Hi @tartrib
There is an example at the end of the Taiga 30min setup guide
First of all, you have to apply some changes in your .env
file to use https and wss instead of http and ws:
TAIGA_SCHEME=https
TAIGA_DOMAIN=my_alias_taiga.domain.local
SUBPATH=""
WEBSOCKETS_SCHEME=wss
If you have directly modified the docker-compose.yml
file you have to apply the necessary changes so that the different pieces use the secured external url (https://my_alias_taiga.domain.local
and wss://my_alias_taiga.domain.local
) for TAIGA_SITES_SCHEME
and TAIGA_SITE_DOMAIN
in x-environments
and for TAIGA_URL
and TAIGA_WEBSOCKETS_URL
in the taiga-front
service.
And now you have to configure your nginx with something like this.
server {
listen 80;
server_name my_alias_taiga.domain.local;
rewrite ^(.*) https://my_alias_taiga.domain.local$1 permanent;
}
server {
listen 443 ssl;
server_name my_alias_taiga.domain.local;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_pass http://localhost:9000/;
}
# Events
location /events {
proxy_pass http://localhost:9000/events;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_connect_timeout 7d;
proxy_send_timeout 7d;
proxy_read_timeout 7d;
}
# TLS: Configure your TLS following the best practices inside your company
ssl_certificate /etc/letsencrypt/live/my_alias_taiga.domain.local/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my_alias_taiga.domain.local/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
# Logs and other configurations
error_log /var/log/nginx/mytaiga.domain.local-error.log warn;
access_log /var/log/nginx/mytaiga.domain.local-access.log main;
}
I use http://localhost:9000/
because is the port using by the default setup. Use the port 80 for the taiga service (docker) and for the local nginx does not seem a good idea.
I hope this can help.
Best regards