[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Taler] (docs) exchange port ranges

From: Christian Grothoff
Subject: Re: [Taler] (docs) exchange port ranges
Date: Wed, 9 Dec 2020 23:43:36 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0

On 12/9/20 11:34 PM, Thien-Thi Nguyen wrote:
> I'd like to document the port ranges required to be open for GNU
> Taler to work "normally" (ootb, "default" configuration).

Well, *normally* (in production), we'd recommend running _everything_
behind a reverse proxy and to  use UNIX domain sockets instead of TCP
;-).  The 808x-ports are merely used to run the test suite(s). Our
actual deployment on taler.net doesn't use those.

> It looks like taler-exchange uses ports 8080 through 8083 for
> various purposes, according to a quick grep of ":808[0-9]" in
> exchange.git.  What am i missing?  What about PostgreSQL?
> Sqlite3?  Etc?

Postgres also should use a UNIX domain socket, as is also the default on
Debian.  Taler currently does not use sqlite3 at all (but GNUnet would
not build without it). In the future, the Taler merchant is expected to
offer support for sqlite3, but we'll need someone to implement that
first ;-).

> The reason i ask is that "make check" for taler-exchange-0.8.1
> is failing for me because i have a very strict firewall setup.
> I imagine others might have a similar setup and would need to
> know which ports are OK to open so that:
> - "make check" succeeds;
> - normal operation is unimpeded.

For 'make check', you primarily MUST have a 'talercheck' database in
Postgres for which your current user has CREATE TABLE (or superuser)
rights. Otherwise, the test suite *should* "skip" tests, but I'm not
sure we have done the 'skip' logic consistently everywhere.

Your firewall should also allow 'loopback' traffic for the 808x-ports,
but I'm not aware of any _sane_ firewall that forbids those.

> (It could be that these two operational domains have different
> port range requirements.)  That should be documented, as well, i
> think.

Likely, there is little that should for sure not be documented ;-).

Happy hacking!


Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]