# Container: /etc/nginx/sites-available/taler-merchant # Enabled: sites-enabled/taler-merchant → this file # Host publish: 9010/tcp (podman pasta). Caddy terminates public HTTPS and # reverse_proxies to https://127.0.0.1:9010 (see configs/caddy/Caddyfile). server { listen 9010 ssl; listen [::]:9010 ssl; server_name taler.hacktivism.ch; ssl_certificate /etc/letsencrypt/live/taler.hacktivism.ch/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/taler.hacktivism.ch/privkey.pem; access_log /var/log/nginx/merchant.log; error_log /var/log/nginx/merchant.err; # Public landing first (Caddy should also redir / → /intro/; this covers :9010) location = / { return 302 /intro/; } # Merchant-httpd only serves /terms and /privacy without trailing slash location = /terms/ { return 302 /terms; } location = /privacy/ { return 302 /privacy; } location / { proxy_pass http://unix:/var/run/taler-merchant/httpd/merchant-http.sock; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Forwarded-Host "taler.hacktivism.ch"; proxy_set_header X-Forwarded-Proto "https"; } } server { # ACME HTTP-01 is handled by Caddy :9000; this block kept for reference. # listen 9010; # listen [::]:9010; server_name taler.hacktivism.ch; location /.well-known/acme-challenge/ { alias /var/www/letsencrypt/.well-known/acme-challenge/; } }