sandcastle-ng

Scripts for the deployment of Sandcastle (GNU Taler)
Log | Files | Refs | README
commit 86ef090fb1aefe2c64c9a7c6bff50df231e679a6
parent c8d4ccc58acc2e8bb7c69cd4dc1d748c635e1430
Author: Florian Dold <florian@dold.me>
Date:   Wed, 10 Dec 2025 00:34:55 +0100

drupal config, reverse proxy

Diffstat:

Mscripts/demo/setup-sandcastle.sh | 39+++++++++++++++++++++++++++++++++++++++


1 file changed, 39 insertions(+), 0 deletions(-)

diff --git a/scripts/demo/setup-sandcastle.sh b/scripts/demo/setup-sandcastle.sh
@@ -16,6 +16,30 @@ if [[ -n ${SANDCASTLE_SKIP_SETUP:-} ]]; then
   exit 1
 fi
 
+
+# Helper to replace a comment-delimited block of lines in a config file with
+# the desired content. If the block doesn't exist yet, append it.
+update_config_block() {
+  local config_file="$1"
+  local marker_tag="$2"
+  local new_content="$3"
+  local begin_marker="# begin ${marker_tag}"
+  local end_marker="# end ${marker_tag}"
+  if [[ ! -f "$config_file" ]]; then
+    echo "Error: Config file '$config_file' not found." >&2
+    return 1
+  fi
+  if grep -qF "$begin_marker" "$config_file"; then
+    # Markers exist. Replace the block.
+    # Escape newlines in the content so sed processes it as a single block
+    local escaped_content="${new_content//$'\n'/\\n}"
+    sed -i "/$begin_marker/,/$end_marker/c\\$begin_marker\n$escaped_content\n$end_marker" "$config_file"
+  else
+    # Markers do not exist. Append to the end.
+    printf "\n%s\n%s\n%s\n" "$begin_marker" "$new_content" "$end_marker" >> "$config_file"
+  fi
+}
+
 echo "Provisioning sandcastle"
 
 # General configuration.
@@ -565,6 +589,11 @@ chown taler-exchange-wire:taler-exchange-db /etc/taler-exchange/secrets/exchange
 systemctl stop caddy.service
 
 cat <<EOF >/etc/caddy/Caddyfile
+{
+  servers {
+      trusted_proxies static private_ranges
+  }
+}
 
 # Services that only listen on unix domain sockets
 # are reverse-proxied to serve on a TCP port.
@@ -1103,6 +1132,7 @@ systemctl enable --now taler-demo-donations
 
 # Turnstile (drupal/php)
 
+
 systemctl enable --now php8.4-fpm
 
 DRUPAL_DB_PW=$(get_credential_pw db/drupal)
@@ -1131,6 +1161,15 @@ chown -R www-data:www-data /talerdata/sandcastle-drupal/
 
 ln -sf /opt/turnstile /talerdata/sandcastle-drupal/web/modules/taler_turnstile
 
+snip=$(cat <<'EOF'
+$settings['reverse_proxy'] = TRUE;
+$settings['reverse_proxy_addresses'] = ['127.0.0.1', '10.0.0.0/8'];
+$settings['trusted_host_patterns'] = ['.*'];
+EOF
+)
+
+update_config_block /talerdata/sandcastle-drupal/web/sites/default/settings.php SANDCASTLE "$snip"
+
 cd /talerdata/sandcastle-drupal
 composer exec -- drush upwd admin $DRUPAL_ADMIN_PW
 composer exec -- drush en taler_turnstile