[taler-grid5k] 94/189: merchant behind nginx

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[taler-grid5k] 94/189: merchant behind nginx

From:	gnunet
Subject:	[taler-grid5k] 94/189: merchant behind nginx
Date:	Thu, 28 Apr 2022 10:47:44 +0200

This is an automated email from the git hooks/post-receive script.

marco-boss pushed a commit to branch master
in repository grid5k.

commit fd716fb55b9566e5509f806704eec63e321e9ee7
Author: Boss Marco <bossm8@bfh.ch>
AuthorDate: Fri Mar 18 22:15:30 2022 +0100

    merchant behind nginx
---
 configs/etc/monitor/prometheus.yaml                  |  2 +-
 configs/etc/nginx/sites-available/merchant           | 17 +++++++++++++++++
 .../nginx/{sites-enabled => sites-available}/proxy   |  5 +++++
 configs/etc/taler/conf.d/merchant.conf               |  4 ++--
 experiment/scripts/helpers.sh                        | 15 ++++++++++++++-
 experiment/scripts/merchant.sh                       | 16 ++++++++++------
 experiment/scripts/monitor.sh                        | 11 ++++++-----
 experiment/scripts/proxy.sh                          | 20 ++++++--------------
 experiment/scripts/setup.sh                          |  2 +-
 9 files changed, 62 insertions(+), 30 deletions(-)

diff --git a/configs/etc/monitor/prometheus.yaml 
b/configs/etc/monitor/prometheus.yaml
index 45dca88..7d0ab4e 100644
--- a/configs/etc/monitor/prometheus.yaml
+++ b/configs/etc/monitor/prometheus.yaml
@@ -14,7 +14,7 @@ scrape_configs:
   # DB Exporter
   - job_name: 'database'
     static_configs:
-    - targets: ['127.0.0.1:9187'] #, '<MERCHANT_HOST_HERE>:9187']
+    - targets: ['127.0.0.1:9187']
 
   # Exchange Proxy Exporter 
   - job_name: 'exchange-proxy'
diff --git a/configs/etc/nginx/sites-available/merchant 
b/configs/etc/nginx/sites-available/merchant
new file mode 100644
index 0000000..7813692
--- /dev/null
+++ b/configs/etc/nginx/sites-available/merchant
@@ -0,0 +1,17 @@
+server {
+  listen 80;
+  listen 443 ssl;
+
+  ssl_certificate /etc/ssl/merchant.cert.pem;
+  ssl_certificate_key /etc/ssl/merchant.key.pem;
+
+  servername 0.0.0.0;
+
+  location / {
+     proxy_pass http://unix:/var/lib/taler/merchant.sock;
+     proxy_redirect off;
+     proxy_set_header Host $host;
+     proxy_set_header X-Forwarded-Host $remote_addr;
+     proxy_set_header X-Forwarded-Proto $scheme;
+  }
+}
diff --git a/configs/etc/nginx/sites-enabled/proxy 
b/configs/etc/nginx/sites-available/proxy
similarity index 96%
rename from configs/etc/nginx/sites-enabled/proxy
rename to configs/etc/nginx/sites-available/proxy
index 7cc5f22..e2fcac0 100644
--- a/configs/etc/nginx/sites-enabled/proxy
+++ b/configs/etc/nginx/sites-available/proxy
@@ -51,6 +51,11 @@ server {
      proxy_redirect off;
 
   }
+}
+
+server {
+  listen 80;
+  server_name localhost;
 
   location /stub_status {
      stub_status;
diff --git a/configs/etc/taler/conf.d/merchant.conf 
b/configs/etc/taler/conf.d/merchant.conf
index 7691777..8fca35e 100644
--- a/configs/etc/taler/conf.d/merchant.conf
+++ b/configs/etc/taler/conf.d/merchant.conf
@@ -3,8 +3,8 @@
 [merchant]
 
 DATABASE = postgres
-SERVE = TCP
-PORT = 8080
+SERVE = UNIX
+UNIXPATH = /var/lib/taler/merchant.sock
 
