16.76. taler-merchant-rproxy-setup(1)

16.76.1. Name

taler-merchant-rproxy-setup - configure reverse proxy for the Taler merchant

16.76.2. Synopsis

taler-merchant-rproxy-setup [–domain**=*NAME*] [–nginx** | –apache] [–httponly | –httpsonly] [-h | –help]

16.76.3. Description

taler-merchant-rproxy-setup is a command-line tool that configures a reverse proxy for the Taler merchant under either Nginx or Apache HTTP server. It may optionally enable HTTPS via certbot unless –httponly is requested.

If neither –nginx nor –apache is specified, the script checks whether exactly one of them is installed and proceeds accordingly, or exits with an error if neither or both are installed.

The script updates the default reverse-proxy configuration file (/etc/nginx/sites-available/taler-merchant for Nginx, /etc/apache2/sites-available/taler-merchant.conf for Apache) and backs up any existing version to a .legacy suffix. If HTTPS is enabled (the default unless –httponly is given), certbot is run to obtain TLS certificates for the configured domain name, and the configuration is adjusted accordingly. If –httpsonly is requested, HTTP requests will be redirected to HTTPS (port 443). Finally, the script activates the new site configuration and reloads the respective web server.

To ensure successful configuration, both the web server (Nginx or Apache) and certbot (unless –httponly) must be installed. In the case of Apache, some modules (proxy, proxy_http, headers) must be enabled. The script will check for these prerequisites and exit with an error if any are missing.

16.76.4. Options

–domain=NAME

Required. The fully qualified domain name (FQDN) for which the reverse proxy is being set up.

–nginx

Force using Nginx as the reverse proxy. If not specified, the script auto-detects whether Nginx or Apache is installed, provided exactly one is installed.

–apache

Force using Apache as the reverse proxy. If not specified, the script auto-detects whether Nginx or Apache is installed, provided exactly one is installed.

–httponly

Only configure HTTP (no TLS). Skips certbot and omits all TLS-related configuration. Incompatible with –httpsonly.

–httpsonly

Configure HTTPS and automatically redirect HTTP traffic to the HTTPS port. Incompatible with –httponly.

-h | –help

Print short help on options.

16.76.5. See Also

taler-merchant-httpd(1), taler-merchant.conf(5)

16.76.6. Bugs

Report bugs by using https://bugs.taler.net/ or by sending electronic mail to <taler@gnu.org>.