From 60432ac1989d34581c2eff5a52e99a42beece3bc Mon Sep 17 00:00:00 2001 From: Javier Sepulveda Date: Wed, 29 Mar 2023 11:55:07 +0200 Subject: Old configurations removed - config_ngix.sh replaced --- netzbon/config_nginx.sh | 66 +++++++--------------- netzbon/nginx-conf/backend.taler-nginx.conf | 12 ++++ netzbon/nginx-conf/bank.taler-nginx.conf | 23 ++++++++ netzbon/nginx-conf/exchange.taler-nginx.conf | 12 ++++ .../backend.taler-nginx.conf | 12 ---- .../bank.taler-nginx.conf | 23 -------- .../new_nginx_listen_80_certbot/config_nginx.sh | 33 ----------- .../exchange.taler-nginx.conf | 12 ---- .../old_nginx_listen_443_certbot/backend.conf | 24 -------- .../old_nginx_listen_443_certbot/bank.conf | 33 ----------- .../old_nginx_listen_443_certbot/config_nginx.sh | 26 --------- .../config_nginx.sh.old | 62 -------------------- .../old_nginx_listen_443_certbot/exchange.conf | 24 -------- 13 files changed, 67 insertions(+), 295 deletions(-) create mode 100644 netzbon/nginx-conf/backend.taler-nginx.conf create mode 100644 netzbon/nginx-conf/bank.taler-nginx.conf create mode 100644 netzbon/nginx-conf/exchange.taler-nginx.conf delete mode 100644 netzbon/nginx_configurations/new_nginx_listen_80_certbot/backend.taler-nginx.conf delete mode 100644 netzbon/nginx_configurations/new_nginx_listen_80_certbot/bank.taler-nginx.conf delete mode 100755 netzbon/nginx_configurations/new_nginx_listen_80_certbot/config_nginx.sh delete mode 100644 netzbon/nginx_configurations/new_nginx_listen_80_certbot/exchange.taler-nginx.conf delete mode 100644 netzbon/nginx_configurations/old_nginx_listen_443_certbot/backend.conf delete mode 100644 netzbon/nginx_configurations/old_nginx_listen_443_certbot/bank.conf delete mode 100755 netzbon/nginx_configurations/old_nginx_listen_443_certbot/config_nginx.sh delete mode 100755 netzbon/nginx_configurations/old_nginx_listen_443_certbot/config_nginx.sh.old delete mode 100644 netzbon/nginx_configurations/old_nginx_listen_443_certbot/exchange.conf diff --git a/netzbon/config_nginx.sh b/netzbon/config_nginx.sh index 1d355fd..bf85f96 100755 --- a/netzbon/config_nginx.sh +++ b/netzbon/config_nginx.sh @@ -1,59 +1,33 @@ #!/bin/bash -# This file is in the public domain. - -set -eu - -# Inputs: DOMAIN_NAME & ENABLE_TLS source functions.sh source config/user.conf -source config/internal.conf - -if test -z ${DOMAIN_NAME:-} -then - say "Error: config/user.conf does not specify DOMAIN_NAME" - exit 1 -fi -if test -z ${ENABLE_TLS:-} -then - say "Error: config/user.conf does not specify ENABLE_TLS" - exit 1 -fi - -say "Configuring Nginx" +export DOMAIN_NAME=${DOMAIN_NAME} -SITES_AVAILABLE_DIR=/etc/nginx/sites-available -SITES_ENABLED_DIR=/etc/nginx/sites-enabled +envsubst /etc/nginx/sites-available/backend.${DOMAIN_NAME} +envsubst /etc/nginx/sites-available/bank.${DOMAIN_NAME} +envsubst /etc/nginx/sites-available/exchange.${DOMAIN_NAME} -cat ${SITES_AVAILABLE_DIR}/taler-exchange \ - | sed -e "s/localhost/exchange.${DOMAIN_NAME}/g" \ - | sed -e "s/location \/taler-exchange\//location \//g" \ - > ${SITES_AVAILABLE_DIR}/taler-exchange.${DOMAIN_NAME} -rm -f ${SITES_ENABLED_DIR}/exchange.${DOMAIN_NAME} -ln -s ${SITES_AVAILABLE_DIR}/taler-exchange.