 [taler]
 
diff --git a/experiment/scripts/helpers.sh b/experiment/scripts/helpers.sh
index 369395f..98a18e4 100755
--- a/experiment/scripts/helpers.sh
+++ b/experiment/scripts/helpers.sh
@@ -221,9 +221,22 @@ function get_exchange_hosts() {
 }
 
 function get_proxy_hosts() {
-  get_hosts "*.${PROXY_DOMAIN}" 1
+  get_hosts ".*.${PROXY_DOMAIN}" 1
 }
 
+# Create a TLS certificate for $1
+# $1: domain to create cert for
+# $2: file name x to save x.key.pem and x.cert.pem
+function create_cert() {
+  openssl req -new -x509 \
+              -newkey rsa:4096 \
+             -keyout ${2}.key.pem \
+             -out ${2}.cert.pem \
+             -sha256 -days 10 -nodes \
+             -subj "/C=CH/ST=Bern/L=Biel/O=TI/CN=${1}"
+}
+  
+
 # Display a help message and exit
 # $1: script name to display help for
 # $2: info message about the script to display
diff --git a/experiment/scripts/merchant.sh b/experiment/scripts/merchant.sh
index 58e9db6..ef2d019 100755
--- a/experiment/scripts/merchant.sh
+++ b/experiment/scripts/merchant.sh
@@ -65,32 +65,36 @@ EOF
 # $1: Instance name
 function create_instance() {
   curl -X POST \
-       -H "Authorization: Bearer ${TALER_MERCHANT_TOKEN}" \
+       -H "Authorization: Bearer secret-token:${TALER_MERCHANT_TOKEN}" \
        -H "Content-Type: application/json" \
        -d "{
              \"payto_uris\": [ \"payto://x-taler-bank/${BANK_DOMAIN}/${1}\" ],
             \"id\": \"${1}\",
             \"name\": \"${1}\",
             \"address\": {\"country\": \"CH\"},
-            \"auth\": {\"method\": \"token\", \"token\": 
\"${TALER_MERCHANT_TOKEN}\",
+            \"auth\": {\"method\": \"token\", \"token\": 
\"secret-token:${TALER_MERCHANT_TOKEN}\"},
             \"jurisdiction\": {\"country\": \"CH\"},
             \"default_max_wire_fee\": \"KUDOS:1\",
-            \"default_wire_fee_amortizazion\": \"10\",
+            \"default_wire_fee_amortization\": 10,
             \"default_max_deposit_fee\": \"KUDOS:1\",
             \"default_wire_transfer_delay\": {\"d_ms\": 1209600000},
-            \"default_pay_delay\": \{\"d_ms\": 1209600000},
+            \"default_pay_delay\": {\"d_ms\": 1209600000}
           }" \
         http://localhost:8080/management/instances
 }
 
 # Initialize the merchant
 function init_merchant() {
+  create_cert "${MERCHANT_DOMAIN}" "/etc/ssl/merchant"
   restart_rsyslog
   configure_merchant
   configure_db
   init_db
-  systemctl restart taler-merchant-httpd
-  # create_instance "default"
+  mkdir /var/lib/taler || true
+  ln -sf /etc/nginx/sites-available/merchant /etc/nginx/sites-enabled/merchant
+  systemctl restart taler-merchant-httpd \
+                    nginx
+  create_instance "default"
   create_instance ${NODE_NAME}
 }
 
diff --git a/experiment/scripts/monitor.sh b/experiment/scripts/monitor.sh
index 0c73e25..0c35580 100755
--- a/experiment/scripts/monitor.sh
+++ b/experiment/scripts/monitor.sh
@@ -28,11 +28,12 @@ function update_datasource() {
   jq --arg url "https://$(hostname | cut -d "." -f 1,2 
-).$2.proxy.grid5000.fr" \
      --arg name "$1" \
      '.[] | select(.name == $name) | .url = $url' \
-     ds.json | tee /dev/tty | curl -X PUT -k -f -d @- \
+     ds.json | \
+  curl -X PUT -k -f -d @- \
        -H "${AUTH_HEADER}" \
        -H "Content-Type: application/json" \
        -H "Accept: application/json" \
-        "${GRAFANA_API}/datasources/${ID}"
+  "${GRAFANA_API}/datasources/${ID}"
 }
 
