taigaio / taiga-doc Goto Github PK

This is a continuation from an old issue in the old repository. Basically documenting how to setup taiga with caddy as the web-server rather than only a reverse-proxy. We were waiting on a feature on caddy in order to integrate taiga-protected. This has recently been added and I've tested it's functionality. I am here to share the complete Caddyfile for taiga. Feel free to edit it for better visibility and ask for any clarifications:

taiga.example.com {
	# General configurations
	encode gzip zstd

	# Forward all basic paths to taiga-back
	@taiga-back path /admin/* /api/*
	handle @taiga-back {
		reverse_proxy 127.0.0.1:8001
	}

	# Serve public attachments directly with appropriate header 
	handle /media/exports/* {
		header Content-disposition "attachment"
		root * /path/to/taiga-back
		file_server
	}

	# Serve all other media files through taiga-protect or directly
	# If taiga-protected is used switch the following directive with the commented one
	handle /media/* {
		root * /path/to/taiga-back
		file_server
	}
#	handle_path /media/* {
#		reverse_proxy localhost:8003 {
#			# Nginx's X-Accel-Redirect has to be manually implemented here
#			# Note: the response is in the form of /_protected/.... so a symbolic link should be added:
#			# from taiga-back/_protected to taiga-back/media
#			@accel header X-Accel-Redirect *
#			handle_response @accel {
#				root * /path/to/taiga-back
#				header Content-Disposition "attachment"
#				rewrite {http.reverse_proxy.header.X-Accel-Redirect}
#				file_server
#			}
#		}
#	}

	# If taiga-events is installed uncomment this next section
	handle /events* {
		reverse_proxy localhost:8888
	}
	# All other paths
	handle {
		@backend path /static/*
		root @backend /path/to/taiga-back
		root * /path/to/taiga-front/dist
		try_files {path} {path}/ /index.html
		file_server
	}

	# Optional: Write the logs to file
	log {
		output file /path/to/caddy.log
	}
}

As soon as caddy v2.4.1 or caddyserver/caddy#4165 is implemented, this documentation is ready for production. (Edit: the new caddy version is up)

Docs mention file to check a file for troubleshooting that never got created during setup.

All files in this list got created and edited during the installation guide except the one in the green circle. This one never got mentioned and is not created during installation. Found at the very bottom of https://docs.taiga.io/setup-production.html#setup-prod-from-source-code

Describe the bug
The documentation setup-production.adoc (rendered) suggests invalid values for EMAIL_BACKEND. To quote:

EMAIL_BACKEND=console  # use an SMTP server or display the emails in the console (either "smtp" or "console")

However, the newest Taiga version fails to send any mails with EMAIL_BACKEND=smtp. The logs from the async container shows a Python import error, stating that smtp is invalid. By further investigation, I discovered that Taiga uses Django's mail backend, which describes correct & working values (e.g. EMAIL_BACKEND=django.core.mail.backends.smtp.EmailBackend).

How can we reproduce the behavior
Launch a Docker Taiga setup with EMAIL_BACKEND=smtp and valid SMTP credentials. Trigger a email notification and look for errors in the taiga-async container logs.

Workarounds
Use documentation from: https://docs.djangoproject.com/en/5.0/topics/email/

Taiga environment
Installed as described in taiga-docker.

Additional context
Neither the code from the Docker container's entrypoint nor from taiga-backend suggest that they use these environment variables. To me it seems that Django's mail backend does access these environment variables directly. Hence, IMO it would make sense to just link to the Django backend instead of copying their documentation into Taiga's documentation.

EDIT: It seems that PR #17 introduced this issue.

Under the section "Session Settings" on this page users are getting told to add

SESSION_COOKIE_SECURE: "False" CSRF_COOKIE_SECURE: "False"

to "Service: taiga-back" two times in a row. Maybe this is a typo and it's supposed to be added to taiga-back plus a different service?

Please describe the problem / need you are trying to solve.
Add
chown -R taiga:taiga /home/taiga/
chmod o+x /home/taiga/
chmod o+rx ~taiga/taiga-back/media

Additional context
Required for permissions for Caddy to access files. Not present in documentation

Hello! Is there a setting to select a default page for unauthorized users? I wish they were immediately prompted to log in