https://docs.taiga.io/setup-production.html#_introduction
Dependencias
- Instalamos
sudo apt-get update
sudo apt-get install -y build-essential binutils-doc autoconf flex bison libjpeg-dev
sudo apt-get install -y libfreetype6-dev zlib1g-dev libzmq3-dev libgdbm-dev libncurses5-dev
sudo apt-get install -y automake libtool curl git tmux gettext
sudo apt-get install -y nginx
sudo apt-get install -y rabbitmq-server
PostgreSQL
sudo apt-get install -y postgresql-12 postgresql-contrib-12 postgresql-doc-12 postgresql-server-dev-12
sudo pg_ctlcluster 12 main start
Python3
sudo apt-get install -y python3 python3-pip python3-dev python3-venv
sudo apt-get install -y libxml2-dev libxslt-dev
sudo apt-get install -y libssl-dev libffi-dev
Node.js
curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash -
sudo apt-get install gcc g++ make
sudo apt-get install -y nodejs
Crear usuario taiga
sudo adduser taiga -->Pass:CA2
sudo adduser taiga sudo
sudo su taiga
cd /home/taiga/
cd ~
NOTA: a partir de aquí se debe instalar con el usuario Taiga y no con root
Configurar PostgreSQL y RabbitMQ
sudo -u postgres createuser taiga --interactive --pwprompt
//instalación:
password for taiga:CA2
Enter password for new role: HB0
Enter it again: HB0
Shall the new role be a superuser? (y/n) y
//fin
sudo -u postgres createdb taiga -O taiga --encoding='utf-8' --locale=en_US.utf8 --template=template0
Create a rabbitmquser named taiga
and a virtualhost for RabbitMQ (taiga-events and async tasks)
sudo rabbitmqctl add_user rabbitmquser rabbitmqpassword //Nota se debe cambiar
//Adding user "rabbitmquser" ...
sudo rabbitmqctl add_vhost taiga
//Adding vhost "taiga" ...
sudo rabbitmqctl set_permissions -p taiga rabbitmquser ".*" ".*" ".*"
//Setting permissions for user "rabbitmquser" in vhost "taiga" ...
Configuración del Backend
- es la instalación de los módulos taiga-back y taiga-async
- Obtenemos el código
cd ~
git clone https://github.com/kaleidos-ventures/taiga-back.git taiga-back
cd taiga-back
git checkout stable
- Crear virtualenv
python3 -m venv .venv --prompt taiga-back
source .venv/bin/activate
pip install --upgrade pip wheel
- Install all Python dependencies
pip install -r requirements.txt
- Install taiga-contrib-protected
pip install git+https://github.com/kaleidos-ventures/taiga-contrib-protected.git@stable#egg=taiga-contrib-protected
- Crear archivo de configuración
cp settings/config.py.prod.example settings/config.py
- Abrimos
nano settings/config.py
- Modificamos
- Taiga secret key: it’s important to change it. It must have the same value as the secret key in
taiga-events
andtaiga-protected
- Taiga urls: configure where Taiga would be served using
TAIGA_URL
,SITES
andFORCE_SCRIPT_NAME
(see examples below) - Connection to PostgreSQL; check
DATABASES
section in the file - Connection to RabbitMQ for
taiga-events
; check «EVENTS» section in the file - Connection to RabbitMQ for
taiga-async
; check «TAIGA ASYNC» section in the file - Credentials for email; check «EMAIL» section in the file
- Enable/disable anonymous telemetry; check «TELEMETRY» section in the file
- Modificamos
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.postgresql',
'NAME': 'taiga',
'USER': 'taiga',
'PASSWORD': 'changeme',
'HOST': '',
'PORT': '',
}
}
X
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.postgresql',
'NAME': 'taiga',
'USER': 'taiga',
'PASSWORD': 'HB0',
'HOST': '',
'PORT': '',
}
}
SECRET_KEY = "changeme"
X
SECRET_KEY = "taigaugit"
TAIGA_SITES_SCHEME = "https"
TAIGA_SITES_DOMAIN = "example.com"
X
TAIGA_SITES_DOMAIN = "taiga.siua.ac.cr"
FORCE_SCRIPT_NAME = ""
#########################################
## EMAIL
#########################################