 # Update the external grafana instance and tell it
@@ -96,7 +97,7 @@ function add_proxy_nodes_to_prometheus() {
   for HOST in $(get_proxy_hosts); do
     if ! grep -q "${HOST}.${PROXY_DOMAIN}:9100" /etc/monitor/prometheus.yaml;
     then
-      sed -i "/<PROXY_NODES_HERE/a \ \ \ \ \ \ - 
'${HOST}.${PROXY_DOMAIN}:9100'" \
+      sed -i "/<PROXY_NODES_HERE>/a \ \ \ \ \ \ - 
'${HOST}.${PROXY_DOMAIN}:9100'" \
               /etc/monitor/prometheus.yaml
     fi
   done
@@ -108,7 +109,7 @@ function add_shard_nodes_to_prometheus() {
   for SHARD in $(get_shard_hosts); do
     if ! grep -q "${SHARD}" /etc/monitor/prometheus.yaml;
     then
-      sed -i "/<SHARD_NODES_HERE/a \ \ \ \ \ \ - 
'${SHARD_DOMAIN//\*/${SHARD}}:9100'" \
+      sed -i "/<SHARD_NODES_HERE>/a \ \ \ \ \ \ - 
'${SHARD_DOMAIN//\*/${SHARD}}:9100'" \
               /etc/monitor/prometheus.yaml
     fi
   done
@@ -120,7 +121,7 @@ function add_exchange_nodes_to_prometheus() {
   for EXCH in $(get_exchange_hosts); do
     if ! grep -q "${EXCH}" /etc/monitor/prometheus.yaml;
     then
-      sed -i "/<EXCHANGE_NODES_HERE/a \ \ \ \ \ \ - 
'${EXCHANGE_DOMAIN//\*/${EXCH}}:9100'" \
+      sed -i "/<EXCHANGE_NODES_HERE>/a \ \ \ \ \ \ - 
'${EXCHANGE_DOMAIN//\*/${EXCH}}:9100'" \
               /etc/monitor/prometheus.yaml
     fi
   done
diff --git a/experiment/scripts/proxy.sh b/experiment/scripts/proxy.sh
index e159278..6f6954f 100755
--- a/experiment/scripts/proxy.sh
+++ b/experiment/scripts/proxy.sh
@@ -29,25 +29,16 @@ function add_exchanges() {
   for PORT in $(seq $START $END); do
     for HOST in ${EXCHANGES}; do
       sed -i -e "/<SERVERS_HERE>/a \ \ server 
${EXCHANGE_DOMAIN//\*/${HOST}}:${PORT};" \
-              /etc/nginx/sites-enabled/proxy
+              /etc/nginx/sites-available/proxy
     done
   done
 }
 
-function create_cert() {
-  openssl req -new -x509 \
-              -newkey rsa:4096 \
-             -keyout /etc/ssl/proxy.key.pem \
-             -out /etc/ssl/proxy.cert.pem \
-             -sha256 -days 10 -nodes \
-             -subj "/C=CH/ST=Bern/L=Biel/O=TI/CN=${PROXY_DOMAIN}"
-}
-  
 # Setup the node and proxy configuration
 function setup_config() {
 
   sed -i -e "s/<PROXY_DOMAIN_HERE>/${PROXY_DOMAIN}/g" \
-         /etc/nginx/sites-enabled/proxy
+         /etc/nginx/sites-available/proxy
 
   
   add_exchanges "0" ${NUM_EXCHANGE_PROCESSES}
@@ -79,14 +70,15 @@ function setup_config() {
 
 # Initialize and start the proxy
 function init_proxy() {
-  create_cert
+  create_cert "${PROXY_DOMAIN}" "/etc/ssl/proxy"
   setup_config
 
   # Setup the directory where Ngxinx will place its cache
-  # configured in <g5k>/configs/etc/nginx/sites-enabledd/proxy
+  # configured in <g5k>/configs/etc/nginx/sites-availabled/proxy
   mkdir -p /var/cache/proxy
 
   restart_rsyslog
+  ln -sf /etc/nginx/sites-available/proxy /etc/nginx/sites-enabled/proxy
   
