summaryrefslogtreecommitdiff
path: root/taler-exchange-setup-guide.rst
diff options
context:
space:
mode:
Diffstat (limited to 'taler-exchange-setup-guide.rst')
-rw-r--r--taler-exchange-setup-guide.rst14
1 files changed, 9 insertions, 5 deletions
diff --git a/taler-exchange-setup-guide.rst b/taler-exchange-setup-guide.rst
index 1d6e0b2..f867fed 100644
--- a/taler-exchange-setup-guide.rst
+++ b/taler-exchange-setup-guide.rst
@@ -163,6 +163,8 @@ The package will deploy systemd service files in
(FIXME: Explain the Debian package users, groups and locations. -- anything missing?)
+FIXME: I do not see how secmod keys are kept isolated from
+the other users!
Basic Setup: Currency and Denominations
@@ -225,8 +227,9 @@ pattern ``exchange-account-$id``, where ``$id`` is an internal identifier for
the bank account accessed with the Wire Gateway. The configuration file
``/etc/taler/conf.d/exchange-system.conf`` by default loads the section
``exchange-account-1`` from the secret file
-``/etc/taler/secrets/exchange-accounts.secret.conf``.
-
+``/etc/taler/secrets/exchange-accounts.secret.conf``. The latter file
+should already be only readable for the taler-exchange-wire user. Other
+exchange processes should not have access to this information.
.. code-block:: ini
:caption: /etc/taler/secrets/exchange-accounts.secret.conf
@@ -340,7 +343,7 @@ The responsibilities of this offline signing machine are:
.. code-block:: shell-session
- [root@exchange-online]# sudo -u taler-exchange-offline taler-exchange-offline setup
+ [root@exchange-offline]# sudo -u taler-exchange-offline taler-exchange-offline setup
< ... prints the exchange master public key >
The public key printed as the output of this command should must be put into the configuration
@@ -379,9 +382,10 @@ enabled in nginx:
.. code-block:: shell-session
- [root@exchange-online]# cp /etc/nginx/sites-available/taler-exchange /etc/nginx/sites-enabled/
- [root@exchange-online]# vim /etc/nginx/sites-enabled/taler-exchange
+ [root@exchange-online]# vim /etc/nginx/sites-available/taler-exchange
< ... customize configuration ... >
+ [root@exchange-online]# ln -s /etc/nginx/sites-available/taler-exchange \
+ /etc/nginx/sites-enabled/taler-exchange
[root@exchange-online]# systemctl reload nginx