Friends, does anyone have instructions on how to run Taiga in production with SSL Let’s Encrypt?
There are two variations.
I searched the whole Internet and there is not a word about it on the forum.
Everyone works with Taiga via https, but there is no word anywhere on how to do it.
Thank you in advance.
Hi @collex100
We designed taiga-docker so the TLS termination is managed outside Taiga. SSL/TLS or the load balancer for instance, are decisions company wise. We know that different companies have different infrastructures so these decisions are left to each installation.
For this reason, taiga-docker exposes a port to a non-priviledged port in the host and let the company manage it. As a technical note, taiga-docker has an nginx gateway but it’s not meant to listen at 80/443, it’s a mean to hide some of the complexity of the services. So, you shouldn’t be counting on this nginx to configure the TLS termination.
Now, the recommended way is explained in the official documentation, in the section “Configure the Proxy”. The example is made with nginx, because it’s a very popular proxy server, and it has integration with LE, as you can see in their official documentation, but you could use Caddy server as well, which has a very good Let’s Encrypt integration.
Cheers!
Hi @yami
Thanks for the detailed answer.
This made me understand why everything is the way it is.
I did it according to the instructions that are in your manual and configured nginx and SSL Let’s Encrypt.
The site now opens with two links:
http://taiga.6ministers.com:9000/
How do I close port 9000?
UFW does not help for some reason.
hi @collex100
the uncomplicated firewall should work for this scenario; it’s probably something around your configuration.
You could also check on your cloud provider as they typically have options to close ports from external access.
That said, this is not Taiga related, and I believe this forum is not the best place to find help regarding your issue.
Good luck!
