riotkit-org/docker-taiga

Docker-compose.yml traefik, taiga displays strange landing page.

Opened this issue · 11 comments

Deleted user commented

Hello all,

I am using the following docker-compose.yml file to start Taiga with Traefik.

version: "3"

services:
  taiga:
    image: quay.io/riotkit/taiga:5.0.6
    depends_on:
      - postgres
    volumes:
      - taigamedia:/usr/src/taiga-back/media
    networks:
      - backend
    restart: always
    environment:
      TAIGA_SECRET_KEY: password_key
      TAIGA_HOSTNAME: somehost.com
      TAIGA_SCHEME: https
      TAIGA_DB_NAME: taiga
      TAIGA_DB_USER: taiga
      TAIGA_DB_HOST: postgres
      TAIGA_DB_PASSWORD: password
    labels:
      - traefik.enable=true
      - traefik.frontend.rule=Host:somehost.com; PathPrefixStrip:/taiga
      - traefik.backend=taiga
      - traefik.docker.network=frontend
      - traefik.port=80
      - traefik.frontend.headers.referrerPolicy=no-referrer
      - traefik.frontend.headers.SSLRedirect=true
      - traefik.frontend.headers.contentTypeNosniff=true

  postgres:
    image: postgres
    restart: always
    environment:
      POSTGRES_DB: taiga
      POSTGRES_PASSWORD: password
      POSTGRES_USER: taiga
    volumes:
      - postgrestaiga:/var/lib/postgresql/data
    networks:
      - backend
    labels:
      - traefik.enable=false

volumes:
  taigamedia:
  postgrestaiga:

networks:
  backend:
    external: true

The compose file executes successfully, however, when heading to hostname.com/taiga the following is displayed.
taiga

Am I missing something obvious here?

Thanks.

blackandred commented

Hi,

What does the browser say in the developer tools?
Maybe it could be something related to PathPrefixStrip:/taiga?

We had some issue with traefik in the past, but actually I don't remember if it was resolved - you could look through issues by searching by traefik, we do not have them so many.

blackandred commented

At @riotkit-org we run Taiga behind a gateway, but it is on NGINX. So that's where we have it tested all the time.

We use a our own dockerized environment based on docker-compose, which has service-discovery feature, just like Traefik, but based on NGINX.

Example service:
https://github.com/riotkit-org/riotkit-harbor/blob/master/apps/conf/infrastructure.health.yml

What I wanted to express is that we have of course tested it in a configuration behind a centralized gateway, with SSL provided by gateway and stripped down in the docker network.

That's our prod config in Harbor environment:

TAIGA_HOSTNAME: XYZ${DOMAIN_SUFFIX}
TAIGA_SCHEME: https
TAIGA_SECRET_KEY: "${TAIGA_SECRET_KEY}"
TAIGA_DEFAULT_LOCALE: pl
TAIGA_ENABLE_SSL: "false"
TAIGA_REDIRECT_TO_SSL: "false"

TAIGA_DB_NAME: ${TAIGA_DB}
TAIGA_DB_HOST: ${TAIGA_DB_HOST}
TAIGA_DB_USER: ${TAIGA_DB_USER}
TAIGA_DB_PASSWORD: ${TAIGA_DB_PASSWD}

TAIGA_ENABLE_EMAIL: "true"
TAIGA_EMAIL_FROM: no-reply@XYZ
TAIGA_EMAIL_USE_TLS: "false"
TAIGA_EMAIL_HOST: ${SMTP_ADDRESS}
TAIGA_EMAIL_PORT: ${SMTP_PORT}
TAIGA_EMAIL_USER: ${SMTP_USER}
TAIGA_EMAIL_PASS: ${SMTP_PASSWORD}

VIRTUAL_HOST: XYZ${DOMAIN_SUFFIX}
VIRTUAL_PORT: "80"
LETSENCRYPT_HOST: XYZ${DOMAIN_SUFFIX}
LETSENCRYPT_EMAIL: ${LETSENCRYPT_EMAIL}
blackandred commented

I have looked at PathPrefixStrip - I think if you are trying to setup Taiga instance under a subdirectory, that would not work. Most of the applications would not run in that way. The most safier, most common way is to assign a subdomain to an application.

Why? 1. Security reasons, 2. Common setup, less issues for the application to find it'self whats the url - it's more complex when an application separates frontend from backend - the frontend excepts specific endpoints on the backend eg. /api/something, not /taiga/api/something. That's even mostly hardcoded in the applications and nobody is thinking it could be wrong, because it's not.