# https://docs.djangoproject.com/en/3.1/topics/email/
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
CHANGE_NOTIFICATIONS_MIN_INTERVAL = 120 # seconds
DEFAULT_FROM_EMAIL = 'changeme@example.com'
EMAIL_USE_TLS = True
EMAIL_USE_SSL = True
EMAIL_HOST = 'localhost'
EMAIL_PORT = 587
EMAIL_HOST_USER = 'user'
EMAIL_HOST_PASSWORD = 'password'
X
#########################################
## EMAIL
#########################################
# https://docs.djangoproject.com/en/3.1/topics/email/
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
CHANGE_NOTIFICATIONS_MIN_INTERVAL = 120 # seconds
DEFAULT_FROM_EMAIL = 'admin@siua.ac.cr'
EMAIL_USE_TLS = True
EMAIL_USE_SSL = True
EMAIL_HOST = 'correo.siua.ac.cr'
EEMAIL_PORT = 465
EMAIL_HOST_USER = 'admin'
EMAIL_HOST_PASSWORD = 'AC2'
#########################################
## EVENTS
#########################################
EVENTS_PUSH_BACKEND = "taiga.events.backends.rabbitmq.EventsPushBackend"
EVENTS_PUSH_BACKEND_OPTIONS = {
"url": "amqp://rabbitmquser:rabbitmqpassword@rabbitmqhost:5672/taiga" //No los cambie
}
#########################################
## TAIGA ASYNC
#########################################
CELERY_ENABLED = os.getenv('CELERY_ENABLED', 'True') == 'True'
#########################################
## TELEMETRY
#########################################
ENABLE_TELEMETRY = True
Importar datos a la base de datos
source .venv/bin/activate
DJANGO_SETTINGS_MODULE=settings.config python manage.py migrate --noinput
# Crear usuario administrador con contraseña fuerte
CELERY_ENABLED=False DJANGO_SETTINGS_MODULE=settings.config python manage.py createsuperuser
//Resultado
Username: ugit
Email address: gustavo.matamoros@siua.ac.cr
Password: Sk83
Password (again): Sk83
Superuser created successfully.
//fin
DJANGO_SETTINGS_MODULE=settings.config python manage.py loaddata initial_project_templates
DJANGO_SETTINGS_MODULE=settings.config python manage.py compilemessages
DJANGO_SETTINGS_MODULE=settings.config python manage.py collectstatic --noinput
Instalar demos
- Si desea instalar demos (tarda un rato)
CELERY_ENABLED=False DJANGO_SETTINGS_MODULE=settings.config python manage.py sample_data
Verificación
- Si queremos verificar la instalación ejecutamos
source .venv/bin/activate
DJANGO_SETTINGS_MODULE=settings.config python manage.py runserver 10.20.200.85:8000
- Ahora abrimos el navegador en http://10.20.200.85:8000/api/v1/
- Ahora abrimos el navegador en http://10.20.200.85:8000/admin/ no sirvió error CSRF
Instalación del Frontend
- Obtener código
cd ~
git clone https://github.com/kaleidos-ventures/taiga-front-dist.git taiga-front-dist
cd taiga-front-dist
git checkout stable
- Copiar la configuración
cp ~/taiga-front-dist/dist/conf.example.json ~/taiga-front-dist/dist/conf.json
- Abrimos
nano dist/conf.json
- Modificar la configuración
{
"api": "http://localhost:8000/api/v1/",
"eventsUrl": null,
"baseHref": "/",
X
{
"api": "https://taiga.siua.ac.cr/api/v1/",
"eventsUrl": "wss://taiga.siua.ac.cr/events",
"baseHref": "/",
- Quedando así
{
"api": "http://taiga.siua.ac.cr:8000/api/v1/",
"eventsUrl": "wss://taiga.siua.ac.cr/events",
"baseHref": "/",
"eventsMaxMissedHeartbeats": 5,
"eventsHeartbeatIntervalTime": 60000,
"eventsReconnectTryInterval": 10000,
"debug": false,
"debugInfo": false,
"defaultLanguage": "en",
"themes": ["taiga"],
"defaultTheme": "taiga",
"defaultLoginEnabled": true,
"publicRegisterEnabled": true,
"feedbackEnabled": true,
"supportUrl": "https://resources.taiga.io",
"privacyPolicyUrl": null,
"termsOfServiceUrl": null,
"maxUploadFileSize": null,
"contribPlugins": [],
"tagManager": { "accountId": null },
"tribeHost": null,
