Instalación taiga, Contenedor ubuntu 20.04

https://docs.taiga.io/setup-production.html#_introduction

Dependencias

  • Instalamos
sudo apt-get update
sudo apt-get install -y build-essential binutils-doc autoconf flex bison libjpeg-dev
sudo apt-get install -y libfreetype6-dev zlib1g-dev libzmq3-dev libgdbm-dev libncurses5-dev
sudo apt-get install -y automake libtool curl git tmux gettext
sudo apt-get install -y nginx
sudo apt-get install -y rabbitmq-server

PostgreSQL

sudo apt-get install -y postgresql-12 postgresql-contrib-12 postgresql-doc-12 postgresql-server-dev-12
sudo pg_ctlcluster 12 main start

Python3

sudo apt-get install -y python3 python3-pip python3-dev python3-venv
sudo apt-get install -y libxml2-dev libxslt-dev
sudo apt-get install -y libssl-dev libffi-dev

Node.js

curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash -
sudo apt-get install gcc g++ make
sudo apt-get install -y nodejs

Crear usuario taiga

sudo adduser taiga   -->Pass:CA2
sudo adduser taiga sudo
sudo su taiga
cd /home/taiga/
cd ~

NOTA: a partir de aquí se debe instalar con el usuario Taiga y no con root

Configurar PostgreSQL y RabbitMQ

sudo -u postgres createuser taiga --interactive --pwprompt

//instalación:
password for taiga:CA2
Enter password for new role: HB0
Enter it again: HB0
Shall the new role be a superuser? (y/n) y
//fin


sudo -u postgres createdb taiga -O taiga --encoding='utf-8' --locale=en_US.utf8 --template=template0

Create a rabbitmquser named taiga and a virtualhost for RabbitMQ (taiga-events and async tasks)

sudo rabbitmqctl add_user rabbitmquser rabbitmqpassword  //Nota se debe cambiar
//Adding user "rabbitmquser" ...

sudo rabbitmqctl add_vhost taiga
//Adding vhost "taiga" ...

sudo rabbitmqctl set_permissions -p taiga rabbitmquser ".*" ".*" ".*"
//Setting permissions for user "rabbitmquser" in vhost "taiga" ...

Configuración del Backend

  • es la instalación de los módulos taiga-back y taiga-async
  • Obtenemos el código
cd ~
git clone https://github.com/kaleidos-ventures/taiga-back.git taiga-back
cd taiga-back
git checkout stable
  • Crear virtualenv
python3 -m venv .venv --prompt taiga-back
source .venv/bin/activate
pip install --upgrade pip wheel
  • Install all Python dependencies
pip install -r requirements.txt
  • Install taiga-contrib-protected
pip install git+https://github.com/kaleidos-ventures/taiga-contrib-protected.git@stable#egg=taiga-contrib-protected
  • Crear archivo de configuración
cp settings/config.py.prod.example settings/config.py
  • Abrimos
nano settings/config.py
  • Modificamos
  • Taiga secret key: it’s important to change it. It must have the same value as the secret key in taiga-events and taiga-protected
  • Taiga urls: configure where Taiga would be served using TAIGA_URL, SITES and FORCE_SCRIPT_NAME (see examples below)
  • Connection to PostgreSQL; check DATABASES section in the file
  • Connection to RabbitMQ for taiga-events; check «EVENTS» section in the file
  • Connection to RabbitMQ for taiga-async; check «TAIGA ASYNC» section in the file
  • Credentials for email; check «EMAIL» section in the file
  • Enable/disable anonymous telemetry; check «TELEMETRY» section in the file
  • Modificamos
DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.postgresql',
        'NAME': 'taiga',
        'USER': 'taiga',
        'PASSWORD': 'changeme',
        'HOST': '',
        'PORT': '',
    }
}

X
DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.postgresql',
        'NAME': 'taiga',
        'USER': 'taiga',
        'PASSWORD': 'HB0',
        'HOST': '',
        'PORT': '',
    }
}

SECRET_KEY = "changeme"
X
SECRET_KEY = "taigaugit"
TAIGA_SITES_SCHEME = "https"
TAIGA_SITES_DOMAIN = "example.com"
X
TAIGA_SITES_DOMAIN = "taiga.siua.ac.cr"
FORCE_SCRIPT_NAME = ""
#########################################
## EMAIL
#########################################
# https://docs.djangoproject.com/en/3.1/topics/email/
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
CHANGE_NOTIFICATIONS_MIN_INTERVAL = 120  # seconds

