diff options
| author | Christian Grothoff <christian@grothoff.org> | 2021-08-03 11:16:52 +0200 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2021-08-03 11:16:52 +0200 |
| commit | b7e2029efb92fb5e49f56dfcbbfcd79a271386c3 (patch) | |
| tree | 742b9a4141059aa458942431d4fe9017abc44e9c | |
| parent | 4c8bc8a0d9e6ba9cdad8d589b29d47a912736563 (diff) | |
| download | docs-b7e2029efb92fb5e49f56dfcbbfcd79a271386c3.tar.gz docs-b7e2029efb92fb5e49f56dfcbbfcd79a271386c3.tar.bz2 docs-b7e2029efb92fb5e49f56dfcbbfcd79a271386c3.zip | |
-minor improvements
| -rw-r--r-- | taler-exchange-setup-guide.rst | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/taler-exchange-setup-guide.rst b/taler-exchange-setup-guide.rst index 1d6e0b2..f867fed 100644 --- a/taler-exchange-setup-guide.rst +++ b/taler-exchange-setup-guide.rst @@ -163,6 +163,8 @@ The package will deploy systemd service files in (FIXME: Explain the Debian package users, groups and locations. -- anything missing?) +FIXME: I do not see how secmod keys are kept isolated from +the other users! Basic Setup: Currency and Denominations @@ -225,8 +227,9 @@ pattern ``exchange-account-$id``, where ``$id`` is an internal identifier for the bank account accessed with the Wire Gateway. The configuration file ``/etc/taler/conf.d/exchange-system.conf`` by default loads the section ``exchange-account-1`` from the secret file -``/etc/taler/secrets/exchange-accounts.secret.conf``. - +``/etc/taler/secrets/exchange-accounts.secret.conf``. The latter file +should already be only readable for the taler-exchange-wire user. Other +exchange processes should not have access to this information. .. code-block:: ini :caption: /etc/taler/secrets/exchange-accounts.secret.conf @@ -340,7 +343,7 @@ The responsibilities of this offline signing machine are: .. code-block:: shell-session - [root@exchange-online]# sudo -u taler-exchange-offline taler-exchange-offline setup + [root@exchange-offline]# sudo -u taler-exchange-offline taler-exchange-offline setup < ... prints the exchange master public key > The public key printed as the output of this command should must be put into the configuration @@ -379,9 +382,10 @@ enabled in nginx: .. code-block:: shell-session - [root@exchange-online]# cp /etc/nginx/sites-available/taler-exchange /etc/nginx/sites-enabled/ - [root@exchange-online]# vim /etc/nginx/sites-enabled/taler-exchange + [root@exchange-online]# vim /etc/nginx/sites-available/taler-exchange < ... customize configuration ... > + [root@exchange-online]# ln -s /etc/nginx/sites-available/taler-exchange \ + /etc/nginx/sites-enabled/taler-exchange [root@exchange-online]# systemctl reload nginx |