fix HTTP server configuration files

3 files changed, 44 insertions, 29 deletions

diff --git a/debian/etc/apache2/sites-available/taler-merchant.conf b/debian/etc/apache2/sites-available/taler-merchant.conf
index eebc6826..5d0050a7 100644
--- a/debian/etc/apache2/sites-available/taler-merchant.conf
+++ b/debian/etc/apache2/sites-available/taler-merchant.conf
@@ -1,18 +1,22 @@
-<!--
-  Make sure to enable the following Apache modules before
-  integrating this into your configuration:
+# Make sure to enable the following Apache modules before
+# integrating this into your configuration:
+#
+# a2enmod proxy
+# a2enmod proxy_http
+# a2enmod headers
+#
+# NOTE:
+# - consider to adjust the location
+# - consider putting all this into a VirtualHost
+# - strongly consider setting up TLS support
+#
+# For all of the above, please read the respective
+# Apache documentation.
+#
+<Location "/">
+  ProxyPass "unix:/var/run/taler/merchant-httpd/merchant-http.sock|http://example.com/"
 
-  # a2enmod proxy
-  # a2enmod proxy_http
-  # a2enmod headers
-  # a2enmod rewrite
--->
-
-<Location "/taler-merchant/">
-RewriteEngine On
-RewriteCond "%{HTTP:AUTHORIZATION}" "!= %SECURITYTOKEN%"
-RewriteRule "(.+)/private/" "-" [F]
-
-ProxyPass "unix:/var/lib/taler-merchant/httpd/merchant.sock|http://example.com/"
-RequestHeader add "X-Forwarded-Proto" "https"
+  # NOTE:
+  # - Uncomment this line if you use TLS/HTTPS
+  RequestHeader add "X-Forwarded-Proto" "https"
 </Location>
diff --git a/debian/etc/nginx/sites-available/taler-merchant b/debian/etc/nginx/sites-available/taler-merchant
index 82aaa306..8de78a88 100644
--- a/debian/etc/nginx/sites-available/taler-merchant
+++ b/debian/etc/nginx/sites-available/taler-merchant
@@ -1,19 +1,29 @@
-location ~ /taler-merchant/private/ {
-    if ($http_authorization !~ "(?i)ApiKey %SECURITYTOKEN%") {
-       return 401;
-    }
-    proxy_pass http://unix:/var/lib/taler-merchant/httpd/merchant.sock;
-    proxy_redirect off;
-    proxy_set_header Host $host;
-    proxy_set_header X-Forwarded-Host "example.com";
-    proxy_set_header X-Forwarded-Proto "https";
-}
+server {
+    # NOTE:
+    # - urgently consider configuring TLS instead
+    # - maybe keep a forwarder from HTTP to HTTPS
+    listen 80;
+
+    # NOTE:
+    # - Comment out this line if you have no IPv6
+    listen [::]:80;
+
+    # NOTE:
+    # - replace with your actual server name
+    server_name localhost;
 
-location /taler-merchant/ {
-         proxy_pass http://unix:/var/lib/taler-merchant/httpd/merchant.sock;
+    location / {
+         proxy_pass http://unix:/var/run/taler/merchant-httpd/merchant-http.sock;
          proxy_redirect off;
          proxy_set_header Host $host;
+
+         # NOTE:
+         # - put your actual DNS name here
          proxy_set_header X-Forwarded-Host "example.com";
-         proxy_set_header X-Forwarded-Proto "https";
+
+         # NOTE:
+         # - uncomment the following line if you are using HTTPS
+         # proxy_set_header X-Forwarded-Proto "https";
+    }
 
 }
\ No newline at end of file
diff --git a/debian/etc/taler/conf.d/merchant.conf b/debian/etc/taler/conf.d/merchant.conf
index 41816b0b..48516157 100644
--- a/debian/etc/taler/conf.d/merchant.conf
+++ b/debian/etc/taler/conf.d/merchant.conf
@@ -4,6 +4,7 @@
 
 [merchant]
 DATABASE = postgres
+SERVE = unix
 
 # Merchant-specific overrides, included last to take precedence.
 @inline-matching@ ../merchant-overrides.conf