[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-deployment] 01/25: New dev branch - new folder(works)
From: |
gnunet |
Subject: |
[taler-deployment] 01/25: New dev branch - new folder(works) |
Date: |
Thu, 06 Apr 2023 14:11:25 +0200 |
This is an automated email from the git hooks/post-receive script.
dold pushed a commit to branch master
in repository deployment.
commit 318e1052b1a2cebcdd2d6596c55e81953d8c2ba3
Author: Javier Sepulveda <javier.sepulveda@uv.es>
AuthorDate: Tue Mar 28 11:33:26 2023 +0200
New dev branch - new folder(works)
---
.../backend.taler-nginx.conf | 12 +++++
.../bank.taler-nginx.conf | 23 ++++++++
.../new_nginx_listen_80_certbot/config_nginx.sh | 26 +++++++++
.../exchange.taler-nginx.conf | 12 +++++
.../old_nginx_listen_443_certbot/backend.conf | 24 +++++++++
.../old_nginx_listen_443_certbot/bank.conf | 33 ++++++++++++
.../old_nginx_listen_443_certbot/config_nginx.sh | 26 +++++++++
.../config_nginx.sh.old | 62 ++++++++++++++++++++++
.../old_nginx_listen_443_certbot/exchange.conf | 24 +++++++++
9 files changed, 242 insertions(+)
diff --git
a/netzbon/nginx_configurations/new_nginx_listen_80_certbot/backend.taler-nginx.conf
b/netzbon/nginx_configurations/new_nginx_listen_80_certbot/backend.taler-nginx.conf
new file mode 100644
index 0000000..6cf9961
--- /dev/null
+++
b/netzbon/nginx_configurations/new_nginx_listen_80_certbot/backend.taler-nginx.conf
@@ -0,0 +1,12 @@
+server {
+
+ listen 80;
+ listen [::]:80;
+
+ server_name backend.${DOMAIN_NAME};
+
+ location / {
+ proxy_pass http://unix:/var/run/taler/merchant-httpd/merchant-http.sock;
+ }
+
+}
diff --git
a/netzbon/nginx_configurations/new_nginx_listen_80_certbot/bank.taler-nginx.conf
b/netzbon/nginx_configurations/new_nginx_listen_80_certbot/bank.taler-nginx.conf
new file mode 100644
index 0000000..a9f8059
--- /dev/null
+++
b/netzbon/nginx_configurations/new_nginx_listen_80_certbot/bank.taler-nginx.conf
@@ -0,0 +1,23 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name bank.${DOMAIN_NAME};
+
+ access_log /var/log/nginx/libeufin-sandbox.log;
+ error_log /var/log/nginx/libeufin-sandbox.err;
+
+ location /demobanks/default {
+ proxy_pass http://localhost:5016;
+ }
+
+ location / {
+ index index.html;
+ alias /usr/share/libeufin/demobank-ui/;
+ }
+
+ location = /demobank-ui-settings.js {
+ alias /etc/libeufin/demobank-ui-settings.js;
+ }
+
+}
diff --git
a/netzbon/nginx_configurations/new_nginx_listen_80_certbot/config_nginx.sh
b/netzbon/nginx_configurations/new_nginx_listen_80_certbot/config_nginx.sh
new file mode 100755
index 0000000..7821622
--- /dev/null
+++ b/netzbon/nginx_configurations/new_nginx_listen_80_certbot/config_nginx.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+source functions.sh
+source config/user.conf
+export DOMAIN_NAME=${DOMAIN_NAME}
+
+envsubst <backend-taler-nginx.conf >
/etc/nginx/sites-available/backend.${DOMAIN_NAME}
+envsubst <bank.taler-nginx.conf >
