Install Taiga on CentOS 8 / RHEL 8

taiga-centos8.sh

#!/bin/bash

# Stop on error
set -e
# Stop on unitialized variables
set -u
# Stop on failed pipes
set -o pipefail

# IP_ADDR can be the IP address of your server OR FQDN that points to your server
# Example:
# IP_ADDR="example.com"
IP_ADDR="0.0.0.0"
SECRETKEY="yoursecretkey"
# Since the events password will be used inside an URL later, please use only web safe characters: a-z, A-Z, 0-9, and - . _ ~
EVENTS_PASSWORD="someotherpassword"


#take care of selinx and the firewall
setsebool -P httpd_read_user_content true
setsebool -P httpd_can_network_connect true 

dnf install -y policycoreutils-python-utils bash-completion vim git python36

#semanage port -m -t http_port_t -p tcp 8000
#semanage port -a -t http_port_t -p tcp 8001

firewall-cmd --add-service http --permanent
firewall-cmd --add-service https --permanent
#firewall-cmd --add-port 8001/tcp --permanent
firewall-cmd --reload 




# yum install -y gcc autoconf flex bison libjpeg-turbo-devel freetype-devel zlib-devel zeromq3-devel gdbm-devel ncurses-devel automake libtool libffi-devel curl git tmux libxml2-devel libxslt-devel wget openssl-devel gcc-c++

#PostgreSQL 9.5 (pulls in scl-utils as a dep)
dnf install -y postgresql-server postgresql-server-devel  

postgresql-setup --initdb

systemctl enable postgresql --now


#PostgreSQL initDB setting
cd /home
su postgres -c "createuser taiga"
su postgres -c "createdb taiga -O taiga"



#taiga add
adduser taiga

#taiga-back
cd /home/taiga
git clone https://github.com/taigaio/taiga-back.git taiga-back
cd taiga-back/
git checkout stable

pip3 install --upgrade pip
su taiga -c "pip3 install -r requirements.txt"

chown -R taiga:taiga /home/taiga/

su taiga -c "python3 manage.py migrate --noinput"
su taiga -c "python3 manage.py loaddata initial_user"
su taiga -c "python3 manage.py loaddata initial_project_templates"
#su taiga -c "python3 manage.py loaddata initial_role"
su taiga -c "python3 manage.py compilemessages"
su taiga -c "python3 manage.py collectstatic --noinput"

cat >> /home/taiga/taiga-back/settings/local.py << EOF
from .development import *
from .common import *

MEDIA_URL = "http://${IP_ADDR}/media/"
STATIC_URL = "http://${IP_ADDR}/static/"
ADMIN_MEDIA_PREFIX = "http://${IP_ADDR}/static/admin/"
SITES["front"]["scheme"] = "http"
SITES["front"]["domain"] = "${IP_ADDR}"

SECRET_KEY = $SECRETKEY

DEBUG = False
TEMPLATE_DEBUG = False
PUBLIC_REGISTER_ENABLED = True

DEFAULT_FROM_EMAIL = "no-reply@example.com"
SERVER_EMAIL = DEFAULT_FROM_EMAIL
CHANGE_NOTIFICATIONS_MIN_INTERVAL = 60 #seconds

EVENTS_PUSH_BACKEND = "taiga.events.backends.rabbitmq.EventsPushBackend"
EVENTS_PUSH_BACKEND_OPTIONS = {"url": "amqp://taiga:$EVENTS_PASSWORD/taiga"}

EOF

#taiga-front
cd /home/taiga
git clone https://github.com/taigaio/taiga-front-dist.git taiga-front-dist
cd taiga-front-dist/
git checkout stable
cd dist/

# Update details for taiga-front
sed -e "s%localhost:8000%${IP_ADDR}%" conf.example.json > conf.json
sed  -i "s|\"eventsUrl\": null|\"eventsUrl\": \"ws://$IP_ADDR/events\"|g" conf.json

#circus
cd /home/taiga

dnf install -y nginx

cat > /etc/nginx/nginx.conf << 'EOF'
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    include /etc/nginx/conf.d/*.conf;

}
EOF

cat > /etc/nginx/conf.d/taiga.conf <<'EOF'
server {
    listen 80 default_server;
    server_name _;

    large_client_header_buffers 4 32k;
    client_max_body_size 50M;
    charset utf-8;

    access_log /var/log/nginx/taiga-nginx.access.log;
    error_log /var/log/nginx/taiga-nginx.error.log;