${DOMAIN_NAME} ${SITES_ENABLED_DIR}/exchange.${DOMAIN_NAME} +if test ${ENABLE_TLS} == "y" +then -cat ${SITES_AVAILABLE_DIR}/taler-merchant \ - | sed -e "s/localhost/backend.${DOMAIN_NAME}/g" \ - | sed -e "s/location \/taler-merchant\//location \//g" \ - > ${SITES_AVAILABLE_DIR}/taler-merchant.${DOMAIN_NAME} -rm -f ${SITES_ENABLED_DIR}/backend.${DOMAIN_NAME} -ln -s ${SITES_AVAILABLE_DIR}/taler-merchant.${DOMAIN_NAME} ${SITES_ENABLED_DIR}/backend.${DOMAIN_NAME} +# patch to: Replace http to https, to avoid error of mixed content -cat ${SITES_AVAILABLE_DIR}/libeufin-sandbox \ - | sed -e "s/localhost/bank.${DOMAIN_NAME}/g" \ - > ${SITES_AVAILABLE_DIR}/libeufin-sandbox.${DOMAIN_NAME} -rm -f ${SITES_ENABLED_DIR}/bank.${DOMAIN_NAME} -ln -s ${SITES_AVAILABLE_DIR}/libeufin-sandbox.${DOMAIN_NAME} ${SITES_ENABLED_DIR}/bank.${DOMAIN_NAME} +sed -i "s/http:\/\/bank./https:\/\/bank./g" /etc/libeufin/demobank-ui-settings.js -say "Restarting Nginx with new configuration" -systemctl restart nginx +# Certbot -if test ${ENABLE_TLS} == "y" -then say "Obtaining TLS certificates" - certbot --nginx \ - -d backend.${DOMAIN_NAME} \ - -d bank.${DOMAIN_NAME} \ - -d exchange.${DOMAIN_NAME} + certbot -d ${DOMAIN_NAME} \ + -d backend.${DOMAIN_NAME} \ + -d bank.${DOMAIN_NAME} \ + -d exchange.${DOMAIN_NAME} fi + +ln -s /etc/nginx/sites-available/backend.${DOMAIN_NAME} /etc/nginx/sites-enabled/backend.${DOMAIN_NAME} +ln -s /etc/nginx/sites-available/bank.${DOMAIN_NAME} /etc/nginx/sites-enabled/bank.${DOMAIN_NAME} +ln -s /etc/nginx/sites-available/exchange.${DOMAIN_NAME} /etc/nginx/sites-enabled/exchange.${DOMAIN_NAME} + +say "Restarting Nginx with new configuration" +systemctl reload nginx diff --git a/netzbon/nginx-conf/backend.taler-nginx.conf b/netzbon/nginx-conf/backend.taler-nginx.conf new file mode 100644 index 0000000..6cf9961 --- /dev/null +++ b/netzbon/nginx-conf/backend.taler-nginx.conf @@ -0,0 +1,12 @@ +server { + + listen 80; + listen [::]:80; + + server_name backend.${DOMAIN_NAME}; + + location / { + proxy_pass http://unix:/var/run/taler/merchant-httpd/merchant-http.sock; + } + +} diff --git a/netzbon/nginx-conf/bank.taler-nginx.conf b/netzbon/nginx-conf/bank.taler-nginx.conf new file mode 100644 index 0000000..a9f8059 --- /dev/null +++ b/netzbon/nginx-conf/bank.taler-nginx.conf @@ -0,0 +1,23 @@ +server { + listen 80; + listen [::]:80; + + server_name bank.${DOMAIN_NAME}; + + access_log /var/log/nginx/libeufin-sandbox.log; + error_log /var/log/nginx/libeufin-sandbox.err; + + location /demobanks/default { + proxy_pass http://localhost:5016; + } + + location / { + index index.html; + alias /usr/share/libeufin/demobank-ui/; + } + + location = /demobank-ui-settings.js { + alias /etc/libeufin/demobank-ui-settings.js; + } + +} diff --git a/netzbon/nginx-conf/exchange.taler-nginx.conf b/netzbon/nginx-conf/exchange.taler-nginx.conf new file mode 100644 index 0000000..0f470a1 --- /dev/null +++ b/netzbon/nginx-conf/exchange.taler-nginx.conf @@ -0,0 +1,12 @@ +server { + + listen 80; + listen [::]:80; + + server_name exchange.