diff --git a/debian/conf/apache.conf b/debian/conf/apache.conf
new file mode 100644
index 000000000..3cfbf9edb
--- /dev/null
+++ b/debian/conf/apache.conf
@@ -0,0 +1,4 @@
+
+ProxyPass "unix:/var/lib/taler-exchange/exchange.sock|http://example.com/"
+RequestHeader add "X-Forwarded-Proto" "https"
+
diff --git a/debian/conf/nginx.conf b/debian/conf/nginx.conf
new file mode 100644
index 000000000..2921c9998
--- /dev/null
+++ b/debian/conf/nginx.conf
@@ -0,0 +1,7 @@
+location /taler-exchange/ {
+ proxy_pass http://unix:/var/lib/taler-exchange/exchange.sock;
+ proxy_redirect off;
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-Host "example.com";
+ proxy_set_header X-Forwarded-Proto "https";
+}
\ No newline at end of file
diff --git a/debian/control b/debian/control
index d50478556..873bed6a9 100644
--- a/debian/control
+++ b/debian/control
@@ -54,6 +54,7 @@ Depends:
adduser,
lsb-base,
netbase,
+ dbconfig-pgsql | dbconfig-no-thanks,
python3-jinja2,
${misc:Depends},
${shlibs:Depends}
diff --git a/debian/db/install/pgsql b/debian/db/install/pgsql
new file mode 100644
index 000000000..0740e0d1d
--- /dev/null
+++ b/debian/db/install/pgsql
@@ -0,0 +1,2 @@
+#!/bin/sh
+taler-exchange-dbinit -c /etc/taler.conf
diff --git a/debian/db/upgrade/pgsql b/debian/db/upgrade/pgsql
new file mode 100644
index 000000000..0740e0d1d
--- /dev/null
+++ b/debian/db/upgrade/pgsql
@@ -0,0 +1,2 @@
+#!/bin/sh
+taler-exchange-dbinit -c /etc/taler.conf
diff --git a/debian/etc/taler-exchange-db.conf b/debian/etc/taler-exchange-db.conf
new file mode 100644
index 000000000..b894671d5
--- /dev/null
+++ b/debian/etc/taler-exchange-db.conf
@@ -0,0 +1,3 @@
+[taler-exchangdb-postgres]
+
+CONFIG = postgres:///taler-exchange
diff --git a/debian/etc/taler.conf b/debian/etc/taler-exchange.conf
similarity index 59%
rename from debian/etc/taler.conf
rename to debian/etc/taler-exchange.conf
index 4d721e02c..4a8069598 100644
--- a/debian/etc/taler.conf
+++ b/debian/etc/taler-exchange.conf
@@ -1,5 +1,12 @@
+@INLINE@ /etc/taler-exchange-db.conf
+
[PATHS]
# Move runtime data "tmp" directory to /var/lib/taler-exchange/
# to possibly provide additional protection from unwarranted access.
TALER_RUNTIME_DIR = /var/lib/taler-exchange/tmp/
+
+[exchange]
+SERVE = UNIX
+UNIXPATH = /var/lib/taler-exchange/exchange.sock
+DATABASE = postgres
diff --git a/debian/etc/taler-wire.conf b/debian/etc/taler-wire.conf
new file mode 100644
index 000000000..f30fe0778
--- /dev/null
+++ b/debian/etc/taler-wire.conf
@@ -0,0 +1 @@
+@INLINE@ /etc/taler-exchange-db.conf
diff --git a/debian/taler-exchange.config b/debian/taler-exchange.config
index 9cb12cd78..1afcf3587 100644
--- a/debian/taler-exchange.config
+++ b/debian/taler-exchange.config
@@ -22,7 +22,10 @@ db_go
db_input low taler-exchange/groupname || true
db_go
-db_input medium taler-exchange/autostart || true
-db_go
+if [ -f /usr/share/dbconfig-common/dpkg/config.pgsql ]; then
+ . /usr/share/dbconfig-common/dpkg/config.pgsql
+ dbc_go taler-exchange "$@"
+fi
+
db_stop
diff --git a/debian/taler-exchange.install b/debian/taler-exchange.install
index d3ceccc14..a6486f384 100644
--- a/debian/taler-exchange.install
+++ b/debian/taler-exchange.install
@@ -1,3 +1,6 @@
-etc/taler.conf
usr/bin/
usr/lib/*/taler/*.so
+debian/etc/* etc/
+debian/db/install/* usr/share/dbconfig-common/scripts/taler-exchange/install/
+debian/db/upgrade/* usr/share/dbconfig-common/scripts/taler-exchange/upgrade/
+debian/conf/* etc/taler-exchange/
\ No newline at end of file
diff --git a/debian/taler-exchange.postinst b/debian/taler-exchange.postinst
index cfaf04a45..8256e886a 100644
--- a/debian/taler-exchange.postinst
+++ b/debian/taler-exchange.postinst
@@ -2,6 +2,27 @@
set -e
+
+apache_install() {
+ mkdir -p /etc/apache2/conf-available
+ if [ ! -f /etc/apache2/conf-available/taler-exchange.conf ];
+ then
+ cp /etc/taler-exchange/apache.conf /etc/apache2/conf-available/taler-exchange.conf
+ fi
+ a2enmod proxy
+ a2enmod proxy_http
+ a2enmod headers
+}
+
+
+nginx_install() {
+ mkdir -p /etc/nginx/conf-available
+ if [ ! -f /etc/apache2/conf-available/taler-exchange.conf ];
+ then
+ cp /etc/taler-exchange/nginx.conf /etc/nginx/conf-available/taler-exchange.conf
+ fi
+}
+
. /usr/share/debconf/confmodule
case "${1}" in
@@ -26,16 +47,13 @@ case "${1}" in
db_get taler-exchange/groupname
_GROUPNAME="${RET:-taler-private}"
- db_get taler-exchange/autostart
- _AUTOSTART="${RET}" # boolean
+ db_get taler-exchange/dbgroupname
+ _DBGROUPNAME="${RET:-taler-exchange-db}"
db_stop
- CONFIG_FILE="/etc/default/taler"
-
- # Read default values
+ CONFIG_FILE="/etc/default/taler-exchange"
TALER_HOME="/var/lib/taler-exchange"
- eval $(grep TALER_HOME /etc/taler.conf | tr -d '[:blank:]')
# Creating taler group if needed
if ! getent group ${_GROUPNAME} > /dev/null
@@ -50,6 +68,7 @@ case "${1}" in
then
echo -n "Creating new Taler user ${_EUSERNAME}:"
adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/httpd ${_EUSERNAME}
+ adduser ${_EUSERNAME} ${_DBGROUPNAME}
echo " done."
fi
if ! getent passwd ${_RSECUSERNAME} > /dev/null
@@ -68,12 +87,14 @@ case "${1}" in
then
echo -n "Creating new Taler user ${_WIREUSERNAME}:"
adduser --quiet --system --home ${TALER_HOME}/wire ${_WIREUSERNAME}
+ adduser ${_WIREUSERNAME} ${_DBGROUPNAME}
echo " done."
fi
if ! getent passwd ${_AGGRUSERNAME} > /dev/null
then
echo -n "Creating new Taler user ${_AGGRUSERNAME}:"
adduser --quiet --system --home ${TALER_HOME}/aggregator ${_AGGRUSERNAME}
+ adduser ${_AGGRUSERNAME} ${_DBGROUPNAME}
echo " done."