"enableAsanaImporter": false,
"enableGithubImporter": false,
"enableJiraImporter": false,
"enableTrelloImporter": false,
"gravatar": false,
"rtlLanguages": ["ar", "fa", "he"]
}
- Como nuestro dominio lleva directamente a la aplicación https://taiga.siua.ac.cr y no http://siua.ac.cr/taiga solo verificamos que el archivo index.html este así
nano dist/index.html
- Debe estar así
<base href="/">
Configurar Events
- Obtener código
cd ~
git clone https://github.com/kaleidos-ventures/taiga-events.git taiga-events
cd taiga-events
git checkout stable
Instalar dependencias Javascript
npm install
- Create
.env
file based on the provided example
cp .env.example .env
- Abrimos
nano .env
- Update it with your RabbitMQ URL and your unique secret key. Your final
.env
should look similar to the following example:
RABBITMQ_URL="amqp://rabbitmquser:rabbitmqpassword@rabbitmqhost:5672/taiga"
SECRET="taigaugit"
WEB_SOCKET_SERVER_PORT=8888
APP_PORT=3023
Taiga protected Setup
- Obtener código
cd ~
git clone https://github.com/kaleidos-ventures/taiga-protected.git taiga-protected
cd taiga-protected
git checkout stable
- Create a virtualenv:
python3 -m venv .venv --prompt taiga-protected
source .venv/bin/activate
pip install --upgrade pip wheel
- Install all Python dependencies:
pip install -r requirements.txt
- Copy the example config file:
cp ~/taiga-protected/env.sample ~/taiga-protected/.env
- Abrimos
nano .env
- Modificamos
SECRET_KEY="taiga-back-secret-key"
X
SECRET_KEY="taigaugit"
Iniciar Taiga (root)
- Creamos al archivo como root
nano /etc/systemd/system/taiga.service
- Le agregamos
[Unit]
Description=taiga_back
After=network.target
[Service]
User=taiga
WorkingDirectory=/home/taiga/taiga-back
ExecStart=/home/taiga/taiga-back/.venv/bin/gunicorn --workers 4 --timeout 60 --log-level=info --access-logfile - --bind 0.0.0.0:8001 taiga.wsgi
Restart=always
RestartSec=3
Environment=PYTHONUNBUFFERED=true
Environment=DJANGO_SETTINGS_MODULE=settings.config
[Install]
WantedBy=default.target
- Recargamops el servicio
sudo systemctl daemon-reload
sudo systemctl start taiga
sudo systemctl enable taiga
- Verificamos el servicio
sudo systemctl status taiga
- creamos el servcicio
nano /etc/systemd/system/taiga-async.service
- Le agregamos
[Unit]
Description=taiga_async
After=network.target
[Service]
User=taiga
WorkingDirectory=/home/taiga/taiga-back
ExecStart=/home/taiga/taiga-back/.venv/bin/celery -A taiga.celery worker -B --concurrency 4 -l INFO
Restart=always
RestartSec=3
ExecStop=/bin/kill -s TERM $MAINPID
Environment=PYTHONUNBUFFERED=true
Environment=DJANGO_SETTINGS_MODULE=settings.config
[Install]
WantedBy=default.target
- recargamos el servcio
sudo systemctl daemon-reload
sudo systemctl start taiga-async
sudo systemctl enable taiga-async
- Verificamos el servicio
sudo systemctl status taiga-async
- Creamos el servicio
nano /etc/systemd/system/taiga-events.service
- Le agregamos
[Unit]
Description=taiga_events
After=network.target
[Service]
User=taiga
WorkingDirectory=/home/taiga/taiga-events
ExecStart=npm run start:production
Restart=always
RestartSec=3
[Install]
WantedBy=default.target
- Recargamos
sudo systemctl daemon-reload
sudo systemctl start taiga-events
sudo systemctl enable taiga-events
- Verificamos
sudo systemctl status taiga-events
- Creamos el servicio
nano /etc/systemd/system/taiga-protected.service
- Le agregamos
[Unit]
Description=taiga_protected
After=network.target
[Service]
User=taiga
WorkingDirectory=/home/taiga/taiga-protected
ExecStart=/home/taiga/taiga-protected/.venv/bin/gunicorn --workers 4 --timeout 60 --log-level=info --access-logfile - --bind 0.0.0.0:8003 server:app
Restart=always
RestartSec=3
Environment=PYTHONUNBUFFERED=true
