nocci/gnutaler-docker
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
gnutaler-docker/README.md
nocci 7acb97cd13 Add helper to fetch release tarballs
2025-12-12 12:10:43 +00:00

4.5 KiB
Raw Blame History

gnutaler-docker

Container stack for GNU Taler (Exchange, Merchant, LibEuFin Bank) with optional Caddy reverse proxy, automatic DB initialization, and an optional WordPress/WooCommerce demo shop with the GNU Taler payment plugin.

Components

  • compose.yml: services postgres, exchange, merchant, bank, Caddy (*.domain.tld), one-off exchange-account-init job, optional mariadb/wordpress/wp-init.
  • Dockerfile: builds GNUnet/Taler/LibEuFin from Git and ships helper scripts.
  • entrypoints/with-dbinit.sh: renders templates via envsubst, waits for Postgres, runs *-dbinit, sets LibEuFin admin/user passwords.
  • postgres/init/01-init-taler.sh: creates DB users/databases using passwords from .env.
  • scripts/enable-exchange-account.sh: offline tool to enable the exchange payto account (optional, gated by ENABLE_EXCHANGE_ACCOUNT).
  • scripts/provision-bank-user.sh: creates a bank user, sets debit limit, generates a token, and writes it to the host.
  • exchange/…, merchant/…, bank/…: templated configs plus terms/privacy.
  • caddy/Caddyfile: reverse proxy with hosts from environment, ACME certificates.
  • wordpress stack: MariaDB + WordPress + WP-CLI init installing WooCommerce and gnu-taler-payment-for-woocommerce.

Quick start

  1. Prereqs: Docker + Docker Compose.
  2. Copy .env.example.env and fill it (passwords, hosts/URLs, ACME mail, master key, EXCHANGE_SECRETS_PATH, etc.). Important:
    • EXCHANGE_SECRETS_PATH: host path containing the exchange master private key (persistent!).
    • MASTER_PUBLIC_KEY: must match the master private key.
    • LIBEUFIN_MERCHANT_TOKEN: set after token generation (see below).
    • Versions: GNUNET_REF (default v0.26.1), EXCHANGE_REF, MERCHANT_REF, LIBEUFIN_REF, optional GNUNET_TARBALL_URL for tarball builds.
  3. Build: ./scripts/build-image.sh (liest .env für Build-Refs/URLs). Alternativ mit expliziten Build-Args, da docker build ... die .env NICHT automatisch lädt: 
    docker build \
  --build-arg GNUNET_TARBALL_URL="$GNUNET_TARBALL_URL" \
  --build-arg GNUNET_REF="$GNUNET_REF" \
  --build-arg EXCHANGE_REF="$EXCHANGE_REF" \
  --build-arg MERCHANT_REF="$MERCHANT_REF" \
  --build-arg LIBEUFIN_REF="$LIBEUFIN_REF" \
  -t taler-stack:build .
  4. Start: docker compose up -d
  5. Generate bank token: ./scripts/provision-bank-user.sh (bank service must be running). The token is written to TOKEN_OUTPUT (default bank/token-info.txt); copy the secret token into .env as LIBEUFIN_MERCHANT_TOKEN.
  6. Optional: auto-enable exchange payto by setting ENABLE_EXCHANGE_ACCOUNT=1 in .env (adjust PAYTO/hosts); job runs as exchange-account-init.
  7. WordPress/WooCommerce (optional): set WP_DB_*, WP_URL, admin creds, and WORDPRESS_HOST in .env; wp-init installs WordPress, WooCommerce, and the GNU Taler payment plugin.

Caddy / reverse proxy

  • Hosts via BANK_HOST, EXCHANGE_HOST, MERCHANT_HOST, WORDPRESS_HOST; ACME mail via CADDY_ACME_EMAIL.
  • On domain changes, adjust BASE_URL/PAYTO in .env; templates render automatically at startup.
  • You can remove direct port mappings (8080/8081/9966/8085) if only Caddy should be exposed.

Notes

  • Passwords in .env must match postgres/init/01-init-taler.sh (picked up automatically via environment).
  • Keep the master key stable; mount it via EXCHANGE_SECRETS_PATH, do not regenerate on startup.
  • If ENABLE_EXCHANGE_ACCOUNT=0, run the offline tool manually (scripts/enable-exchange-account.sh inside the exchange container).
  • With custom CAs, set EXCHANGE_CURL_OPTS="-k" if the offline job needs to curl /keys over HTTPS.
  • After changing DB passwords in .env, no manual SQL rendering is needed—the init script reads them at container start.
  • Release refs/tarballs: Browse tags/commits at https://git.taler.net/{gnunet,exchange,merchant,libeufin}.git/ (Tarballs via .../snapshot/<tag>.tar.gz) and set *_REF/GNUNET_TARBALL_URL accordingly.
  • Offline tarball drop-in: place tarballs under vendor/ (gnunet-*.tar.gz, exchange-*.tar.gz, merchant-*.tar.gz, libeufin-*.tar.gz); the build picks the first match and falls back to git if incomplete.
  • Fetch release tarballs: ./scripts/fetch-tarballs.sh (uses current stable versions; override with *_VERSION or *_TARBALL_URL env vars).

Useful commands

  • Logs: docker compose logs -f exchange (or bank/merchant/caddy/wordpress).
  • Re-provision bank users/token: ./scripts/provision-bank-user.sh
  • Manual payto enable: docker compose run --rm exchange /usr/local/bin/enable-exchange-account.sh PAYTO_URI=...