   # Nginx does not start until the destination server is reachable - wait here
   # nginx: [emerg] host not found in upstream "exch.perf.taler" ...
@@ -111,7 +103,7 @@ function remove_exchanges() {
   for PORT in $(seq $START $END); do
     for HOST in ${EXCHANGES}; do
       sed -i "/${EXCHANGE_DOMAIN//\*/${HOST}}:${PORT};/d" \
-            /etc/nginx/sites-enabled/proxy
+            /etc/nginx/sites-available/proxy
     done
   done
 }
diff --git a/experiment/scripts/setup.sh b/experiment/scripts/setup.sh
index 290966b..9e47eb1 100644
--- a/experiment/scripts/setup.sh
+++ b/experiment/scripts/setup.sh
@@ -51,7 +51,7 @@ function parse_experiment_nodes() {
   done
 
   # Export NODE_NAME, which can be used to set log directories for example
-  jq -M -r '.[] | .node, .host' ~/nodes.json | \
+  jq -r '.[] | .node, .host' ~/nodes.json | \
   while read -r NODE; read -r HOST; do 
     if [[ "${HOSTNAME}" == "${HOST}" ]]; then
       echo "NODE_NAME=\"${NODE,,}\"" >> ~/.env

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.

[Prev in Thread]

Current Thread

[Next in Thread]

[taler-grid5k] 103/189: add upstream response time, (continued)
- [taler-grid5k] 103/189: add upstream response time, gnunet, 2022/04/28
- [taler-grid5k] 76/189: add status label for hopefully better speed, gnunet, 2022/04/28
- [taler-grid5k] 63/189: make cipher and key size configurable, gnunet, 2022/04/28
- [taler-grid5k] 89/189: fix, gnunet, 2022/04/28
- [taler-grid5k] 110/189: install linux-perf, gnunet, 2022/04/28
- [taler-grid5k] 82/189: include secondary exchanges in prometheus, gnunet, 2022/04/28
- [taler-grid5k] 115/189: fix sharding setup, finish explain script summary, gnunet, 2022/04/28
- [taler-grid5k] 107/189: fix most time consuming, gnunet, 2022/04/28
- [taler-grid5k] 73/189: better endpoint pipeline definition, gnunet, 2022/04/28
- [taler-grid5k] 68/189: add possibility to run multiple exchange-httpd hosts - services must be run as root, since the nfs does allow to change permissions, gnunet, 2022/04/28
- [taler-grid5k] 94/189: merchant behind nginx, gnunet <=
- [taler-grid5k] 85/189: fixes, gnunet, 2022/04/28
- [taler-grid5k] 146/189: update recovery, gnunet, 2022/04/28
- [taler-grid5k] 179/189: fix tar path of centos, gnunet, 2022/04/28
- [taler-grid5k] 181/189: centos database working, gnunet, 2022/04/28
- [taler-grid5k] 140/189: move loki data to nfs directly as lost in copy, gnunet, 2022/04/28
- [taler-grid5k] 126/189: try further with promtail metrics, gnunet, 2022/04/28
- [taler-grid5k] 27/189: include shards in monitoring, gnunet, 2022/04/28
- [taler-grid5k] 24/189: fix missing with tar, gnunet, 2022/04/28
- [taler-grid5k] 42/189: hopefully better logging of slow queries with pg_stat_statements, gnunet, 2022/04/28
- [taler-grid5k] 39/189: test do not partition wire_targets, gnunet, 2022/04/28

Prev by Date: [taler-grid5k] 68/189: add possibility to run multiple exchange-httpd hosts - services must be run as root, since the nfs does allow to change permissions
Next by Date: [taler-grid5k] 85/189: fixes
Previous by thread: [taler-grid5k] 68/189: add possibility to run multiple exchange-httpd hosts - services must be run as root, since the nfs does allow to change permissions
Next by thread: [taler-grid5k] 85/189: fixes
Index(es):
- Date
- Thread