DEFAULT_FROM_EMAIL = 'changeme@example.com'
EMAIL_USE_TLS = True
EMAIL_USE_SSL = True
EMAIL_HOST = 'localhost'
EMAIL_PORT = 587
EMAIL_HOST_USER = 'user'
EMAIL_HOST_PASSWORD = 'password'


X

#########################################
## EMAIL
#########################################
# https://docs.djangoproject.com/en/3.1/topics/email/
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
CHANGE_NOTIFICATIONS_MIN_INTERVAL = 120  # seconds

DEFAULT_FROM_EMAIL = 'admin@siua.ac.cr'
EMAIL_USE_TLS = True
EMAIL_USE_SSL = True
EMAIL_HOST = 'correo.siua.ac.cr'
EEMAIL_PORT = 465
EMAIL_HOST_USER = 'admin'
EMAIL_HOST_PASSWORD = 'AC2'
#########################################
## EVENTS
#########################################
EVENTS_PUSH_BACKEND = "taiga.events.backends.rabbitmq.EventsPushBackend"
EVENTS_PUSH_BACKEND_OPTIONS = {
    "url": "amqp://rabbitmquser:rabbitmqpassword@rabbitmqhost:5672/taiga" //No los cambie
}
#########################################
## TAIGA ASYNC
#########################################
CELERY_ENABLED = os.getenv('CELERY_ENABLED', 'True') == 'True'
#########################################
## TELEMETRY
#########################################

ENABLE_TELEMETRY = True

Importar datos a la base de datos

source .venv/bin/activate
DJANGO_SETTINGS_MODULE=settings.config python manage.py migrate --noinput

# Crear usuario administrador con contraseña fuerte

CELERY_ENABLED=False DJANGO_SETTINGS_MODULE=settings.config python manage.py createsuperuser

//Resultado
Username: ugit
Email address: gustavo.matamoros@siua.ac.cr
Password: Sk83
Password (again): Sk83
Superuser created successfully.
//fin

DJANGO_SETTINGS_MODULE=settings.config python manage.py loaddata initial_project_templates
DJANGO_SETTINGS_MODULE=settings.config python manage.py compilemessages
DJANGO_SETTINGS_MODULE=settings.config python manage.py collectstatic --noinput

Instalar demos

  • Si desea instalar demos (tarda un rato)
CELERY_ENABLED=False DJANGO_SETTINGS_MODULE=settings.config python manage.py sample_data

Verificación

  • Si queremos verificar la instalación ejecutamos
source .venv/bin/activate
DJANGO_SETTINGS_MODULE=settings.config python manage.py runserver 10.20.200.85:8000

Instalación del Frontend

  • Obtener código
cd ~
git clone https://github.com/kaleidos-ventures/taiga-front-dist.git taiga-front-dist
cd taiga-front-dist
git checkout stable
  • Copiar la configuración
cp ~/taiga-front-dist/dist/conf.example.json ~/taiga-front-dist/dist/conf.json
  • Abrimos
nano dist/conf.json
  • Modificar la configuración
{
    "api": "http://localhost:8000/api/v1/",
    "eventsUrl": null,
    "baseHref": "/",


X

{
    "api": "https://taiga.siua.ac.cr/api/v1/",
    "eventsUrl": "wss://taiga.siua.ac.cr/events",
    "baseHref": "/",
  • Quedando así
{
    "api": "http://taiga.siua.ac.cr:8000/api/v1/",
    "eventsUrl": "wss://taiga.siua.ac.cr/events",
    "baseHref": "/",
    "eventsMaxMissedHeartbeats": 5,
    "eventsHeartbeatIntervalTime": 60000,
    "eventsReconnectTryInterval": 10000,
    "debug": false,
    "debugInfo": false,
    "defaultLanguage": "en",
    "themes": ["taiga"],
    "defaultTheme": "taiga",
    "defaultLoginEnabled": true,
    "publicRegisterEnabled": true,
    "feedbackEnabled": true,
    "supportUrl": "https://resources.taiga.io",
    "privacyPolicyUrl": null,
    "termsOfServiceUrl": null,
    "maxUploadFileSize": null,
    "contribPlugins": [],
    "tagManager": { "accountId": null },
    "tribeHost": null,
    "enableAsanaImporter": false,
    "enableGithubImporter": false,
    "enableJiraImporter": false,
    "enableTrelloImporter": false,
    "gravatar": false,
    "rtlLanguages": ["ar", "fa", "he"]
}
  • Como nuestro dominio lleva directamente a la aplicación https://taiga.siua.ac.cr y no http://siua.ac.cr/taiga solo verificamos que el archivo index.html este así
nano dist/index.html
  • Debe estar así
<base href="/">

