Different problem after installation from source code

Hello,

I installed taiga via the source code Install Taiga in Production

I have several problems:

First, I have a problem with the permissions of /home/taiga, nginx cannot access files in /home/taiga-front-dist/dist/.

If I chown -R www-data /home/taiga/ it works, but then the services are unable to restart:

Jan 13 10:15:57 DC1RBY01 (gunicorn)[1195]: taiga.service: Changing to the requested working directory failed: Permission denied
Jan 13 10:15:57 DC1RBY01 (gunicorn)[1195]: taiga.service: Failed at step CHDIR spawning /home/taiga/taiga-back/.venv/bin/gunicorn: Permission denied
Jan 13 10:15:57 DC1RBY01 systemd[1]: taiga-async.service: Main process exited, code=exited, status=200/CHDIR
Jan 13 10:15:57 DC1RBY01 systemd[1]: taiga-async.service: Failed with result 'exit-code'.
Jan 13 10:15:57 DC1RBY01 systemd[1]: taiga-events.service: Main process exited, code=exited, status=200/CHDIR
Jan 13 10:15:57 DC1RBY01 systemd[1]: taiga-events.service: Failed with result 'exit-code'.
Jan 13 10:15:57 DC1RBY01 systemd[1]: taiga-protected.service: Main process exited, code=exited, status=200/CHDIR
Jan 13 10:15:57 DC1RBY01 systemd[1]: taiga-protected.service: Failed with result 'exit-code'.
Jan 13 10:15:57 DC1RBY01 systemd[1]: taiga.service: Main process exited, code=exited, status=200/CHDIR
Jan 13 10:15:57 DC1RBY01 systemd[1]: taiga.service: Failed with result 'exit-code'.
Jan 13 10:16:00 DC1RBY01 systemd[1]: taiga-async.service: Scheduled restart job, restart counter is at 12.
Jan 13 10:16:00 DC1RBY01 systemd[1]: taiga.service: Scheduled restart job, restart counter is at 12.
Jan 13 10:16:00 DC1RBY01 systemd[1]: taiga-events.service: Scheduled restart job, restart counter is at 12.
Jan 13 10:16:00 DC1RBY01 systemd[1]: taiga-protected.service: Scheduled restart job, restart counter is at 12.
Jan 13 10:16:00 DC1RBY01 systemd[1]: Stopped taiga-async.service - taiga_async.
Jan 13 10:16:00 DC1RBY01 systemd[1]: Started taiga-async.service - taiga_async.
Jan 13 10:16:00 DC1RBY01 systemd[1]: Stopped taiga-events.service - taiga_events.
Jan 13 10:16:00 DC1RBY01 (celery)[1197]: taiga-async.service: Changing to the requested working directory failed: Permission denied
Jan 13 10:16:00 DC1RBY01 (celery)[1197]: taiga-async.service: Failed at step CHDIR spawning /home/taiga/taiga-back/.venv/bin/celery: Permission denied
Jan 13 10:16:00 DC1RBY01 systemd[1]: Started taiga-events.service - taiga_events.
Jan 13 10:16:00 DC1RBY01 systemd[1]: Stopped taiga-protected.service - taiga_protected.
Jan 13 10:16:00 DC1RBY01 (npm)[1198]: taiga-events.service: Changing to the requested working directory failed: Permission denied
Jan 13 10:16:00 DC1RBY01 (npm)[1198]: taiga-events.service: Failed at step CHDIR spawning npm: Permission denied
Jan 13 10:16:00 DC1RBY01 systemd[1]: Started taiga-protected.service - taiga_protected.
Jan 13 10:16:00 DC1RBY01 systemd[1]: Stopped taiga.service - taiga_back.
Jan 13 10:16:00 DC1RBY01 (gunicorn)[1199]: taiga-protected.service: Changing to the requested working directory failed: Permission denied
Jan 13 10:16:00 DC1RBY01 (gunicorn)[1199]: taiga-protected.service: Failed at step CHDIR spawning /home/taiga/taiga-protected/.venv/bin/gunicorn: Permission denied
Jan 13 10:16:00 DC1RBY01 systemd[1]: Started taiga.service - taiga_back.
Jan 13 10:16:00 DC1RBY01 (gunicorn)[1200]: taiga.service: Changing to the requested working directory failed: Permission denied
Jan 13 10:16:00 DC1RBY01 (gunicorn)[1200]: taiga.service: Failed at step CHDIR spawning /home/taiga/taiga-back/.venv/bin/gunicorn: Permission denied
Jan 13 10:16:00 DC1RBY01 systemd[1]: taiga-async.service: Main process exited, code=exited, status=200/CHDIR
Jan 13 10:16:00 DC1RBY01 systemd[1]: taiga-async.service: Failed with result 'exit-code'.
Jan 13 10:16:00 DC1RBY01 systemd[1]: taiga-events.service: Main process exited, code=exited, status=200/CHDIR
Jan 13 10:16:00 DC1RBY01 systemd[1]: taiga-events.service: Failed with result 'exit-code'.
Jan 13 10:16:00 DC1RBY01 systemd[1]: taiga-protected.service: Main process exited, code=exited, status=200/CHDIR
Jan 13 10:16:00 DC1RBY01 systemd[1]: taiga-protected.service: Failed with result 'exit-code'.
Jan 13 10:16:00 DC1RBY01 systemd[1]: taiga.service: Main process exited, code=exited, status=200/CHDIR
Jan 13 10:16:00 DC1RBY01 systemd[1]: taiga.service: Failed with result 'exit-code'.