/etc/nginx/sites-available/bank.${DOMAIN_NAME}
+envsubst <exchange.taler-nginx.conf >
/etc/nginx/sites-available/exchange.${DOMAIN_NAME}
+
+if test ${ENABLE_TLS} == "y"
+then
+ say "Obtaining TLS certificates"
+
+ certbot -d ${DOMAIN_NAME} \
+ -d backend.${DOMAIN_NAME} \
+ -d bank.${DOMAIN_NAME} \
+ -d exchange.${DOMAIN_NAME}
+fi
+
+ln -s /etc/nginx/sites-available/backend.${DOMAIN_NAME}
/etc/nginx/sites-enabled/backend.${DOMAIN_NAME}
+ln -s /etc/nginx/sites-available/bank.${DOMAIN_NAME}
/etc/nginx/sites-enabled/bank.${DOMAIN_NAME}
+ln -s /etc/nginx/sites-available/exchange.${DOMAIN_NAME}
/etc/nginx/sites-enabled/exchange.${DOMAIN_NAME}
+
+say "Restarting Nginx with new configuration"
+systemctl reload nginx
diff --git
a/netzbon/nginx_configurations/new_nginx_listen_80_certbot/exchange.taler-nginx.conf
b/netzbon/nginx_configurations/new_nginx_listen_80_certbot/exchange.taler-nginx.conf
new file mode 100644
index 0000000..0f470a1
--- /dev/null
+++
b/netzbon/nginx_configurations/new_nginx_listen_80_certbot/exchange.taler-nginx.conf
@@ -0,0 +1,12 @@
+server {
+
+ listen 80;
+ listen [::]:80;
+
+ server_name exchange.${DOMAIN_NAME};
+
+ location / {
+ proxy_pass http://unix:/var/run/taler/exchange-httpd/exchange-http.sock;
+ }
+
+}
diff --git
a/netzbon/nginx_configurations/old_nginx_listen_443_certbot/backend.conf
b/netzbon/nginx_configurations/old_nginx_listen_443_certbot/backend.conf
new file mode 100644
index 0000000..e95f387
--- /dev/null
+++ b/netzbon/nginx_configurations/old_nginx_listen_443_certbot/backend.conf
@@ -0,0 +1,24 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name backend.${DOMAIN_NAME};
+ rewrite ^(.*) https://$server_name$1 permanent;
+}
+
+server {
+ listen 443 ssl;
+ listen [::]:443 ssl;
+
+ server_name backend.${DOMAIN_NAME};
+
+ ssl_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/cert.pem;
+ ssl_certificate_key /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem;
+
+ access_log /var/log/nginx/merchant.log;
+ error_log /var/log/nginx/merchant.err;
+
+ location /taler-merchant/ {
+ proxy_pass http://unix:/var/run/taler/merchant-httpd/merchant-http.sock;
+ }
+}
diff --git
a/netzbon/nginx_configurations/old_nginx_listen_443_certbot/bank.conf
b/netzbon/nginx_configurations/old_nginx_listen_443_certbot/bank.conf
new file mode 100644
index 0000000..c9e44d1
--- /dev/null
+++ b/netzbon/nginx_configurations/old_nginx_listen_443_certbot/bank.conf
@@ -0,0 +1,33 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name bank.${DOMAIN_NAME};
+ rewrite ^(.*) https://$server_name$1 permanent;
+}
+
+server {
+ listen 443 ssl;
+ listen [::]:443 ssl;
+
+ server_name bank.${DOMAIN_NAME};
+
+ ssl_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/cert.pem;
+ ssl_certificate_key /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem;
+
+ access_log /var/log/nginx/libeufin-sandbox.log;
+ error_log /var/log/nginx/libeufin-sandbox.err;
+
+ location /demobanks/default {
