gnutaler-docker/README.md

# gnutaler-docker

Container stack for GNU Taler (Exchange, Merchant, LibEuFin Bank) with optional Caddy reverse proxy, automatic DB initialization, and an optional WordPress/WooCommerce demo shop with the GNU Taler payment plugin.

## Components
- `compose.yml`: services postgres, exchange, merchant, bank, Caddy (`*.domain.tld`), one-off `exchange-account-init` job, optional `mariadb`/`wordpress`/`wp-init`.
- `Dockerfile`: builds GNUnet/Taler/LibEuFin from Git and ships helper scripts.
- `entrypoints/with-dbinit.sh`: renders templates via `envsubst`, waits for Postgres, runs `*-dbinit`, sets LibEuFin admin/user passwords.
- `postgres/init/01-init-taler.sh`: creates DB users/databases using passwords from `.env`.
- `scripts/enable-exchange-account.sh`: offline tool to enable the exchange payto account (optional, gated by `ENABLE_EXCHANGE_ACCOUNT`).
- `scripts/provision-bank-user.sh`: creates a bank user, sets debit limit, generates a token, and writes it to the host.
- `exchange/…`, `merchant/…`, `bank/…`: templated configs plus terms/privacy.
- `caddy/Caddyfile`: reverse proxy with hosts from environment, ACME certificates.
- `wordpress` stack: MariaDB + WordPress + WP-CLI init installing WooCommerce and `gnu-taler-payment-for-woocommerce`.

## Quick start
1. Prereqs: Docker + Docker Compose.
2. Copy `.env.example` → `.env` and fill it (passwords, hosts/URLs, ACME mail, master key, `EXCHANGE_SECRETS_PATH`, etc.). Important:
   - `EXCHANGE_SECRETS_PATH`: host path containing the exchange master private key (persistent!).
   - `MASTER_PUBLIC_KEY`: must match the master private key.
   - `LIBEUFIN_MERCHANT_TOKEN`: set after token generation (see below).
   - Versions: `GNUNET_REF` (default v0.26.1), `EXCHANGE_REF`, `MERCHANT_REF`, `LIBEUFIN_REF`, optional `GNUNET_TARBALL_URL` for tarball builds.
3. Build: `./scripts/build-image.sh` (reads `.env` for refs/URLs; override with env vars if needed)
4. Start: `docker compose up -d`
5. Generate bank token: `./scripts/provision-bank-user.sh` (bank service must be running). The token is written to `TOKEN_OUTPUT` (default `bank/token-info.txt`); copy the secret token into `.env` as `LIBEUFIN_MERCHANT_TOKEN`.
6. Optional: auto-enable exchange payto by setting `ENABLE_EXCHANGE_ACCOUNT=1` in `.env` (adjust PAYTO/hosts); job runs as `exchange-account-init`.
7. WordPress/WooCommerce (optional): set `WP_DB_*`, `WP_URL`, admin creds, and `WORDPRESS_HOST` in `.env`; `wp-init` installs WordPress, WooCommerce, and the GNU Taler payment plugin.

## Caddy / reverse proxy
- Hosts via `BANK_HOST`, `EXCHANGE_HOST`, `MERCHANT_HOST`, `WORDPRESS_HOST`; ACME mail via `CADDY_ACME_EMAIL`.
- On domain changes, adjust BASE_URL/PAYTO in `.env`; templates render automatically at startup.
- You can remove direct port mappings (8080/8081/9966/8085) if only Caddy should be exposed.

## Notes
- Passwords in `.env` must match `postgres/init/01-init-taler.sh` (picked up automatically via environment).
- Keep the master key stable; mount it via `EXCHANGE_SECRETS_PATH`, do not regenerate on startup.
- If `ENABLE_EXCHANGE_ACCOUNT=0`, run the offline tool manually (`scripts/enable-exchange-account.sh` inside the exchange container).
- With custom CAs, set `EXCHANGE_CURL_OPTS="-k"` if the offline job needs to curl `/keys` over HTTPS.
- After changing DB passwords in `.env`, no manual SQL rendering is needed—the init script reads them at container start.

## Useful commands
- Logs: `docker compose logs -f exchange` (or bank/merchant/caddy/wordpress).
- Re-provision bank users/token: `./scripts/provision-bank-user.sh`
- Manual payto enable: `docker compose run --rm exchange /usr/local/bin/enable-exchange-account.sh PAYTO_URI=...`
Initial commit 2025-12-11 13:21:07 +01:00			`# gnutaler-docker`

