Sorry for the delay in responding.
I don’t use Caddy but it looks to me like your setup is wrong.A proxy is supposed to sit in front of a server. I can’t see any external public facing directive to point to an internal service in your post.
However, I had similar issues getting web sockets to work. The front end was try to access an internal service - it never reached the proxy.
I added a volumes directive in taiga-front to make conf.json file accessible in the taiga-docker directory.
In docker-composer.yml. Note the volumes: block
taiga-front:
image: taigaio/taiga-front:latest
environment:
TAIGA_URL: "${TAIGA_SCHEME}://${TAIGA_DOMAIN}"
TAIGA_WEBSOCKETS_URL: "${WEBSOCKETS_SCHEME}://${TAIGA_DOMAIN}"
TAIGA_SUBPATH: "${SUBPATH}"
# ...your customizations go here
networks:
- taiga
volumes:
- ./conf.json:/usr/share/nginx/html/conf.json
I changed conf.json events url from what is was - either 127.0.0.1/events or localhost/events, to my Fully Qualified Domain Name/events
{
"api": "https://sub.domain.tld/api/v1/",
"eventsUrl": "wss://sub.domain.tld/events",
"baseHref": "/",
"eventsMaxMissedHeartbeats": 5,
"eventsHeartbeatIntervalTime": 60000,
"eventsReconnectTryInterval": 10000,
"debug": false,
"debugInfo": false,
"defaultLanguage": "en",
"themes": ["taiga"],
"defaultTheme": "taiga",
"defaultLoginEnabled": true,
"publicRegisterEnabled": false,
"feedbackEnabled": true,
"supportUrl": "https://community.taiga.io/",
"privacyPolicyUrl": null,
"termsOfServiceUrl": null,
"maxUploadFileSize": null,
"contribPlugins": [],
"gitHubClientId": "",
"gitLabClientId": "",
"gitLabUrl": "",
"tagManager": { "accountId": null },
"tribeHost": null,
"enableAsanaImporter": false,
"enableGithubImporter": false,
"enableJiraImporter": false,
"enableTrelloImporter": false,
"gravatar": false,
"rtlLanguages": [
"ar",
"fa",
"he"
]
}
There is an internal nginx conf file at ./taiga-gateway/taiga.conf. I studied it but did not make any changes.
Environment Variables:
In the environment variables I changed everything to wss and to https, and removed the port :9000 directive
I also changed localhost:9000 to our fully qualified domain name.
Environment variables extract:
# Taiga's URLs - Variables to define where Taiga should be served
# TAIGA_SCHEME=http # serve Taiga using "http" or "https" (secured) connection
TAIGA_SCHEME=https # serve Taiga using "http" or "https" (secured) connection
# TAIGA_DOMAIN=localhost:9000 # Taiga's base URL
TAIGA_DOMAIN=taiga.domain.tld # Taiga's base URL
SUBPATH="" # it'll be appended to the TAIGA_DOMAIN (use either "" or a "/subpath")
# WEBSOCKETS_SCHEME=ws # events connection protocol (use either "ws" or "wss")
WEBSOCKETS_SCHEME=wss # events connection protocol (use either "ws" or "wss")
Nginx Proxy
Finally - we serve our taiga instance behind a nginx proxy - similar to what you want to do.
This a sample based on our nginx.conf file.
server {
listen 80 ;
server_name taiga.domain.tld ;
add_header Strict-Transport-Security max-age=2592000 ;
rewrite ^/.*$ https://$host$request_uri? permanent ;
}
server {
listen 443 ;
server_name taiga.domain.tld ;
ssl on;
ssl_certificate "/etc/letsencrypt/live/tauga.domain.tld/fullchain.pem" ;
ssl_certificate_key "/etc/letsencrypt/live/tauga.domain.tld/privkey.pem" ;
keepalive_timeout 60;
ssl_ciphers HIGH:!ADH:!MD5;
ssl_protocols SSLv3 TLSv1 TLSv1.2;
ssl_prefer_server_ciphers on;
large_client_header_buffers 4 32k;
client_max_body_size 50M;
charset utf-8;
access_log /home/taiga/logs/nginx.access.log;
error_log /home/taiga/logs/nginx.error.log;
# Frontend
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_pass http://localhost:9000/;
}
# Events
location /events {
proxy_pass http://localhost:9000/events;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_connect_timeout 7d;
proxy_send_timeout 7d;
proxy_read_timeout 7d;
}
# Backend
# API
# location /api/ {
# proxy_pass http://taiga-back:8000/api/;
# proxy_pass_header Server;
# proxy_set_header Host $http_host;
# proxy_redirect off;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Scheme $scheme;
# }
#
# # Admin access (/admin/)
# location /admin/ {
# proxy_pass http://taiga-back:8000/admin/;
# proxy_pass_header Server;
# proxy_set_header Host $http_host;
# proxy_redirect off;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Scheme $scheme;
# }
# Static files
# Static
location /static/ {
alias /taiga/static/;
}
# Media
location /_protected/ {
internal;
alias /taiga/media/;
add_header Content-disposition "attachment";
}
# Unprotected section
location /media/exports/ {
alias /taiga/media/exports/;
add_header Content-disposition "attachment";
}
# location /media/ {
# proxy_set_header Host $http_host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Scheme $scheme;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_pass http://taiga-protected:8003/;
# proxy_redirect off;
# }
}
Note the
#Frontend
location /
and the
#Events
location /events
blocks.
Hopefully that’s enough to help resolve your issues.
Cheers
Keith
