taler-docs

Documentation for GNU Taler components, APIs and protocols
Log | Files | Refs | README | LICENSE
commit 31c1982d050e6a6f71c4d730d26f2dae548c34ef
parent 2708ebc7e9dc56817fc1b4b44b2c0eeae6c078e9
Author: Bohdan Potuzhnyi <bohdan.potuzhnyi@gmail.com>
Date:   Tue, 27 May 2025 22:37:43 +0300

adding taler-merchant-rproxy part

Diffstat:

Mfrags/apt-install-taler-merchant.rst | 5++++-


Mtaler-merchant-manual.rst | 52++++++++++++++++++++++++++++++++++++++++++++++++++++


2 files changed, 56 insertions(+), 1 deletion(-)

diff --git a/frags/apt-install-taler-merchant.rst b/frags/apt-install-taler-merchant.rst
@@ -11,4 +11,7 @@ fragment for Nginx or Apache will be placed in
 ``/etc/{apache,nginx}/conf-available/taler-merchant.conf``.  You must
 furthermore still configure the database and the instances, and may need to
 extend the fragment with access control restrictions for non-default
-instances.
+instances. For automated deployments, you can also use
+the ``taler-merchant-rproxy-setup`` helper script—see
+:ref:`automated reverse proxy configuration <auto-reverse-proxy-configuration>`.
+
diff --git a/taler-merchant-manual.rst b/taler-merchant-manual.rst
@@ -1300,6 +1300,58 @@ Note that the above again assumes your domain name is ``example.com`` and that
 you have TLS configured.  Note that you must add the ``https`` header unless
 your site is not available via TLS.
 
+.. _auto-reverse-proxy-configuration:
+
+Automated Reverse Proxy Configuration
+-------------------------------------
+
+GNU Taler provides a helper script, ``taler-merchant-rproxy-setup``, that
+automates the most common reverse-proxy configuration tasks for both Nginx
+and Apache:
+
+-   Detects (or lets you choose) Nginx vs. Apache
+-   Verifies and enables required modules and packages
+-   Obtains (or skips) TLS certificates via Certbot (unless ``--httponly``)
+-   Backs up and populates the stock configuration with your domain
+-   Optionally forces HTTP → HTTPS redirection (``--httpsonly``)
+-   Enables the site and reloads the web server
+
+Usage
+^^^^^
+
+.. code-block:: console
+
+   taler-merchant-rproxy-setup \
+     --domain <example.com> [--nginx | --apache] [--httponly | --httpsonly]
+
+Options
+^^^^^^^
+
+``--domain <name>``
+    (Required) The public domain name to configure.
+
+``--nginx``
+    Force use of Nginx (overriding auto-detection).
+
+``--apache``
+    Force use of Apache2 (overriding auto-detection).
+
+``--httponly``
+    Only configure HTTP (no TLS). Skips Certbot entirely.
+
+``--httpsonly``
+    Enable HTTPS and add an HTTP→HTTPS redirect.
+
+``-h, --help``
+    Show this help message and exit.
+
+.. note::
+
+   This script must be run as root (for example via ``sudo``) and requires
+   that either Nginx or Apache2 (and Certbot for non-HTTP-only modes) be
+   installed on the system.
+
+
 Access control
 --------------