aboutsummaryrefslogtreecommitdiff
path: root/debian/etc/nginx/sites-available/taler-merchant
diff options
context:
space:
mode:
Diffstat (limited to 'debian/etc/nginx/sites-available/taler-merchant')
-rw-r--r--debian/etc/nginx/sites-available/taler-merchant36
1 files changed, 23 insertions, 13 deletions
diff --git a/debian/etc/nginx/sites-available/taler-merchant b/debian/etc/nginx/sites-available/taler-merchant
index 82aaa306..8de78a88 100644
--- a/debian/etc/nginx/sites-available/taler-merchant
+++ b/debian/etc/nginx/sites-available/taler-merchant
@@ -1,19 +1,29 @@
-location ~ /taler-merchant/private/ {
- if ($http_authorization !~ "(?i)ApiKey %SECURITYTOKEN%") {
- return 401;
- }
- proxy_pass http://unix:/var/lib/taler-merchant/httpd/merchant.sock;
- proxy_redirect off;
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-Host "example.com";
- proxy_set_header X-Forwarded-Proto "https";
-}
+server {
+ # NOTE:
+ # - urgently consider configuring TLS instead
+ # - maybe keep a forwarder from HTTP to HTTPS
+ listen 80;
+
+ # NOTE:
+ # - Comment out this line if you have no IPv6
+ listen [::]:80;
+
+ # NOTE:
+ # - replace with your actual server name
+ server_name localhost;
-location /taler-merchant/ {
- proxy_pass http://unix:/var/lib/taler-merchant/httpd/merchant.sock;
+ location / {
+ proxy_pass http://unix:/var/run/taler/merchant-httpd/merchant-http.sock;
proxy_redirect off;
proxy_set_header Host $host;
+
+ # NOTE:
+ # - put your actual DNS name here
proxy_set_header X-Forwarded-Host "example.com";
- proxy_set_header X-Forwarded-Proto "https";
+
+ # NOTE:
+ # - uncomment the following line if you are using HTTPS
+ # proxy_set_header X-Forwarded-Proto "https";
+ }
} \ No newline at end of file