Second problem, I have this error in the taiga-async service:

> Jan 13 10:18:43 DC1RBY01 celery[1262]: Trying again in 20.00 seconds... (10/100)
> Jan 13 10:18:54 DC1RBY01 celery[1439]: [2024-01-13 10:18:54,173: ERROR/Beat] beat: Connection error: [Errno -2] Name or service not known. Trying again in 22.0 seconds...
> Jan 13 10:19:03 DC1RBY01 celery[1262]: [2024-01-13 10:19:03,597: ERROR/MainProcess] consumer: Cannot connect to amqp://rabbitmquser:**@rabbitmq:5672/taiga: [Errno -2] Name or service not known.

And thirdly, while I was still able to access the site, I’m having trouble with cors :

image1578×662 264 KB

I thought I’d followed the installation procedure correctly, but obviously not.
If anyone has any ideas, I’d love to hear them.

Thanks in advance

Hi ,please show me your etc/nginx/nginx.conf

Hello,

first /etc/nginx/nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;
error_log /var/log/nginx/error.log;
include /etc/nginx/modules-enabled/*.conf;

events {
        worker_connections 768;
        # multi_accept on;
}

http {

        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # SSL Settings
        ##

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;

        ##
        # Gzip Settings
        ##

        gzip on;

        # gzip_vary on;
        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}


#mail {
#       # See sample authentication script at:
#       # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#       # auth_http localhost/auth.php;
#       # pop3_capabilities "TOP" "USER";
#       # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#       server {
#               listen     localhost:110;
#               protocol   pop3;
#               proxy      on;
#       }
#
#       server {
#               listen     localhost:143;
#               protocol   imap;
#               proxy      on;
#       }
#}

and then /etc/nginx/conf.d/taiga.conf

server {
    listen 80 default_server;
    server_name xxx;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 default_server;
    server_name xxx;  #  See http://nginx.org/en/docs/http/server_names.html

    large_client_header_buffers 4 32k;
    client_max_body_size 50M;
    charset utf-8;

    access_log /home/taiga/logs/nginx.access.log;
    error_log /home/taiga/logs/nginx.error.log;

    # TLS: Configure your TLS following the best practices inside your company
    #include snippets/self-signed.conf;
    #include snippets/ssl-params.conf;
    ssl on;
    ssl_certificate /etc/ssl/certs/taiga-selfsigned.crt;
    ssl_certificate_key /etc/ssl/private/taiga-selfsigned.key;
    # Other configurations

