diff options
author | Javier Sepulveda <javier.sepulveda@uv.es> | 2023-03-28 11:33:26 +0200 |
---|---|---|
committer | Javier Sepulveda <javier.sepulveda@uv.es> | 2023-04-05 11:18:04 +0200 |
commit | d46b1a3ae8f6a03a122610a35a8d0e0765b2581f (patch) | |
tree | ac2e01a2acbdae87168241d4e6e7a433cad388f3 | |
parent | 5d3e29d90834f372a1dfec50fae2d1125616dfb9 (diff) | |
download | deployment-d46b1a3ae8f6a03a122610a35a8d0e0765b2581f.tar.gz deployment-d46b1a3ae8f6a03a122610a35a8d0e0765b2581f.tar.bz2 deployment-d46b1a3ae8f6a03a122610a35a8d0e0765b2581f.zip |
New dev branch - new folder(works)
9 files changed, 242 insertions, 0 deletions
diff --git a/netzbon/nginx_configurations/new_nginx_listen_80_certbot/backend.taler-nginx.conf b/netzbon/nginx_configurations/new_nginx_listen_80_certbot/backend.taler-nginx.conf new file mode 100644 index 0000000..6cf9961 --- /dev/null +++ b/netzbon/nginx_configurations/new_nginx_listen_80_certbot/backend.taler-nginx.conf @@ -0,0 +1,12 @@ +server { + + listen 80; + listen [::]:80; + + server_name backend.${DOMAIN_NAME}; + + location / { + proxy_pass http://unix:/var/run/taler/merchant-httpd/merchant-http.sock; + } + +} diff --git a/netzbon/nginx_configurations/new_nginx_listen_80_certbot/bank.taler-nginx.conf b/netzbon/nginx_configurations/new_nginx_listen_80_certbot/bank.taler-nginx.conf new file mode 100644 index 0000000..a9f8059 --- /dev/null +++ b/netzbon/nginx_configurations/new_nginx_listen_80_certbot/bank.taler-nginx.conf @@ -0,0 +1,23 @@ +server { + listen 80; + listen [::]:80; + + server_name bank.${DOMAIN_NAME}; + + access_log /var/log/nginx/libeufin-sandbox.log; + error_log /var/log/nginx/libeufin-sandbox.err; + + location /demobanks/default { + proxy_pass http://localhost:5016; + } + + location / { + index index.html; + alias /usr/share/libeufin/demobank-ui/; + } + + location = /demobank-ui-settings.js { + alias /etc/libeufin/demobank-ui-settings.js; + } + +} diff --git a/netzbon/nginx_configurations/new_nginx_listen_80_certbot/config_nginx.sh b/netzbon/nginx_configurations/new_nginx_listen_80_certbot/config_nginx.sh new file mode 100755 index 0000000..7821622 --- /dev/null +++ b/netzbon/nginx_configurations/new_nginx_listen_80_certbot/config_nginx.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +source functions.sh +source config/user.conf +export DOMAIN_NAME=${DOMAIN_NAME} + +envsubst <backend-taler-nginx.conf > /etc/nginx/sites-available/backend.${DOMAIN_NAME} +envsubst <bank.taler-nginx.conf > /etc/nginx/sites-available/bank.${DOMAIN_NAME} +envsubst <exchange.taler-nginx.conf > /etc/nginx/sites-available/exchange.${DOMAIN_NAME} + +if test ${ENABLE_TLS} == "y" +then + say "Obtaining TLS certificates" + + certbot -d ${DOMAIN_NAME} \ + -d backend.${DOMAIN_NAME} \ + -d bank.${DOMAIN_NAME} \ + -d exchange.${DOMAIN_NAME} +fi + +ln -s /etc/nginx/sites-available/backend.${DOMAIN_NAME} /etc/nginx/sites-enabled/backend.${DOMAIN_NAME} +ln -s /etc/nginx/sites-available/bank.${DOMAIN_NAME} /etc/nginx/sites-enabled/bank.${DOMAIN_NAME} +ln -s /etc/nginx/sites-available/exchange.${DOMAIN_NAME} /etc/nginx/sites-enabled/exchange.