commit 180e74abea3a4161e800dd0177f601ab3aaf913c
parent 461c9bdbfe726c1f3db3f1b2928b41450bef01bc
Author: bohdan-potuzhnyi <bohdan.potuzhnyi@gmail.com>
Date: Tue, 1 Apr 2025 13:24:28 +0200
actually adding the v1 version of the taler-merchant-setup script file
Diffstat:
1 file changed, 286 insertions(+), 0 deletions(-)
diff --git a/src/merchant-tools/taler-merchant-setup b/src/merchant-tools/taler-merchant-setup
@@ -0,0 +1,285 @@
+#!/usr/bin/env bash
+#
+# Usage:
+# ./taler-merchant-setup.sh --domain some.domain.name [--nginx | --apache] [--httponly | --httpsonly]
+#
+# If neither --nginx nor --apache is specified, the script:
+# 1) Detects if exactly one of them is installed -> uses it
+# 2) Otherwise, errors out
+#
+# Description:
+# - Requires --domain <name>
+# - At most one of {--nginx, --apache} (or auto-detection)
+# - Optionally {--httponly} or {--httpsonly} (but not both)
+# - Checks for required packages (nginx/apache2, certbot)
+# - Verifies Apache modules if using --apache (proxy, proxy_http, headers)
+# - Attempts to start the selected web server
+# - Runs certbot to get certificates
+# - Updates config(s), backs up originals, optionally forces HTTP->HTTPS
+# - Activates the new configuration
+#
+# Paths used:
+# - Nginx: /etc/nginx/sites-available/taler-merchant
+# - Apache: /etc/apache2/sites-available/taler-merchant.conf
+#
+
+###########################
+# 0. Parse input arguments
+###########################
+
+DOMAIN=""
+USE_NGINX=0
+USE_APACHE=0
+HTTP_ONLY=0
+HTTPS_ONLY=0
+
+while [[ $# -gt 0 ]]; do
+ case "$1" in
+ --domain)
+ DOMAIN="$2"
+ shift 2
+ ;;
+ --nginx)
+ USE_NGINX=1
+ shift
+ ;;
+ --apache)
+ USE_APACHE=1
+ shift
+ ;;
+ --httponly)
+ HTTP_ONLY=1
+ shift
+ ;;
+ --httpsonly)
+ HTTPS_ONLY=1
+ shift
+ ;;
+ *)
+ echo "Unknown argument: $1"
+ exit 1
+ ;;
+ esac
+done
+
+# Check domain
+if [[ -z "$DOMAIN" ]]; then
+ echo "ERROR: --domain <name> is required."
+ exit 1
+fi
+
+##############################
+# Detect installed web server
+##############################
+check_installed() {
+ dpkg -s "$1" &>/dev/null
+}
+
+# If user did NOT specify --nginx or --apache, see if exactly one is installed.
+if [[ $USE_NGINX -eq 0 && $USE_APACHE -eq 0 ]]; then
+ NGINX_INSTALLED=0
+ APACHE_INSTALLED=0
+ if check_installed nginx; then
+ NGINX_INSTALLED=1
+ fi
+ if check_installed apache2; then
+ APACHE_INSTALLED=1
+ fi
+
+ if [[ $NGINX_INSTALLED -eq 1 && $APACHE_INSTALLED -eq 0 ]]; then
+ USE_NGINX=1
+ echo "Detected only nginx installed; proceeding with nginx."
+ elif [[ $NGINX_INSTALLED -eq 0 && $APACHE_INSTALLED -eq 1 ]]; then
+ USE_APACHE=1
+ echo "Detected only apache2 installed; proceeding with apache."
+ else
+ echo "ERROR: Both or neither of nginx/apache2 are installed."
+ echo " Please install one or specify --nginx / --apache explicitly."
+ exit 1
+ fi
+fi
+
+# At this point, we have either USE_NGINX=1 or USE_APACHE=1.