Configurar Events

  • Obtener código
cd ~
git clone https://github.com/kaleidos-ventures/taiga-events.git taiga-events
cd taiga-events
git checkout stable

Instalar dependencias Javascript

npm install
  • Create .env file based on the provided example
cp .env.example .env
  • Abrimos
nano .env
  • Update it with your RabbitMQ URL and your unique secret key. Your final .env should look similar to the following example:
RABBITMQ_URL="amqp://rabbitmquser:rabbitmqpassword@rabbitmqhost:5672/taiga"
SECRET="taigaugit"
WEB_SOCKET_SERVER_PORT=8888
APP_PORT=3023

Taiga protected Setup

  • Obtener código
cd ~
git clone https://github.com/kaleidos-ventures/taiga-protected.git taiga-protected
cd taiga-protected
git checkout stable
  • Create a virtualenv:
python3 -m venv .venv --prompt taiga-protected
source .venv/bin/activate
pip install --upgrade pip wheel
  • Install all Python dependencies:
pip install -r requirements.txt
  • Copy the example config file:
cp ~/taiga-protected/env.sample ~/taiga-protected/.env
  • Abrimos
nano .env
  • Modificamos
SECRET_KEY="taiga-back-secret-key"
X
SECRET_KEY="taigaugit"

Iniciar Taiga (root)

  • Creamos al archivo como root
nano /etc/systemd/system/taiga.service
  • Le agregamos
[Unit]
Description=taiga_back
After=network.target

[Service]
User=taiga
WorkingDirectory=/home/taiga/taiga-back
ExecStart=/home/taiga/taiga-back/.venv/bin/gunicorn --workers 4 --timeout 60 --log-level=info --access-logfile - --bind 0.0.0.0:8001 taiga.wsgi
Restart=always
RestartSec=3

Environment=PYTHONUNBUFFERED=true
Environment=DJANGO_SETTINGS_MODULE=settings.config

[Install]
WantedBy=default.target
  • Recargamops el servicio
sudo systemctl daemon-reload
sudo systemctl start taiga
sudo systemctl enable taiga
  • Verificamos el servicio
sudo systemctl status taiga
  • creamos el servcicio
nano /etc/systemd/system/taiga-async.service
  • Le agregamos
[Unit]
Description=taiga_async
After=network.target

[Service]
User=taiga
WorkingDirectory=/home/taiga/taiga-back
ExecStart=/home/taiga/taiga-back/.venv/bin/celery -A taiga.celery worker -B --concurrency 4 -l INFO
Restart=always
RestartSec=3
ExecStop=/bin/kill -s TERM $MAINPID

Environment=PYTHONUNBUFFERED=true
Environment=DJANGO_SETTINGS_MODULE=settings.config

[Install]
WantedBy=default.target
  • recargamos el servcio
sudo systemctl daemon-reload
sudo systemctl start taiga-async
sudo systemctl enable taiga-async
  • Verificamos el servicio
sudo systemctl status taiga-async
  • Creamos el servicio
nano /etc/systemd/system/taiga-events.service
  • Le agregamos
[Unit]
Description=taiga_events
After=network.target

[Service]
User=taiga
WorkingDirectory=/home/taiga/taiga-events
ExecStart=npm run start:production
Restart=always
RestartSec=3

[Install]
WantedBy=default.target
  • Recargamos
sudo systemctl daemon-reload
sudo systemctl start taiga-events
sudo systemctl enable taiga-events
  • Verificamos
sudo systemctl status taiga-events
  • Creamos el servicio
nano /etc/systemd/system/taiga-protected.service
  • Le agregamos
[Unit]
Description=taiga_protected
After=network.target

