Skip to content

Instantly share code, notes, and snippets.

@bendo01

bendo01/taiga-centos8.sh

Forked from ViktorNova/taiga-centos8.sh
Created October 13, 2020 13:02
Show Gist options
  • Save bendo01/49fd91e6d8e3d4b8ad601dc83f6ef83a to your computer and use it in GitHub Desktop.
Save bendo01/49fd91e6d8e3d4b8ad601dc83f6ef83a to your computer and use it in GitHub Desktop.
Download ZIP
Install Taiga on CentOS 8 / RHEL 8
Raw
taiga-centos8.sh
#!/bin/bash
# Stop on error
set -e
# Stop on unitialized variables
set -u
# Stop on failed pipes
set -o pipefail
# IP_ADDR can be the IP address of your server OR FQDN that points to your server
# Example:
# IP_ADDR="example.com"
IP_ADDR="0.0.0.0"
SECRETKEY="yoursecretkey"
# Since the events password will be used inside an URL later, please use only web safe characters: a-z, A-Z, 0-9, and - . _ ~
EVENTS_PASSWORD="someotherpassword"
#take care of selinx and the firewall
setsebool -P httpd_read_user_content true
setsebool -P httpd_can_network_connect true
dnf install -y policycoreutils-python-utils bash-completion vim git python36
#semanage port -m -t http_port_t -p tcp 8000
#semanage port -a -t http_port_t -p tcp 8001
firewall-cmd --add-service http --permanent
firewall-cmd --add-service https --permanent
#firewall-cmd --add-port 8001/tcp --permanent
firewall-cmd --reload
# yum install -y gcc autoconf flex bison libjpeg-turbo-devel freetype-devel zlib-devel zeromq3-devel gdbm-devel ncurses-devel automake libtool libffi-devel curl git tmux libxml2-devel libxslt-devel wget openssl-devel gcc-c++
#PostgreSQL 9.5 (pulls in scl-utils as a dep)
dnf install -y postgresql-server postgresql-server-devel
postgresql-setup --initdb
systemctl enable postgresql --now
#PostgreSQL initDB setting
cd /home
su postgres -c "createuser taiga"
su postgres -c "createdb taiga -O taiga"
#taiga add
adduser taiga
#taiga-back
cd /home/taiga
git clone https://github.com/taigaio/taiga-back.git taiga-back
cd taiga-back/
git checkout stable
pip3 install --upgrade pip
su taiga -c "pip3 install -r requirements.txt"
chown -R taiga:taiga /home/taiga/
su taiga -c "python3 manage.py migrate --noinput"
su taiga -c "python3 manage.py loaddata initial_user"
su taiga -c "python3 manage.py loaddata initial_project_templates"
#su taiga -c "python3 manage.py loaddata initial_role"
su taiga -c "python3 manage.py compilemessages"
su taiga -c "python3 manage.py collectstatic --noinput"
cat >> /home/taiga/taiga-back/settings/local.py << EOF
from .development import *
from .common import *
MEDIA_URL = "http://${IP_ADDR}/media/"
STATIC_URL = "http://${IP_ADDR}/static/"
ADMIN_MEDIA_PREFIX = "http://${IP_ADDR}/static/admin/"
SITES["front"]["scheme"] = "http"
SITES["front"]["domain"] = "${IP_ADDR}"
SECRET_KEY = $SECRETKEY
DEBUG = False
TEMPLATE_DEBUG = False
PUBLIC_REGISTER_ENABLED = True
DEFAULT_FROM_EMAIL = "[email protected]"
SERVER_EMAIL = DEFAULT_FROM_EMAIL
CHANGE_NOTIFICATIONS_MIN_INTERVAL = 60 #seconds
EVENTS_PUSH_BACKEND = "taiga.events.backends.rabbitmq.EventsPushBackend"
EVENTS_PUSH_BACKEND_OPTIONS = {"url": "amqp://taiga:$EVENTS_PASSWORD/taiga"}
EOF
#taiga-front
cd /home/taiga
git clone https://github.com/taigaio/taiga-front-dist.git taiga-front-dist
cd taiga-front-dist/
git checkout stable
cd dist/
# Update details for taiga-front
sed -e "s%localhost:8000%${IP_ADDR}%" conf.example.json > conf.json