+
+# Check that at most one of {--httponly, --httpsonly}
+if [[ $HTTP_ONLY -eq 1 && $HTTPS_ONLY -eq 1 ]]; then
+ echo "ERROR: Cannot specify both --httponly and --httpsonly."
+ exit 1
+fi
+
+# We need certbot only if HTTPS is involved
+if [[ $HTTP_ONLY -eq 0 ]]; then
+ if ! check_installed certbot; then
+ echo "ERROR: certbot is not installed."
+ echo "Install it via: sudo apt-get install certbot"
+ exit 1
+ fi
+fi
+
+###################################
+# 1. Check presence of chosen server
+###################################
+if [[ $USE_NGINX -eq 1 ]]; then
+ if ! check_installed nginx; then
+ echo "ERROR: nginx is not installed or not detected."
+ echo "Install it via: sudo apt-get install nginx"
+ exit 1
+ fi
+else
+ if ! check_installed apache2; then
+ echo "ERROR: apache2 is not installed or not detected."
+ echo "Install it via: sudo apt-get install apache2"
+ exit 1
+ fi
+
+ # Check Apache modules
+ APACHE_MODULES="$(apache2ctl -M 2>/dev/null)"
+ for mod in proxy proxy_http headers; do
+ if ! echo "$APACHE_MODULES" | grep -qE "^ $mod(_module)?"; then
+ echo "ERROR: Apache module '$mod' is not enabled."
+ echo "Enable it with: sudo a2enmod $mod && sudo systemctl restart apache2"
+ exit 1
+ fi
+ done
+fi
+
+###########################################
+# 2. Start/ensure the requested service is up
+###########################################
+start_service() {
+ local service_name="$1"
+ if ! systemctl is-active --quiet "$service_name"; then
+ echo "Attempting to start $service_name ..."
+ sudo systemctl start "$service_name"
+ if [[ $? -ne 0 ]]; then
+ echo "ERROR: Could not start $service_name. Fix manually or switch server type."
+ exit 1
+ fi
+ fi
+}
+
+if [[ $USE_NGINX -eq 1 ]]; then
+ start_service "nginx"
+else
+ start_service "apache2"
+fi
+
+#######################################################
+# 2.5 Adjust config for HTTP-only (if requested FIRST)
+#######################################################
+CONFIG_FILE_NGINX="/etc/nginx/sites-available/taler-merchant"
+CONFIG_FILE_APACHE="/etc/apache2/sites-available/taler-merchant.conf"
+
+backup_and_edit_nginx_http_only() {
+ if [[ ! -f "${CONFIG_FILE_NGINX}.legacy" ]]; then
+ sudo cp "$CONFIG_FILE_NGINX" "${CONFIG_FILE_NGINX}.legacy"
+ fi
+ sudo cp "${CONFIG_FILE_NGINX}.legacy" "$CONFIG_FILE_NGINX"
+ sudo sed -i "s/%%your\.domain%%/$DOMAIN/g" "$CONFIG_FILE_NGINX"
+ # Remove any 'server { ... listen 443 ... }' block (simple approach)
+ sudo sed -i '/listen 443/,/}/d' "$CONFIG_FILE_NGINX"
+}
+
+backup_and_edit_apache_http_only() {
+ if [[ ! -f "${CONFIG_FILE_APACHE}.legacy" ]]; then
+ sudo cp "$CONFIG_FILE_APACHE" "${CONFIG_FILE_APACHE}.legacy"
+ fi
+ sudo cp "${CONFIG_FILE_APACHE}.legacy" "$CONFIG_FILE_APACHE"
+ sudo sed -i "s/%%your\.domain%%/$DOMAIN/g" "$CONFIG_FILE_APACHE"
+ # Remove everything from "<VirtualHost *:443>" to "</VirtualHost>"
+ sudo sed -i '/<VirtualHost \*:443>/,/<\/VirtualHost>/d' "$CONFIG_FILE_APACHE"
+}
+
+if [[ $HTTP_ONLY -eq 1 ]]; then
+ if [[ $USE_NGINX -eq 1 ]]; then
+ backup_and_edit_nginx_http_only
+ sudo systemctl reload nginx
+ else
+ backup_and_edit_apache_http_only
+ sudo systemctl reload apache2
+ fi
+fi
+
+#############################################
+# 3. Acquire certificate via certbot
+#############################################
+echo "Running certbot to obtain certificate for $DOMAIN ..."
