Re: [Taler] (docs) exchange port ranges

[Christian Grothoff]

On 12/9/20 11:34 PM, Thien-Thi Nguyen wrote:
> 
> I'd like to document the port ranges required to be open for GNU
> Taler to work "normally" (ootb, "default" configuration).

Well, *normally* (in production), we'd recommend running _everything_
behind a reverse proxy and to  use UNIX domain sockets instead of TCP
;-).  The 808x-ports are merely used to run the test suite(s). Our
actual deployment on taler.net doesn't use those.

> It looks like taler-exchange uses ports 8080 through 8083 for
> various purposes, according to a quick grep of ":808[0-9]" in
> exchange.git.  What am i missing?  What about PostgreSQL?
> Sqlite3?  Etc?

Postgres also should use a UNIX domain socket, as is also the default on
Debian.  Taler currently does not use sqlite3 at all (but GNUnet would
not build without it). In the future, the Taler merchant is expected to
offer support for sqlite3, but we'll need someone to implement that
first ;-).

> The reason i ask is that "make check" for taler-exchange-0.8.1
> is failing for me because i have a very strict firewall setup.
> I imagine others might have a similar setup and would need to
> know which ports are OK to open so that:
> 
> - "make check" succeeds;
> - normal operation is unimpeded.

For 'make check', you primarily MUST have a 'talercheck' database in
Postgres for which your current user has CREATE TABLE (or superuser)
rights. Otherwise, the test suite *should* "skip" tests, but I'm not
sure we have done the 'skip' logic consistently everywhere.

Your firewall should also allow 'loopback' traffic for the 808x-ports,
but I'm not aware of any _sane_ firewall that forbids those.

> (It could be that these two operational domains have different
> port range requirements.)  That should be documented, as well, i
> think.

Likely, there is little that should for sure not be documented ;-).

Happy hacking!

-Christian

signature.asc
Description: OpenPGP digital signature