diff options
Diffstat (limited to 'taler-exchange-setup-guide.rst')
| -rw-r--r-- | taler-exchange-setup-guide.rst | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/taler-exchange-setup-guide.rst b/taler-exchange-setup-guide.rst index 1d6e0b20..f867feda 100644 --- a/taler-exchange-setup-guide.rst +++ b/taler-exchange-setup-guide.rst @@ -163,6 +163,8 @@ The package will deploy systemd service files in (FIXME: Explain the Debian package users, groups and locations. -- anything missing?) +FIXME: I do not see how secmod keys are kept isolated from +the other users! Basic Setup: Currency and Denominations @@ -225,8 +227,9 @@ pattern ``exchange-account-$id``, where ``$id`` is an internal identifier for the bank account accessed with the Wire Gateway. The configuration file ``/etc/taler/conf.d/exchange-system.conf`` by default loads the section ``exchange-account-1`` from the secret file -``/etc/taler/secrets/exchange-accounts.secret.conf``. - +``/etc/taler/secrets/exchange-accounts.secret.conf``. The latter file +should already be only readable for the taler-exchange-wire user. Other +exchange processes should not have access to this information. .. code-block:: ini :caption: /etc/taler/secrets/exchange-accounts.secret.conf @@ -340,7 +343,7 @@ The responsibilities of this offline signing machine are: .. code-block:: shell-session - [root@exchange-online]# sudo -u taler-exchange-offline taler-exchange-offline setup + [root@exchange-offline]# sudo -u taler-exchange-offline taler-exchange-offline setup < ... prints the exchange master public key > The public key printed as the output of this command should must be put into the configuration @@ -379,9 +382,10 @@ enabled in nginx: .. code-block:: shell-session - [root@exchange-online]# cp /etc/nginx/sites-available/taler-exchange /etc/nginx/sites-enabled/ - [root@exchange-online]# vim /etc/nginx/sites-enabled/taler-exchange + [root@exchange-online]# vim /etc/nginx/sites-available/taler-exchange < ... customize configuration ... > + [root@exchange-online]# ln -s /etc/nginx/sites-available/taler-exchange \ + /etc/nginx/sites-enabled/taler-exchange [root@exchange-online]# systemctl reload nginx |