    # Frontend
    location / {
        alias /home/taiga/taiga-front-dist/dist/;
        index index.html;
        try_files $uri $uri/ index.html =404;
    }

    # API
    location /api/ {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.0.0.1:8001/api/;
        proxy_redirect off;
    }

    # Admin
    location /admin/ {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.0.0.1:8001/admin/;
        proxy_redirect off;
    }

    # Static files
    location /static/ {
        alias /home/taiga/taiga-back/static/;
    }

    # Media
    location /_protected/ {
        internal;
        alias /home/taiga/taiga-back/media/;
        add_header Content-disposition "attachment";
    }

    # Unprotected section
    location /media/exports/ {
        alias /home/taiga/taiga-back/media/exports/;
        add_header Content-disposition "attachment";
    }

    location /media/ {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.0.0.1:8003/;
        proxy_redirect off;
    }

    # Events
    location /events {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_connect_timeout 7d;
        proxy_send_timeout 7d;
        proxy_read_timeout 7d;
        proxy_pass http://127.0.0.1:8888/events;
    }

}

Hi, I changed the user to taiga in my config because taiga was added to sudo

user taiga;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

your taiga config is configured incorrectly, the log shows this

> Jan 13 10:19:03 DC1RBY01 celery[1262]: [2024-01-13 10:19:03,597: ERROR/MainProcess] consumer: Cannot connect to amqp://rabbitmquser:**@rabbitmq:5672/taiga: [Errno -2] Name or service not known.

amqp://rabbitmquser:**@rabbitmq:5672/taiga:

can you show the config taiga

settings/config.py

Thanks, i made the change for nginx, i will test it.
Edit : It work, thanks for that.

Here is my config :

# -*- coding: utf-8 -*-
import os

from .common import *   # noqa, pylint: disable=unused-wildcard-import

#########################################
## GENERIC
#########################################

DEBUG = False

#ADMINS = (
#    ("Admin", "example@example.com"),
#)

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.postgresql',
        'NAME': 'taiga',
        'USER': 'taiga',
        'PASSWORD': 'xxx',
        'HOST': 'localhost',
        'PORT': '5432',
    }
}

SECRET_KEY = "xxx"

TAIGA_SITES_SCHEME = "https"
TAIGA_SITES_DOMAIN = "xxx"
FORCE_SCRIPT_NAME = ""

TAIGA_URL = f"{ TAIGA_SITES_SCHEME }://{ TAIGA_SITES_DOMAIN }{ FORCE_SCRIPT_NAME }"
SITES = {
        "api": { "name": "api", "scheme": TAIGA_SITES_SCHEME, "domain": TAIGA_SITES_DOMAIN },
        "front": { "name": "front", "scheme": TAIGA_SITES_SCHEME, "domain": f"{ TAIGA_SITES_DOMAIN }{ FORCE_SCRIPT_NAME }" }
}

# Setting DEFAULT_PROJECT_SLUG_PREFIX to false
# removes the username from project slug
DEFAULT_PROJECT_SLUG_PREFIX = False

#########################################
## MEDIA AND STATIC
#########################################

# MEDIA_ROOT = '/home/taiga/media'
MEDIA_URL = f"{ TAIGA_URL }/media/"
DEFAULT_FILE_STORAGE = "taiga_contrib_protected.storage.ProtectedFileSystemStorage"
THUMBNAIL_DEFAULT_STORAGE = DEFAULT_FILE_STORAGE

# STATIC_ROOT = '/home/taiga/static'
STATIC_URL = f"{ TAIGA_URL }/static/"

#########################################
## EMAIL
#########################################
# https://docs.djangoproject.com/en/3.1/topics/email/
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
CHANGE_NOTIFICATIONS_MIN_INTERVAL = 120  # seconds

