How do you set up Taiga6 docker with https?

[Gerrit Bonn]

Can anybody point me in the right direction on how to enable https on a fresh Taiga 6 docker installation?

The Taiga docs just tell me to replace some instances of http with https inside the docker-compose.yml but that doesn't do the trick. I guess am probably overseeing some common Docker knowledge?

[Paul Jaros]

I've allready had a "Let's Encrypt" docker-compose setup with the "jwilder/nginx-proxy"-setup and it works now with taiga.io after some wrangling and googling. 

I can give you the details about my setup, but this only makes sense if you want to go the "Let's Encrypt"-route too.

[Gerrit Bonn]

I would love to take a look at it, thank you!

[Paul Jaros]

I use "Let's Encrypt" with to encrypt all http-traffic. Let's Encrypt will only work with a public IP where the port  80 and 443 are accessible from the internet. You will also need a A entry with the domain you use on your DNS. 

I use the following docker-compose.yml to setup the nginx-reveseproxy:

I have the following folder structure

~/docker
├── http
└── taiga-docker

Both folder contain a docker-compose.yml.

~/docker/http/docker-compose.yml looks as follows:

version: "3.8"

services:

  nginx-proxy:

    image: jwilder/nginx-proxy

    restart: always

    ports: ["80:80", "443:443"]

    volumes:

      - nginx_proxy_vhost.d:/etc/nginx/vhost.d

      - nginx_proxy_html:/usr/share/nginx/html

      - ./proxy-default.conf:/etc/nginx/conf.d/my-proxy.default.conf:ro

      - ./le-cert:/etc/nginx/certs:ro

      - /var/run/docker.sock:/tmp/docker.sock:ro

    labels:

      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"

    networks:

      - default

      - backend 

  letsencrypt-nginx-proxy-companion:

    image: jrcs/letsencrypt-nginx-proxy-companion

    restart: always

    container_name: le-proxy-companion

    volumes:

      - nginx_proxy_vhost.d:/etc/nginx/vhost.d

      - nginx_proxy_html:/usr/share/nginx/html

      - ./le-cert:/etc/nginx/certs:rw

      - /var/run/docker.sock:/var/run/docker.sock:ro

volumes:

  nginx_proxy_vhost.d:

  nginx_proxy_html:

networks:

  backend:

~/docker/http/proxy-default.conf contains

server_tokens off;

client_max_body_size 500m;

~/docker/http/le-cert is a folder where the container will save the generated certificates

Calling:

cd ~/docker/http

docker-compose up -d

will create the two containers and a network called http_backend

docker network ls

NETWORK ID     NAME                   DRIVER    SCOPE
...
6169e58b16a5   http_backend           bridge    local
dad377b08bfb   http_default           bridge    local
...

You'll find more details here: https://hub.docker.com/r/jrcs/letsencrypt-nginx-proxy-companion

~/docker/taiga-docker is the git-cloned folder.

These are the modification needed for the  ~/docker/taiga-docker/docker-compose.yml

diff --git a/docker-compose.yml b/docker-compose.yml

index 5574c0e..ae4ad00 100644

--- a/docker-compose.yml

+++ b/docker-compose.yml

@@ -9,8 +9,9 @@ x-environment:

   POSTGRES_HOST: taiga-db

   # Taiga settings

   TAIGA_SECRET_KEY: "taiga-back-secret-key"

-  TAIGA_SITES_DOMAIN: "localhost:9000"

-  TAIGA_SITES_SCHEME: "http"

+  TAIGA_SITES_DOMAIN: "taiga.example.com:443"

+  TAIGA_SITES_SCHEME: "https"

+  TAIGA_SSL_BY_REVERSE_PROXY: "True"

   # Email settings. Uncomment following lines and configure your SMTP server

   # EMAIL_BACKEND: "django.core.mail.backends.smtp.EmailBackend"

   # DEFAULT_FROM_EMAIL: "no-r...@example.com"

@@ -84,10 +85,11 @@ services:

   taiga-front:

     image: taigaio/taiga-front:latest

     environment:

-      TAIGA_URL: "http://localhost:9000"

-      TAIGA_WEBSOCKETS_URL: "ws://localhost:9000"

+      TAIGA_SSL_BY_REVERSE_PROXY: "True"

+      TAIGA_URL: "https://taiga.example.com:443"

+      TAIGA_WEBSOCKETS_URL: "wss://taiga.example.com:443"

     networks:

       - taiga  

     # volumes:

     #   - ./conf.json:/usr/share/nginx/html/conf.json

 

@@ -124,18 +126,21 @@ services:

 

   taiga-gateway:

     image: nginx:1.19-alpine

-    ports:

-      - "9000:80"

     volumes:

       - ./taiga-gateway/taiga.conf:/etc/nginx/conf.d/default.conf

       - taiga-static-data:/taiga/static

       - taiga-media-data:/taiga/media

     networks:

       - taiga

+      - backend

     depends_on:

       - taiga-front

       - taiga-back

       - taiga-events

+    environment:

+      VIRTUAL_HOST: "taiga.example.com"

+      LETSENCRYPT_HOST: "taiga.example.com"

+      LETSENCRYPT_EMAIL: "na...@example.com"

 

 volumes:

   taiga-static-data:

@@ -146,3 +151,6 @@ volumes:

 

 networks:

   taiga:

+  backend:

+    external: true

+    name: http_backend

Replace taiga.example.com with your public hostname.

Replace na...@example.com with your e-mail address.

Be certain to put "wss://..." as the Websocket-URL. This one took me an extra hour to figure out.

[Pål Brønlund]

You saved my day :) Thanks

[Paul Jaros]

You're welcome.  :)