I use "Let's Encrypt" with to encrypt all http-traffic. Let's Encrypt will only work with a public IP where the port 80 and 443 are accessible from the internet. You will also need a A entry with the domain you use on your DNS.
I use the following docker-compose.yml to setup the nginx-reveseproxy:
I have the following folder structure
~/docker
├── http
└── taiga-docker
Both folder contain a docker-compose.yml.
~/docker/http/docker-compose.yml looks as follows:
version: "3.8"
services:
nginx-proxy:
image: jwilder/nginx-proxy
restart: always
ports: ["80:80", "443:443"]
volumes:
- nginx_proxy_vhost.d:/etc/nginx/vhost.d
- nginx_proxy_html:/usr/share/nginx/html
- ./proxy-default.conf:/etc/nginx/conf.d/my-proxy.default.conf:ro
- ./le-cert:/etc/nginx/certs:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
networks:
- default
- backend
letsencrypt-nginx-proxy-companion:
image: jrcs/letsencrypt-nginx-proxy-companion
restart: always
container_name: le-proxy-companion
volumes:
- nginx_proxy_vhost.d:/etc/nginx/vhost.d
- nginx_proxy_html:/usr/share/nginx/html
- ./le-cert:/etc/nginx/certs:rw
- /var/run/docker.sock:/var/run/docker.sock:ro
volumes:
nginx_proxy_vhost.d:
nginx_proxy_html:
networks:
backend:
~/docker/http/proxy-default.conf contains
server_tokens off;
client_max_body_size 500m;
~/docker/http/le-cert is a folder where the container will save the generated certificates
Calling:
cd ~/docker/http
docker-compose up -d
will create the two containers and a network called http_backend
docker network ls
NETWORK ID NAME DRIVER SCOPE
...
6169e58b16a5 http_backend bridge local
dad377b08bfb http_default bridge local
...
~/docker/taiga-docker is the git-cloned folder.
These are the modification needed for the ~/docker/taiga-docker/docker-compose.yml
diff --git a/docker-compose.yml b/docker-compose.yml
index 5574c0e..ae4ad00 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -9,8 +9,9 @@ x-environment:
POSTGRES_HOST: taiga-db
# Taiga settings
TAIGA_SECRET_KEY: "taiga-back-secret-key"
- TAIGA_SITES_DOMAIN: "localhost:9000"
- TAIGA_SITES_SCHEME: "http"
+ TAIGA_SITES_SCHEME: "https"
+ TAIGA_SSL_BY_REVERSE_PROXY: "True"
# Email settings. Uncomment following lines and configure your SMTP server
# EMAIL_BACKEND: "django.core.mail.backends.smtp.EmailBackend"
@@ -84,10 +85,11 @@ services:
taiga-front:
image: taigaio/taiga-front:latest
environment:
- TAIGA_WEBSOCKETS_URL: "ws://localhost:9000"
+ TAIGA_SSL_BY_REVERSE_PROXY: "True"
networks:
- taiga
# volumes:
# - ./conf.json:/usr/share/nginx/html/conf.json
@@ -124,18 +126,21 @@ services:
taiga-gateway:
image: nginx:1.19-alpine
- ports:
- - "9000:80"
volumes:
- ./taiga-gateway/taiga.conf:/etc/nginx/conf.d/default.conf
- taiga-static-data:/taiga/static
- taiga-media-data:/taiga/media
networks:
- taiga
+ - backend
depends_on:
- taiga-front
- taiga-back
- taiga-events
+ environment:
volumes:
taiga-static-data:
@@ -146,3 +151,6 @@ volumes:
networks:
taiga:
+ backend:
+ external: true
+ name: http_backend
Be certain to put "wss://..." as the Websocket-URL. This one took me an extra hour to figure out.