Skip to content

Instantly share code, notes, and snippets.

@ViktorNova
Forked from abradshaw/Taiga for EL8
Last active October 13, 2020 13:02
Show Gist options
  • Save ViktorNova/b8084bf58d2845d21ab01a4718f81943 to your computer and use it in GitHub Desktop.
Save ViktorNova/b8084bf58d2845d21ab01a4718f81943 to your computer and use it in GitHub Desktop.
Install Taiga on CentOS 8 / RHEL 8
#!/bin/bash
# Stop on error
set -e
# Stop on unitialized variables
set -u
# Stop on failed pipes
set -o pipefail
# IP_ADDR can be the IP address of your server OR FQDN that points to your server
# Example:
# IP_ADDR="example.com"
IP_ADDR="0.0.0.0"
SECRETKEY="yoursecretkey"
# Since the events password will be used inside an URL later, please use only web safe characters: a-z, A-Z, 0-9, and - . _ ~
EVENTS_PASSWORD="someotherpassword"
#take care of selinx and the firewall
setsebool -P httpd_read_user_content true
setsebool -P httpd_can_network_connect true
dnf install -y policycoreutils-python-utils bash-completion vim git python36
#semanage port -m -t http_port_t -p tcp 8000
#semanage port -a -t http_port_t -p tcp 8001
firewall-cmd --add-service http --permanent
firewall-cmd --add-service https --permanent
#firewall-cmd --add-port 8001/tcp --permanent
firewall-cmd --reload
# yum install -y gcc autoconf flex bison libjpeg-turbo-devel freetype-devel zlib-devel zeromq3-devel gdbm-devel ncurses-devel automake libtool libffi-devel curl git tmux libxml2-devel libxslt-devel wget openssl-devel gcc-c++
#PostgreSQL 9.5 (pulls in scl-utils as a dep)
dnf install -y postgresql-server postgresql-server-devel
postgresql-setup --initdb
systemctl enable postgresql --now
#PostgreSQL initDB setting
cd /home
su postgres -c "createuser taiga"
su postgres -c "createdb taiga -O taiga"
#taiga add
adduser taiga
#taiga-back
cd /home/taiga
git clone https://github.com/taigaio/taiga-back.git taiga-back
cd taiga-back/
git checkout stable
pip3 install --upgrade pip
su taiga -c "pip3 install -r requirements.txt"
chown -R taiga:taiga /home/taiga/
su taiga -c "python3 manage.py migrate --noinput"
su taiga -c "python3 manage.py loaddata initial_user"
su taiga -c "python3 manage.py loaddata initial_project_templates"
#su taiga -c "python3 manage.py loaddata initial_role"
su taiga -c "python3 manage.py compilemessages"
su taiga -c "python3 manage.py collectstatic --noinput"
cat >> /home/taiga/taiga-back/settings/local.py << EOF
from .development import *
from .common import *
MEDIA_URL = "http://${IP_ADDR}/media/"
STATIC_URL = "http://${IP_ADDR}/static/"
ADMIN_MEDIA_PREFIX = "http://${IP_ADDR}/static/admin/"
SITES["front"]["scheme"] = "http"
SITES["front"]["domain"] = "${IP_ADDR}"
SECRET_KEY = $SECRETKEY
DEBUG = False
TEMPLATE_DEBUG = False
PUBLIC_REGISTER_ENABLED = True
DEFAULT_FROM_EMAIL = "[email protected]"
SERVER_EMAIL = DEFAULT_FROM_EMAIL
CHANGE_NOTIFICATIONS_MIN_INTERVAL = 60 #seconds
EVENTS_PUSH_BACKEND = "taiga.events.backends.rabbitmq.EventsPushBackend"
EVENTS_PUSH_BACKEND_OPTIONS = {"url": "amqp://taiga:$EVENTS_PASSWORD/taiga"}
EOF
#taiga-front
cd /home/taiga
git clone https://github.com/taigaio/taiga-front-dist.git taiga-front-dist
cd taiga-front-dist/
git checkout stable
cd dist/
# Update details for taiga-front
sed -e "s%localhost:8000%${IP_ADDR}%" conf.example.json > conf.json
sed -i "s|\"eventsUrl\": null|\"eventsUrl\": \"ws://$IP_ADDR/events\"|g" conf.json
#circus
cd /home/taiga
dnf install -y nginx
cat > /etc/nginx/nginx.conf << 'EOF'
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
}
EOF
cat > /etc/nginx/conf.d/taiga.conf <<'EOF'
server {
listen 80 default_server;
server_name _;
large_client_header_buffers 4 32k;
client_max_body_size 50M;
charset utf-8;
access_log /var/log/nginx/taiga-nginx.access.log;
error_log /var/log/nginx/taiga-nginx.error.log;
# Frontend
location / {
root /home/taiga/taiga-front-dist/dist/;
try_files $uri $uri/ /index.html;
}
# Backend
location /api {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8001/api;
