50 lines
1.5 KiB
Text
50 lines
1.5 KiB
Text
# Container: /etc/nginx/sites-available/taler-merchant
|
|
# Enabled: sites-enabled/taler-merchant → this file
|
|
# Host publish: 9010/tcp (podman pasta). Caddy terminates public HTTPS and
|
|
# reverse_proxies to https://127.0.0.1:9010 (see configs/caddy/Caddyfile).
|
|
|
|
server {
|
|
listen 9010 ssl;
|
|
listen [::]:9010 ssl;
|
|
|
|
server_name taler.hacktivism.ch;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/taler.hacktivism.ch/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/taler.hacktivism.ch/privkey.pem;
|
|
|
|
access_log /var/log/nginx/merchant.log;
|
|
error_log /var/log/nginx/merchant.err;
|
|
|
|
# Public landing first (Caddy should also redir / → /intro/; this covers :9010)
|
|
location = / {
|
|
return 302 /intro/;
|
|
}
|
|
|
|
# Merchant-httpd only serves /terms and /privacy without trailing slash
|
|
location = /terms/ {
|
|
return 302 /terms;
|
|
}
|
|
location = /privacy/ {
|
|
return 302 /privacy;
|
|
}
|
|
|
|
location / {
|
|
proxy_pass http://unix:/var/run/taler-merchant/httpd/merchant-http.sock;
|
|
proxy_redirect off;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-Host "taler.hacktivism.ch";
|
|
proxy_set_header X-Forwarded-Proto "https";
|
|
}
|
|
}
|
|
|
|
server {
|
|
# ACME HTTP-01 is handled by Caddy :9000; this block kept for reference.
|
|
# listen 9010;
|
|
# listen [::]:9010;
|
|
|
|
server_name taler.hacktivism.ch;
|
|
|
|
location /.well-known/acme-challenge/ {
|
|
alias /var/www/letsencrypt/.well-known/acme-challenge/;
|
|
}
|
|
}
|