${DOMAIN_NAME} + +say "Restarting Nginx with new configuration" +systemctl reload nginx diff --git a/netzbon/nginx_configurations/new_nginx_listen_80_certbot/exchange.taler-nginx.conf b/netzbon/nginx_configurations/new_nginx_listen_80_certbot/exchange.taler-nginx.conf new file mode 100644 index 0000000..0f470a1 --- /dev/null +++ b/netzbon/nginx_configurations/new_nginx_listen_80_certbot/exchange.taler-nginx.conf @@ -0,0 +1,12 @@ +server { + + listen 80; + listen [::]:80; + + server_name exchange.${DOMAIN_NAME}; + + location / { + proxy_pass http://unix:/var/run/taler/exchange-httpd/exchange-http.sock; + } + +} diff --git a/netzbon/nginx_configurations/old_nginx_listen_443_certbot/backend.conf b/netzbon/nginx_configurations/old_nginx_listen_443_certbot/backend.conf new file mode 100644 index 0000000..e95f387 --- /dev/null +++ b/netzbon/nginx_configurations/old_nginx_listen_443_certbot/backend.conf @@ -0,0 +1,24 @@ +server { + listen 80; + listen [::]:80; + + server_name backend.${DOMAIN_NAME}; + rewrite ^(.*) https://$server_name$1 permanent; +} + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name backend.${DOMAIN_NAME}; + + ssl_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/cert.pem; + ssl_certificate_key /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem; + + access_log /var/log/nginx/merchant.log; + error_log /var/log/nginx/merchant.err; + + location /taler-merchant/ { + proxy_pass http://unix:/var/run/taler/merchant-httpd/merchant-http.sock; + } +} diff --git a/netzbon/nginx_configurations/old_nginx_listen_443_certbot/bank.conf b/netzbon/nginx_configurations/old_nginx_listen_443_certbot/bank.conf new file mode 100644 index 0000000..c9e44d1 --- /dev/null +++ b/netzbon/nginx_configurations/old_nginx_listen_443_certbot/bank.conf @@ -0,0 +1,33 @@ +server { + listen 80; + listen [::]:80; + + server_name bank.${DOMAIN_NAME}; + rewrite ^(.*) https://$server_name$1 permanent; +} + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name bank.${DOMAIN_NAME}; + + ssl_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/cert.pem; + ssl_certificate_key /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem; + + access_log /var/log/nginx/libeufin-sandbox.log; + error_log /var/log/nginx/libeufin-sandbox.err; + + location /demobanks/default { + proxy_pass http://localhost:5016; + } + + location / { + index index.html; + alias /usr/share/libeufin/demobank-ui/; + } + + location = /demobank-ui-settings.js { + alias /etc/libeufin/demobank-ui-settings.js; + } +} diff --git a/netzbon/nginx_configurations/old_nginx_listen_443_certbot/config_nginx.sh b/netzbon/nginx_configurations/old_nginx_listen_443_certbot/config_nginx.sh new file mode 100755 index 0000000..0180d5a --- /dev/null +++ b/netzbon/nginx_configurations/old_nginx_listen_443_certbot/config_nginx.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +source functions.sh +source config/user.conf +export DOMAIN_NAME=${DOMAIN_NAME} + +envsubst <backend.conf > /etc/nginx/sites-available/backend.${DOMAIN_NAME} +envsubst <bank.conf > /etc/nginx/sites-available/bank.${DOMAIN_NAME} +envsubst <exchange.conf > /etc/nginx/sites-available/exchange.${DOMAIN_NAME} + +if test ${ENABLE_TLS} == "y" +then + say "Obtaining TLS certificates" + + certbot -d ${DOMAIN_NAME} \ + -d backend.${DOMAIN_NAME} \ + -d bank.${DOMAIN_NAME} \ + -d exchange.${DOMAIN_NAME} +fi + +ln -s /etc/nginx/sites-available/backend.${DOMAIN_NAME} /etc/nginx/sites-enabled/backend.${DOMAIN_NAME} +ln -s /etc/nginx/sites-available/bank.${DOMAIN_NAME} /etc/nginx/sites-enabled/bank.${DOMAIN_NAME} +ln -s /etc/nginx/sites-available/exchange.