Behind Nginx Reverse-proxy

60 views
Skip to first unread message

Дмитрий Вербецкий

unread,
Mar 1, 2021, 10:40:59 AMMar 1
to taigaio
Hello

I'm trying to set up taiga behind Nginx reverse-proxy

What I have:
1. VW behind NAT so I use connect to my VPN... 
I have my public VPN-server where I use Nginx as Front-end load balancer and can easily create Virtul Host to my any connected VPN client (which behind NAT)

2.On Those VM I installed taiga-docker "30 min Setup"

3. Change Host name in docker-compose.yml to may taiga.domain.com also set https and change web-socket too = wss.
4. Set up my Front-end Nginx (10.50.0.2:90 is my vpn ip and port)

server {

  location / {
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Scheme $scheme;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_redirect off;
    proxy_pass http://10.50.0.2:90/;
  }

  # Events
  location /events {
      proxy_pass http://10.50.0.2:90/events;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_connect_timeout 7d;
      proxy_send_timeout 7d;
      proxy_read_timeout 7d;
  }


5. I can open my taiga.domain.com . It work fine 
But I can reset my password and send invite to a new people
It seems like I need somehow set proxy to /api

In console I have error when trying click "forgot password"

also there is Web-socket error

WebSocket connection to 'wss://taiga.blinddate.vip/events' failed: Error during

WebSocket handshake: Unexpected response code: 502
angular.js:14195 WebSocket error: [object Event]


So my main question is how I generally set up taiga to work with External Nginx-proxy?

Дмитрий Вербецкий

unread,
Mar 2, 2021, 8:05:46 AMMar 2
to taigaio
ok, I gues to test on clear VPS

So I trying install taiga-docker (30 min setup guide)
It seems to work BUT I have WebSocket error in console:

WebSocket connection to 'wss://taiga.domain.com/events' failed: Error during WebSocket handshake: Unexpected response code: 502

Also if I go to https:taiga.domai.com/admin/then page paper without css style - they can't load due to console error



What I have done:

1. Setting Nginx

nginx server config:

server {
server_name taiga.mydomain.com;
  location / {
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Scheme $scheme;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_redirect off;
    proxy_pass http://localhost:9000/;
  }
  # Events
  location /events {
      proxy_pass http://localhost:9000/events;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_connect_timeout 7d;
      proxy_send_timeout 7d;
      proxy_read_timeout 7d;
  }
   listen [::]:443 ssl; # managed by Certbot
   listen 443 ssl; # managed by Certbot
   ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; # managed by Certbot
   ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem; # managed by Certbot
   include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
   ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
    if ($host = taiga.mydomain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot
       server_name taiga.mydomain.com;
    listen [::]:80 ;
    listen 80 ;
   return 404; # managed by Certbot
}


2. a little change docker-compose.yml
just set my domain, HTTPS, + domain, WebSocket and SMTP

docker-compose.yml:

version: "3.5"
x-environment:
  &default-back-environment
  # Database settings
  POSTGRES_DB: taiga
  POSTGRES_USER: taiga
  POSTGRES_PASSWORD: taiga
  POSTGRES_HOST: taiga-db
  # Taiga settings
  TAIGA_SECRET_KEY: "taiga-back-secret-key"
  TAIGA_SITES_DOMAIN: "taiga.mydomain.com"
  TAIGA_SITES_SCHEME: "https"

# Email settings. Uncomment following lines and configure your SMTP server

 EMAIL_BACKEND: "django.core.mail.backends.smtp.EmailBackend"
 DEFAULT_FROM_EMAIL: "m...@mail.com"
 EMAIL_USE_TLS: "False"
 EMAIL_USE_SSL: "True"
 EMAIL_HOST: "smtp.my.com"
 EMAIL_PORT: 465
 EMAIL_HOST_USER: "my"
 EMAIL_HOST_PASSWORD: "my"
  RABBITMQ_USER: taiga
  RABBITMQ_PASS: taiga
  # Telemetry settings
  ENABLE_TELEMETRY: "True"
  
x-volumes:
  &default-back-volumes
  - ./taiga-static-data:/taiga-back/static
  - ./taiga-media-data:/taiga-back/media
  # - ./config.py:/taiga-back/settings/config.py

services:
  taiga-db:
    image: postgres:12.3
    environment:
      POSTGRES_DB: taiga
      POSTGRES_USER: taiga
      POSTGRES_PASSWORD: taiga
    volumes:
      - taiga-db-data:/var/lib/postgresql/data
    networks:
      - taiga

  taiga-back:
    image: taigaio/taiga-back:latest
    environment: *default-back-environment
    volumes: *default-back-volumes
    networks:
      - taiga
    depends_on:
      - taiga-db
      - taiga-events-rabbitmq
      - taiga-async-rabbitmq