    # Frontend
    location / {
        root /home/taiga/taiga-front-dist/dist/;
        try_files $uri $uri/ /index.html;
    }

    # Backend
    location /api {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.0.0.1:8001/api;
        proxy_redirect off;
    }

    # Django admin access (/admin/)
    location /admin {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.0.0.1:8001$request_uri;
        proxy_redirect off;
   }

    # Static files
    location /static {
        alias /home/taiga/taiga-back/static;
    }

    # Media files
    location /media {
        alias /home/taiga/taiga-back/media;
    }
    
    # Events
    location /events {
        proxy_pass http://127.0.0.1:8888/events;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_connect_timeout 7d;
        proxy_send_timeout 7d;
        proxy_read_timeout 7d;
	}
}
EOF
 

cat > /etc/systemd/system/taiga.service <<EOF
[Unit]
Description=Taiga Service
After=network.target

[Service]
Type=simple
User=taiga
WorkingDirectory=/home/taiga/taiga-back
ExecStart=/usr/bin/python3 /home/taiga/taiga-back/manage.py runserver 127.0.0.1:8001

Restart=on-abort

[Install]
WantedBy=multi-user.target
EOF

# final steps 

chown -R taiga:taiga /home/taiga/
chmod o+x /home/taiga/
chmod o+rx ~taiga/taiga-back/media

# now some systmectl stuff
systemctl daemon-reload

systemctl restart nginx taiga
systemctl enable nginx taiga

echo "Done installing Taiga"

echo "Press ENTER to continue installing Certbot"
read -p "You will be asked to enter some information and agree to LetsEncrypt terms"

# Install LetsEncrypt Certbot
wget https://dl.eff.org/certbot-auto
mv certbot-auto /usr/local/bin/certbot-auto
chmod 0755 /usr/local/bin/certbot-auto
certbot-auto -n --install-only
echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew" | tee -a /etc/crontab > /dev/null
echo "*  *  *  * * taiga cd /home/taiga/taiga-back && python3 manage.py send_notifications" | tee -a /etc/crontab > /dev/null

### THIS PART IS A WORK IN PROGRESS ###
# Install events
echo "Installing realtime events..."
dnf install -y nodejs centos-release-rabbitmq @redis
dnf install -y rabbitmq-server
cd /home/taiga
su taiga -c "git clone https://github.com/taigaio/taiga-events.git taiga-events"
cd taiga-events
su taiga -c "npm install"
npm install -g coffeescript

echo '
[Unit]
Description=taiga_events
After=network.target

[Service]
User=taiga
WorkingDirectory=/home/taiga/taiga-events
ExecStart=/bin/bash -c "node_modules/coffeescript/bin/coffee index.coffee"
Restart=always
RestartSec=3

[Install]
WantedBy=default.target

' >> /etc/systemd/system/taiga-events.service

echo '
{
    "url": "amqp://taiga:someotherpassword@localhost:5672/taiga",
    "secret":"$SECRETKEY",
    "webSocketServer": {
        "port": 8888
    }
}

' > /home/taiga/taiga-events/config.json
chown taiga /home/taiga/taiga-events/config.json

rabbitmqctl add_user taiga $PASSWORD_FOR_EVENTS
rabbitmqctl add_vhost taiga
rabbitmqctl set_permissions -p taiga taiga ".*" ".*" ".*"

systemctl enable --now redis rabbitmq-server taiga-events

TODO: Install Events for realtime updates in the web interface
https://taigaio.github.io/taiga-doc/dist/setup-production.html#taiga-events

Make sure to set IP address and secret before running script!

After installation and a domain is pointed, you can run certbot-auto --nginx to get https working. If you let certbot reconfigure nginx to auto redirect to https, it might mangle the file a little bit, but it's easy to clean up. Just make sure the reverse proxies and everything else is under the 443 server block. The 80 server block should only contain the following after enabling SSL

server {
    listen 80 default_server;
    server_name example.com;
    if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot
  
    return 404; # managed by Certbot
}

Important: the reverse proxies should remain as http://127.0.0.1:8001, do not change these to https

Follow this for more info, though lots of this stuff doesn't apply to this script
https://taigaio.github.io/taiga-doc/dist/setup-production.html#_taiga_hardening_https

Files to edit for https URLS:
/etc/nginx/conf.d/taiga.conf
Note: Make sure to change the events websockets URL ws:// to wss:// when switching to HTTPS
/home/taiga/taiga-front-dist/dist/conf.json
/home/taiga/taiga-back/settings/local.py