From 55524cdf91753b7b3ab964873a534c1c2e699ded Mon Sep 17 00:00:00 2001 From: Javier Sepulveda Date: Fri, 16 Feb 2024 12:32:28 +0100 Subject: Additional information (subdomains + subsequent executions) --- libeufin/regional-manual.rst | 52 ++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 48 insertions(+), 4 deletions(-) (limited to 'libeufin') diff --git a/libeufin/regional-manual.rst b/libeufin/regional-manual.rst index d2571b24..d974bb05 100644 --- a/libeufin/regional-manual.rst +++ b/libeufin/regional-manual.rst @@ -100,6 +100,30 @@ Furthermore, you should run the process on a system with one or more globally reachable IP address(es) *and* with various DNS names already pointing to these IPs. +Preparing the required subdomain names +++++++++++++++++++++++++++++++++++++ + +The GNU Taler program needs to have three subdomains pointing to your server IP address, in order to let NGINX to accommodate each component. +These are "bank", "exchange" and "backend", this said, you need to have a registered top level domain name, +where you can create type (A) entries, as subdomains pointing to your own server public IP address. +A very good advice when creating these subdomains, and if your domain panel lets you specify the TTL (time to live) figure, is +to specify a very low value (such as 300), so in case of future changes, its value (the IP address), will be propagated quickly. + +Once you have added the three required subdomains in your domain control panel, you have to make sure as well, these subdomains have +propogated over the Internet correctly, and they are currently publicly available. + +You can check this from your terminal very easyly with the "dig" command, as this: + +.. code-block:: console + +dig -t txt bank.domainname.ltd +dig -t txt exchange.domainname.ltd +dig -t txt backend.domainname.ltd + +You can also use `this tool `_ for the same purpose, and to check the propagation status. + +Now you are ready to go with the next step. + Obtaining the Scripts +++++++++++++++++++++ @@ -130,9 +154,9 @@ desired setup, in particular: * The DNS domain name of your setup (i.e: domain.tld). The installer will create by itself all the needed subdomains for your domain name, as (``bank.$DOMAIN``, ``exchange.$DOMAIN`` and ``backend.$DOMAIN``). - But, these subdomain names, must have been added beforehand to your + But, these subdomain names as explained before, must have been added beforehand to your DNS domain control panel, and they must be pointing to the - IP address of the system on which you are running the + IP address of the server on which you are running the installation (before you execute the installer). * Whether to use TLS or not. You should answer ``y`` in most cases. * Whether to run taler-exchange-offline. Unless you need a high-security @@ -145,8 +169,8 @@ desired setup, in particular: very long and high-entropy password, preferably use the autogenerated one. The information you entered as well as the generated bank admin password will -be stored in a file called ``config/user.conf``. Should you run the script in -the future (for example, to upgrade the installation), you will not be asked +be stored in a file called ``config/user.conf``. If you run the script in +the future again (for example, to upgrade the installation), you will not be asked these questions a second time. After answering all of the questions, the actual installation will start. The @@ -158,6 +182,26 @@ Grab a coffee. At this point, the setup is NOT connected to any fiat bank account! The next steps must always be done manually! +Running the script again from scratch ++++++++++++++++++++++++++++++++++++++ + +If for some reason your installation doesn't work because you have answered erroneously +some of the interactive questions, or you just want to reset the current installation and to re-deploy +the script again for having its latest changes, you will have to proceed as follows: + +In brief you need to wipe completely the "content" of the file config/user.conf, this doesn't mean +to remove the file itself, but only its content. Eventhough you can do this manually by editing the file manually +with you preferred text editor, you can also do this in one single command. + +.. code-block:: console + +cat /dev/null > config/user.conf + +.. note:: + +In future versions of the program when executed for the second time, the program itself will +show an option to offer to wipe the content of this user.conf file, automatically. + Multi-factor authentification +++++++++++++++++++++++++++++ -- cgit v1.2.3