Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FR] Caddy web-server support #2

Closed
LecrisUT opened this issue May 12, 2021 · 10 comments
Closed

[FR] Caddy web-server support #2

LecrisUT opened this issue May 12, 2021 · 10 comments

Comments

@LecrisUT
Copy link

LecrisUT commented May 12, 2021
edited
Loading

This is a continuation from an old issue in the old repository. Basically documenting how to setup taiga with caddy as the web-server rather than only a reverse-proxy. We were waiting on a feature on caddy in order to integrate taiga-protected. This has recently been added and I've tested it's functionality. I am here to share the complete Caddyfile for taiga. Feel free to edit it for better visibility and ask for any clarifications:

taiga.example.com {
	# General configurations
	encode gzip zstd

	# Forward all basic paths to taiga-back
	@taiga-back path /admin/* /api/*
	handle @taiga-back {
		reverse_proxy 127.0.0.1:8001
	}

	# Serve public attachments directly with appropriate header 
	handle /media/exports/* {
		header Content-disposition "attachment"
		root * /path/to/taiga-back
		file_server
	}

	# Serve all other media files through taiga-protect or directly
	# If taiga-protected is used switch the following directive with the commented one
	handle /media/* {
		root * /path/to/taiga-back
		file_server
	}
#	handle_path /media/* {
#		reverse_proxy localhost:8003 {
#			# Nginx's X-Accel-Redirect has to be manually implemented here
#			# Note: the response is in the form of /_protected/.... so a symbolic link should be added:
#			# from taiga-back/_protected to taiga-back/media
#			@accel header X-Accel-Redirect *
#			handle_response @accel {
#				root * /path/to/taiga-back
#				header Content-Disposition "attachment"
#				rewrite {http.reverse_proxy.header.X-Accel-Redirect}
#				file_server
#			}
#		}
#	}

	# If taiga-events is installed uncomment this next section
	handle /events* {
		reverse_proxy localhost:8888
	}
	# All other paths
	handle {
		@backend path /static/*
		root @backend /path/to/taiga-back
		root * /path/to/taiga-front/dist
		try_files {path} {path}/ /index.html
		file_server
	}

	# Optional: Write the logs to file
	log {
		output file /path/to/caddy.log
	}
}

As soon as caddy v2.4.1 or caddyserver/caddy#4165 is implemented, this documentation is ready for production. (Edit: the new caddy version is up)
@LecrisUT
Copy link
Author

@yamila-moreno Could you review or assign a review for this?

@yamila-moreno
Copy link
Member

HI @LecrisUT thanks for your contribution! ✨

I've been testing this file with the caddy 2.4.1 version and I don't get it to work, Does this Caddyfile look good?

taiga.local.io {
        tls internal
        encode gzip zstd

        @taiga-back path /admin/* /api/*
        handle @taiga-back {
            reverse_proxy 127.0.0.1:8001
        }

        handle /media/exports/* {
                header Content-disposition "attachment"
                root * /home/taiga/taiga-back
                file_server
        }

        handle_path /media/* {
                reverse_proxy localhost:8003 {
                        handle_response header X-Accel-Redirect {
                                root * /home/taiga/taiga-back
                                header Content-Disposition "attachment"
                                rewrite {http.reverse_proxy.header.X-Accel-Redirect}
                                file_server
                        }
                }
        }

        handle /events* {
                reverse_proxy localhost:8888
        }

        handle {
                @backend path /static/*
                root @backend /home/taiga/taiga-back
                root * /home/taiga/taiga-front/dist
                try_files {path} {path}/ /index.html
                file_server
        }

        log {
                output file /home/taiga/logs/caddy.log
        }
}

@LecrisUT
Copy link
Author

That looks just fine. What errors do you get?

@yamila-moreno
Copy link
Member

ups! I forgot the error!

