[taler-deployment] branch master updated: taler-local

[gnunet]

This is an automated email from the git hooks/post-receive script.

ms pushed a commit to branch master
in repository deployment.

The following commit(s) were added to refs/heads/master by this push:
     new 9db9a64  taler-local
9db9a64 is described below

commit 9db9a64b36d2aa550b93b662a605fb4987e77d5e
Author: ms <ms@taler.net>
AuthorDate: Wed Dec 1 15:44:21 2021 +0100

    taler-local
    
    forwarding X-Forwarded-Host's
    port to the one Nginx binds to.
---
 bin/WIP/taler-local | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/bin/WIP/taler-local b/bin/WIP/taler-local
index de82c0a..123cc8d 100755
--- a/bin/WIP/taler-local
+++ b/bin/WIP/taler-local
@@ -1083,7 +1083,16 @@ def prepare(x_forwarded_host, x_forwarded_proto):
     if not TALER_UNIT_FILES_DIR.exists():
         TALER_UNIT_FILES_DIR.mkdir(parents=True, exist_ok=True)
 
-    # Exchange HTTPD unit file.
+    # Internal redirect of X-Forwarded-Host's port
+    # to the port Nginx binds to.  Allows clients
+    # connecting from within a container to still
+    # reach services at X-Forwarded-Host.
+    x_forwarded_port = x_forwarded_host.split(":")[1]
+    with open(TALER_UNIT_FILES_DIR / "taler-local-port-redirect.service", "w") 
as port_redirect_unit:
+        port_redirect_unit.write(unit_file_content(
+            description = "Port redirect allowing configuration at 
X-Forwarded-Host",
+            cmd = f"socat TCP4-LISTEN:{x_forwarded_port},fork 
TCP4:{REV_PROXY_NETLOC}",
+        ))
     with open(TALER_UNIT_FILES_DIR / "taler-local-exchange-httpd.service", 
"w") as exchange_unit:
         exchange_unit.write(unit_file_content(
             description = "Taler Exchange HTTP daemon",
@@ -1242,6 +1251,9 @@ def prepare(x_forwarded_host, x_forwarded_proto):
     ).run()
     print(" OK")
 
+    print_nn("Launching X-Forwarded-Host port redirect...")
+    subprocess.run(["systemctl", "--user", "start", 
"taler-local-port-redirect.service"], check=True)
+    print(" OK")
     print_nn("Launching the reverse proxy...")
     with open(CFG_OUTDIR / "nginx.conf", "w") as nginx_conf:
         nginx_conf.write((
@@ -1484,7 +1496,7 @@ def prepare(x_forwarded_host, x_forwarded_proto):
         response.raise_for_status()
     except Exception as error:
         fail(error)
-    FACADE_URL=response.json().get("facades")[0].get("baseUrl")
+    FACADE_URL = response.json().get("facades")[0].get("baseUrl")
     print_nn("Set suggested exchange at Sandbox...")
     Command([
         "libeufin-sandbox",
@@ -1655,6 +1667,7 @@ def prepare(x_forwarded_host, x_forwarded_proto):
 
 @cli.command()
 def launch():
+    subprocess.run(["systemctl", "--user", "start", 
"taler-local-port-redirect.service"], check=True)
     subprocess.run(["systemctl", "--user", "start", 
"taler-local-nginx.service"], check=True)
     subprocess.run(["systemctl", "--user", "start", 
"taler-local-exchange-secmod-rsa.service"], check=True)
     subprocess.run(["systemctl", "--user", "start", 
"taler-local-exchange-secmod-eddsa.service"], check=True)

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.