1.2.1. Installation on Debian¶

1.2.1.1. Have a Debian server¶

Ensure you have a Debian server up and running before proceeding.

1.2.1.2. Add the Taler repository to the apt sources list¶

To add the Taler repository to your apt sources, run:

echo 'deb [signed-by=/etc/apt/keyrings/taler-systems.gpg] https://deb.taler.net/apt/debian bookworm main' | sudo tee /etc/apt/sources.list.d/taler.list

1.2.1.3. Import the Taler Systems SA public key and install packages¶

You must import the Taler Systems SA package signing key and then update/upgrade packages:

wget -O /etc/apt/keyrings/taler-systems.gpg https://taler.net/taler-systems.gpg
sudo apt update
sudo apt upgrade -y
sudo apt install postgresql nginx taler-merchant certbot python3-certbot-nginx -y

1.2.1.4. Configure the Taler merchant database¶

For the Taler merchant backend, configure the PostgreSQL database by running:

taler-merchant-dbconfig

1.2.1.5. Start the Taler merchant services¶

Enable and start the Taler merchant services:

systemctl enable --now taler-merchant.target

1.2.1.6. Check that Taler merchant is running¶

Verify that the merchant service is active:

systemctl status taler-merchant-httpd.service

If you see active (running), the Backend is installed successfully. Press q to exit the status screen.

1.2.1.7. Configure a DNS record¶

Create a new DNS record with your domain registrar:

Type: A
Name: backend (or a subdomain of your choice, in this tutorial we are using tutorial)
Value: Your server’s IP address

Return to this guide after the DNS record is set up.

1.2.1.8. Create HTTPS certificates¶

Use Certbot to request an SSL/TLS certificate. Replace your.domain with your domain:

sudo certbot certonly --webroot -w /var/www/html -d your.domain

Follow the prompts to provide an email address and accept the terms of service.

1.2.1.9. Set up Taler merchant in Nginx¶

Open the Nginx configuration file for Taler merchant:

nano /etc/nginx/sites-available/taler-merchant

Replace your.domain with your domain name as needed:

server {
    listen 80;
    listen [::]:80;

    server_name your.domain;

    access_log /var/log/nginx/merchant.log;
    error_log /var/log/nginx/merchant.err;
    location / {
        proxy_pass http://unix:/var/run/taler-merchant/httpd/merchant-http.sock;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Host "your.domain";
        proxy_set_header X-Forwarded-Proto "http";
    }
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name your.domain;

    ssl_certificate /etc/letsencrypt/live/your.domain/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/your.domain/privkey.pem;

    access_log /var/log/nginx/merchant.log;
    error_log /var/log/nginx/merchant.err;
    location / {
        proxy_pass http://unix:/var/run/taler-merchant/httpd/merchant-http.sock;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Host "your.domain";
        proxy_set_header X-Forwarded-Proto "https";
    }
}

1.2.1.10. Activate the Nginx configuration¶

Create a symbolic link and test your configuration:

sudo ln -s /etc/nginx/sites-available/taler-merchant /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx

You should see:

nginx: configuration file /etc/nginx/nginx.conf test is successful.

1.2.1.11. Set up Taler merchant in Apache¶

In case you prefer Apache, you can set up Taler merchant with it. Firstly, we need to check that it is installed:

sudo apt install apache2 -y

Open the Apache configuration file for Taler merchant:

nano /etc/apache2/sites-available/taler-merchant.conf

Replace your.domain with your domain name as needed:

<VirtualHost *:80>
    ServerName your.domain

    ErrorLog /var/log/apache2/merchant-error.log
    CustomLog /var/log/apache2/merchant-access.log combined

    ProxyPreserveHost On
    ProxyRequests Off

    ProxyPass / unix:/var/run/taler-merchant/httpd/merchant-http.sock|http://localhost/
    ProxyPassReverse / unix:/var/run/taler-merchant/httpd/merchant-http.sock|http://localhost/

    RequestHeader set X-Forwarded-Proto "http"
</VirtualHost>

<VirtualHost *:443>
    ServerName your.domain

    ErrorLog /var/log/apache2/merchant-error.log
    CustomLog /var/log/apache2/merchant-access.log combined

    SSLEngine On
    SSLCertificateFile /etc/letsencrypt/live/your.domain/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/your.domain/privkey.pem

    ProxyPreserveHost On
    ProxyRequests Off

    ProxyPass / unix:/var/run/taler-merchant/httpd/merchant-http.sock|http://localhost/
    ProxyPassReverse / unix:/var/run/taler-merchant/httpd/merchant-http.sock|http://localhost/

    RequestHeader set X-Forwarded-Proto "https"
</VirtualHost>

1.2.1.12. Activate the Apache configuration¶

Make sure apache has modules enabled:

sudo a2enmod proxy proxy_http headers ssl
sudo systemctl restart apache2

Finally, activate the configuration and restart Apache:

sudo a2ensite taler-merchant
sudo systemctl reload apache2

You could also run test the configuration with:

sudo apache2ctl configtest

If you see Syntax OK, the configuration is correct.

1.2.1.13. Access the Taler merchant¶

Open your browser and navigate to the domain you entered before. You should see the Taler merchant interface if everything is configured correctly.

1.2. BackOffice

1.2.2. Instance management

GNU Taler