${DOMAIN_NAME}; + + location / { + proxy_pass http://unix:/var/run/taler/exchange-httpd/exchange-http.sock; + } + +} diff --git a/netzbon/nginx_configurations/new_nginx_listen_80_certbot/backend.taler-nginx.conf b/netzbon/nginx_configurations/new_nginx_listen_80_certbot/backend.taler-nginx.conf deleted file mode 100644 index 6cf9961..0000000 --- a/netzbon/nginx_configurations/new_nginx_listen_80_certbot/backend.taler-nginx.conf +++ /dev/null @@ -1,12 +0,0 @@ -server { - - listen 80; - listen [::]:80; - - server_name backend.${DOMAIN_NAME}; - - location / { - proxy_pass http://unix:/var/run/taler/merchant-httpd/merchant-http.sock; - } - -} diff --git a/netzbon/nginx_configurations/new_nginx_listen_80_certbot/bank.taler-nginx.conf b/netzbon/nginx_configurations/new_nginx_listen_80_certbot/bank.taler-nginx.conf deleted file mode 100644 index a9f8059..0000000 --- a/netzbon/nginx_configurations/new_nginx_listen_80_certbot/bank.taler-nginx.conf +++ /dev/null @@ -1,23 +0,0 @@ -server { - listen 80; - listen [::]:80; - - server_name bank.${DOMAIN_NAME}; - - access_log /var/log/nginx/libeufin-sandbox.log; - error_log /var/log/nginx/libeufin-sandbox.err; - - location /demobanks/default { - proxy_pass http://localhost:5016; - } - - location / { - index index.html; - alias /usr/share/libeufin/demobank-ui/; - } - - location = /demobank-ui-settings.js { - alias /etc/libeufin/demobank-ui-settings.js; - } - -} diff --git a/netzbon/nginx_configurations/new_nginx_listen_80_certbot/config_nginx.sh b/netzbon/nginx_configurations/new_nginx_listen_80_certbot/config_nginx.sh deleted file mode 100755 index 6d03f77..0000000 --- a/netzbon/nginx_configurations/new_nginx_listen_80_certbot/config_nginx.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash - -source functions.sh -source config/user.conf -export DOMAIN_NAME=${DOMAIN_NAME} - -envsubst /etc/nginx/sites-available/backend.${DOMAIN_NAME} -envsubst /etc/nginx/sites-available/bank.${DOMAIN_NAME} -envsubst /etc/nginx/sites-available/exchange.${DOMAIN_NAME} - -if test ${ENABLE_TLS} == "y" -then - -# patch to: Replace http to https, to avoid error of mixed content - -sed -i "s/http:\/\/bank./https:\/\/bank./g" /etc/libeufin/demobank-ui-settings.js - -# Certbot - - say "Obtaining TLS certificates" - - certbot -d ${DOMAIN_NAME} \ - -d backend.${DOMAIN_NAME} \ - -d bank.${DOMAIN_NAME} \ - -d exchange.${DOMAIN_NAME} -fi - -ln -s /etc/nginx/sites-available/backend.${DOMAIN_NAME} /etc/nginx/sites-enabled/backend.${DOMAIN_NAME} -ln -s /etc/nginx/sites-available/bank.${DOMAIN_NAME} /etc/nginx/sites-enabled/bank.${DOMAIN_NAME} -ln -s /etc/nginx/sites-available/exchange.${DOMAIN_NAME} /etc/nginx/sites-enabled/exchange.${DOMAIN_NAME} - -say "Restarting Nginx with new configuration" -systemctl reload nginx diff --git a/netzbon/nginx_configurations/new_nginx_listen_80_certbot/exchange.taler-nginx.conf b/netzbon/nginx_configurations/new_nginx_listen_80_certbot/exchange.taler-nginx.conf deleted file mode 100644 index 0f470a1..0000000 --- a/netzbon/nginx_configurations/new_nginx_listen_80_certbot/exchange.taler-nginx.conf +++ /dev/null @@ -1,12 +0,0 @@ -server { - - listen 80; - listen [::]:80; - - server_name exchange.