[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-deployment] branch master updated (5d3e29d -> 3f92445)
|
From: |
gnunet |
|
Subject: |
[taler-deployment] branch master updated (5d3e29d -> 3f92445) |
|
Date: |
Thu, 06 Apr 2023 14:11:24 +0200 |
This is an automated email from the git hooks/post-receive script.
dold pushed a change to branch master
in repository deployment.
from 5d3e29d nlnet task 1, update euFin and UI
new d46b1a3 New dev branch - new folder(works)
new fd23dfe Fix mixed content error
new 8b6f5da Place sed replacement --only within TLS
new b9ed43c Old configurations removed - config_ngix.sh replaced
new 3e1819b Fixes error proxy_pass - withdraw http request
new 5bb2281 Fix: Increase TTL sandbox and Nexus + Remove certbot base
domain
new 17bfaf6 Bash typo - Remove nginx sites-enabled default
new a957cba Avoid file exist errors
new b385980 Oh my
new 391544b Respect nginx default site its a must
new 9c2161c Add x-forwarded-host to backend nginx virtualhost
new 23b3f74 Shellcheck - Some double quotes added
new 318e105 New dev branch - new folder(works)
new db58d6d Fix mixed content error
new bd807de Place sed replacement --only within TLS
new 60432ac Old configurations removed - config_ngix.sh replaced
new eb24780 Fixes error proxy_pass - withdraw http request
new 063cdde Fix: Increase TTL sandbox and Nexus + Remove certbot base
domain
new fc59f0b Bash typo - Remove nginx sites-enabled default
new 00d4f63 Avoid file exist errors
new 1c00c69 Oh my
new 6abef18 Respect nginx default site its a must
new 003224e Add x-forwarded-host to backend nginx virtualhost
new a0a5a44 Shellcheck - Some double quotes added
new 3f92445 Merge branch 'dev/javier-sepulveda/netzbon-tls' of
ssh://git.taler.net/deployment into dev/javier-sepulveda/netzbon-tls
The 25 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
netzbon/config_launch_libeufin.sh | 8 ++--
netzbon/config_nginx.sh | 70 +++++++++++-----------------
netzbon/functions.sh | 2 +-
netzbon/nginx-conf/backend.taler-nginx.conf | 15 ++++++
netzbon/nginx-conf/bank.taler-nginx.conf | 27 +++++++++++
netzbon/nginx-conf/exchange.taler-nginx.conf | 12 +++++
netzbon/transfer.sh | 2 +-
7 files changed, 88 insertions(+), 48 deletions(-)
create mode 100644 netzbon/nginx-conf/backend.taler-nginx.conf
create mode 100644 netzbon/nginx-conf/bank.taler-nginx.conf
create mode 100644 netzbon/nginx-conf/exchange.taler-nginx.conf
diff --git a/netzbon/config_launch_libeufin.sh
b/netzbon/config_launch_libeufin.sh
index e12e531..2cb6e61 100755
--- a/netzbon/config_launch_libeufin.sh
+++ b/netzbon/config_launch_libeufin.sh
@@ -120,9 +120,9 @@ systemctl enable --now libeufin-sandbox
say "DONE"
say "Waiting for sandbox..."
-curl --max-time 2 \
+curl --max-time 25 \
--retry-connrefused \
- --retry-delay 1 \
+ --retry-delay 3 \
--retry 10 \
${SANDBOX_URL} &> /dev/null
say "DONE"
@@ -139,9 +139,9 @@ systemctl enable --now libeufin-nexus
say "DONE"
say "Waiting for Nexus..."
-curl --max-time 2 \
+curl --max-time 25 \
--retry-connrefused \
- --retry-delay 1 \
+ --retry-delay 3 \
--retry 10 \
${LIBEUFIN_NEXUS_URL} &> /dev/null
say "DONE"
diff --git a/netzbon/config_nginx.sh b/netzbon/config_nginx.sh
index 1d355fd..b5d824b 100755
--- a/netzbon/config_nginx.sh
+++ b/netzbon/config_nginx.sh
@@ -1,59 +1,45 @@
#!/bin/bash
-# This file is in the public domain.
