aboutsummaryrefslogtreecommitdiff
path: root/debian/etc-taler-auditor
diff options
context:
space:
mode:
authorFlorian Dold <florian@dold.me>2021-07-30 13:22:45 +0200
committerFlorian Dold <florian@dold.me>2021-07-30 13:22:54 +0200
commit05bc00b5f226e6e6695ef00609a02549284c8f55 (patch)
tree7ca6ca6faeefc25e5eb932f96b15b806ba4ca742 /debian/etc-taler-auditor
parentbd603ca7c14315d333e2dac0509f6b1226fb946e (diff)
debian: better config split by package
Diffstat (limited to 'debian/etc-taler-auditor')
-rw-r--r--debian/etc-taler-auditor/apache2/sites-available/taler-auditor.conf4
-rw-r--r--debian/etc-taler-auditor/nginx/sites-available/taler-auditor7
-rw-r--r--debian/etc-taler-auditor/taler/conf.d/auditor-system.conf12
-rw-r--r--debian/etc-taler-auditor/taler/secrets/auditor-db.secret.conf10
4 files changed, 33 insertions, 0 deletions
diff --git a/debian/etc-taler-auditor/apache2/sites-available/taler-auditor.conf b/debian/etc-taler-auditor/apache2/sites-available/taler-auditor.conf
new file mode 100644
index 000000000..f68c59558
--- /dev/null
+++ b/debian/etc-taler-auditor/apache2/sites-available/taler-auditor.conf
@@ -0,0 +1,4 @@
+<Location "/taler-auditor/">
+ProxyPass "unix:/var/lib/taler-auditor/auditor.sock|http://example.com/"
+RequestHeader add "X-Forwarded-Proto" "https"
+</Location>
diff --git a/debian/etc-taler-auditor/nginx/sites-available/taler-auditor b/debian/etc-taler-auditor/nginx/sites-available/taler-auditor
new file mode 100644
index 000000000..3fdffdad3
--- /dev/null
+++ b/debian/etc-taler-auditor/nginx/sites-available/taler-auditor
@@ -0,0 +1,7 @@
+location /taler-auditor/ {
+ proxy_pass http://unix:/var/lib/taler-auditor/auditor.sock;
+ proxy_redirect off;
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-Host "example.com";
+ proxy_set_header X-Forwarded-Proto "https";
+} \ No newline at end of file
diff --git a/debian/etc-taler-auditor/taler/conf.d/auditor-system.conf b/debian/etc-taler-auditor/taler/conf.d/auditor-system.conf
new file mode 100644
index 000000000..3d3aef33a
--- /dev/null
+++ b/debian/etc-taler-auditor/taler/conf.d/auditor-system.conf
@@ -0,0 +1,12 @@
+# Read secret sections into configuration, but only
+# if we have permission to do so.
+@inline-secret@ auditordb-postgres ../secrets/auditor-db.secret.conf
+
+[auditor]
+# Debian package is configured to use a reverse proxy with a UNIX
+# domain socket. See nginx/apache configuration files.
+SERVE = UNIX
+UNIXPATH = /var/lib/taler-auditor/auditor.sock
+
+# Only supported database is Postgres right now.
+DATABASE = postgres
diff --git a/debian/etc-taler-auditor/taler/secrets/auditor-db.secret.conf b/debian/etc-taler-auditor/taler/secrets/auditor-db.secret.conf
new file mode 100644
index 000000000..b81bb817f
--- /dev/null
+++ b/debian/etc-taler-auditor/taler/secrets/auditor-db.secret.conf
@@ -0,0 +1,10 @@
+# Database configuration for the Taler auditor.
+
+[auditordb-postgres]
+
+# Typically, there should only be a single line here, of the form:
+
+CONFIG=postgres:///DATABASE
+
+# The details of the URI depend on where the database lives and how
+# access control was configured.