How do I set up https with self hosted docker(using self signed certs)

Do I need to add some sort of extra container sitting in front of gateway (like nginxproxy/nginx-proxy) or do I configure the gateway for https directly.
I tried to do it directly but am getting 502 errors which I can’t track down.

For the self signed certs, I’m mapping
and not sure if I need to do this but adding intermediate certs to /usr/local/share/ca-certificates/ and running update-ca-certificates at startup

Oh it was a silly mistake, I forgot to add port 443 mapping for taiga gateway
image: nginx:1.19-alpine
- “80:80”
- “443:443”
It loaded afterwards

but email seems to have broken
how do you email with it
could setting env variable
REQUESTS_CA_BUNDLE: “/usr/local/share/ca-certificates/star-chain.comp.cer” in taiga-back
for th jira cert chain for import be causing these issues?
taiga-docker-taiga-back-1 | ERROR:2023-03-15 10:04:25,335: Internal Server Error: /api/v1/auth/register
taiga-docker-taiga-back-1 | Traceback (most recent call last):
taiga-docker-taiga-back-1 | File “/opt/venv/lib/python3.7/site-packages/django/core/handlers/”, line 34, in inner
taiga-docker-taiga-back-1 | response = get_response(request)

taiga-docker-taiga-back-1 | File “/opt/venv/lib/python3.7/site-packages/django/core/handlers/”, line 115, in _get_response
taiga-docker-taiga-back-1 | response = self.process_exception_by_middleware(e, request)
taiga-docker-taiga-back-1 | File “/opt/venv/lib/python3.7/site-packages/django/core/handlers/”, line 113, in _get_response
taiga-docker-taiga-back-1 | response = wrapped_callback(request, *callback_args, **callback_kwargs)
taiga-docker-taiga-back-1 | File “/taiga-back/taiga/base/api/”, line 95, in view
taiga-docker-taiga-back-1 | return self.dispatch(request, *args, **kwargs)
taiga-docker-taiga-back-1 | File “/opt/venv/lib/python3.7/site-packages/django/views/decorators/”, line 54, in wrapped_view
taiga-docker-taiga-back-1 | return view_func(*args, **kwargs)
taiga-docker-taiga-back-1 | File “/taiga-back/taiga/base/api/”, line 449, in dispatch
taiga-docker-taiga-back-1 | response = self.handle_exception(exc)
taiga-docker-taiga-back-1 | File “/taiga-back/taiga/base/api/”, line 447, in dispatch
taiga-docker-taiga-back-1 | response = handler(request, *args, **kwargs)
taiga-docker-taiga-back-1 | File “/taiga-back/taiga/auth/”, line 137, in register
taiga-docker-taiga-back-1 | return self._public_register(request)
taiga-docker-taiga-back-1 | File “/taiga-back/taiga/auth/”, line 112, in _public_register
taiga-docker-taiga-back-1 | user = public_register(**data)
taiga-docker-taiga-back-1 | File “/usr/local/lib/python3.7/”, line 74, in inner
taiga-docker-taiga-back-1 | return func(*args, **kwds)
taiga-docker-taiga-back-1 | File “/taiga-back/taiga/auth/”, line 174, in public_register
taiga-docker-taiga-back-1 | send_register_email(user)
taiga-docker-taiga-back-1 | File “/taiga-back/taiga/auth/”, line 124, in send_register_email
taiga-docker-taiga-back-1 | return bool(email.send())
taiga-docker-taiga-back-1 | File “/opt/venv/lib/python3.7/site-packages/django/core/mail/”, line 306, in send
taiga-docker-taiga-back-1 | return self.get_connection(fail_silently).send_messages([self])
taiga-docker-taiga-back-1 | File “/opt/venv/lib/python3.7/site-packages/django/core/mail/backends/”, line 103, in send_messages
taiga-docker-taiga-back-1 | new_conn_created =
taiga-docker-taiga-back-1 | File “/opt/venv/lib/python3.7/site-packages/django/core/mail/backends/”, line 68, in open
taiga-docker-taiga-back-1 | self.connection.starttls(keyfile=self.ssl_keyfile, certfile=self.ssl_certfile)
taiga-docker-taiga-back-1 | File “/usr/local/lib/python3.7/”, line 776, in starttls
taiga-docker-taiga-back-1 | server_hostname=self._host)
taiga-docker-taiga-back-1 | File “/usr/local/lib/python3.7/”, line 423, in wrap_socket
taiga-docker-taiga-back-1 | session=session
taiga-docker-taiga-back-1 | File “/usr/local/lib/python3.7/”, line 870, in _create
taiga-docker-taiga-back-1 | self.do_handshake()
taiga-docker-taiga-back-1 | File “/usr/local/lib/python3.7/”, line 1139, in do_handshake
taiga-docker-taiga-back-1 | self._sslobj.do_handshake()
taiga-docker-taiga-back-1 | OSError: [Errno 0] Error
taiga-docker-taiga-gateway-1 | - - [15/Mar/2023:10:04:25 +0000] “POST /api/v1/auth/register HTTP/1.1” 500 37 “” "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.

Hi @RT-AP SSL/TLS termination should be dealt in your host system. You are expected to have an Nginx/Apache/traeffic… where you can configure your certificates.

taiga-gateway is not meant to have this configuration; you can map certificates and (maybe) edit the nginx configuration, but it’s not officially tested nor supported.


I don’t know if its unsupported but I got it to work.
And it seems to be doing ok for the most part.
I think I had to add a few proxy_set_header

  # docker-compose.yml
  # ...
    #image: nginx:1.19-alpine
    image: nginx:1.19
      - "80:80"
      - "443:443"

      - ./taiga-gateway-nginx-https-certs/nginx.crt:/etc/nginx/ssl/nginx.crt
      - ./taiga-gateway-nginx-https-certs/nginx.key:/etc/nginx/ssl/nginx.key
      - ./taiga-gateway/taiga.conf:/etc/nginx/conf.d/default.conf
      - ./docker-entrypoint.d:/docker-entrypoint.d/
      - taiga-static-data:/taiga/static
      - taiga-media-data:/taiga/media
      - taiga
      - taiga-front
      - taiga-back
      - taiga-events
     # taiga-gateway/taiga.conf
server {
    listen 80 default_server;
    listen 443 ssl default_server;
    ssl_certificate /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;

    client_max_body_size 100M;
    charset utf-8;

    # Frontend
    location / {
        proxy_pass http://taiga-front/;
        proxy_pass_header Server;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    # API
    location /api/ {
        proxy_pass http://taiga-back:8000/api/;
        proxy_pass_header Server;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;

    # Admin
    location /admin/ {
        proxy_pass http://taiga-back:8000/admin/;
        proxy_pass_header Server;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;

    # Static
    location /static/ {
        alias /taiga/static/;
    # Media
    location /_protected/ {
        alias /taiga/media/;
        add_header Content-disposition "attachment";

    # Unprotected section
    location /media/exports/ {
        alias /taiga/media/exports/;
        add_header Content-disposition "attachment";

    location /media/ {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://taiga-protected:8003/;
        proxy_redirect off;

    # Events
    location /events {
        proxy_pass http://taiga-events:8888/events;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_connect_timeout 7d;
        proxy_send_timeout 7d;
        proxy_read_timeout 7d;

1 Like

Great! thank you for sharing your solution, so it may be useful for other users.


1 Like

Could you clarify this question - is it inside docker? There is an instruction on how it looks throughout the installation process. I have my own installation option, but it requires consideration of the issue.