
                proxy_set_header Connection "upgrade";
                proxy_read_timeout 86400s;
                proxy_send_timeout 86400s;

                access_log /var/log/nginx/es-g1.log upstreamlog;
        }

        location / {
                proxy_pass http://es-g1;
                proxy_next_upstream error timeout http_500 http_502;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

                # CORS: Preflighted requests
                if ($request_method = OPTIONS ) {
                        add_header "Access-Control-Allow-Origin"  *;
                        add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS";
                        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
                        return 200;
                }

                access_log /var/log/nginx/es-g1.log upstreamlog;
        }

}

Salut !
Merci pour ton assistance aux amateurs !

J’ai récupéré tes conf (et adapté bien sur a mon cas !)

J’ai relancé tout ça et on verra demain.

[2020-04-24 00:09:49,063][INFO ][node ] [es-g1-01] initializing …
[2020-04-24 00:09:51,302][INFO ][plugins ] [es-g1-01] modules [reindex, lang-expression, lang-groovy], plugins [mapper-attachments, cesium-plus-pod-core, cesium-plus-pod-subscription, cesium-plus-pod-user], sites
[2020-04-24 00:09:51,624][INFO ][env ] [es-g1-01] using [1] data paths, mounts [[/ (/dev/sda1)]], net usable_space [20.9gb], net total_space [36.1gb], spins? [possibly], types [ext4]
[2020-04-24 00:09:51,624][INFO ][env ] [es-g1-01] heap size [1007.3mb], compressed ordinary object pointers [true]
[2020-04-24 00:09:52,852][INFO ][http ] [es-g1-01] Using [org.elasticsearch.http.netty.NettyHttpServerTransport] as http transport, overridden by [cesium-plus-core]
[2020-04-24 00:10:00,118][INFO ][duniter.network ] [es-g1-01] Adding {ES_CORE_API} as published endpoint, inside the peering document.
[2020-04-24 00:10:00,221][INFO ][duniter.security ] [es-g1-01] Enable security on all indices
[2020-04-24 00:10:00,575][INFO ][node ] [es-g1-01] initialized
[2020-04-24 00:10:00,575][INFO ][node ] [es-g1-01] starting …
[2020-04-24 00:10:00,578][INFO ][duniter.network ] [es-g1-01] Adding {ES_USER_API} as published endpoint, inside the peering document.
[2020-04-24 00:10:00,590][INFO ][duniter.network ] [es-g1-01] Adding {ES_SUBSCRIPTION_API} as published endpoint, inside the peering document.
[2020-04-24 00:10:00,834][INFO ][org.duniter.elasticsearch.PluginSettings] [es-g1-01] Starts i18n with locale [fr] at [/var/www/cesiumplus.guenoel.fr/cesiumplus/data/i18n]
[2020-04-24 00:10:01,072][INFO ][transport ] [es-g1-01] publish_address {127.0.0.1:9300}, bound_addresses {127.0.0.1:9300}
[2020-04-24 00:10:01,094][INFO ][discovery ] [es-g1-01] g1-es-data-guenoel/xyNOr16jTsqzltCcLlfDHA
[2020-04-24 00:10:04,130][INFO ][cluster.service ] [es-g1-01] new_master {es-g1-01}{xyNOr16jTsqzltCcLlfDHA}{127.0.0.1}{127.0.0.1:9300}, reason: zen-disco-join(elected_as_master, [0] joins received)
[2020-04-24 00:10:04,188][INFO ][http ] [es-g1-01] publish_address {127.0.0.1:9701}, bound_addresses {127.0.0.1:9701}
[2020-04-24 00:10:04,189][INFO ][node ] [es-g1-01] started
[2020-04-24 00:10:04,304][INFO ][gateway ] [es-g1-01] recovered [0] indices into cluster_state
[2020-04-24 00:10:14,143][INFO ][duniter.user ] [es-g1-01] Starting user jobs… {blockchain user events:true}, {blockchain admin events:true}
[2020-04-24 00:10:14,149][INFO ][duniter.history ] [es-g1-01] Creating index [history/delete]
[2020-04-24 00:10:14,933][INFO ][duniter.dao.user ] [es-g1-01] Creating index [user]
[2020-04-24 00:10:15,250][INFO ][duniter.message ] [es-g1-01] Creating index [message/inbox]
[2020-04-24 00:10:15,428][INFO ][duniter.dao.group ] [es-g1-01] Creating index [group]
[2020-04-24 00:10:15,562][INFO ][duniter.invitation ] [es-g1-01] Creating index [invitation/certification]
[2020-04-24 00:10:16,298][INFO ][duniter.dao.page ] [es-g1-01] Creating index [page]
[2020-04-24 00:10:18,656][INFO ][duniter.like ] [es-g1-01] Creating index [like/record]
[2020-04-24 00:10:19,075][INFO ][duniter.subscription ] [es-g1-01] Starting subscription jobs… {enable:true}
[2020-04-24 00:10:19,078][INFO ][duniter.dao.subscription ] [es-g1-01] Creating index [subscription]
[2020-04-24 00:10:21,145][INFO ][duniter.core ] [es-g1-01] Starting core jobs… {blockchain: block:true, peer:true, pending:true}, {p2p: synchro:true, websocket:true, emit_peering:true}, {doc_stats:true}
[2020-04-24 00:10:21,147][INFO ][duniter.dao.currency ] [es-g1-01] Creating index [currency]
[2020-04-24 00:10:21,153][WARN ][duniter.subscription ] [es-g1-01] Impossible de traiter les abonnements email: la fonction d’envoi d’email est désactivée dans la configuration
[2020-04-24 00:10:21,441][INFO ][duniter.dao.document ] [es-g1-01] Creating index [document]
[2020-04-24 00:10:25,892][INFO ][duniter.dao.g1 ] [es-g1-01] Creating index [g1]
[2020-04-24 00:10:26,421][INFO ][duniter.core ] [es-g1-01] [g1] Indexing blockchain…
[2020-04-24 00:10:26,423][INFO ][duniter.blockchain ] [es-g1-01] [g1] [BASIC_MERKLED_API 127.0.0.1 10901] Indexing last blocks…