${DOMAIN_NAME}; - - location / { - proxy_pass http://unix:/var/run/taler/exchange-httpd/exchange-http.sock; - } - -} diff --git a/netzbon/nginx_configurations/old_nginx_listen_443_certbot/backend.conf b/netzbon/nginx_configurations/old_nginx_listen_443_certbot/backend.conf deleted file mode 100644 index e95f387..0000000 --- a/netzbon/nginx_configurations/old_nginx_listen_443_certbot/backend.conf +++ /dev/null @@ -1,24 +0,0 @@ -server { - listen 80; - listen [::]:80; - - server_name backend.${DOMAIN_NAME}; - rewrite ^(.*) https://$server_name$1 permanent; -} - -server { - listen 443 ssl; - listen [::]:443 ssl; - - server_name backend.${DOMAIN_NAME}; - - ssl_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/cert.pem; - ssl_certificate_key /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem; - - access_log /var/log/nginx/merchant.log; - error_log /var/log/nginx/merchant.err; - - location /taler-merchant/ { - proxy_pass http://unix:/var/run/taler/merchant-httpd/merchant-http.sock; - } -} diff --git a/netzbon/nginx_configurations/old_nginx_listen_443_certbot/bank.conf b/netzbon/nginx_configurations/old_nginx_listen_443_certbot/bank.conf deleted file mode 100644 index c9e44d1..0000000 --- a/netzbon/nginx_configurations/old_nginx_listen_443_certbot/bank.conf +++ /dev/null @@ -1,33 +0,0 @@ -server { - listen 80; - listen [::]:80; - - server_name bank.${DOMAIN_NAME}; - rewrite ^(.*) https://$server_name$1 permanent; -} - -server { - listen 443 ssl; - listen [::]:443 ssl; - - server_name bank.${DOMAIN_NAME}; - - ssl_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/cert.pem; - ssl_certificate_key /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem; - - access_log /var/log/nginx/libeufin-sandbox.log; - error_log /var/log/nginx/libeufin-sandbox.err; - - location /demobanks/default { - proxy_pass http://localhost:5016; - } - - location / { - index index.html; - alias /usr/share/libeufin/demobank-ui/; - } - - location = /demobank-ui-settings.js { - alias /etc/libeufin/demobank-ui-settings.js; - } -} diff --git a/netzbon/nginx_configurations/old_nginx_listen_443_certbot/config_nginx.sh b/netzbon/nginx_configurations/old_nginx_listen_443_certbot/config_nginx.sh deleted file mode 100755 index 0180d5a..0000000 --- a/netzbon/nginx_configurations/old_nginx_listen_443_certbot/config_nginx.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash - -source functions.sh -source config/user.conf -export DOMAIN_NAME=${DOMAIN_NAME} - -envsubst /etc/nginx/sites-available/backend.${DOMAIN_NAME} -envsubst /etc/nginx/sites-available/bank.${DOMAIN_NAME} -envsubst /etc/nginx/sites-available/exchange.${DOMAIN_NAME} - -if test ${ENABLE_TLS} == "y" -then - say "Obtaining TLS certificates" - - certbot -d ${DOMAIN_NAME} \ - -d backend.${DOMAIN_NAME} \ - -d bank.${DOMAIN_NAME} \ - -d exchange.${DOMAIN_NAME} -fi - -ln -s /etc/nginx/sites-available/backend.${DOMAIN_NAME} /etc/nginx/sites-enabled/backend.${DOMAIN_NAME} -ln -s /etc/nginx/sites-available/bank.${DOMAIN_NAME} /etc/nginx/sites-enabled/bank.${DOMAIN_NAME} -ln -s /etc/nginx/sites-available/exchange.${DOMAIN_NAME} /etc/nginx/sites-enabled/exchange.