After restarting nginx with systemctl restart nginx, then going to the web page https://my_alias_taiga.domain.local, the page displayed a blank page and when I opened the developer tool web page, there are these errors that came up:
Mixed Content: The page at 'https://my_alias_taiga.domain.local/' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://my_alias_taiga.domain.local/events'. This request has been blocked; this endpoint must be available over WSS.
e.setupConnection @ app.js:3319
and
Uncaught (in promise) DOMException: Failed to construct 'WebSocket': An insecure WebSocket connection may not be initiated from a page loaded over HTTPS.
at e.setupConnection (https://my_alias_taiga.domain.local/v-1631701833072/js/app.js:1:59357)
at e.t [as setupConnection] (https://my_alias_taiga.domain.local/v-1631701833072/js/libs.js:1:116927)
at e (https://my_alias_taiga.domain.local/v-1631701833072/js/app.js:1:16548)
at Object.invoke (https://my_alias_taiga.domain.local/v-1631701833072/js/libs.js:1:232645)
at https://my_alias_taiga.domain.local/v-1631701833072/js/libs.js:1:231497
at mt (https://my_alias_taiga.domain.local/v-1631701833072/js/libs.js:1:208051)
at Ve (https://my_alias_taiga.domain.local/v-1631701833072/js/libs.js:1:231475)
at i (https://my_alias_taiga.domain.local/v-1631701833072/js/libs.js:1:216401)
at Object.st [as bootstrap] (https://my_alias_taiga.domain.local/v-1631701833072/js/libs.js:1:216709)
at https://my_alias_taiga.domain.local/v-1631701833072/js/app-loader.js:1:2348
I then first added these lines in the nginx configuration of my taiga service:
If you have directly modified the docker-compose.yml file you have to apply the necessary changes so that the different pieces use the secured external url (https://my_alias_taiga.domain.local and wss://my_alias_taiga.domain.local) for TAIGA_SITES_SCHEME and TAIGA_SITE_DOMAIN in x-environments and for TAIGA_URL and TAIGA_WEBSOCKETS_URL in the taiga-front service.
And now you have to configure your nginx with something like this.
server {
listen 80;
server_name my_alias_taiga.domain.local;
rewrite ^(.*) https://my_alias_taiga.domain.local$1 permanent;
}
server {
listen 443 ssl;
server_name my_alias_taiga.domain.local;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_pass http://localhost:9000/;
}
# Events
location /events {
proxy_pass http://localhost:9000/events;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_connect_timeout 7d;
proxy_send_timeout 7d;
proxy_read_timeout 7d;
}
# TLS: Configure your TLS following the best practices inside your company
ssl_certificate /etc/letsencrypt/live/my_alias_taiga.domain.local/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my_alias_taiga.domain.local/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
# Logs and other configurations
error_log /var/log/nginx/mytaiga.domain.local-error.log warn;
access_log /var/log/nginx/mytaiga.domain.local-access.log main;
}
I use http://localhost:9000/ because is the port using by the default setup. Use the port 80 for the taiga service (docker) and for the local nginx does not seem a good idea.
and nothing changed, when i look the devtools debug page, I have the same error as the first time. I wonder if this doesn’t come from the source code? because the error clearly tells me that it is a websocket problem and show me the app.js code.
Have you changed your nginx configuration as I mentioned? Proxy passing to port 80 doesn’t seem to make much sense (by default, the taiga-gateway service use the port 9000). Follow the settings from the guide as much as possible.
Taiga could work perfectly without websockets. taiga-events and taiga-front, which use websockets, are only used to keep taksboards and kanban updated in real time (when you are looking at it and someone else modifies something). This functionality could be incorrectly configured and Taiga would continue to work without problems.
It’s true, I didn’t completely follow the recommendations. I’m still using port 80 because I told myself that it’s simply a port issue. I’m going to test by changing the port and then I’ll let you know the result.
Sorry but, if I change the proxy pass to localhost:9000, how the reverse proxy can redirect to the taiga server ?
you have probably been confused by all this information which lacks clarity so I will give you the context more clearly:
there is a server that runs taiga, this server is called
taiga-server.domain.local
to which I assigned an alias which is currently used in production
mytaiga.domain.local
I have another alias that I use to do my tests so as not to disrupt production
my_alias_taiga.domain.local but it’s not really an alias because in reality it’s an A record which points to the reverse proxy FQDN
I think that you thought the nginx server and the taiga server whas the same, but it’s two different server with different name and different IP. I hope I was able to provide more clarity.
Sorry but the two location blocks have to be exactly as I have indicated. You don’t have to change the word localhost with your domain. Nginx receives the request on port 443 (or 80) and redirects using the proxypass to localhost:9000, which is where taiga is listening.
