commit 1a1b134f29c3a036ec83cfa816928e411ac29d8d
parent 8be7085974d1878df4cd0b3253418003c9f95fa2
Author: Christian Grothoff <christian@grothoff.org>
Date: Sat, 28 Aug 2021 21:45:36 +0200
fix HTTP server configuration files
Diffstat:
3 files changed, 44 insertions(+), 29 deletions(-)
diff --git a/debian/etc/apache2/sites-available/taler-merchant.conf b/debian/etc/apache2/sites-available/taler-merchant.conf
@@ -1,18 +1,22 @@
-<!--
- Make sure to enable the following Apache modules before
- integrating this into your configuration:
+# Make sure to enable the following Apache modules before
+# integrating this into your configuration:
+#
+# a2enmod proxy
+# a2enmod proxy_http
+# a2enmod headers
+#
+# NOTE:
+# - consider to adjust the location
+# - consider putting all this into a VirtualHost
+# - strongly consider setting up TLS support
+#
+# For all of the above, please read the respective
+# Apache documentation.
+#
+<Location "/">
+ ProxyPass "unix:/var/run/taler/merchant-httpd/merchant-http.sock|http://example.com/"
- # a2enmod proxy
- # a2enmod proxy_http
- # a2enmod headers
- # a2enmod rewrite
--->
-
-<Location "/taler-merchant/">
-RewriteEngine On
-RewriteCond "%{HTTP:AUTHORIZATION}" "!= %SECURITYTOKEN%"
-RewriteRule "(.+)/private/" "-" [F]
-
-ProxyPass "unix:/var/lib/taler-merchant/httpd/merchant.sock|http://example.com/"
-RequestHeader add "X-Forwarded-Proto" "https"
+ # NOTE:
+ # - Uncomment this line if you use TLS/HTTPS
+ RequestHeader add "X-Forwarded-Proto" "https"
</Location>
diff --git a/debian/etc/nginx/sites-available/taler-merchant b/debian/etc/nginx/sites-available/taler-merchant
@@ -1,19 +1,29 @@
-location ~ /taler-merchant/private/ {
- if ($http_authorization !~ "(?i)ApiKey %SECURITYTOKEN%") {
- return 401;
- }
- proxy_pass http://unix:/var/lib/taler-merchant/httpd/merchant.sock;
- proxy_redirect off;
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-Host "example.com";
- proxy_set_header X-Forwarded-Proto "https";
-}
+server {
+ # NOTE:
+ # - urgently consider configuring TLS instead
+ # - maybe keep a forwarder from HTTP to HTTPS
+ listen 80;
+
+ # NOTE:
+ # - Comment out this line if you have no IPv6
+ listen [::]:80;
+
+ # NOTE:
+ # - replace with your actual server name
+ server_name localhost;
-location /taler-merchant/ {
- proxy_pass http://unix:/var/lib/taler-merchant/httpd/merchant.sock;
+ location / {
+ proxy_pass http://unix:/var/run/taler/merchant-httpd/merchant-http.sock;
proxy_redirect off;
proxy_set_header Host $host;
+
+ # NOTE:
+ # - put your actual DNS name here
proxy_set_header X-Forwarded-Host "example.com";
- proxy_set_header X-Forwarded-Proto "https";
+
+ # NOTE:
+ # - uncomment the following line if you are using HTTPS
+ # proxy_set_header X-Forwarded-Proto "https";
+ }
}
\ No newline at end of file
diff --git a/debian/etc/taler/conf.d/merchant.conf b/debian/etc/taler/conf.d/merchant.conf
@@ -4,6 +4,7 @@
[merchant]
DATABASE = postgres
+SERVE = unix
# Merchant-specific overrides, included last to take precedence.
@inline-matching@ ../merchant-overrides.conf