2021/05/27 11:16:00.021	INFO	using adjacent Caddyfile
run: adapting config using caddyfile: parsing caddyfile tokens for 'handle_path': Caddyfile:26 - Error during parsing: parsing caddyfile tokens for 'reverse_proxy': Caddyfile:19 - Error during parsing: must use a named response matcher, starting with '@'

@LecrisUT
Copy link
Author

Oh I found the issue, sorry the original Caddyfile was not the same as my production one:

-                         handle_response header X-Accel-Redirect {
+                         @accel header X-Accel-Redirect *
+                         handle_response @accel {

I have changed the original example as well

@yamila-moreno
Copy link
Member

Hi @LecrisUT I've doing (tons of) tests but I cannot get the protected media working. This is the file that works best so far, but protected fail:

local.taiga.io:80 {
        tls internal

        log {
                level DEBUG
                output stdout
        }

        @proxy path /admin* /api*
        handle @proxy {
                reverse_proxy 127.0.0.1:8001
        }

        handle /events* {
                reverse_proxy 127.0.0.1:8888
        }

        handle {
                root /static/* /home/taiga/taiga-back
                root * /home/taiga/taiga-front-dist/dist

                try_files {path} {path}/ /index.html
                file_server
        }

        handle /media/exports/* {
                header Content-disposition "attachment"
                root * /home/taiga/taiga-back
                file_server
        }

        handle_path /media/* {
                reverse_proxy localhost:8003 {
                        @accel header X-Accel-Redirect *
                        handle_response @accel {
                                root * /home/taiga/taiga-back
                                header Content-Disposition "attachment"
                                rewrite {http.reverse_proxy.header.X-Accel-Redirect}
                                file_server
                        }
                }
        }

}

do you have a version of this caddyfile working with all that Taiga needs? that would be helpful, because I'm not super up to date with the new caddy version. Thanks for your time!

@LecrisUT
Copy link
Author

This is my production setup:

taiga.example.com {
        import tls_internal
        encode gzip zstd
        @taiga-back path /admin/* /api/*
        handle @taiga-back {
                reverse_proxy 127.0.0.1:8001
        }
        handle /media/exports/* {
                header +Content-disposition "attachment"
                root * /opt/taiga-back
                file_server
        }
        handle_path /media/* {
                reverse_proxy localhost:8003 {
                        @accel header X-Accel-Redirect *
                        handle_response @accel {
                                root * /opt/taiga-back
                                header Content-Disposition "attachment"
                                rewrite {http.reverse_proxy.header.X-Accel-Redirect}
                                file_server
                        }
                }
        }
        handle /events* {
                reverse_proxy localhost:8888
        }
        handle {
                @backend path /static/*
                root @backend /opt/taiga-back
                root * /var/www/taiga/dist
                try_files {path} {path}/ /index.html
                file_server
        }
}

Everything looks fine so I guess, just double check that it is a caddy v2.4.1 at least and there is a sym-link on /path/to/taiga-back/_protected -> /path/to/taiga-back/media. I'm not sure how to chain rewrites so the sym-link is not necessary, but that's the only setup I've done to get it working.

@yamila-moreno
Copy link
Member

yamila-moreno commented Jun 1, 2021
edited
Loading

It finally worked! So, to sum up, the steps to have Taiga working with Caddy are:

  • caddy version >= 2.4.1
  • cd ~/taiga-back and ln -s media/ _protected
  • this Caddyfile (remember to change with your own log options and tls at least)
local.taiga.io:80 {
        tls internal

	log {
		level DEBUG
 		output stdout
	}

	@taiga-back path /admin* /api*
	handle @taiga-back {
		reverse_proxy 127.0.0.1:8001
	}

	handle /events* {
		reverse_proxy 127.0.0.1:8888
	}
	
	handle {
		root /static/* /home/taiga/taiga-back
		root * /home/taiga/taiga-front-dist/dist

		try_files {path} {path}/ /index.html
		file_server
	}

	handle /media/exports/* {
		header Content-disposition "attachment"
		root * /home/taiga/taiga-back
		file_server
	}

	handle_path /media/* {
		reverse_proxy localhost:8003 {
			@accel header X-Accel-Redirect *
			handle_response @accel { 
				root * /home/taiga/taiga-back
				header Content-Disposition "attachment"
				rewrite {http.reverse_proxy.header.X-Accel-Redirect}
				file_server
			}
		}
	}

}

I'll check with the rest of the team how are we going to proceed and let you know. Thanks for your time!

@LecrisUT
Copy link
Author

LecrisUT commented Jun 1, 2021

Ok, thanks for your consideration.

@yamila-moreno yamila-moreno mentioned this issue Jun 2, 2021
Merged
@yamila-moreno
Copy link
Member

@LecrisUT the documentation is already in main and it'll be released soon.
Thanks for your help!! 🎊

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yamila-moreno @LecrisUT