DEFAULT_FROM_EMAIL = 'changeme@example.com'
EMAIL_USE_TLS = True
EMAIL_USE_SSL = True
EMAIL_HOST = 'localhost'
EMAIL_PORT = 587
EMAIL_HOST_USER = 'user'
EMAIL_HOST_PASSWORD = 'xxx'

#########################################
## EVENTS
#########################################
EVENTS_PUSH_BACKEND = "taiga.events.backends.rabbitmq.EventsPushBackend"
EVENTS_PUSH_BACKEND_OPTIONS = {
    "url": "amqp://rabbitmquser:xxx@rabbitmqhost:5672/taiga"
}


#########################################
## TAIGA ASYNC
#########################################
CELERY_ENABLED = os.getenv('CELERY_ENABLED', 'True') == 'True'

from kombu import Queue  # noqa

CELERY_BROKER_URL = "amqp://rabbitmquser:xxx@rabbitmq:5672/taiga"
CELERY_RESULT_BACKEND = None # for a general installation, we don't need to store the results
CELERY_ACCEPT_CONTENT = ['pickle', ]  # Values are 'pickle', 'json', 'msgpack' and 'yaml'
CELERY_TASK_SERIALIZER = "pickle"
CELERY_RESULT_SERIALIZER = "pickle"
CELERY_TIMEZONE = 'Europe/Madrid'
CELERY_TASK_DEFAULT_QUEUE = 'tasks'
CELERY_QUEUES = (
    Queue('tasks', routing_key='task.#'),
    Queue('transient', routing_key='transient.#', delivery_mode=1)
)
CELERY_TASK_DEFAULT_EXCHANGE = 'tasks'
CELERY_TASK_DEFAULT_EXCHANGE_TYPE = 'topic'
CELERY_TASK_DEFAULT_ROUTING_KEY = 'task.default'


#########################################
## CONTRIBS
#########################################
# INSTALLED_APPS += [
#     "taiga_contrib_slack",
#     "taiga_contrib_github_auth",
#     "taiga_contrib_gitlab_auth"
# ]
#
# GITHUB_API_CLIENT_ID = "changeme"
# GITHUB_API_CLIENT_SECRET = "changeme"
#
# GITLAB_API_CLIENT_ID = "changeme"
# GITLAB_API_CLIENT_SECRET = "changeme"
# GITLAB_URL = "changeme"


#########################################
## TELEMETRY
#########################################

ENABLE_TELEMETRY = True

#########################################
##  REGISTRATION
#########################################

PUBLIC_REGISTER_ENABLED = False

#########################################
## THROTTLING
#########################################

#REST_FRAMEWORK["DEFAULT_THROTTLE_RATES"] = {
#    "anon-write": "20/min",
#    "user-write": None,
#    "anon-read": None,
#    "user-read": None,
#    "import-mode": None,
#    "import-dump-mode": "1/minute",
#    "create-memberships": None,
#    "login-fail": None,
#    "register-success": None,
#    "user-detail": None,
#    "user-update": None,
#}

# This list should contain:
#  - Taiga users IDs
#  - Valid clients IP addresses (X-Forwarded-For header)
#REST_FRAMEWORK["DEFAULT_THROTTLE_WHITELIST"] = []

# LIMIT ALLOWED DOMAINS FOR REGISTER AND INVITE
# None or [] values in USER_EMAIL_ALLOWED_DOMAINS means allow any domain
#USER_EMAIL_ALLOWED_DOMAINS = None

# PUBLIC OR PRIVATE NUMBER OF PROJECT PER USER
#MAX_PRIVATE_PROJECTS_PER_USER = None # None == no limit
#MAX_PUBLIC_PROJECTS_PER_USER = None # None == no limit
#MAX_MEMBERSHIPS_PRIVATE_PROJECTS = None # None == no limit
#MAX_MEMBERSHIPS_PUBLIC_PROJECTS = None # None == no limit


#########################################
## SITEMAP
#########################################

# If is True /front/sitemap.xml show a valid sitemap of taiga-front client
#FRONT_SITEMAP_ENABLED = False
#FRONT_SITEMAP_CACHE_TIMEOUT = 24*60*60  # In second