${DOMAIN_NAME} - -say "Restarting Nginx with new configuration" -systemctl reload nginx diff --git a/netzbon/nginx_configurations/old_nginx_listen_443_certbot/config_nginx.sh.old b/netzbon/nginx_configurations/old_nginx_listen_443_certbot/config_nginx.sh.old deleted file mode 100755 index 2940e55..0000000 --- a/netzbon/nginx_configurations/old_nginx_listen_443_certbot/config_nginx.sh.old +++ /dev/null @@ -1,62 +0,0 @@ -#!/bin/bash -# This file is in the public domain. - -set -eu - -# Inputs: DOMAIN_NAME & ENABLE_TLS - -source functions.sh -source config/user.conf -source config/internal.conf - -if test -z ${DOMAIN_NAME:-} -then - say "Error: config/user.conf does not specify DOMAIN_NAME" - exit 1 -fi -if test -z ${ENABLE_TLS:-} -then - say "Error: config/user.conf does not specify ENABLE_TLS" - exit 1 -fi - -say "Configuring Nginx" - -SITES_AVAILABLE_DIR=/etc/nginx/sites-available -SITES_ENABLED_DIR=/etc/nginx/sites-enabled - -cat ${SITES_AVAILABLE_DIR}/taler-exchange \ - | sed -e "s/localhost/exchange.${DOMAIN_NAME}/g" \ - | sed -e "s/location \/taler-exchange\//location \//g" \ - | sed -e "s/# proxy_set_header/proxy_set_header/g" \ - > ${SITES_AVAILABLE_DIR}/taler-exchange.${DOMAIN_NAME} -rm -f ${SITES_ENABLED_DIR}/exchange.${DOMAIN_NAME} -ln -s ${SITES_AVAILABLE_DIR}/taler-exchange.${DOMAIN_NAME} ${SITES_ENABLED_DIR}/exchange.${DOMAIN_NAME} - -cat ${SITES_AVAILABLE_DIR}/taler-merchant \ - | sed -e "s/localhost/backend.${DOMAIN_NAME}/g" \ - | sed -e "s/location \/taler-merchant\//location \//g" \ - | sed -e "s/# proxy_set_header/proxy_set_header/g" \ - > ${SITES_AVAILABLE_DIR}/taler-merchant.${DOMAIN_NAME} -rm -f ${SITES_ENABLED_DIR}/backend.${DOMAIN_NAME} -ln -s ${SITES_AVAILABLE_DIR}/taler-merchant.${DOMAIN_NAME} ${SITES_ENABLED_DIR}/backend.${DOMAIN_NAME} - -cat ${SITES_AVAILABLE_DIR}/libeufin-sandbox \ - | sed -e "s/localhost/bank.${DOMAIN_NAME}/g" \ - | sed -e "s/\$scheme/https/g" \ - > ${SITES_AVAILABLE_DIR}/libeufin-sandbox.${DOMAIN_NAME} -rm -f ${SITES_ENABLED_DIR}/bank.${DOMAIN_NAME} -ln -s ${SITES_AVAILABLE_DIR}/libeufin-sandbox.${DOMAIN_NAME} ${SITES_ENABLED_DIR}/bank.${DOMAIN_NAME} - -say "Restarting Nginx with new configuration" -systemctl restart nginx - -if test ${ENABLE_TLS} == "y" -then - say "Obtaining TLS certificates" - - certbot --nginx \ - -d backend.${DOMAIN_NAME} \ - -d bank.${DOMAIN_NAME} \ - -d exchange.${DOMAIN_NAME} -fi diff --git a/netzbon/nginx_configurations/old_nginx_listen_443_certbot/exchange.conf b/netzbon/nginx_configurations/old_nginx_listen_443_certbot/exchange.conf deleted file mode 100644 index 55a1aa0..0000000 --- a/netzbon/nginx_configurations/old_nginx_listen_443_certbot/exchange.conf +++ /dev/null @@ -1,24 +0,0 @@ -server { - listen 80; - listen [::]:80; - - server_name exchange.${DOMAIN_NAME}; - rewrite ^(.*) https://$server_name$1 permanent; -} - -server { - listen 443 ssl; - listen [::]:443 ssl; - - server_name exchange.${DOMAIN_NAME}; - - ssl_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/cert.pem; - ssl_certificate_key /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem; - - access_log /var/log/nginx/exchange.log; - error_log /var/log/nginx/exchange.err; - - location /taler-exchange/ { - proxy_pass http://unix:/var/run/taler/exchange-httpd/exchange-http.sock; - } -} -- cgit v1.2.3