Add English README and German README-DE 2025-12-11 12:36:25 +00:00			`Container stack for GNU Taler (Exchange, Merchant, LibEuFin Bank) with optional Caddy reverse proxy, automatic DB initialization, and an optional WordPress/WooCommerce demo shop with the GNU Taler payment plugin.`
📝 docs(README): add comprehensive setup instructions for gnutaler-docker - include container stack components and services - provide quick start guide with prerequisites and setup steps - describe Caddy/Reverse-Proxy configuration - add notes on environment variables and password matching - list useful commands for logs and user provisioning 2025-12-11 12:29:56 +00:00
Add English README and German README-DE 2025-12-11 12:36:25 +00:00			`## Components`
			- `compose.yml`: services postgres, exchange, merchant, bank, Caddy (`*.domain.tld`), one-off `exchange-account-init` job, optional `mariadb`/`wordpress`/`wp-init`.
			- `Dockerfile`: builds GNUnet/Taler/LibEuFin from Git and ships helper scripts.
			- `entrypoints/with-dbinit.sh`: renders templates via `envsubst`, waits for Postgres, runs `*-dbinit`, sets LibEuFin admin/user passwords.
			- `postgres/init/01-init-taler.sh`: creates DB users/databases using passwords from `.env`.
			- `scripts/enable-exchange-account.sh`: offline tool to enable the exchange payto account (optional, gated by `ENABLE_EXCHANGE_ACCOUNT`).
			- `scripts/provision-bank-user.sh`: creates a bank user, sets debit limit, generates a token, and writes it to the host.
			- `exchange/…`, `merchant/…`, `bank/…`: templated configs plus terms/privacy.
			- `caddy/Caddyfile`: reverse proxy with hosts from environment, ACME certificates.
			- `wordpress` stack: MariaDB + WordPress + WP-CLI init installing WooCommerce and `gnu-taler-payment-for-woocommerce`.
📝 docs(README): add comprehensive setup instructions for gnutaler-docker - include container stack components and services - provide quick start guide with prerequisites and setup steps - describe Caddy/Reverse-Proxy configuration - add notes on environment variables and password matching - list useful commands for logs and user provisioning 2025-12-11 12:29:56 +00:00
Add English README and German README-DE 2025-12-11 12:36:25 +00:00			`## Quick start`
			`1. Prereqs: Docker + Docker Compose.`
			2. Copy `.env.example` → `.env` and fill it (passwords, hosts/URLs, ACME mail, master key, `EXCHANGE_SECRETS_PATH`, etc.). Important:
			- `EXCHANGE_SECRETS_PATH`: host path containing the exchange master private key (persistent!).
			- `MASTER_PUBLIC_KEY`: must match the master private key.
			- `LIBEUFIN_MERCHANT_TOKEN`: set after token generation (see below).
Expose build refs in .env, add build script, default GNUnet v0.26.1 2025-12-11 15:40:50 +00:00			- Versions: `GNUNET_REF` (default v0.26.1), `EXCHANGE_REF`, `MERCHANT_REF`, `LIBEUFIN_REF`, optional `GNUNET_TARBALL_URL` for tarball builds.
			3. Build: `./scripts/build-image.sh` (reads `.env` for refs/URLs; override with env vars if needed)
📝 docs(README): add comprehensive setup instructions for gnutaler-docker - include container stack components and services - provide quick start guide with prerequisites and setup steps - describe Caddy/Reverse-Proxy configuration - add notes on environment variables and password matching - list useful commands for logs and user provisioning 2025-12-11 12:29:56 +00:00			4. Start: `docker compose up -d`
Add English README and German README-DE 2025-12-11 12:36:25 +00:00			5. Generate bank token: `./scripts/provision-bank-user.sh` (bank service must be running). The token is written to `TOKEN_OUTPUT` (default `bank/token-info.txt`); copy the secret token into `.env` as `LIBEUFIN_MERCHANT_TOKEN`.
			6. Optional: auto-enable exchange payto by setting `ENABLE_EXCHANGE_ACCOUNT=1` in `.env` (adjust PAYTO/hosts); job runs as `exchange-account-init`.
			7. WordPress/WooCommerce (optional): set `WP_DB_*`, `WP_URL`, admin creds, and `WORDPRESS_HOST` in `.env`; `wp-init` installs WordPress, WooCommerce, and the GNU Taler payment plugin.
📝 docs(README): add comprehensive setup instructions for gnutaler-docker - include container stack components and services - provide quick start guide with prerequisites and setup steps - describe Caddy/Reverse-Proxy configuration - add notes on environment variables and password matching - list useful commands for logs and user provisioning 2025-12-11 12:29:56 +00:00
Add English README and German README-DE 2025-12-11 12:36:25 +00:00			`## Caddy / reverse proxy`
			- Hosts via `BANK_HOST`, `EXCHANGE_HOST`, `MERCHANT_HOST`, `WORDPRESS_HOST`; ACME mail via `CADDY_ACME_EMAIL`.
			- On domain changes, adjust BASE_URL/PAYTO in `.env`; templates render automatically at startup.
			`- You can remove direct port mappings (8080/8081/9966/8085) if only Caddy should be exposed.`
📝 docs(README): add comprehensive setup instructions for gnutaler-docker - include container stack components and services - provide quick start guide with prerequisites and setup steps - describe Caddy/Reverse-Proxy configuration - add notes on environment variables and password matching - list useful commands for logs and user provisioning 2025-12-11 12:29:56 +00:00
Add English README and German README-DE 2025-12-11 12:36:25 +00:00			`## Notes`
			- Passwords in `.env` must match `postgres/init/01-init-taler.sh` (picked up automatically via environment).
			- Keep the master key stable; mount it via `EXCHANGE_SECRETS_PATH`, do not regenerate on startup.
			- If `ENABLE_EXCHANGE_ACCOUNT=0`, run the offline tool manually (`scripts/enable-exchange-account.sh` inside the exchange container).
			- With custom CAs, set `EXCHANGE_CURL_OPTS="-k"` if the offline job needs to curl `/keys` over HTTPS.
			- After changing DB passwords in `.env`, no manual SQL rendering is needed—the init script reads them at container start.
Add WordPress/WooCommerce stack and generic env hosts 2025-12-11 12:33:59 +00:00
Add English README and German README-DE 2025-12-11 12:36:25 +00:00			`## Useful commands`
			- Logs: `docker compose logs -f exchange` (or bank/merchant/caddy/wordpress).
			- Re-provision bank users/token: `./scripts/provision-bank-user.sh`
			- Manual payto enable: `docker compose run --rm exchange /usr/local/bin/enable-exchange-account.sh PAYTO_URI=...`