  taiga-async:
    image: taigaio/taiga-back:latest
    entrypoint: ["/taiga-back/docker/async_entrypoint.sh"]
    environment: *default-back-environment
    volumes: *default-back-volumes
    networks:
      - taiga
    depends_on:
      - taiga-db
      - taiga-back
      - taiga-async-rabbitmq

  taiga-async-rabbitmq:
    image: rabbitmq:3-management-alpine
    environment:
      RABBITMQ_ERLANG_COOKIE: secret-erlang-cookie
      RABBITMQ_DEFAULT_USER: taiga
      RABBITMQ_DEFAULT_PASS: taiga
      RABBITMQ_DEFAULT_VHOST: taiga
    networks:
      - taiga

  taiga-front:
    image: taigaio/taiga-front:latest
    environment:
      TAIGA_URL: "https://taiga.mydomain.com"
      TAIGA_WEBSOCKETS_URL: "wss://taiga.mydomain.com"
    networks:
      - taiga
    # volumes:
    #   - ./conf.json:/usr/share/nginx/html/conf.json

  taiga-events:
    image: taigaio/taiga-events:latest
    environment:
      RABBITMQ_USER: taiga
      RABBITMQ_PASS: taiga
      TAIGA_SECRET_KEY: "taiga-back-secret-key"
    networks:
      - taiga
    depends_on:
      - taiga-events-rabbitmq

  taiga-events-rabbitmq:
    image: rabbitmq:3-management-alpine
    environment:
      RABBITMQ_ERLANG_COOKIE: secret-erlang-cookie
      RABBITMQ_DEFAULT_USER: taiga
      RABBITMQ_DEFAULT_PASS: taiga
      RABBITMQ_DEFAULT_VHOST: taiga
    networks:
      - taiga

  taiga-protected:
    image: taigaio/taiga-protected:latest
    environment:
      MAX_AGE: 360
      SECRET_KEY: "taiga-back-secret-key"
    networks:
      - taiga

  taiga-gateway:
    image: nginx:1.19-alpine
    ports:
      - "9000:80"
    volumes:
      - ./taiga-gateway/taiga.conf:/etc/nginx/conf.d/default.conf
      - ./taiga-static-data:/taiga/static
      - ./taiga-media-data:/taiga/media
    networks:
      - taiga
    depends_on:
      - taiga-front
      - taiga-back
      - taiga-events


networks:
  taiga:



3.  docker ps

6ac6c50336fe   nginx:1.19-alpine                "/docker-entrypoint.…"   14 minutes ago   Up 14 minutes   0.0.0.0:9000->80/tcp                                                   taiga-docker_taiga-gateway_1
5f8c980567da   taigaio/taiga-back:latest        "/taiga-back/docker/…"   14 minutes ago   Up 14 minutes   8000/tcp                                                               taiga-docker_taiga-async_1
a9ce789e76bf   taigaio/taiga-back:latest        "./docker/entrypoint…"   14 minutes ago   Up 14 minutes   8000/tcp                                                               taiga-docker_taiga-back_1
b9f91b3810da   taigaio/taiga-protected:latest   "./docker/entrypoint…"   14 minutes ago   Up 14 minutes   8003/tcp                                                               taiga-docker_taiga-protected_1
371320d2dd79   rabbitmq:3-management-alpine     "docker-entrypoint.s…"   14 minutes ago   Up 14 minutes   4369/tcp, 5671-5672/tcp, 15671-15672/tcp, 15691-15692/tcp, 25672/tcp   taiga-docker_taiga-events-rabbitmq_1
225acc23be6c   rabbitmq:3-management-alpine     "docker-entrypoint.s…"   14 minutes ago   Up 14 minutes   4369/tcp, 5671-5672/tcp, 15671-15672/tcp, 15691-15692/tcp, 25672/tcp   taiga-docker_taiga-async-rabbitmq_1
dfbdc01b50e0   taigaio/taiga-front:latest       "/docker-entrypoint.…"   14 minutes ago   Up 14 minutes   80/tcp                                                                 taiga-docker_taiga-front_1
8f0131b978a0   postgres:12.3                    "docker-entrypoint.s…"   14 minutes ago   Up 14 minutes   5432/tcp                                                               taiga-docker_taiga-db_1


понедельник, 1 марта 2021 г. в 17:40:59 UTC+2, Дмитрий Вербецкий:

David Barragán

unread,
Mar 2, 2021, 9:15:58 AMMar 2
to Дмитрий Вербецкий, taigaio
Hi Дмитрий

It seems that you don't have any users on the platform yet so you can't access taiga. Something in the setup process could fail and the admin user is not created (and the static admin files don't be generated too).

Truy to run

$ ./taiga-manage.sh createsuperuser
$ ./taiga-manage.sh collectstatics

The first line is for creation an admin user and the second line is for regenerating the static files for the superadmin panel.

About the wss error,  it's a strange error, we usually use an nginx to serve Taiga (sometimes even behind another nginx) and we have not had that problem using a similar configuration. Could the VPN have something to do with it? I don't think so but I'm not sure, try checking the log files, info and error messages, to detect which part the error comes from: from your nginx, from taiga-gateway, from taiga-everts...
maybe there is more useful information there.


