View Issue Details

IDProjectCategoryView StatusLast Update
0004568Talerbank (demonstrator)public2016-11-20 03:26
ReporterFlorian Dold Assigned ToMarcello Stanisci  
PrioritylowSeverityfeatureReproducibilityhave not tried
Status closedResolutionfixed 
Product Version0.0 
Target Version0.2Fixed in Version0.2 
Summary0004568: listen on different socket for administrative interface
DescriptionOtherwise it's easy to accidentally expose the administrative interface. This is bad since the administrative APIs, by design, don't use authentication.

For the administrative interface, HTTP over unix domain socket seems especially handy.
TagsNo tags attached.


related to 0004561 closedMarcello Stanisci Taler Bank unauthenticated interface /admin/add/incoming 


Marcello Stanisci

2016-07-23 15:34

viewer   ~0010992

15:13 < marcello> hello. Is it possible to bind a view to a port other than the default one?
15:14 < marcello> for example, I want a view, say /myapp/alternate/ being bound to port 8080, and all the other views to the default
                  8000 (in the same application of course)
15:14 < marcello> thanks
15:15 < FunkyBob> run separate app instances

Marcello Stanisci

2016-07-23 15:38

viewer   ~0010993

15:36 < marcello> FunkyBob: how can I prevent one instance from serving a certain view? For example, I don't want the instance running
                  on port 8000 serving the view /myapp/alternate
15:37 <+apollo13> marcello: different ROOT_URLCONF in both cases

Marcello Stanisci

2016-07-23 15:42

viewer   ~0010994

could also help:

Marcello Stanisci

2016-08-15 13:52

viewer   ~0011029

HTTP serving fixed. Need fix on unix domain's serving. Check branch admin_socket

Marcello Stanisci

2016-08-18 13:01

viewer   ~0011042

When serving HTTP, it's easy to check on which port the request was made and accordingly block or allow a certain view from being executed. When serving via unix domain socket, it seems it's not possible to see which file the request is coming from. That may mean that a second instance of the bank (the "admin" instance) is required to be run..

Marcello Stanisci

2016-08-19 14:42

viewer   ~0011043

Last edited: 2016-09-02 15:17

'emperor mode' can help

Note: splitting the bank in two apps gives the problem of sharing How can the 'normal' and 'admin' apps share the same They need that because they have to agree on almost everything, like the DB name, for example

Marcello Stanisci

2016-10-31 15:52

viewer   ~0011397

Implemented in e1309f7.

That changed a bit the way we configure the bank:

The GNUnet-style config file only contains
- database name
- serving protocol

Whereas the directories:
- $(pkgdatadir)/vassals-http
- $(pkgdatadir)/vassals-unix

contain .ini(s) that instructs the bank about the two "instances" to spawn,
namely the admin and normal one.

Also the location of unix domain sockets changed: they lie in /tmp now, as
their location is indicated in the .ini(s), so we don't put tripwire's specific
things in the bank's repo.

Used tecnique:

talerbank/ comes now with a empty ROOT_URLCONF

We deploy two .wsgi(s):
- bank.wsgi
- bank-admin.wsgi

and, for each vassals-*/, two .ini(s)
- bank.ini
- bank-admin.ini

Each .ini instructs uwsgi to make the same-named .wsgi listen to a certain TCP port
(or a certain unix domain socket, depending on whether the .ini lies in vassals-http/
or vassals-unix).

Upon invocation, each .wsgi sets its own ROOT_URLCONF. In particular, bank.wsgi sets
ROOT_URLCONF to '' (which now does NOT contain /admin/add/incoming
anymore), and bank-admin.wsgi sets it to '' that contains only

Marcello Stanisci

2016-10-31 15:56

viewer   ~0011398

Last edited: 2016-10-31 16:00

PS. deployment (nginx and taler.conf configs) also updated to match this.
Ah, there is also no documentation around on how to run/configure the bank ....

Issue History

Date Modified Username Field Change
2016-06-07 19:31 Florian Dold New Issue
2016-06-07 19:31 Florian Dold Status new => assigned
2016-06-07 19:31 Florian Dold Assigned To => Marcello Stanisci
2016-06-07 19:31 Florian Dold Relationship added related to 0004561
2016-06-11 21:36 Christian Grothoff Product Version => 0.0
2016-06-11 21:36 Christian Grothoff Target Version => 0.2
2016-07-23 15:34 Marcello Stanisci Note Added: 0010992
2016-07-23 15:38 Marcello Stanisci Note Added: 0010993
2016-07-23 15:42 Marcello Stanisci Note Added: 0010994
2016-08-15 13:52 Marcello Stanisci Note Added: 0011029
2016-08-18 13:01 Marcello Stanisci Note Added: 0011042
2016-08-19 14:42 Marcello Stanisci Note Added: 0011043
2016-09-02 15:17 Marcello Stanisci Note Edited: 0011043
2016-10-31 15:52 Marcello Stanisci Note Added: 0011397
2016-10-31 15:56 Marcello Stanisci Note Added: 0011398
2016-10-31 15:56 Marcello Stanisci Status assigned => resolved
2016-10-31 15:56 Marcello Stanisci Resolution open => fixed
2016-10-31 16:00 Marcello Stanisci Note Edited: 0011398
2016-11-15 16:03 Christian Grothoff Fixed in Version => 0.2
2016-11-20 03:26 Christian Grothoff Status resolved => closed