#########################################
## FEEDBACK
#########################################

# Note: See config in taiga-front too
#FEEDBACK_ENABLED = True
#FEEDBACK_EMAIL = "support@taiga.io"


#########################################
## STATS
#########################################

#STATS_ENABLED = False
#STATS_CACHE_TIMEOUT = 60*60  # In second


#########################################
## IMPORTERS
#########################################

# Configuration for the GitHub importer
# Remember to enable it in the front client too.
#IMPORTERS["github"] = {
#    "active": True,
#    "client_id": "XXXXXX_get_a_valid_client_id_from_github_XXXXXX",
#    "client_secret": "XXXXXX_get_a_valid_client_secret_from_github_XXXXXX"
#}

# Configuration for the Trello importer
# Remember to enable it in the front client too.
#IMPORTERS["trello"] = {
#    "active": True, # Enable or disable the importer
#    "api_key": "XXXXXX_get_a_valid_api_key_from_trello_XXXXXX",
#    "secret_key": "XXXXXX_get_a_valid_secret_key_from_trello_XXXXXX"
#}

# Configuration for the Jira importer
# Remember to enable it in the front client too.
#IMPORTERS["jira"] = {
#    "active": True, # Enable or disable the importer
#    "consumer_key": "XXXXXX_get_a_valid_consumer_key_from_jira_XXXXXX",
#    "cert": "XXXXXX_get_a_valid_cert_from_jira_XXXXXX",
#    "pub_cert": "XXXXXX_get_a_valid_pub_cert_from_jira_XXXXXX"
#}

Hi
You have two errors.
First check the hostname of your server (write the hostname command in the console) and change the Rabbitmq:5672 value in the configuration file to the hostname of your server.
from “amqp://rabbitmquser:xxx@rabbitmq:5672/taiga” to “amqp://rabbitmquser:xxx@yourhostname:5672/taiga” (in the “Events and TAIGA ASYNC” section)
Also check the /home/taiga/taiga-events/.env file.
This must be the same rabbitmquser:xxx@yourhostname:5672/taiga

Secondly, check if the user is actually a rabbitmquser???

Also set DEBUG = True

Hello !

I no longer have an error with the taiga_async service, the problem was that I had to replace rabbitmq and rabbitmqhost with localhost.

I still have my cors problem, I tried to put “add_header ‘Access-Control-Allow-Origin’ “https://xxx.xxx” always;” in my nginx conf or nat the port 8000 it requests but it didn’t change anything.

You helped me a lot with the first 2 problems, thanks!

Hello, do you write this in /etc/nginx/nginx.conf? add_header Access-Control-Allow-Origin "example.com"; without https://?
should work without https:// .

No, it doesn’t work.
I also tried add_header ‘Access-Control-Allow-Origin’ ‘*’ always;

Instead, I get the impression that a taiga component is asking the browser to fetch api information on port 8000

As with this request :
https://xxx.xxx:8000/api/v1/projects?discover_mode=true&order_by=-total_activity_last_year

Obviously, there’s nothing listening on port 8000 on the server. However, when I manually put https://xxx.xxx/api/v1/projects?discover_mode=true&order_by=-total_activity_last_year in my browser without the :8000, it works.

In taiga-front-dist/dist/conf.json there is “api”: “https://xxx-xxx:8000/api/v1/”,

But same error without :8000

This is normal behavior, it should not work with port 8000 after setting the configs.
If you haven’t deleted port 8000 everywhere in the configs, you may be getting these errors.
If you want to use port 8000 it should be specified everywhere, if not, then it should be absent everywhere.

I also did not add add_header 'Access-Control-Allow-Origin' to my config.
If you have enabled debugging, view the logs through the developer tool in the mozilla browser.

Снимок экрана 2024-01-17 1825231014×1061 42 KB

I’ve just removed the :8000 again and this time it works. Thank you very much for your help!