Best regards


--
Please help us keep the Taiga.io Community open and inclusive, follow our Code of Conduct:
https://github.com/taigaio/code-of-conduct/blob/master/CODE_OF_CONDUCT.md
---
You received this message because you are subscribed to the Google Groups "taigaio" group.
To unsubscribe from this group and stop receiving emails from it, send an email to taigaio+u...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/taigaio/2dc8ec28-49d1-4ce6-928d-b189efd7a1ffn%40googlegroups.com.


--
Logo Kaleidos David Barragán Merino
Engineer & Co-founder 
kaleidos.net/FFF8E7
 


Este mensaje y sus archivos adjuntos van dirigidos exclusivamente a su destinatario, y pudiendo contener información confidencial sometida a secreto profesional, o cuya divulgación esté legalmente prohibida. Cualquier opinión en él contenida es exclusiva de su autor y no representa necesariamente la opinión de la empresa. Si ha recibido este mensaje por error, le rogamos nos lo comunique de forma inmediata por esta misma vía y proceda a su eliminación, así como a la de cualquier documento adjunto al mismo. El correo electrónico vía Internet no es seguro y no se puede garantizar que no haya errores ya que puede ser interceptado, modificado, perdido o destruido, o contener virus. Cualquier persona que se ponga en contacto con nosotros por correo electrónico se considerará que asume estos riesgos.

KALEIDOS OPEN SOURCE se reserva las acciones legales que le correspondan contra todo tercero que acceda de forma ilegítima al contenido de cualquier mensaje externo procedente del mismo.

INFORMACIÓN PROTECCIÓN DE DATOS. Responsable: KALEIDOS OPEN SOURCE (B86241973)

Le informamos que sus datos identificativos y los contenidos en los correos electrónicos y ficheros adjuntos pueden ser incorporados a nuestras bases de datos con la finalidad de mantener relaciones profesionales y/o comerciales y, que serán conservados mientras se mantenga la relación. Si lo desea, puede ejercer su derecho a acceder, rectificar y suprimir sus datos y demás reconocidos normativamente dirigiéndose al correo emisor o en los datos del responsable. Para información y consultas visite nuestra web  https://kaleidos.net

Дмитрий Вербецкий

unread,
Mar 2, 2021, 9:31:32 AMMar 2
to taigaio
hi,
thanks for reply

in my first post, I have a little modified docker-compose.yml where define volume's path. I add ./ to all volumes
Now I change it back and /admin/ is working correctly.
But WebSocket error still here
Also right now I installing on another server that has external access and I don't use VPN
but WebSocket error still alive




app.js:3355 WebSocket connection to 'wss://taiga.domain.com/events' failed: Error during WebSocket handshake: Unexpected response code: 502
e.setupConnection @ app.js:3355
e @ lodash.js:4949
value @ elements.js:1
value @ elements.js:1
value @ elements.js:1
invoke @ elements.js:1
t.args.<computed> @ elements.js:1
angular.js:14195 WebSocket error: [object Event]

вторник, 2 марта 2021 г. в 16:15:58 UTC+2, David Barragán:

David Barragán

unread,
Mar 2, 2021, 10:11:15 AMMar 2
to Дмитрий Вербецкий, taigaio
Try to review the logs, I have no idea why (and what) nginx is returning a 502 Bad Gateway error response

Regards

Дмитрий Вербецкий

unread,
Mar 5, 2021, 1:24:01 PMMar 5
to David Barragán, taigaio
In Nginx logs 
2021/03/03 09:37:01 [error] 1335542#1335542: *197 connect() failed (111: Connection refused) while connecting to upstream, client: 217.19.215.46, server: taiga.dom.com, request: "GET /events HTTP/1.1", upstream: "http://127.0.0.1:>
2021/03/03 09:37:02 [error] 1335542#1335542: *199 connect() failed (111: Connection refused) while connecting to upstream, client: 217.19.215.46, server: taiga.dom.com, request: "GET /events HTTP/1.1", upstream: "http://127.0.0.1:>
2021/03/03 09:37:02 [error] 1335542#1335542: *201 connect() failed (111: Connection refused) while connecting to upstream, client: 178.212.96.249, server: taiga.dom.com, request: "GET /events HTTP/1.1", upstream: "http://127.0.0.1>
....
Where  217.19.215.46 my PC IP and   178.212.96.249 AWS instance IP

btw there is a strange moment
If I delete all containers, images volumes and try to fresh install then everything works fine. I can create superuser by CLI, next I can create a new project and wait some minutes to confirm that WebSockets error don't appear in console
But if I type docker-compose Down and start it back by docker-compose up -d I can see  WebSockets error immediately 
Is it can relate?
Can anyone conform the same?
Reply all
Reply to author
Forward
0 new messages