+ proxy_pass http://localhost:5016;
+ }
+
+ location / {
+ index index.html;
+ alias /usr/share/libeufin/demobank-ui/;
+ }
+
+ location = /demobank-ui-settings.js {
+ alias /etc/libeufin/demobank-ui-settings.js;
+ }
+}
diff --git
a/netzbon/nginx_configurations/old_nginx_listen_443_certbot/config_nginx.sh
b/netzbon/nginx_configurations/old_nginx_listen_443_certbot/config_nginx.sh
new file mode 100755
index 0000000..0180d5a
--- /dev/null
+++ b/netzbon/nginx_configurations/old_nginx_listen_443_certbot/config_nginx.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+source functions.sh
+source config/user.conf
+export DOMAIN_NAME=${DOMAIN_NAME}
+
+envsubst <backend.conf > /etc/nginx/sites-available/backend.${DOMAIN_NAME}
+envsubst <bank.conf > /etc/nginx/sites-available/bank.${DOMAIN_NAME}
+envsubst <exchange.conf > /etc/nginx/sites-available/exchange.${DOMAIN_NAME}
+
+if test ${ENABLE_TLS} == "y"
+then
+ say "Obtaining TLS certificates"
+
+ certbot -d ${DOMAIN_NAME} \
+ -d backend.${DOMAIN_NAME} \
+ -d bank.${DOMAIN_NAME} \
+ -d exchange.${DOMAIN_NAME}
+fi
+
+ln -s /etc/nginx/sites-available/backend.${DOMAIN_NAME}
/etc/nginx/sites-enabled/backend.${DOMAIN_NAME}
+ln -s /etc/nginx/sites-available/bank.${DOMAIN_NAME}
/etc/nginx/sites-enabled/bank.${DOMAIN_NAME}
+ln -s /etc/nginx/sites-available/exchange.${DOMAIN_NAME}
/etc/nginx/sites-enabled/exchange.${DOMAIN_NAME}
+
+say "Restarting Nginx with new configuration"
+systemctl reload nginx
diff --git
a/netzbon/nginx_configurations/old_nginx_listen_443_certbot/config_nginx.sh.old
b/netzbon/nginx_configurations/old_nginx_listen_443_certbot/config_nginx.sh.old
new file mode 100755
index 0000000..2940e55
--- /dev/null
+++
b/netzbon/nginx_configurations/old_nginx_listen_443_certbot/config_nginx.sh.old
@@ -0,0 +1,62 @@
+#!/bin/bash
+# This file is in the public domain.
+
+set -eu
+
+# Inputs: DOMAIN_NAME & ENABLE_TLS
+
+source functions.sh
+source config/user.conf
+source config/internal.conf
+
+if test -z ${DOMAIN_NAME:-}
+then
+ say "Error: config/user.conf does not specify DOMAIN_NAME"
+ exit 1
+fi
+if test -z ${ENABLE_TLS:-}
+then
+ say "Error: config/user.conf does not specify ENABLE_TLS"
+ exit 1
+fi
+
+say "Configuring Nginx"
+
+SITES_AVAILABLE_DIR=/etc/nginx/sites-available
+SITES_ENABLED_DIR=/etc/nginx/sites-enabled
+
+cat ${SITES_AVAILABLE_DIR}/taler-exchange \
+ | sed -e "s/localhost/exchange.${DOMAIN_NAME}/g" \
+ | sed -e "s/location \/taler-exchange\//location \//g" \
+ | sed -e "s/# proxy_set_header/proxy_set_header/g" \
+ > ${SITES_AVAILABLE_DIR}/taler-exchange.${DOMAIN_NAME}
+rm -f ${SITES_ENABLED_DIR}/exchange.${DOMAIN_NAME}
+ln -s ${SITES_AVAILABLE_DIR}/taler-exchange.${DOMAIN_NAME}
${SITES_ENABLED_DIR}/exchange.${DOMAIN_NAME}
+
+cat ${SITES_AVAILABLE_DIR}/taler-merchant \
+ | sed -e "s/localhost/backend.${DOMAIN_NAME}/g" \
+ | sed -e "s/location \/taler-merchant\//location \//g" \
