1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
|
Description
===========
This setup orchestrates the following containers:
1. Banking (libEufin)
2. Shop(s)
3. Payment service provider (Taler exchange and helpers)
4. Database
Note: one stratagem was however needed to make it work.
The merchant container needs to redirect requests to
"localhost:$EXCHANGE_PORT_AT_HOST" to the Docker network,
in order to actually reach the exchange. That fixes the
"/pay" handling, since wallets suggest the exchange base URL
but have a different network view, because they run outside
of Docker.
How to compile
==============
Base image
----------
This image contains a minimal Debian distribution
with ALL the Taler software and its dependencies.
Navigate to the "images/base" folder, and run the
following command:
$ docker build --no-cache -t taler_local/taler_base .
Composed containers
-------------------
From this folder, run:
$ docker-compose build
How to run
==========
Configuration
-------------
Export the env variable TALER_DEPLOYMENT_CONFIG to an
absolute path of a configuration file. See config/deployment.conf
for an example.
Volumes
-------
Data is kept into Docker volumes. From this directory,
run the following command to export database, key material, and logs:
$ ./backup.sh
The following command imports a TAR backup into
the Docker volumes. From this directory:
$ ./import-backup.sh
Run
---
Only if stale data needs to be removed, from this folder run:
$ docker-compose down -v
From this folder, run:
$ docker-compose up --remove-orphans --abort-on-container-exit
How to test on localhost
========================
From this folder, run:
$ ./test-docker-mvp.sh
The above test registers a new bank account to libEufin,
withdraw coins and spend them directly at the merchant backend.
How to deploy to online sites
=============================
Assuming that TLS is already configured, the following
Nginx configuration example deploys this sandbox under
"example.com":
server {
server_name exchange.example.com;
listen 443 ssl;
listen [::]:443 ssl;
root /dev/null;
location / {
proxy_pass http://localhost:5555/;
proxy_redirect off;
proxy_set_header Host $host;
}
}
server {
server_name backend.example.com;
listen 443 ssl;
listen [::]:443 ssl;
location / {
proxy_set_header X-Forwarded-Host "backend.example.com";
proxy_set_header X-Forwarded-Proto "https";
proxy_set_header X-Forwarded-Prefix "/";
proxy_pass http://localhost:5556/;
proxy_redirect off;
proxy_set_header Host $host;
}
}
server {
server_name bank.example.com;
listen 443 ssl;
listen [::]:443 ssl;
# redirect '/' to /demobanks/default;
rewrite ^/$ https://bank.example.com/demobanks/default;
rewrite ^/(..)/$ https://bank.example.com/demobanks/default;
location / {
proxy_set_header X-Forwarded-Host "bank.example.com";
proxy_set_header X-Forwarded-Proto "https";
proxy_set_header X-Forwarded-Prefix /;
proxy_pass http://localhost:15000/;
}
}
server {
server_name blog.example.com;
listen 443 ssl;
listen [::]:443 ssl;
location / {
proxy_set_header X-Forwarded-Host "blog.example.com";
proxy_set_header X-Forwarded-Proto "https";
proxy_set_header X-Forwarded-Prefix /;
proxy_pass http://localhost:5559/;
}
}
server {
server_name donations.example.com;
listen 443 ssl;
listen [::]:443 ssl;
location / {
proxy_set_header X-Forwarded-Host "donations.example.com";
proxy_set_header X-Forwarded-Proto "https";
proxy_set_header X-Forwarded-Prefix /;
proxy_pass http://localhost:5560/;
}
}
server {
server_name survey.example.com;
listen 443 ssl;
listen [::]:443 ssl;
location / {
proxy_set_header X-Forwarded-Host "survey.example.com";
proxy_set_header X-Forwarded-Proto "https";
proxy_set_header X-Forwarded-Prefix /;
proxy_pass http://localhost:5561/;
}
}
# Landing page that explains the demo.
server {
server_name intro.example.com;
listen 443 ssl;
listen [::]:443 ssl;
location / {
proxy_pass http://localhost:5562/;
}
}
|
