From 05bc00b5f226e6e6695ef00609a02549284c8f55 Mon Sep 17 00:00:00 2001 From: Florian Dold Date: Fri, 30 Jul 2021 13:22:45 +0200 Subject: debian: better config split by package --- .../apache2/sites-available/taler-auditor.conf | 4 ++++ debian/etc-taler-auditor/nginx/sites-available/taler-auditor | 7 +++++++ debian/etc-taler-auditor/taler/conf.d/auditor-system.conf | 12 ++++++++++++ .../etc-taler-auditor/taler/secrets/auditor-db.secret.conf | 10 ++++++++++ 4 files changed, 33 insertions(+) create mode 100644 debian/etc-taler-auditor/apache2/sites-available/taler-auditor.conf create mode 100644 debian/etc-taler-auditor/nginx/sites-available/taler-auditor create mode 100644 debian/etc-taler-auditor/taler/conf.d/auditor-system.conf create mode 100644 debian/etc-taler-auditor/taler/secrets/auditor-db.secret.conf (limited to 'debian/etc-taler-auditor') diff --git a/debian/etc-taler-auditor/apache2/sites-available/taler-auditor.conf b/debian/etc-taler-auditor/apache2/sites-available/taler-auditor.conf new file mode 100644 index 000000000..f68c59558 --- /dev/null +++ b/debian/etc-taler-auditor/apache2/sites-available/taler-auditor.conf @@ -0,0 +1,4 @@ + +ProxyPass "unix:/var/lib/taler-auditor/auditor.sock|http://example.com/" +RequestHeader add "X-Forwarded-Proto" "https" + diff --git a/debian/etc-taler-auditor/nginx/sites-available/taler-auditor b/debian/etc-taler-auditor/nginx/sites-available/taler-auditor new file mode 100644 index 000000000..3fdffdad3 --- /dev/null +++ b/debian/etc-taler-auditor/nginx/sites-available/taler-auditor @@ -0,0 +1,7 @@ +location /taler-auditor/ { + proxy_pass http://unix:/var/lib/taler-auditor/auditor.sock; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host "example.com"; + proxy_set_header X-Forwarded-Proto "https"; +} \ No newline at end of file diff --git a/debian/etc-taler-auditor/taler/conf.d/auditor-system.conf b/debian/etc-taler-auditor/taler/conf.d/auditor-system.conf new file mode 100644 index 000000000..3d3aef33a --- /dev/null +++ b/debian/etc-taler-auditor/taler/conf.d/auditor-system.conf @@ -0,0 +1,12 @@ +# Read secret sections into configuration, but only +# if we have permission to do so. +@inline-secret@ auditordb-postgres ../secrets/auditor-db.secret.conf + +[auditor] +# Debian package is configured to use a reverse proxy with a UNIX +# domain socket. See nginx/apache configuration files. +SERVE = UNIX +UNIXPATH = /var/lib/taler-auditor/auditor.sock + +# Only supported database is Postgres right now. +DATABASE = postgres diff --git a/debian/etc-taler-auditor/taler/secrets/auditor-db.secret.conf b/debian/etc-taler-auditor/taler/secrets/auditor-db.secret.conf new file mode 100644 index 000000000..b81bb817f --- /dev/null +++ b/debian/etc-taler-auditor/taler/secrets/auditor-db.secret.conf @@ -0,0 +1,10 @@ +# Database configuration for the Taler auditor. + +[auditordb-postgres] + +# Typically, there should only be a single line here, of the form: + +CONFIG=postgres:///DATABASE + +# The details of the URI depend on where the database lives and how +# access control was configured. -- cgit v1.2.3