sed -i "s|\"eventsUrl\": null|\"eventsUrl\": \"ws://$IP_ADDR/events\"|g" conf.json
#circus
cd /home/taiga
dnf install -y nginx
cat > /etc/nginx/nginx.conf << 'EOF'
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
}
EOF
cat > /etc/nginx/conf.d/taiga.conf <<'EOF'
server {
listen 80 default_server;
server_name _;
large_client_header_buffers 4 32k;
client_max_body_size 50M;
charset utf-8;
access_log /var/log/nginx/taiga-nginx.access.log;
error_log /var/log/nginx/taiga-nginx.error.log;
# Frontend
location / {
root /home/taiga/taiga-front-dist/dist/;
try_files $uri $uri/ /index.html;
}
# Backend
location /api {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8001/api;
proxy_redirect off;
}
# Django admin access (/admin/)
location /admin {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8001$request_uri;
proxy_redirect off;
}
# Static files
location /static {
alias /home/taiga/taiga-back/static;
}
# Media files
location /media {
alias /home/taiga/taiga-back/media;
}
# Events
location /events {
proxy_pass http://127.0.0.1:8888/events;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_connect_timeout 7d;
proxy_send_timeout 7d;
proxy_read_timeout 7d;
}
}
EOF
cat > /etc/systemd/system/taiga.service <<EOF
[Unit]
Description=Taiga Service
After=network.target
[Service]
Type=simple
User=taiga
WorkingDirectory=/home/taiga/taiga-back
ExecStart=/usr/bin/python3 /home/taiga/taiga-back/manage.py runserver 127.0.0.1:8001
Restart=on-abort
[Install]
WantedBy=multi-user.target
EOF
# final steps
chown -R taiga:taiga /home/taiga/
chmod o+x /home/taiga/
chmod o+rx ~taiga/taiga-back/media
# now some systmectl stuff
systemctl daemon-reload
systemctl restart nginx taiga
systemctl enable nginx taiga
echo "Done installing Taiga"
echo "Press ENTER to continue installing Certbot"
read -p "You will be asked to enter some information and agree to LetsEncrypt terms"
# Install LetsEncrypt Certbot
wget https://dl.eff.org/certbot-auto
mv certbot-auto /usr/local/bin/certbot-auto
chmod 0755 /usr/local/bin/certbot-auto
certbot-auto -n --install-only
echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew" | tee -a /etc/crontab > /dev/null
echo "* * * * * taiga cd /home/taiga/taiga-back && python3 manage.py send_notifications" | tee -a /etc/crontab > /dev/null
### THIS PART IS A WORK IN PROGRESS ###
# Install events
echo "Installing realtime events..."
dnf install -y nodejs centos-release-rabbitmq @redis
dnf install -y rabbitmq-server
cd /home/taiga
su taiga -c "git clone https://github.com/taigaio/taiga-events.git taiga-events"
cd taiga-events
su taiga -c "npm install"
npm install -g coffeescript
echo '
[Unit]
Description=taiga_events
After=network.target
[Service]
User=taiga
WorkingDirectory=/home/taiga/taiga-events
ExecStart=/bin/bash -c "node_modules/coffeescript/bin/coffee index.coffee"
Restart=always
RestartSec=3
[Install]
WantedBy=default.target
' >> /etc/systemd/system/taiga-events.service
echo '
{
"url": "amqp://taiga:someotherpassword@localhost:5672/taiga",
"secret":"$SECRETKEY",
"webSocketServer": {
"port": 8888
}
}
' > /home/taiga/taiga-events/config.json
chown taiga /home/taiga/taiga-events/config.json
rabbitmqctl add_user taiga $PASSWORD_FOR_EVENTS
rabbitmqctl add_vhost taiga
rabbitmqctl set_permissions -p taiga taiga ".*" ".*" ".*"
systemctl enable --now redis rabbitmq-server taiga-events
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment