commit 553bf5d19bdfe7160ae0b8b59ddab3954f80c2d0
parent 59595700d5e0c90c4573deea4206ad4e0bad97d7
Author: bohdan-potuzhnyi <bohdan.potuzhnyi@gmail.com>
Date: Thu, 3 Apr 2025 11:47:54 +0200
adding the taler-merchant-rproxy-setup manpage
Diffstat:
1 file changed, 90 insertions(+), 0 deletions(-)
diff --git a/manpages/taler-merchant-rproxy-setup.1.rst b/manpages/taler-merchant-rproxy-setup.1.rst
@@ -0,0 +1,90 @@
+taler-merchant-rproxy-setup(1)
+##############################
+
+.. only:: html
+
+ Name
+ ====
+
+ **taler-merchant-rproxy-setup** - configure reverse proxy for the Taler merchant
+
+Synopsis
+========
+
+**taler-merchant-rproxy-setup**
+[**--domain**=*NAME*]
+[**--nginx** | **--apache**]
+[**--httponly** | **--httpsonly**]
+[**-h** | **--help**]
+
+
+Description
+===========
+
+**taler-merchant-rproxy-setup** is a command-line tool that configures
+a reverse proxy for the Taler merchant under either Nginx or Apache
+HTTP server. It may optionally enable HTTPS via **certbot** unless
+**--httponly** is requested.
+
+If neither **--nginx** nor **--apache** is specified, the script checks
+whether exactly one of them is installed and proceeds accordingly, or
+exits with an error if neither or both are installed.
+
+The script updates the default reverse-proxy configuration file
+(`/etc/nginx/sites-available/taler-merchant` for Nginx,
+`/etc/apache2/sites-available/taler-merchant.conf` for Apache) and
+backs up any existing version to a ``.legacy`` suffix. If HTTPS is
+enabled (the default unless **--httponly** is given), *certbot* is run
+to obtain TLS certificates for the configured domain name, and
+the configuration is adjusted accordingly. If **--httpsonly** is
+requested, HTTP requests will be redirected to HTTPS (port 443).
+Finally, the script activates the new site configuration and reloads
+the respective web server.
+
+To ensure successful configuration, both the web server (Nginx or
+Apache) and **certbot** (unless **--httponly**) must be installed.
+In the case of Apache, some modules (``proxy``, ``proxy_http``,
+``headers``) must be enabled. The script will check for these
+prerequisites and exit with an error if any are missing.
+
+
+Options
+=======
+
+**--domain=**\ *NAME*
+ Required. The fully qualified domain name (FQDN) for which the
+ reverse proxy is being set up.
+
+**--nginx**
+ Force using Nginx as the reverse proxy. If not specified, the script
+ auto-detects whether Nginx or Apache is installed, provided exactly
+ one is installed.
+
+**--apache**
+ Force using Apache as the reverse proxy. If not specified, the script
+ auto-detects whether Nginx or Apache is installed, provided exactly
+ one is installed.
+
+**--httponly**
+ Only configure HTTP (no TLS). Skips certbot and omits all
+ TLS-related configuration. Incompatible with **--httpsonly**.
+
+**--httpsonly**
+ Configure HTTPS and automatically redirect HTTP traffic to the HTTPS
+ port. Incompatible with **--httponly**.
+
+**-h** \| **--help**
+ Print short help on options.
+
+
+See Also
+========
+
+taler-merchant-httpd(1), taler-merchant.conf(5)
+
+
+Bugs
+====
+
+Report bugs by using https://bugs.taler.net/ or by sending
+electronic mail to <taler@gnu.org>.