+echo "Please follow the certbot prompts."
+sudo certbot certonly --webroot -w /var/www/html -d "$DOMAIN"
+if [[ $? -ne 0 ]]; then
+ echo "ERROR: certbot failed. Exiting."
+ exit 1
+fi
+
+##############################################################
+# 4. Update config to use SSL (unless strictly HTTP only)
+##############################################################
+backup_and_edit_nginx_https() {
+ if [[ ! -f "${CONFIG_FILE_NGINX}.legacy" ]]; then
+ sudo cp "$CONFIG_FILE_NGINX" "${CONFIG_FILE_NGINX}.legacy"
+ fi
+ sudo cp "${CONFIG_FILE_NGINX}.legacy" "$CONFIG_FILE_NGINX"
+ sudo sed -i "s/%%your\.domain%%/$DOMAIN/g" "$CONFIG_FILE_NGINX"
+
+ if [[ $HTTPS_ONLY -eq 1 ]]; then
+ # Insert a simple HTTP->HTTPS redirect into the server block with "listen 80;"
+ sudo sed -i '/listen 80;/a \
+ if ($scheme = http) { return 301 https://$host$request_uri; }' "$CONFIG_FILE_NGINX"
+ fi
+}
+
+backup_and_edit_apache_https() {
+ if [[ ! -f "${CONFIG_FILE_APACHE}.legacy" ]]; then
+ sudo cp "$CONFIG_FILE_APACHE" "${CONFIG_FILE_APACHE}.legacy"
+ fi
+ sudo cp "${CONFIG_FILE_APACHE}.legacy" "$CONFIG_FILE_APACHE"
+ sudo sed -i "s/%%your\.domain%%/$DOMAIN/g" "$CONFIG_FILE_APACHE"
+
+ if [[ $HTTPS_ONLY -eq 1 ]]; then
+ # Insert naive rewrite for forcing HTTPS
+ sudo sed -i '/<VirtualHost \*:80>/a \
+ RewriteEngine On\nRewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R=301,L]' "$CONFIG_FILE_APACHE"
+ sudo a2enmod rewrite
+ fi
+}
+
+if [[ $HTTP_ONLY -eq 0 ]]; then
+ if [[ $USE_NGINX -eq 1 ]]; then
+ backup_and_edit_nginx_https
+ sudo systemctl reload nginx
+ else
+ backup_and_edit_apache_https
+ sudo systemctl reload apache2
+ fi
+else
+ echo "HTTP-only mode requested; skipping HTTPS config edits."
+fi
+
+##################################################
+# 5. Activate the configuration and final reload
+##################################################
+if [[ $USE_NGINX -eq 1 ]]; then
+ # Symlink into sites-enabled if not already done
+ if [[ ! -e "/etc/nginx/sites-enabled/taler-merchant" ]]; then
+ echo "Linking /etc/nginx/sites-available/taler-merchant to /etc/nginx/sites-enabled/"
+ sudo ln -s /etc/nginx/sites-available/taler-merchant /etc/nginx/sites-enabled/
+ fi
+
+ echo "Testing nginx configuration..."
+ sudo nginx -t
+ if [[ $? -ne 0 ]]; then
+ echo "ERROR: 'nginx -t' reported a problem. Please fix the config before proceeding."
+ exit 1
+ fi
+
+ echo "Reloading nginx with new configuration..."
+ sudo systemctl reload nginx
+else
+ echo "Enabling the taler-merchant site in Apache..."
+ sudo a2ensite taler-merchant
+
+ echo "Reloading Apache with new configuration..."
+ sudo systemctl reload apache2
+fi
+
+echo "Done. Configuration updated and activated for $DOMAIN."
+\ No newline at end of file
