[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-merchant] branch master updated: fix HTTP server configuration fi
From: |
gnunet |
Subject: |
[taler-merchant] branch master updated: fix HTTP server configuration files |
Date: |
Sat, 28 Aug 2021 21:45:44 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository merchant.
The following commit(s) were added to refs/heads/master by this push:
new 1a1b134f fix HTTP server configuration files
1a1b134f is described below
commit 1a1b134f29c3a036ec83cfa816928e411ac29d8d
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Sat Aug 28 21:45:36 2021 +0200
fix HTTP server configuration files
---
.../apache2/sites-available/taler-merchant.conf | 36 ++++++++++++----------
debian/etc/nginx/sites-available/taler-merchant | 36 ++++++++++++++--------
debian/etc/taler/conf.d/merchant.conf | 1 +
3 files changed, 44 insertions(+), 29 deletions(-)
diff --git a/debian/etc/apache2/sites-available/taler-merchant.conf
b/debian/etc/apache2/sites-available/taler-merchant.conf
index eebc6826..5d0050a7 100644
--- a/debian/etc/apache2/sites-available/taler-merchant.conf
+++ b/debian/etc/apache2/sites-available/taler-merchant.conf
@@ -1,18 +1,22 @@
-<!--
- Make sure to enable the following Apache modules before
- integrating this into your configuration:
+# Make sure to enable the following Apache modules before
+# integrating this into your configuration:
+#
+# a2enmod proxy
+# a2enmod proxy_http
+# a2enmod headers
+#
+# NOTE:
+# - consider to adjust the location
+# - consider putting all this into a VirtualHost
+# - strongly consider setting up TLS support
+#
+# For all of the above, please read the respective
+# Apache documentation.
+#
+<Location "/">
+ ProxyPass
"unix:/var/run/taler/merchant-httpd/merchant-http.sock|http://example.com/"
- # a2enmod proxy
- # a2enmod proxy_http
- # a2enmod headers
- # a2enmod rewrite
--->
-
-<Location "/taler-merchant/">
-RewriteEngine On
-RewriteCond "%{HTTP:AUTHORIZATION}" "!= %SECURITYTOKEN%"
-RewriteRule "(.+)/private/" "-" [F]
-
-ProxyPass
"unix:/var/lib/taler-merchant/httpd/merchant.sock|http://example.com/"
-RequestHeader add "X-Forwarded-Proto" "https"
+ # NOTE:
+ # - Uncomment this line if you use TLS/HTTPS
+ RequestHeader add "X-Forwarded-Proto" "https"
</Location>
diff --git a/debian/etc/nginx/sites-available/taler-merchant
b/debian/etc/nginx/sites-available/taler-merchant
index 82aaa306..8de78a88 100644
--- a/debian/etc/nginx/sites-available/taler-merchant
+++ b/debian/etc/nginx/sites-available/taler-merchant
@@ -1,19 +1,29 @@
-location ~ /taler-merchant/private/ {
- if ($http_authorization !~ "(?i)ApiKey %SECURITYTOKEN%") {
- return 401;
- }
- proxy_pass http://unix:/var/lib/taler-merchant/httpd/merchant.sock;
- proxy_redirect off;
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-Host "example.com";
- proxy_set_header X-Forwarded-Proto "https";
-}
+server {
+ # NOTE:
+ # - urgently consider configuring TLS instead
+ # - maybe keep a forwarder from HTTP to HTTPS
+ listen 80;
+
+ # NOTE:
+ # - Comment out this line if you have no IPv6
+ listen [::]:80;
+
+ # NOTE:
+ # - replace with your actual server name
+ server_name localhost;
-location /taler-merchant/ {
- proxy_pass http://unix:/var/lib/taler-merchant/httpd/merchant.sock;
+ location / {
+ proxy_pass
http://unix:/var/run/taler/merchant-httpd/merchant-http.sock;
proxy_redirect off;
proxy_set_header Host $host;
+
+ # NOTE:
+ # - put your actual DNS name here
proxy_set_header X-Forwarded-Host "example.com";
- proxy_set_header X-Forwarded-Proto "https";
+
+ # NOTE:
+ # - uncomment the following line if you are using HTTPS
+ # proxy_set_header X-Forwarded-Proto "https";
+ }
}
\ No newline at end of file
diff --git a/debian/etc/taler/conf.d/merchant.conf
b/debian/etc/taler/conf.d/merchant.conf
index 41816b0b..48516157 100644
--- a/debian/etc/taler/conf.d/merchant.conf
+++ b/debian/etc/taler/conf.d/merchant.conf
@@ -4,6 +4,7 @@
[merchant]
DATABASE = postgres
+SERVE = unix
# Merchant-specific overrides, included last to take precedence.
@inline-matching@ ../merchant-overrides.conf
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-merchant] branch master updated: fix HTTP server configuration files,
gnunet <=