+ | sed -e "s/# proxy_set_header/proxy_set_header/g" \
+ > ${SITES_AVAILABLE_DIR}/taler-merchant.${DOMAIN_NAME}
+rm -f ${SITES_ENABLED_DIR}/backend.${DOMAIN_NAME}
+ln -s ${SITES_AVAILABLE_DIR}/taler-merchant.${DOMAIN_NAME}
${SITES_ENABLED_DIR}/backend.${DOMAIN_NAME}
+
+cat ${SITES_AVAILABLE_DIR}/libeufin-sandbox \
+ | sed -e "s/localhost/bank.${DOMAIN_NAME}/g" \
+ | sed -e "s/\$scheme/https/g" \
+ > ${SITES_AVAILABLE_DIR}/libeufin-sandbox.${DOMAIN_NAME}
+rm -f ${SITES_ENABLED_DIR}/bank.${DOMAIN_NAME}
+ln -s ${SITES_AVAILABLE_DIR}/libeufin-sandbox.${DOMAIN_NAME}
${SITES_ENABLED_DIR}/bank.${DOMAIN_NAME}
+
+say "Restarting Nginx with new configuration"
+systemctl restart nginx
+
+if test ${ENABLE_TLS} == "y"
+then
+ say "Obtaining TLS certificates"
+
+ certbot --nginx \
+ -d backend.${DOMAIN_NAME} \
+ -d bank.${DOMAIN_NAME} \
+ -d exchange.${DOMAIN_NAME}
+fi
diff --git
a/netzbon/nginx_configurations/old_nginx_listen_443_certbot/exchange.conf
b/netzbon/nginx_configurations/old_nginx_listen_443_certbot/exchange.conf
new file mode 100644
index 0000000..55a1aa0
--- /dev/null
+++ b/netzbon/nginx_configurations/old_nginx_listen_443_certbot/exchange.conf
@@ -0,0 +1,24 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name exchange.${DOMAIN_NAME};
+ rewrite ^(.*) https://$server_name$1 permanent;
+}
+
+server {
+ listen 443 ssl;
+ listen [::]:443 ssl;
+
+ server_name exchange.${DOMAIN_NAME};
+
+ ssl_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/cert.pem;
+ ssl_certificate_key /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem;
+
+ access_log /var/log/nginx/exchange.log;
+ error_log /var/log/nginx/exchange.err;
+
+ location /taler-exchange/ {
+ proxy_pass http://unix:/var/run/taler/exchange-httpd/exchange-http.sock;
+ }
+}
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [taler-deployment] branch master updated (5d3e29d -> 3f92445), gnunet, 2023/04/06
- [taler-deployment] 01/25: New dev branch - new folder(works),
gnunet <=
- [taler-deployment] 11/25: Add x-forwarded-host to backend nginx virtualhost, gnunet, 2023/04/06
- [taler-deployment] 03/25: Place sed replacement --only within TLS, gnunet, 2023/04/06
- [taler-deployment] 02/25: Fix mixed content error, gnunet, 2023/04/06
- [taler-deployment] 08/25: Avoid file exist errors, gnunet, 2023/04/06
- [taler-deployment] 10/25: Respect nginx default site its a must, gnunet, 2023/04/06
- [taler-deployment] 07/25: Bash typo - Remove nginx sites-enabled default, gnunet, 2023/04/06
- [taler-deployment] 06/25: Fix: Increase TTL sandbox and Nexus + Remove certbot base domain, gnunet, 2023/04/06
- [taler-deployment] 05/25: Fixes error proxy_pass - withdraw http request, gnunet, 2023/04/06
- [taler-deployment] 25/25: Merge branch 'dev/javier-sepulveda/netzbon-tls' of ssh://git.taler.net/deployment into dev/javier-sepulveda/netzbon-tls, gnunet, 2023/04/06
- [taler-deployment] 24/25: Shellcheck - Some double quotes added, gnunet, 2023/04/06