fi
@@ -92,7 +113,6 @@ TALER_ESECUSER=${_ESECUSERNAME}
TALER_WIREUSER=${_WIREUSERNAME}
TALER_AGGRUSER=${_AGGRUSERNAME}
TALER_GROUP=${_GROUPNAME}
-TALER_AUTOSTART="${_AUTOSTART}"
EOF
cat > "/etc/systemd/system/taler-exchange-httpd.service" < "/etc/systemd/system/taler-exchange-helper-rsa.service" < "/etc/systemd/system/taler-exchange-helper-eddsa.service" < "/etc/systemd/system/taler-exchange-wirewatch.service" < "/etc/systemd/system/taler-exchange-aggregator.service" </dev/null 2>&1 ];
+ then
+ rm -f /etc/apache2/conf-available/taler-exchange.conf
+ fi
+}
+
+nginx_remove() {
+ if [ diff /etc/taler-exchange/nginx.conf /etc/nginx/conf-available/taler-exchange.conf >/dev/null 2>&1 ];
+ then
+ rm -f /etc/nginx/conf-available/taler-exchange.conf
+ fi
+}
+
+if [ -f /usr/share/dbconfig-common/dpkg/postrm.pgsql ]; then
+ . /usr/share/dbconfig-common/dpkg/postrm.pgsql
+ dbc_go taler-exchange "$@"
+fi
+
+
+if [ "$1" = "remove" ] || [ "$1" = "purge" ]; then
+ if [ -f /usr/share/debconf/confmodule ]; then
+ db_version 2.0
+ db_get taler-exchange/reconfigure-webserver
+ webservers="$RET"
+ for webserver in $webservers; do
+ webserver=${webserver%,}
+ if [ "$webserver" = "nginx" ] ; then
+ nginx_remove
+ else
+ apache_remove
+ fi
+ done
+ fi
+fi
+
+
case "${1}" in
purge)
if [ -e /usr/share/debconf/confmodule ]
@@ -48,8 +85,6 @@ case "${1}" in
_GROUPNAME="taler-private"
fi
- TALERDNS_GROUP="talerdns"
-
if pathfind deluser
then
deluser --quiet --system ${_EUSERNAME} || true
@@ -64,7 +99,7 @@ case "${1}" in
delgroup --quiet --system --only-if-empty ${_GROUPNAME} || true
fi
- rm -rf /var/log/taler/ /var/lib/taler /etc/default/taler
+ rm -rf /var/log/taler-exchange/ /var/lib/taler-exchange /etc/default/taler-exchange
;;
remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
diff --git a/debian/taler-exchange.prerm b/debian/taler-exchange.prerm
new file mode 100644
index 000000000..88a747cb7
--- /dev/null
+++ b/debian/taler-exchange.prerm
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+set -e
+
+
+if [ -f /usr/share/debconf/confmodule ]; then
+ . /usr/share/debconf/confmodule
+fi
+. /usr/share/dbconfig-common/dpkg/prerm
+
+if [ -f /usr/share/dbconfig-common/dpkg/prerm.pgsql ]; then
+ . /usr/share/dbconfig-common/dpkg/prerm.pgsql
+ dbc_go taler-exchange "$@"
+fi
+
+db_stop
+exit 0
\ No newline at end of file
diff --git a/debian/taler-exchange.templates b/debian/taler-exchange.templates
index 8cc9d1d4a..43c3524e4 100644
--- a/debian/taler-exchange.templates
+++ b/debian/taler-exchange.templates
@@ -46,7 +46,7 @@ _Description: Taler user:
Template: taler-exchange/groupname
Type: string
-Default: taler
+Default: taler-private
_Description: Taler group:
Please choose the group that the Taler exchange and security
modules will run as.
@@ -55,10 +55,13 @@ _Description: Taler group:
Only the members of this group will have access to Taler private
online signing keys.
-Template: taler-exchange/autostart
-Type: boolean
-Default: true
-_Description: Should the Taler exchange be launched on boot?
- If you choose this option, a Taler exchange will be launched each time
- the system is started. Otherwise, you will need to launch
- Taler each time you want to use it.
+
+Template: taler-exchange/dbgroupname
+Type: string
+Default: taler-exchange-db
+_Description: Taler group:
+ Please choose the group that the Taler users with database access
+ should be in.
+ .
+ This should be a dedicated group, not one that already owns data.
+ Only the members of this group will have access to Taler database.