Deleted user commented

Looking in the browser console. I am seeing some odd errors.

The resource from “https://{{Ipaddress}}/apps/files/” was blocked due to MIME type (“text/html”)

I have a instance of nextcloud deployed. Which has a NGINX instance already running, could this be causing issues?
It looks like when I go to /taiga it is getting confused on where do go or something? Tbh I am out of my depth here :/

I don't really have the option to have a subdomain in my setup as it's a local service. I just head to the IP address and is why I am using the PathPrefixStrip to go to the Taiga service.

blackandred commented

You are in an internal network? Maybe we can find some solution if you could describe the environment.

Deleted user commented

I just checked to see if Traefik is routing to the container correctly and it looks like it should be.
Looking in the dashboard I can see the frontend is linked to the appropriate backend. The backend server IP is http://172.31.0.9:80 and using docker inspect the IP for taiga is http://172.31.0.9:80 so that's all correct 🤔

Deleted user commented

Here are the logs from the container, although nothing looks a miss to me here:

 >> Setting user id and group id
usermod: no changes
 >> Correcting permissions
 >> Preparing configuration files...
 HINT: Add your files into /etc/nginx/extensions.d to include them in NGINX configuration
 >> Enabling plugins
 >> Preparing a database migration
Running database check
Connecting to database:
dbname='taiga' user='taiga' host='postgres' password='somepasswordhere'
 >> Updating/migrating plugins...
['']
+ nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
+ exec supervisord -c /etc/supervisord.conf
2020-02-13 22:35:58,896 INFO Set uid to user 0 succeeded
2020-02-13 22:35:58,899 INFO supervisord started with pid 1
2020-02-13 22:35:59,904 INFO spawned: 'nginx' with pid 21
2020-02-13 22:35:59,907 INFO spawned: 'backend' with pid 22
2020-02-13 22:36:00,159 DEBG 'backend' stderr output:
[2020-02-13 22:36:00 +0000] [22] [INFO] Starting gunicorn 19.9.0

2020-02-13 22:36:00,159 DEBG 'backend' stderr output:
[2020-02-13 22:36:00 +0000] [22] [INFO] Listening at: http://127.0.0.1:8000 (22)

2020-02-13 22:36:00,159 DEBG 'backend' stderr output:
[2020-02-13 22:36:00 +0000] [22] [INFO] Using worker: sync

2020-02-13 22:36:00,162 DEBG 'backend' stderr output:
[2020-02-13 22:36:00 +0000] [29] [INFO] Booting worker with pid: 29

2020-02-13 22:36:00,239 DEBG 'backend' stderr output:
[2020-02-13 22:36:00 +0000] [31] [INFO] Booting worker with pid: 31

2020-02-13 22:36:00,277 DEBG 'backend' stderr output:
[2020-02-13 22:36:00 +0000] [32] [INFO] Booting worker with pid: 32

2020-02-13 22:36:00,347 DEBG 'backend' stderr output:
[2020-02-13 22:36:00 +0000] [34] [INFO] Booting worker with pid: 34

2020-02-13 22:36:00,651 DEBG 'backend' stderr output:
Trying import local.py settings...

2020-02-13 22:36:00,800 DEBG 'backend' stderr output:
Trying import local.py settings...

2020-02-13 22:36:00,851 DEBG 'backend' stderr output:
Trying import local.py settings...

2020-02-13 22:36:00,930 DEBG 'backend' stderr output:
Trying import local.py settings...

2020-02-13 22:36:00,931 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2020-02-13 22:36:00,931 INFO success: backend entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2020-02-13 22:36:14,027 DEBG 'nginx' stdout output:
127.0.0.1 - - [13/Feb/2020:22:36:14 +0000] "GET / HTTP/1.1" 200 91976 "-" "curl/7.64.0" "-"

2020-02-13 22:37:14,462 DEBG 'nginx' stdout output:
127.0.0.1 - - [13/Feb/2020:22:37:14 +0000] "GET / HTTP/1.1" 200 91976 "-" "curl/7.64.0" "-"
blackandred commented

I'm sure the frontend is looking for the backend to be at "/", that's why it does not connect.

Deleted user commented

Hmmm. Seems I'm kinda screwed then...

blackandred commented