-
-set -eu
-
-# Inputs: DOMAIN_NAME & ENABLE_TLS
source functions.sh
source config/user.conf
-source config/internal.conf
+export DOMAIN_NAME=${DOMAIN_NAME}
-if test -z ${DOMAIN_NAME:-}
-then
- say "Error: config/user.conf does not specify DOMAIN_NAME"
- exit 1
+envsubst <nginx-conf/backend.taler-nginx.conf >
/etc/nginx/sites-available/backend.${DOMAIN_NAME}
+envsubst <nginx-conf/bank.taler-nginx.conf >
/etc/nginx/sites-available/bank.${DOMAIN_NAME}
+envsubst <nginx-conf/exchange.taler-nginx.conf >
/etc/nginx/sites-available/exchange.${DOMAIN_NAME}
+
+# Create nginx symlinks, just once
+
+if [ ! -f /etc/nginx/sites-enabled/backend."${DOMAIN_NAME}" ];then
+ln -s /etc/nginx/sites-available/backend."${DOMAIN_NAME}"
/etc/nginx/sites-enabled/backend."${DOMAIN_NAME}"
fi
-if test -z ${ENABLE_TLS:-}
-then
- say "Error: config/user.conf does not specify ENABLE_TLS"
- exit 1
+
+if [ ! -f /etc/nginx/sites-enabled/bank."${DOMAIN_NAME}" ];then
+ln -s /etc/nginx/sites-available/bank."${DOMAIN_NAME}"
/etc/nginx/sites-enabled/bank."${DOMAIN_NAME}"
fi
-say "Configuring Nginx"
+if [ ! -f /etc/nginx/sites-enabled/exchange."${DOMAIN_NAME}" ];then
+ln -s /etc/nginx/sites-available/exchange."${DOMAIN_NAME}"
/etc/nginx/sites-enabled/exchange."${DOMAIN_NAME}"
+fi
-SITES_AVAILABLE_DIR=/etc/nginx/sites-available
-SITES_ENABLED_DIR=/etc/nginx/sites-enabled
-cat ${SITES_AVAILABLE_DIR}/taler-exchange \
- | sed -e "s/localhost/exchange.${DOMAIN_NAME}/g" \
- | sed -e "s/location \/taler-exchange\//location \//g" \
- > ${SITES_AVAILABLE_DIR}/taler-exchange.${DOMAIN_NAME}
-rm -f ${SITES_ENABLED_DIR}/exchange.${DOMAIN_NAME}
-ln -s ${SITES_AVAILABLE_DIR}/taler-exchange.${DOMAIN_NAME}
${SITES_ENABLED_DIR}/exchange.${DOMAIN_NAME}
-cat ${SITES_AVAILABLE_DIR}/taler-merchant \
- | sed -e "s/localhost/backend.${DOMAIN_NAME}/g" \
- | sed -e "s/location \/taler-merchant\//location \//g" \
- > ${SITES_AVAILABLE_DIR}/taler-merchant.${DOMAIN_NAME}
-rm -f ${SITES_ENABLED_DIR}/backend.${DOMAIN_NAME}
-ln -s ${SITES_AVAILABLE_DIR}/taler-merchant.${DOMAIN_NAME}
${SITES_ENABLED_DIR}/backend.${DOMAIN_NAME}
+if test "${ENABLE_TLS}" == "y"
+then
-cat ${SITES_AVAILABLE_DIR}/libeufin-sandbox \
- | sed -e "s/localhost/bank.${DOMAIN_NAME}/g" \
- > ${SITES_AVAILABLE_DIR}/libeufin-sandbox.${DOMAIN_NAME}
-rm -f ${SITES_ENABLED_DIR}/bank.${DOMAIN_NAME}
-ln -s ${SITES_AVAILABLE_DIR}/libeufin-sandbox.${DOMAIN_NAME}
${SITES_ENABLED_DIR}/bank.${DOMAIN_NAME}
+# patch to: Replace http to https, to avoid error of mixed content
-say "Restarting Nginx with new configuration"
-systemctl restart nginx
+sed -i "s/http:\/\/bank./https:\/\/bank./g"
/etc/libeufin/demobank-ui-settings.js
+
+# Certbot
-if test ${ENABLE_TLS} == "y"
-then
say "Obtaining TLS certificates"
- certbot --nginx \
- -d backend.${DOMAIN_NAME} \
- -d bank.${DOMAIN_NAME} \
- -d exchange.${DOMAIN_NAME}
+ certbot -d backend."${DOMAIN_NAME}" \
+ -d bank."${DOMAIN_NAME}" \
+ -d exchange."${DOMAIN_NAME}"
fi
+
+
+say "Restarting Nginx with new configuration"
+systemctl reload nginx
diff --git a/netzbon/functions.sh b/netzbon/functions.sh
index b4c265d..29d9770 100755
--- a/netzbon/functions.sh
+++ b/netzbon/functions.sh
@@ -13,7 +13,7 @@ function say()
function check_user()
{
- if [ $(whoami) != "root" ]; then
+ if [ "$(whoami)" != "root" ]; then
say "Please run this script as root"
exit 1
fi
diff --git a/netzbon/nginx-conf/backend.taler-nginx.conf
b/netzbon/nginx-conf/backend.taler-nginx.conf
new file mode 100644
index 0000000..07dceed
--- /dev/null
+++ b/netzbon/nginx-conf/backend.taler-nginx.conf
@@ -0,0 +1,15 @@
+server {
+
+ listen 80;
+ listen [::]:80;
+
+ server_name backend."${DOMAIN_NAME}";
+
+ location / {
+ proxy_pass http://unix:/var/run/taler/merchant-httpd/merchant-http.sock;
+ proxy_set_header X-Forwarded-Proto "https";
+ proxy_set_header X-Forwarded-Host "backend.netzbon.valenciatech.cloud";
+ proxy_set_header X-Forwarded-Prefix /;
+ }
+
+}
diff --git a/netzbon/nginx-conf/bank.taler-nginx.conf
b/netzbon/nginx-conf/bank.taler-nginx.conf
new file mode 100644
index 0000000..6216efe
--- /dev/null
+++ b/netzbon/nginx-conf/bank.taler-nginx.conf
@@ -0,0 +1,27 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name bank."${DOMAIN_NAME}";
+
+ access_log /var/log/nginx/libeufin-sandbox.log;
+ error_log /var/log/nginx/libeufin-sandbox.err;
+
+ location /demobanks/default {
+ proxy_pass http://localhost:5016;
+ #Fixes withdrawal http request
+ proxy_set_header X-Forwarded-Proto "https";
+ proxy_set_header X-Forwarded-Host "bank.${DOMAIN_NAME}";
+ proxy_set_header X-Forwarded-Prefix /;
+ }
+
+ location / {
+ index index.html;
+ alias /usr/share/libeufin/demobank-ui/;
+ }
+
+ location = /demobank-ui-settings.js {
+ alias /etc/libeufin/demobank-ui-settings.js;
+ }
+
+}
diff --git a/netzbon/nginx-conf/exchange.taler-nginx.conf
b/netzbon/nginx-conf/exchange.taler-nginx.conf
new file mode 100644
index 0000000..1d36046
--- /dev/null
+++ b/netzbon/nginx-conf/exchange.taler-nginx.conf
@@ -0,0 +1,12 @@
+server {
+
+ listen 80;
+ listen [::]:80;
+
+ server_name exchange."${DOMAIN_NAME}";
+
+ location / {
+ proxy_pass http://unix:/var/run/taler/exchange-httpd/exchange-http.sock;
+ }
+
+}
diff --git a/netzbon/transfer.sh b/netzbon/transfer.sh
index 90b8ec2..35ef224 100755
--- a/netzbon/transfer.sh
+++ b/netzbon/transfer.sh
@@ -5,7 +5,7 @@ set -eu
source functions.sh
-if test -z ${3:-}
+if test -z "${3:-}"
then
say "This tool allows you to send funds from the 'admin' account"
say "to a normal user's bank account within the system for testing."
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [taler-deployment] branch master updated (5d3e29d -> 3f92445),
gnunet <=
- [taler-deployment] 01/25: New dev branch - new folder(works), gnunet, 2023/04/06
- [taler-deployment] 11/25: Add x-forwarded-host to backend nginx virtualhost, gnunet, 2023/04/06
- [taler-deployment] 03/25: Place sed replacement --only within TLS, gnunet, 2023/04/06
- [taler-deployment] 02/25: Fix mixed content error, gnunet, 2023/04/06
- [taler-deployment] 08/25: Avoid file exist errors, gnunet, 2023/04/06
- [taler-deployment] 10/25: Respect nginx default site its a must, gnunet, 2023/04/06
- [taler-deployment] 07/25: Bash typo - Remove nginx sites-enabled default, gnunet, 2023/04/06
- [taler-deployment] 06/25: Fix: Increase TTL sandbox and Nexus + Remove certbot base domain, gnunet, 2023/04/06
- [taler-deployment] 05/25: Fixes error proxy_pass - withdraw http request, gnunet, 2023/04/06
- [taler-deployment] 25/25: Merge branch 'dev/javier-sepulveda/netzbon-tls' of ssh://git.taler.net/deployment into dev/javier-sepulveda/netzbon-tls, gnunet, 2023/04/06