0010589: useful in deployment cases: systemd unit for proxying IPv4/IPv6 https traffic to ports > 1024

ID	Project	Category	View Status	Date Submitted	Last Update

0010589	Taler	deployment and operations	public	2025-11-12 20:09	2025-11-12 20:20

Reporter	vecirex	Assigned To	vecirex
Priority	normal	Severity	feature	Reproducibility	N/A
Status	assigned	Resolution	open

Summary	0010589: useful in deployment cases: systemd unit for proxying IPv4/IPv6 https traffic to ports > 1024
Description	Merchant or other operators of taler server components (e.g., exchanges) might find it useful to run unprivileged podman (or other) containers w/ TCP ports exposed > 1024 only. I've running code, but more checks needed for safe and productive usage; also to be made dynamic and tested on other systems (here it's SuSE GNU/Linux Tumbleweed): koopa:/var/lib/systemd # systemctl list-units \| grep proxy https-proxy@8081.service loaded active running Proxy for incoming HTTPS traffic to port 8081 system-https\x2dproxy.slice loaded active active Slice /system/https-proxy https-proxy.socket loaded active running Forward incoming HTTPS traffic to local port 8081 koopa:/var/lib/systemd # nmap 127.0.0.1 \| grep 8081 8081/tcp open blackice-icecap koopa:/var/lib/systemd # nmap -6 ::1 \| grep 8081 8081/tcp open blackice-icecap koopa:/var/lib/systemd # ss -ltn sport = :443 State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 512 :443 :* koopa:/var/lib/systemd #
Tags	No tags attached.

Date Modified	Username	Field	Change
2025-11-12 20:09	vecirex	New Issue
2025-11-12 20:11	vecirex	Note Added: 0026407
2025-11-12 20:13	vecirex	Assigned To	=> vecirex
2025-11-12 20:13	vecirex	Status	new => assigned
2025-11-12 20:20	vecirex	Description Updated

vecirex 2025-11-12 20:11 manager ~0026407	To be committed to taler-deployment: https://git.taler.net/taler-deployment.git/