From 9db9a64b36d2aa550b93b662a605fb4987e77d5e Mon Sep 17 00:00:00 2001 From: ms Date: Wed, 1 Dec 2021 15:44:21 +0100 Subject: taler-local forwarding X-Forwarded-Host's port to the one Nginx binds to. --- bin/WIP/taler-local | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/bin/WIP/taler-local b/bin/WIP/taler-local index de82c0a..123cc8d 100755 --- a/bin/WIP/taler-local +++ b/bin/WIP/taler-local @@ -1083,7 +1083,16 @@ def prepare(x_forwarded_host, x_forwarded_proto): if not TALER_UNIT_FILES_DIR.exists(): TALER_UNIT_FILES_DIR.mkdir(parents=True, exist_ok=True) - # Exchange HTTPD unit file. + # Internal redirect of X-Forwarded-Host's port + # to the port Nginx binds to. Allows clients + # connecting from within a container to still + # reach services at X-Forwarded-Host. + x_forwarded_port = x_forwarded_host.split(":")[1] + with open(TALER_UNIT_FILES_DIR / "taler-local-port-redirect.service", "w") as port_redirect_unit: + port_redirect_unit.write(unit_file_content( + description = "Port redirect allowing configuration at X-Forwarded-Host", + cmd = f"socat TCP4-LISTEN:{x_forwarded_port},fork TCP4:{REV_PROXY_NETLOC}", + )) with open(TALER_UNIT_FILES_DIR / "taler-local-exchange-httpd.service", "w") as exchange_unit: exchange_unit.write(unit_file_content( description = "Taler Exchange HTTP daemon", @@ -1242,6 +1251,9 @@ def prepare(x_forwarded_host, x_forwarded_proto): ).run() print(" OK") + print_nn("Launching X-Forwarded-Host port redirect...") + subprocess.run(["systemctl", "--user", "start", "taler-local-port-redirect.service"], check=True) + print(" OK") print_nn("Launching the reverse proxy...") with open(CFG_OUTDIR / "nginx.conf", "w") as nginx_conf: nginx_conf.write(( @@ -1484,7 +1496,7 @@ def prepare(x_forwarded_host, x_forwarded_proto): response.raise_for_status() except Exception as error: fail(error) - FACADE_URL=response.json().get("facades")[0].get("baseUrl") + FACADE_URL = response.json().get("facades")[0].get("baseUrl") print_nn("Set suggested exchange at Sandbox...") Command([ "libeufin-sandbox", @@ -1655,6 +1667,7 @@ def prepare(x_forwarded_host, x_forwarded_proto): @cli.command() def launch(): + subprocess.run(["systemctl", "--user", "start", "taler-local-port-redirect.service"], check=True) subprocess.run(["systemctl", "--user", "start", "taler-local-nginx.service"], check=True) subprocess.run(["systemctl", "--user", "start", "taler-local-exchange-secmod-rsa.service"], check=True) subprocess.run(["systemctl", "--user", "start", "taler-local-exchange-secmod-eddsa.service"], check=True) -- cgit v1.2.3