From 1a1b134f29c3a036ec83cfa816928e411ac29d8d Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Sat, 28 Aug 2021 21:45:36 +0200
Subject: fix HTTP server configuration files

---
 .../apache2/sites-available/taler-merchant.conf    | 36 ++++++++++++----------
 debian/etc/nginx/sites-available/taler-merchant    | 36 ++++++++++++++--------
 debian/etc/taler/conf.d/merchant.conf              |  1 +
 3 files changed, 44 insertions(+), 29 deletions(-)

(limited to 'debian/etc')

diff --git a/debian/etc/apache2/sites-available/taler-merchant.conf b/debian/etc/apache2/sites-available/taler-merchant.conf
index eebc6826..5d0050a7 100644
--- a/debian/etc/apache2/sites-available/taler-merchant.conf
+++ b/debian/etc/apache2/sites-available/taler-merchant.conf
@@ -1,18 +1,22 @@
-<!--
-  Make sure to enable the following Apache modules before
-  integrating this into your configuration:
+# Make sure to enable the following Apache modules before
+# integrating this into your configuration:
+#
+# a2enmod proxy
+# a2enmod proxy_http
+# a2enmod headers
+#
+# NOTE:
+# - consider to adjust the location
+# - consider putting all this into a VirtualHost
+# - strongly consider setting up TLS support
+#
+# For all of the above, please read the respective
+# Apache documentation.
+#
+<Location "/">
+  ProxyPass "unix:/var/run/taler/merchant-httpd/merchant-http.sock|http://example.com/"
 
-  # a2enmod proxy
-  # a2enmod proxy_http
-  # a2enmod headers
-  # a2enmod rewrite
--->
-
-<Location "/taler-merchant/">
-RewriteEngine On
-RewriteCond "%{HTTP:AUTHORIZATION}" "!= %SECURITYTOKEN%"
-RewriteRule "(.+)/private/" "-" [F]
-
-ProxyPass "unix:/var/lib/taler-merchant/httpd/merchant.sock|http://example.com/"
-RequestHeader add "X-Forwarded-Proto" "https"
+  # NOTE:
+  # - Uncomment this line if you use TLS/HTTPS
+  RequestHeader add "X-Forwarded-Proto" "https"
 </Location>
diff --git a/debian/etc/nginx/sites-available/taler-merchant b/debian/etc/nginx/sites-available/taler-merchant
index 82aaa306..8de78a88 100644
--- a/debian/etc/nginx/sites-available/taler-merchant
+++ b/debian/etc/nginx/sites-available/taler-merchant
@@ -1,19 +1,29 @@
-location ~ /taler-merchant/private/ {
-    if ($http_authorization !~ "(?i)ApiKey %SECURITYTOKEN%") {
-       return 401;
-    }
-    proxy_pass http://unix:/var/lib/taler-merchant/httpd/merchant.sock;
-    proxy_redirect off;
-    proxy_set_header Host $host;
-    proxy_set_header X-Forwarded-Host "example.com";
-    proxy_set_header X-Forwarded-Proto "https";
-}
+server {
+    # NOTE:
+    # - urgently consider configuring TLS instead
+    # - maybe keep a forwarder from HTTP to HTTPS
+    listen 80;
+
+    # NOTE:
+    # - Comment out this line if you have no IPv6
+    listen [::]:80;
+
+    # NOTE:
+    # - replace with your actual server name
+    server_name localhost;
 
-location /taler-merchant/ {
-         proxy_pass http://unix:/var/lib/taler-merchant/httpd/merchant.sock;
+    location / {
+         proxy_pass http://unix:/var/run/taler/merchant-httpd/merchant-http.sock;
          proxy_redirect off;
          proxy_set_header Host $host;
+
+         # NOTE:
+         # - put your actual DNS name here
          proxy_set_header X-Forwarded-Host "example.com";
-         proxy_set_header X-Forwarded-Proto "https";
+
+         # NOTE:
+         # - uncomment the following line if you are using HTTPS
+         # proxy_set_header X-Forwarded-Proto "https";
+    }
 
 }
\ No newline at end of file
diff --git a/debian/etc/taler/conf.d/merchant.conf b/debian/etc/taler/conf.d/merchant.conf
index 41816b0b..48516157 100644
--- a/debian/etc/taler/conf.d/merchant.conf
+++ b/debian/etc/taler/conf.d/merchant.conf
@@ -4,6 +4,7 @@
 
 [merchant]
 DATABASE = postgres
+SERVE = unix
 
 # Merchant-specific overrides, included last to take precedence.
 @inline-matching@ ../merchant-overrides.conf
-- 
cgit v1.2.3