This section is for you if you want to operate a GNU Taler Exchange and a Bank, e.g. because you are deploying it as a local payment system for an event.
Adjust and add the two files in nginx-sites to your /etc/nginx/sites-enabled. Make sure you
get the HTTPS certificates right. The Android app won't talk to you over insecure HTTP.
You won't need the merchant location, feel free to remove it.
- Replace
example.orgby your domain innginx-sites/taler. - Replace
example.orgby your domain inwebui/*. - Ensure
/home/taler/webuiexists (copy fromwebui/).
Build the containers:
./rebuild_containers.shAdjust the exchange configuration in exchange-config.skel and some of the environment
variables in make_env.sh as needed.
Make sure that you start with a fresh and clean database. Having old databases around
will not re-run the database setup, which can result in wrong passwords being set and
general confusion. Then create a .env file with the appropriate passwords:
sudo rm -rf data # clear database
./make_env.sh # prepare environment etc.Source the .env file and launch the containers
source .env
docker-compose upNavigate to https://bank.taler.example.org/webui and register a cashier account. In
the scripts/ directory, run:
./restock-cashier 1337
load 1337 currency units into the cashier account. (Feels good to be the central bank, doesn't it?)
In the scripts/ directory, run:
./rich-account-list
in order to get a list of all accounts with their associated balances. The total sum should be
zero.
Usually, the bank account has a negative balance. If you were operating a country, this would mean
that the central bank had "created" money out of nothing.
If you operate an event, then the sum of bank and cashier should hopefully be equal to the negative
amount of cash in your cashdesk.
docker-compose down --timeout 1After initiating the withdrawal in your wallet, you are asked to make a wire transfer to the bank's account using a provided subject.
First, wire the transaction into the bank's account on the sandbox:
docker exec -it taler-compose_libeufin_sandbox_1 /bin/bash
root@b23bfa4a27ab:/# LIBEUFIN_SANDBOX_USERNAME=admin LIBEUFIN_SANDBOX_PASSWORD=$LIBEUFIN_SANDBOX_ADMIN_PASSWORD LIBEUFIN_SANDBOX_URL=http://localhost:5016 libeufin-cli sandbox bankaccount simulate-incoming-transaction jrluser --debtor-iban DE123456 --debtor-bic SANDBOXX --debtor-name Fnord --amount MANA:5 --subject 'Taler Withdrawal PKAWS7YEG367744F9B8B7CKTC5KFPS7YH6RMD0NY52TV9TVCED6G'Then, fetch the transactions on the nexus:
docker exec -it taler-compose_libeufin_nexus_1 /bin/bash
root@ef194aa7d8bd:/# LIBEUFIN_NEXUS_URL=http://localhost:5017 LIBEUFIN_NEXUS_USERNAME=admin LIBEUFIN_NEXUS_PASSWORD=$ADMIN_PASSWORD libeufin-cli accounts fetch-transactions nicknameExchange logs can be examined using
docker exec -it taler-compose_exchange_1 /bin/bash
root@53e68ae5b360:/# cat /var/log/taler-exchange-*.logThis setup defeats some security features Taler offers, in order to simplify the setup
- No separation between
taler-exchangeandtaler-exchange-offlineis made. This would enable an attacker who exploits the online exchange system to exfiltrate the exchange's master key, allowing them to impersonate the exchange forever. - The exchange processes are all run as
rootuser. This allows an attacker to exfiltrate short-term keys rather than only providing them with a signing/decryption oracle.
Additionally, this setup never renews coins. Coins expire in 2024.
Setup is racy and races are mitigated using sleep. This is as reliable as it sounds.
Start the container using
docker run -e TOKEN=YOUR_TOKEN_HERE -e EXCHANGE_URL=https://your-exchange.org/ --rm -it -p 8888:8888 taler-merchant