${DOMAIN_NAME} /etc/nginx/sites-enabled/exchange.${DOMAIN_NAME} + +say "Restarting Nginx with new configuration" +systemctl reload nginx diff --git a/netzbon/nginx_configurations/old_nginx_listen_443_certbot/config_nginx.sh.old b/netzbon/nginx_configurations/old_nginx_listen_443_certbot/config_nginx.sh.old new file mode 100755 index 0000000..2940e55 --- /dev/null +++ b/netzbon/nginx_configurations/old_nginx_listen_443_certbot/config_nginx.sh.old @@ -0,0 +1,62 @@ +#!/bin/bash +# This file is in the public domain. + +set -eu + +# Inputs: DOMAIN_NAME & ENABLE_TLS + +source functions.sh +source config/user.conf +source config/internal.conf + +if test -z ${DOMAIN_NAME:-} +then + say "Error: config/user.conf does not specify DOMAIN_NAME" + exit 1 +fi +if test -z ${ENABLE_TLS:-} +then + say "Error: config/user.conf does not specify ENABLE_TLS" + exit 1 +fi + +say "Configuring Nginx" + +SITES_AVAILABLE_DIR=/etc/nginx/sites-available +SITES_ENABLED_DIR=/etc/nginx/sites-enabled + +cat ${SITES_AVAILABLE_DIR}/taler-exchange \ + | sed -e "s/localhost/exchange.${DOMAIN_NAME}/g" \ + | sed -e "s/location \/taler-exchange\//location \//g" \ + | sed -e "s/# proxy_set_header/proxy_set_header/g" \ + > ${SITES_AVAILABLE_DIR}/taler-exchange.${DOMAIN_NAME} +rm -f ${SITES_ENABLED_DIR}/exchange.${DOMAIN_NAME} +ln -s ${SITES_AVAILABLE_DIR}/taler-exchange.${DOMAIN_NAME} ${SITES_ENABLED_DIR}/exchange.${DOMAIN_NAME} + +cat ${SITES_AVAILABLE_DIR}/taler-merchant \ + | sed -e "s/localhost/backend.${DOMAIN_NAME}/g" \ + | sed -e "s/location \/taler-merchant\//location \//g" \ + | sed -e "s/# proxy_set_header/proxy_set_header/g" \ + > ${SITES_AVAILABLE_DIR}/taler-merchant.${DOMAIN_NAME} +rm -f ${SITES_ENABLED_DIR}/backend.${DOMAIN_NAME} +ln -s ${SITES_AVAILABLE_DIR}/taler-merchant.${DOMAIN_NAME} ${SITES_ENABLED_DIR}/backend.${DOMAIN_NAME} + +cat ${SITES_AVAILABLE_DIR}/libeufin-sandbox \ + | sed -e "s/localhost/bank.${DOMAIN_NAME}/g" \ + | sed -e "s/\$scheme/https/g" \ + > ${SITES_AVAILABLE_DIR}/libeufin-sandbox.${DOMAIN_NAME} +rm -f ${SITES_ENABLED_DIR}/bank.${DOMAIN_NAME} +ln -s ${SITES_AVAILABLE_DIR}/libeufin-sandbox.${DOMAIN_NAME} ${SITES_ENABLED_DIR}/bank.${DOMAIN_NAME} + +say "Restarting Nginx with new configuration" +systemctl restart nginx + +if test ${ENABLE_TLS} == "y" +then + say "Obtaining TLS certificates" + + certbot --nginx \ + -d backend.${DOMAIN_NAME} \ + -d bank.${DOMAIN_NAME} \ + -d exchange.${DOMAIN_NAME} +fi diff --git a/netzbon/nginx_configurations/old_nginx_listen_443_certbot/exchange.conf b/netzbon/nginx_configurations/old_nginx_listen_443_certbot/exchange.conf new file mode 100644 index 0000000..55a1aa0 --- /dev/null +++ b/netzbon/nginx_configurations/old_nginx_listen_443_certbot/exchange.conf @@ -0,0 +1,24 @@ +server { + listen 80; + listen [::]:80; + + server_name exchange.${DOMAIN_NAME}; + rewrite ^(.*) https://$server_name$1 permanent; +} + +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name exchange.${DOMAIN_NAME}; + + ssl_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/cert.pem; + ssl_certificate_key /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem; + + access_log /var/log/nginx/exchange.log; + error_log /var/log/nginx/exchange.err; + + location /taler-exchange/ { + proxy_pass http://unix:/var/run/taler/exchange-httpd/exchange-http.sock; + } +} |