aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2021-08-28 21:45:36 +0200
committerChristian Grothoff <christian@grothoff.org>2021-08-28 21:45:41 +0200
commit1a1b134f29c3a036ec83cfa816928e411ac29d8d (patch)
treed718e077a0fe670d74ddb84e7260e424eb90e585
parent8be7085974d1878df4cd0b3253418003c9f95fa2 (diff)
downloadmerchant-1a1b134f29c3a036ec83cfa816928e411ac29d8d.tar.gz
merchant-1a1b134f29c3a036ec83cfa816928e411ac29d8d.tar.bz2
merchant-1a1b134f29c3a036ec83cfa816928e411ac29d8d.zip
fix HTTP server configuration files
-rw-r--r--debian/etc/apache2/sites-available/taler-merchant.conf36
-rw-r--r--debian/etc/nginx/sites-available/taler-merchant36
-rw-r--r--debian/etc/taler/conf.d/merchant.conf1
3 files changed, 44 insertions, 29 deletions
diff --git a/debian/etc/apache2/sites-available/taler-merchant.conf b/debian/etc/apache2/sites-available/taler-merchant.conf
index eebc6826..5d0050a7 100644
--- a/debian/etc/apache2/sites-available/taler-merchant.conf
+++ b/debian/etc/apache2/sites-available/taler-merchant.conf
@@ -1,18 +1,22 @@
-<!--
- Make sure to enable the following Apache modules before
- integrating this into your configuration:
+# Make sure to enable the following Apache modules before
+# integrating this into your configuration:
+#
+# a2enmod proxy
+# a2enmod proxy_http
+# a2enmod headers
+#
+# NOTE:
+# - consider to adjust the location
+# - consider putting all this into a VirtualHost
+# - strongly consider setting up TLS support
+#
+# For all of the above, please read the respective
+# Apache documentation.
+#
+<Location "/">
+ ProxyPass "unix:/var/run/taler/merchant-httpd/merchant-http.sock|http://example.com/"
- # a2enmod proxy
- # a2enmod proxy_http
- # a2enmod headers
- # a2enmod rewrite
--->
-
-<Location "/taler-merchant/">
-RewriteEngine On
-RewriteCond "%{HTTP:AUTHORIZATION}" "!= %SECURITYTOKEN%"
-RewriteRule "(.+)/private/" "-" [F]
-
-ProxyPass "unix:/var/lib/taler-merchant/httpd/merchant.sock|http://example.com/"
-RequestHeader add "X-Forwarded-Proto" "https"
+ # NOTE:
+ # - Uncomment this line if you use TLS/HTTPS
+ RequestHeader add "X-Forwarded-Proto" "https"
</Location>
diff --git a/debian/etc/nginx/sites-available/taler-merchant b/debian/etc/nginx/sites-available/taler-merchant
index 82aaa306..8de78a88 100644
--- a/debian/etc/nginx/sites-available/taler-merchant
+++ b/debian/etc/nginx/sites-available/taler-merchant
@@ -1,19 +1,29 @@
-location ~ /taler-merchant/private/ {
- if ($http_authorization !~ "(?i)ApiKey %SECURITYTOKEN%") {
- return 401;
- }
- proxy_pass http://unix:/var/lib/taler-merchant/httpd/merchant.sock;
- proxy_redirect off;
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-Host "example.com";
- proxy_set_header X-Forwarded-Proto "https";
-}
+server {
+ # NOTE:
+ # - urgently consider configuring TLS instead
+ # - maybe keep a forwarder from HTTP to HTTPS
+ listen 80;
+
+ # NOTE:
+ # - Comment out this line if you have no IPv6
+ listen [::]:80;
+
+ # NOTE:
+ # - replace with your actual server name
+ server_name localhost;
-location /taler-merchant/ {
- proxy_pass http://unix:/var/lib/taler-merchant/httpd/merchant.sock;
+ location / {
+ proxy_pass http://unix:/var/run/taler/merchant-httpd/merchant-http.sock;
proxy_redirect off;
proxy_set_header Host $host;
+
+ # NOTE:
+ # - put your actual DNS name here
proxy_set_header X-Forwarded-Host "example.com";
- proxy_set_header X-Forwarded-Proto "https";
+
+ # NOTE:
+ # - uncomment the following line if you are using HTTPS
+ # proxy_set_header X-Forwarded-Proto "https";
+ }
} \ No newline at end of file
diff --git a/debian/etc/taler/conf.d/merchant.conf b/debian/etc/taler/conf.d/merchant.conf
index 41816b0b..48516157 100644
--- a/debian/etc/taler/conf.d/merchant.conf
+++ b/debian/etc/taler/conf.d/merchant.conf
@@ -4,6 +4,7 @@
[merchant]
DATABASE = postgres
+SERVE = unix
# Merchant-specific overrides, included last to take precedence.
@inline-matching@ ../merchant-overrides.conf