[Install]
WantedBy=default.target
- Recargamos
sudo systemctl daemon-reload
sudo systemctl start taiga-protected
sudo systemctl enable taiga-protected
- Verificamos
sudo systemctl status taiga-protected
Expose Taiga with NGINX
- Remove the default NGINX config file to avoid collision with Taiga:
sudo rm /etc/nginx/sites-enabled/default
- Create the logs folder (mandatory), debe ser en ls /home/taiga/logs/
mkdir -p ~/logs
- Creamos el archivo
nano /etc/nginx/conf.d/taiga.conf
- Le agregamos
server {
listen 80 default_server;
server_name taiga.siua.ac.cr;
return 301 https://$server_name$request_uri;
}
server {
listen 443 default_server;
server_name taiga.siua.ac.cr; # See http://nginx.org/en/docs/http/server_names.html
large_client_header_buffers 4 32k;
client_max_body_size 50M;
charset utf-8;
access_log /home/taiga/logs/nginx.access.log;
error_log /home/taiga/logs/nginx.error.log;
# TLS: Configure your TLS following the best practices inside your company
# Other configurations
# Frontend
location / {
alias /home/taiga/taiga-front-dist/dist/;
index index.html;
try_files $uri $uri/ index.html =404;
}
# API
location /api/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8001/api/;
proxy_redirect off;
}
# Admin
location /admin/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8001/admin/;
proxy_redirect off;
}
# Static files
location /static/ {
alias /home/taiga/taiga-back/static/;
}
# Media
location /_protected/ {
internal;
alias /home/taiga/taiga-back/media/;
add_header Content-disposition "attachment";
}
# Unprotected section
location /media/exports/ {
alias /home/taiga/taiga-back/media/exports/;
add_header Content-disposition "attachment";
}
location /media/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8003/;
proxy_redirect off;
}
# Events
location /events {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_connect_timeout 7d;
proxy_send_timeout 7d;
proxy_read_timeout 7d;
proxy_pass http://127.0.0.1:8888/events;
}
}
- Execute the following command to verify the NGINX configuration and to track any error in the service:
sudo nginx -t
//Resultado
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
- Finally, restart the
nginx
service:
sudo systemctl restart nginx
- Restart all Taiga services after updating the configuration:
sudo systemctl restart 'taiga*'
Instalación de Let’s Encrypt SSL
- Hacemos el proceso de crear un certificado con proxy reverso
- Creamos en el servidor taiga una carpeta para alamcenarlos
mkdir /home/taiga/certificados
- Les datos permisos
chmod 777 -R /home/taiga/certificados
- En proxy le pasamos los certificados
scp -P 44 -r /etc/letsencrypt/live/taiga.siua.ac.cr/fullchain.pem root@10.20.200.85:/home/taiga/certificados/fullchain.pem
scp -P 44 -r /etc/letsencrypt/live/taiga.siua.ac.cr/privkey.pem root@10.20.200.85:/home/taiga/certificados/privkey.pem
- Abrimos el archivo
nano /etc/nginx/conf.d/taiga.conf
- Le agregamos al final
# SSL
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header Public-Key-Pins 'pin-sha256="klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY="; pin-sha256="633lt352PKRXbOwf4xSEa1M517scpD3l5f79xMD9r9Q="; max-age=2592000; includeSubDomains';
ssl_certificate /home/taiga/certificados/fullchain.pem; # Set SSL cert path
ssl_certificate_key /home/taiga/certificados/privkey.pem; # Set SSL key path
ssl_stapling on;
ssl_stapling_verify on;
- Y modificamos la linea
listen 443 default_server;
X
listen 443 ssl;
- Verificamos
sudo nginx -t
- Recargamos
sudo systemctl restart nginx
- Ahora abrimos el navegador en https://taiga.siua.ac.cr/api/v1/
- Ahora abrimos el navegador en https://taiga.siua.ac.cr/admin/ no sirvió error CSRF