How do you set up Taiga6 docker with https?

55 views
Skip to first unread message

Gerrit Bonn

unread,
May 30, 2021, 11:40:07 AMMay 30
to taigaio
Can anybody point me in the right direction on how to enable https on a fresh Taiga 6 docker installation?

The Taiga docs just tell me to replace some instances of http with https inside the docker-compose.yml but that doesn't do the trick. I guess am probably overseeing some common Docker knowledge?

Paul Jaros

unread,
May 30, 2021, 5:52:36 PMMay 30
to taigaio
I've allready had a "Let's Encrypt" docker-compose setup with the "jwilder/nginx-proxy"-setup and it works now with taiga.io after some wrangling and googling. 

I can give you the details about my setup, but this only makes sense if you want to go the "Let's Encrypt"-route too.

Gerrit Bonn

unread,
May 31, 2021, 9:38:19 AMMay 31
to taigaio
I would love to take a look at it, thank you!

Paul Jaros

unread,
May 31, 2021, 7:29:58 PMMay 31
to taigaio
I use "Let's Encrypt" with to encrypt all http-traffic. Let's Encrypt will only work with a public IP where the port  80 and 443 are accessible from the internet. You will also need a A entry with the domain you use on your DNS. 

I use the following docker-compose.yml to setup the nginx-reveseproxy:

I have the following folder structure

~/docker
├── http
└── taiga-docker


Both folder contain a docker-compose.yml.
~/docker/http/docker-compose.yml looks as follows:

version: "3.8"

services:
  nginx-proxy:
    image: jwilder/nginx-proxy
    restart: always
    ports: ["80:80", "443:443"]
    volumes:
      - nginx_proxy_vhost.d:/etc/nginx/vhost.d
      - nginx_proxy_html:/usr/share/nginx/html
      - ./proxy-default.conf:/etc/nginx/conf.d/my-proxy.default.conf:ro
      - ./le-cert:/etc/nginx/certs:ro
      - /var/run/docker.sock:/tmp/docker.sock:ro
    labels:
      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
    networks:
      - default
      - backend 

  letsencrypt-nginx-proxy-companion:
    image: jrcs/letsencrypt-nginx-proxy-companion
    restart: always
    container_name: le-proxy-companion
    volumes:
      - nginx_proxy_vhost.d:/etc/nginx/vhost.d
      - nginx_proxy_html:/usr/share/nginx/html
      - ./le-cert:/etc/nginx/certs:rw
      - /var/run/docker.sock:/var/run/docker.sock:ro

volumes:
  nginx_proxy_vhost.d:
  nginx_proxy_html:

networks:
  backend:

~/docker/http/proxy-default.conf contains
server_tokens off;
client_max_body_size 500m;

~/docker/http/le-cert is a folder where the container will save the generated certificates

Calling:

cd ~/docker/http
docker-compose up -d

will create the two containers and a network called http_backend

docker network ls
NETWORK ID     NAME                   DRIVER    SCOPE
...
6169e58b16a5   http_backend           bridge    local
dad377b08bfb   http_default           bridge    local
...


~/docker/taiga-docker is the git-cloned folder.
These are the modification needed for the  ~/docker/taiga-docker/docker-compose.yml

diff --git a/docker-compose.yml b/docker-compose.yml
index 5574c0e..ae4ad00 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -9,8 +9,9 @@ x-environment:
   POSTGRES_HOST: taiga-db
   # Taiga settings
   TAIGA_SECRET_KEY: "taiga-back-secret-key"
-  TAIGA_SITES_DOMAIN: "localhost:9000"
-  TAIGA_SITES_SCHEME: "http"
+  TAIGA_SITES_DOMAIN: "taiga.example.com:443"
+  TAIGA_SITES_SCHEME: "https"
+  TAIGA_SSL_BY_REVERSE_PROXY: "True"
   # Email settings. Uncomment following lines and configure your SMTP server
   # EMAIL_BACKEND: "django.core.mail.backends.smtp.EmailBackend"
   # DEFAULT_FROM_EMAIL: "no-r...@example.com"
@@ -84,10 +85,11 @@ services:
   taiga-front:
     image: taigaio/taiga-front:latest
     environment:
-      TAIGA_URL: "http://localhost:9000"
-      TAIGA_WEBSOCKETS_URL: "ws://localhost:9000"
+      TAIGA_SSL_BY_REVERSE_PROXY: "True"
+      TAIGA_URL: "https://taiga.example.com:443"
+      TAIGA_WEBSOCKETS_URL: "wss://taiga.example.com:443"
     networks:
       - taiga  
     # volumes:
     #   - ./conf.json:/usr/share/nginx/html/conf.json
 
@@ -124,18 +126,21 @@ services:
 
   taiga-gateway:
     image: nginx:1.19-alpine
-    ports:
-      - "9000:80"
     volumes:
       - ./taiga-gateway/taiga.conf:/etc/nginx/conf.d/default.conf
       - taiga-static-data:/taiga/static
       - taiga-media-data:/taiga/media
     networks:
       - taiga
+      - backend
     depends_on:
       - taiga-front
       - taiga-back
       - taiga-events
+    environment:
+      VIRTUAL_HOST: "taiga.example.com"
+      LETSENCRYPT_HOST: "taiga.example.com"
+      LETSENCRYPT_EMAIL: "na...@example.com"
 
 volumes:
   taiga-static-data:
@@ -146,3 +151,6 @@ volumes:
 
 networks:
   taiga:
+  backend:
+    external: true
+    name: http_backend

Replace taiga.example.com with your public hostname.
Replace na...@example.com with your e-mail address.

Be certain to put "wss://..." as the Websocket-URL. This one took me an extra hour to figure out.

Pål Brønlund

unread,
Jun 4, 2021, 4:48:34 PMJun 4
to taigaio
You saved my day :) Thanks

Paul Jaros

unread,
Jun 6, 2021, 11:05:51 AMJun 6
to taigaio
You're welcome.  :)
Reply all
Reply to author
Forward
0 new messages