[Service]
User=taiga
WorkingDirectory=/home/taiga/taiga-protected
ExecStart=/home/taiga/taiga-protected/.venv/bin/gunicorn --workers 4 --timeout 60 --log-level=info --access-logfile - --bind 0.0.0.0:8003 server:app
Restart=always
RestartSec=3

Environment=PYTHONUNBUFFERED=true

[Install]
WantedBy=default.target
  • Recargamos
sudo systemctl daemon-reload
sudo systemctl start taiga-protected
sudo systemctl enable taiga-protected
  • Verificamos
sudo systemctl status taiga-protected

Expose Taiga with NGINX

  • Remove the default NGINX config file to avoid collision with Taiga:
sudo rm /etc/nginx/sites-enabled/default
  • Create the logs folder (mandatory), debe ser en ls /home/taiga/logs/
mkdir -p ~/logs
  • Creamos el archivo
nano /etc/nginx/conf.d/taiga.conf
  • Le agregamos
server {
    listen 80 default_server;
    server_name taiga.siua.ac.cr;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 default_server;
    server_name taiga.siua.ac.cr;  #  See http://nginx.org/en/docs/http/server_names.html

    large_client_header_buffers 4 32k;
    client_max_body_size 50M;
    charset utf-8;

    access_log /home/taiga/logs/nginx.access.log;
    error_log /home/taiga/logs/nginx.error.log;

    # TLS: Configure your TLS following the best practices inside your company
    # Other configurations

    # Frontend
    location / {
        alias /home/taiga/taiga-front-dist/dist/;
        index index.html;
        try_files $uri $uri/ index.html =404;
    }

    # API
    location /api/ {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.0.0.1:8001/api/;
        proxy_redirect off;
    }

    # Admin
    location /admin/ {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.0.0.1:8001/admin/;
        proxy_redirect off;
    }

    # Static files
    location /static/ {
        alias /home/taiga/taiga-back/static/;
    }

    # Media
    location /_protected/ {
        internal;
        alias /home/taiga/taiga-back/media/;
        add_header Content-disposition "attachment";
    }

    # Unprotected section
    location /media/exports/ {
        alias /home/taiga/taiga-back/media/exports/;
        add_header Content-disposition "attachment";
    }

    location /media/ {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.0.0.1:8003/;
        proxy_redirect off;
    }

    # Events
    location /events {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_connect_timeout 7d;
        proxy_send_timeout 7d;
        proxy_read_timeout 7d;
        proxy_pass http://127.0.0.1:8888/events;
    }

}
  • Execute the following command to verify the NGINX configuration and to track any error in the service:
sudo nginx -t


//Resultado
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
  • Finally, restart the nginx service:
sudo systemctl restart nginx
  • Restart all Taiga services after updating the configuration:
sudo systemctl restart 'taiga*'

Instalación de Let’s Encrypt SSL

  • Hacemos el proceso de crear un certificado con proxy reverso
  • Creamos en el servidor taiga una carpeta para alamcenarlos
mkdir /home/taiga/certificados
  • Les datos permisos
chmod 777 -R /home/taiga/certificados
  • En proxy le pasamos los certificados
scp -P 44 -r /etc/letsencrypt/live/taiga.siua.ac.cr/fullchain.pem root@10.20.200.85:/home/taiga/certificados/fullchain.pem 
scp -P 44 -r /etc/letsencrypt/live/taiga.siua.ac.cr/privkey.pem root@10.20.200.85:/home/taiga/certificados/privkey.pem
  • Abrimos el archivo
nano /etc/nginx/conf.d/taiga.conf
  • Le agregamos al final
# SSL
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
    add_header Public-Key-Pins 'pin-sha256="klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY="; pin-sha256="633lt352PKRXbOwf4xSEa1M517scpD3l5f79xMD9r9Q="; max-age=2592000; includeSubDomains';

    ssl_certificate /home/taiga/certificados/fullchain.pem;   # Set SSL cert path
    ssl_certificate_key /home/taiga/certificados/privkey.pem; # Set SSL key  path
    ssl_stapling on;
    ssl_stapling_verify on;
  • Y modificamos la linea
listen 443 default_server;
X
listen 443 ssl;
  • Verificamos
sudo nginx -t
  • Recargamos
sudo systemctl restart nginx