Serve scripts for interacting with the database through nginx.

diff --git a/payments.conf b/payments.conf
new file mode 100644 (file)
index 0000000..bb34ecc
--- /dev/null
+++ b/payments.conf
@@ -0,0 +1,43 @@
+# Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
+# License: GPL-3.0 or later.
+
+server {
+    server_name  payments.${private_domain};
+
+    listen       [::]:443 ssl http2;
+    listen       443 ssl http2;
+
+    ssl_certificate ${private_ssl_cert_dir}/fullchain.pem;
+    ssl_certificate_key ${private_ssl_cert_dir}/privkey.pem;
+
+    ssl_client_certificate ${ca_dir}/ca.pem;
+    ssl_verify_client on;
+
+    root ${prod_dir}/payments;
+
+    location ~ ^/payment$ {
+        include fastcgi_params;
+        fastcgi_pass unix:/var/run/fcgiwrap.socket;
+        fastcgi_param REQUEST_BODY ${dollar}request_body;
+        fastcgi_param SCRIPT_FILENAME ${dollar}document_root/payment.sh;
+    }
+
+    location = / {
+        include fastcgi_params;
+        fastcgi_pass unix:/var/run/fcgiwrap.socket;
+        fastcgi_param SCRIPT_FILENAME ${dollar}document_root/payments.sh;
+    }
+}
+
+server {
+    server_name  payments.${private_domain};
+
+    listen       [::]:80;
+    listen       80;
+
+    if (${dollar}host = payments.${private_domain}) {
+        return 301 https://${dollar}host${dollar}request_uri;
+    }
+
+    return 404;
+}