Self hosted Taiga works with ssh redirect from localhost but not with an nginx on that host

Troubleshooting
1

Hi

i;‘ve got the whole setup running, even with email witch was a bit of a headache, but now it throws the ’ something went wrong’ main page error, if i use the nginx on that box, but it works fine with the ssh -D tunnel all connection.

Any suggestions ?

2

Hi @nkuhnen welcome to our community!

We’d need more information to be able to help:

  • did you have a docker or a baremetal installation?
  • are you installing it in your localhost environment?
  • what’s your nginx configuration?
  • do you have any logs from the docker / services?

Using a ssh tunnel is definetly not needed nor recommended to use Taiga in a production environment.

Cheers!

3

Hi Yami,

It is a docker installation .

this is the nginx config, that one is not in a docker comtainer but just on the linux host.

# Taiga project managment
#server {
#       server_name taiga.domain.tld;

#	listen 80;
#	listen [::]:80;

#    if ($host = taiga.domain.tld ) {
#        return 301 https://$host$request_uri;
#    } # managed by Certbot

#}



server {
       listen 443 ssl http2;
       server_name taiga.domain.tld;


    large_client_header_buffers 4 32k;
    client_max_body_size 50M;
    charset utf-8;

    access_log /var/log/nginx/access_taigo.log;
    error_log /var/log/nginx/error_taigo.log;

       ### Certificado ssl


    ssl_certificate /etc/letsencrypt/live/taiga.domain.tld/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/taiga.domain.tld/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

   # [ssl part ommited now]
     # END Certificado SSL

       location / {
	   proxy_set_header Host $http_host;
	   proxy_set_header X-Real-IP $remote_addr;
	   proxy_set_header X-Scheme $scheme;
	   proxy_set_header X-Forwarded-Proto $scheme;
	   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	   proxy_redirect off;
	   proxy_pass http://127.0.0.1:9000/;
	 }


       location /admin/ {
	   proxy_set_header Host $http_host;
	   proxy_set_header X-Real-IP $remote_addr;
	   proxy_set_header X-Scheme $scheme;
	   proxy_set_header X-Forwarded-Proto $scheme;
	   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	   proxy_pass http://localhost:9000/admin/;
	   proxy_redirect off;
	 }

	 # Events
	 location /events {
	     proxy_pass http://localhost:9000/events;
	     proxy_http_version 1.1;
	     proxy_set_header Upgrade $http_upgrade;
	     proxy_set_header Connection "upgrade";
	     proxy_connect_timeout 7d;
	     proxy_send_timeout 7d;
	     proxy_read_timeout 7d;
	 }


        # Backend
        location /api {
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Scheme $scheme;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass http://localhost:9000/api;
            proxy_redirect off;
        }


        # Static files
        location /static/ {
            alias /var/lib/docker/volumes/taiga-docker_taiga-static-data/_data/;

        }
    # Media
    location /_protected {
        internal;
        alias /var/lib/docker/volumes/taiga-docker_taiga-media-data/_data/;
        add_header Content-disposition "attachment";
    }

    # Unprotected section
    location /media/exports {
        alias /var/lib/docker/volumes/taiga-docker_taiga-media-data/_data/exports;
        add_header Content-disposition "attachment";
    }

        # Media files
        location /media {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://localhost:9000/;
        proxy_redirect off;
        }

}

or should i try to reconfigure the nginx in the container that comes with taiga? to listen on the outside with a cert ?

Thanks !

Niels

4

Hi @nkuhnen

The configuration you shared is used with a baremetal installation, but with a docker installation you should be using a different one. All the media, api and so is “hidden” in the gateway service and the part for you to configure is much smaller.

Check the official documentation and try these steps.

Cheers!

5

Hi Yami,

Still the same :frowning:

docker logs -f taiga-docker-taiga-front-1

log for not working
172.20.0.10 - - [24/Nov/2023:08:10:22 +0000] “GET /discover HTTP/1.0” 304 0 “-” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36” “xx.xx.xx.xx”
172.20.0.10 - - [24/Nov/2023:08:10:25 +0000] “GET / HTTP/1.0” 304 0 “-” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36” “xx.xx.xx.xx”

this is if it does work
172.20.0.10 - - [24/Nov/2023:08:16:33 +0000] “GET / HTTP/1.0” 304 0 “-” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/119.0” “-”

i tried changing the url in .env file to the external url, but that didn’ work…

What else should i take a look at ?

Thanks! Niels

6

hi @nkuhnen

Try checking the taiga-gateway logs, which probably are the best first step.

If you’re installing it in your local machine, you may:

  1. try taiga without nginx. Go to http://localhost:9000 and check if taiga is up and running. If there is an error here, you may review the Taiga configuration (.env)

  2. if the previous test works, the problem is likely in the nginx or in your network configuration.

Cheers!