proxy_redirect off;
}
# Django admin access (/admin/)
location /admin {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8001$request_uri;
proxy_redirect off;
}
# Static files
location /static {
alias /home/taiga/taiga-back/static;
}
# Media files
location /media {
alias /home/taiga/taiga-back/media;
}
# Events
location /events {
proxy_pass http://127.0.0.1:8888/events;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_connect_timeout 7d;
proxy_send_timeout 7d;
proxy_read_timeout 7d;
}
}
EOF
cat > /etc/systemd/system/taiga.service <<EOF
[Unit]
Description=Taiga Service
After=network.target
[Service]
Type=simple
User=taiga
WorkingDirectory=/home/taiga/taiga-back
ExecStart=/usr/bin/python3 /home/taiga/taiga-back/manage.py runserver 127.0.0.1:8001
Restart=on-abort
[Install]
WantedBy=multi-user.target
EOF
# final steps
chown -R taiga:taiga /home/taiga/
chmod o+x /home/taiga/
chmod o+rx ~taiga/taiga-back/media
# now some systmectl stuff
systemctl daemon-reload
systemctl restart nginx taiga
systemctl enable nginx taiga
echo "Done installing Taiga"
echo "Press ENTER to continue installing Certbot"
read -p "You will be asked to enter some information and agree to LetsEncrypt terms"
# Install LetsEncrypt Certbot
wget https://dl.eff.org/certbot-auto
mv certbot-auto /usr/local/bin/certbot-auto
chmod 0755 /usr/local/bin/certbot-auto
certbot-auto -n --install-only
echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew" | tee -a /etc/crontab > /dev/null
echo "* * * * * taiga cd /home/taiga/taiga-back && python3 manage.py send_notifications" | tee -a /etc/crontab > /dev/null
### THIS PART IS A WORK IN PROGRESS ###
# Install events
echo "Installing realtime events..."
dnf install -y nodejs centos-release-rabbitmq @redis
dnf install -y rabbitmq-server
cd /home/taiga
su taiga -c "git clone https://github.com/taigaio/taiga-events.git taiga-events"
cd taiga-events
su taiga -c "npm install"
npm install -g coffeescript
echo '
[Unit]
Description=taiga_events
After=network.target
[Service]
User=taiga
WorkingDirectory=/home/taiga/taiga-events
ExecStart=/bin/bash -c "node_modules/coffeescript/bin/coffee index.coffee"
Restart=always
RestartSec=3
[Install]
WantedBy=default.target
' >> /etc/systemd/system/taiga-events.service
echo '
{
"url": "amqp://taiga:someotherpassword@localhost:5672/taiga",
"secret":"$SECRETKEY",
"webSocketServer": {
"port": 8888
}
}
' > /home/taiga/taiga-events/config.json
chown taiga /home/taiga/taiga-events/config.json
rabbitmqctl add_user taiga $PASSWORD_FOR_EVENTS
rabbitmqctl add_vhost taiga
rabbitmqctl set_permissions -p taiga taiga ".*" ".*" ".*"
systemctl enable --now redis rabbitmq-server taiga-events
@ViktorNova
Copy link
Author

Make sure to set IP address and secret before running script!

@ViktorNova
Copy link
Author

ViktorNova commented Apr 2, 2020

After installation and a domain is pointed, you can run certbot-auto --nginx to get https working. If you let certbot reconfigure nginx to auto redirect to https, it might mangle the file a little bit, but it's easy to clean up. Just make sure the reverse proxies and everything else is under the 443 server block. The 80 server block should only contain the following after enabling SSL

server {
    listen 80 default_server;
    server_name example.com;
    if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot
  
    return 404; # managed by Certbot
}

Important: the reverse proxies should remain as http://127.0.0.1:8001, do not change these to https

Follow this for more info, though lots of this stuff doesn't apply to this script
https://taigaio.github.io/taiga-doc/dist/setup-production.html#_taiga_hardening_https

Files to edit for https URLS:
/etc/nginx/conf.d/taiga.conf
Note: Make sure to change the events websockets URL ws:// to wss:// when switching to HTTPS
/home/taiga/taiga-front-dist/dist/conf.json
/home/taiga/taiga-back/settings/local.py

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment