This article is outdated and may not work correctly for current operating systems or software.
Taiga is a free and open source application for project management. Unlike other project management tools, Taiga uses an incremental agile approach to manage the development of the project. Taiga is a very powerful and entirely customizable application. The backend of Taiga is written in Python using the Django framework. The frontend is written in JavaScript using CoffeeScript and AngularJS frameworks. Taiga includes features such as project collaboration, Kanban board, bug tracking, reporting, time tracking, backlogs, wiki and more.
A Vultr Ubuntu 16.04 server instance with at least 1GB RAM.
A sudo user.
In this tutorial, we will use taiga.example.com as the domain name pointed to the server. Replace all occurrences of taiga.example.com with your actual domain name.
Update your base system using the guide How to Update Ubuntu 16.04. Once your system has been updated, proceed to install PostgreSQL.
PostgreSQL is an object-relational database system and known for its stability and speed. Taiga uses PostgreSQL to store its database. Add the PostgreSQL repository into the system.
echo "deb http://apt.postgresql.org/pub/repos/apt/ xenial-pgdg main" | sudo tee /etc/apt/sources.list.d/pgdg.list
Import the GPG signing key and update the package lists.
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
sudo apt update
Install the PostgreSQL database server.
sudo apt -y install postgresql
Start the PostgreSQL server and enable it to start automatically at boot time.
sudo systemctl start postgresql
sudo systemctl enable postgresql
Change the password for the default PostgreSQL user.
sudo passwd postgres
Log in as PostgreSQL user.
sudo su - postgres
Create a new PostgreSQL user for Taiga.
createuser taiga
PostgreSQL provides the psql shell to run queries on the database. Switch to the PostgreSQL shell.
psql
Set a password for the newly created user for Taiga database.
ALTER USER taiga WITH ENCRYPTED password 'DBPassword';
Replace DBPassword with a secure password. Create a new database for Taiga installation.
CREATE DATABASE taiga OWNER taiga;
Exit from the psql shell.
\q
Switch to the sudo user.
exit
Taiga requires Python version 3.4 or later and Python 3.5 comes pre-installed in the Ubuntu 16.04 distribution. Install a few more required packages.
sudo apt -y install python3 python3-pip python3-dev python3-dev virtualenvwrapper
Python virtual environment is used to create an isolated virtual environment for a Python project. A virtual environment contains its own installation directories and doesn't share libraries with global and other virtual environments. Once Python 3 has been installed successfully, you should be able to check its version.
python3 -V
You will see the following.
user@vultr:~$ python3 -V
Python 3.5.2
Upgrade pip, which is a dependency manager application.
sudo pip3 install --upgrade setuptools pip
Also, Install a few build tools which will be required later to compile the dependencies.
sudo apt -y install build-essential binutils-doc autoconf flex bison libjpeg-dev libfreetype6-dev zlib1g-dev libzmq3-dev libgdbm-dev libncurses5-dev automake libtool libffi-dev curl git tmux gettext
Taiga uses RabbitMQ to process the message queue. RabbitMQ requires Erlang libraries to work. Install Erlang.
sudo apt -y install erlang
Add the RabbitMQ repository.
echo 'deb http://www.rabbitmq.com/debian/ stable main' | sudo tee /etc/apt/sources.list.d/rabbitmq.list
Import the RabbitMQ GPG signing key.
wget -O- https://www.rabbitmq.com/rabbitmq-release-signing-key.asc | sudo apt-key add -
Update the repository information.
sudo apt update
Install RabbitMQ.
sudo apt -y install rabbitmq-server
Start and enable the RabbitMQ server.
sudo systemctl start rabbitmq-server
sudo systemctl enable rabbitmq-server
Add a RabbitMQ user and vhost. Also, provide permission to the user over the host.
sudo rabbitmqctl add_user taiga StrongMQPassword
sudo rabbitmqctl add_vhost taiga
sudo rabbitmqctl set_permissions -p taiga taiga ".*" ".*" ".*"
Make sure to replace StrongMQPassword with a secure password.
Node.js version 7 or later is required to compile the frontend of the Taiga. Add the Node.js version 8 repository.
curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -
Install Node.js and the pwgen utility.
sudo apt install -y nodejs pwgen npm
pwgen will be used later to generate a strong secret string. Install CoffeeScript, as it will be used to compile Taiga files written in the CoffeeScript framework.
sudo npm install -g coffee-script gulp
Add a new system user for Taiga to ensure that Taiga processes are running as an unprivileged user.
sudo adduser taiga
sudo su - taiga
Note: From now on, all the commands need to be run as the unprivileged user taiga until you are asked to switch back to sudo user.
Create a new directory to store the log files.
mkdir -p ~/logs
Clone the Taiga backend repository from GitHub and checkout the latest stable branch.
git clone https://github.com/taigaio/taiga-back.git taiga-back
cd taiga-back
git checkout stable
Now make a new virtual environment for Taiga using Python 3.
mkvirtualenv -p /usr/bin/python3 taiga
pip3 install --upgrade setuptools
Install the required Python dependencies using pip.
pip3 install -r requirements.txt
Populate the database with necessary initial data.
python3 manage.py migrate --noinput
python3 manage.py loaddata initial_user
python3 manage.py loaddata initial_project_templates
python3 manage.py compilemessages
python3 manage.py collectstatic --noinput
The above commands will write data into the PostgreSQL database. Taiga also ships some demo or sample data which can be useful for evaluating the product. If you wish to install the sample data, run the following.
python3 manage.py sample_data
Note: Installing sample data is optional and intended only to evaluate the product.
Before we proceed to create the configuration file for the Taiga backend, we need to generate a secret string. This string will be used to encrypt the session data.
Generate a random string of 64 characters.
pwgen -s -1 64
You should see the output as a random string.
(taiga) taiga@vultr:~/taiga-back$ pwgen -s -1 64
fhDfyYVJ4EH3tvAyUzmfWSeCXuf5sy5EEWrMQPaf9t3JSFrpiL6yvUEOWsFOTscP
Create a new configuration file for the Taiga Backend.
nano ~/taiga-back/settings/local.py
Populate the file will the following code.
from .common import *
MEDIA_URL = "https://taiga.example.com/media/"
STATIC_URL = "https://taiga.example.com/static/"
SITES["front"]["scheme"] = "https"
SITES["front"]["domain"] = "taiga.example.com"
SECRET_KEY = "Generated_Secret_Key"
DEBUG = False
PUBLIC_REGISTER_ENABLED = True
DEFAULT_FROM_EMAIL = "mail@example.com"
SERVER_EMAIL = DEFAULT_FROM_EMAIL
#CELERY_ENABLED = True
EVENTS_PUSH_BACKEND = "taiga.events.backends.rabbitmq.EventsPushBackend"
EVENTS_PUSH_BACKEND_OPTIONS = {"url": "amqp://taiga:StrongMQPassword@localhost:5672/taiga"}
# Uncomment and populate with proper connection parameters
# for enable email sending. EMAIL_HOST_USER should end by @domain.tld
#EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend"
#EMAIL_USE_TLS = False
#EMAIL_HOST = "mail.example.com"
#EMAIL_HOST_USER = "mail@example.com"
#EMAIL_HOST_PASSWORD = "SMTPPassword"
#EMAIL_PORT = 25
# Uncomment and populate with proper connection parameters
# for enable github login/singin.
#GITHUB_API_CLIENT_ID = "yourgithubclientid"
#GITHUB_API_CLIENT_SECRET = "yourgithubclientsecret"
Make sure to replace the example domain name with the actual one in the above code. Also, replace Generated_Secret_Key with the actual secret key and StrongMQPassword with the actual password for the Taiga message queue user. If you have an SMTP server ready and you wish to use email sending features immediately, you can uncomment the email options and set the appropriate value. If you do not have a mail server ready, you can skip setting up the email feature for now and set it later in this configuration file.
If you wish to enable GitHub login, create an application in GitHub and provide the API client ID and client secret.
To immediately check if the Taiga backend can be started, run the built-in Django server.
workon taiga
python manage.py runserver
You will see the following output if the server has started successfully.
(taiga) taiga@vultr:~/taiga-back$ workon taiga
(taiga) taiga@vultr:~/taiga-back$ python manage.py runserver
Trying import local.py settings...
Trying import local.py settings...
Performing system checks...
System check identified no issues (0 silenced).
October 28, 2017 - 10:29:38
Django version 1.10.6, using settings 'settings'
Starting development server at http://127.0.0.1:8000/
Quit the server with CONTROL-C.
To verify if the API can be accessed, open another terminal session and run the following.
curl http://127.0.0.1:8000/api/v1/
You will see similar output returned by the API call.
user@vultr:~$ curl http://127.0.0.1:8000/api/v1/
{"webhooks": "http://127.0.0.1:8000/api/v1/webhooks", "invitations": "http://127.0.0.1:8000/api/v1/invitations", "severities": "http://127.0.0.1:8000/api/v1/severities", "memberships": "http://127.0.0.1:8000/api/v1/memberships", "user-storage": "http://127.0.0.1:8000/api/v1/user-storage", "epics/(?P<resource_id>\\d+)/voters": "http://127.0.0.1:8000/api/v1/epics/(?P<resource_id>\\d+)/voters", "wiki": "http://127.0.0.1:8000/api/v1/wiki", "priorities": "http://127.0.0.1:8000/api/v1/priorities", "userstories/attachments": "http://127.0.0.1:8000/api/v1/userstories/attachments", "epics/(?P<epic>[^/.]+)/related_userstories": "http://127.0.0.1:8000/api/v1/epics/(?P<epic>[^/.]+)/related_userstories", "timeline/user": "http://127.0.0.1:8000/api/v1/timeline/user", "userstories/(?P<resource_id>\\d+)/voters": "http://127.0.0.1:8000/api/v1/userstories/(?P<resource_id>\\d+)/voters", "wiki-links": "http://127.0.0.1:8000/api/v1/wiki-links", "epics/attachments": "http://127.0.0.1:8000/api/v1/epics/attachments", "issues/custom-attributes-values": "http://127.0.0.1:8000/api/v1/issues/custom-attributes-values
Stop the Taiga backend server by pressing "ctrl + C" and deactivate the virtual environment.
deactivate
The Taiga frontend is the component of Taiga which serves the Web user interface. Clone the Taiga frontend repository from Github and checkout the latest stable branch.
cd ~
git clone https://github.com/taigaio/taiga-front-dist.git taiga-front-dist
cd taiga-front-dist
git checkout stable
Create a new configuration file for the Taiga frontend.
nano ~/taiga-front-dist/dist/conf.json
Populate the file.
{
"api": "https://taiga.example.com/api/v1/",
"eventsUrl": "wss://taiga.example.com/events",
"eventsMaxMissedHeartbeats": 5,
"eventsHeartbeatIntervalTime": 60000,
"eventsReconnectTryInterval": 10000,
"debug": true,
"debugInfo": false,
"defaultLanguage": "en",
"themes": ["taiga"],
"defaultTheme": "taiga",
"publicRegisterEnabled": true,
"feedbackEnabled": true,
"privacyPolicyUrl": null,
"termsOfServiceUrl": null,
"maxUploadFileSize": null,
"contribPlugins": [],
"tribeHost": null,
"importers": [],
"gravatar": true
}
Make sure to replace the example domain with the actual domain. You can also change the default language and other parameters in the above configuration.
Apart from the frontend and backend, we also need to install Taiga events. Taiga events is a web socket server, and it enables the Taiga frontend to show real-time changes in modules such as backlog, Kanban and more. It also uses the RabbitMQ server for message processing.
Clone the Taiga events repository from Github.
cd ~
git clone https://github.com/taigaio/taiga-events.git taiga-events
cd taiga-events
Install the Node.js dependencies using npm.
npm install
Create a new configuration file for Taiga events.
nano ~/taiga-events/config.json
Populate the file.
{
"url": "amqp://taiga:StrongMQPassword@localhost:5672/taiga",
"secret": "Generated_Secret_Key",
"webSocketServer": {
"port": 8888
}
}
Replace Generated_Secret_Key with the actual 64 characters long secret key which you have generated previously. The secret key should be exactly the same as the key you provided in the Taiga backend configuration file. Also, update the StrongMQPassword with the actual password for Taiga message queue user.
Circus is a process manager for Python applications. We will use Circus to run the Taiga backend and events.
Switch back to the sudo user.
exit
Note: From now you will need to run the commands using sudo user.
sudo apt -y install circus
Create a new Circus configuration file for running the Taiga backend.
sudo nano /etc/circus/conf.d/taiga.ini
Populate the file.
[watcher:taiga]
working_dir = /home/taiga/taiga-back
cmd = gunicorn
args = -w 3 -t 60 --pythonpath=. -b 127.0.0.1:8001 taiga.wsgi
uid = taiga
numprocesses = 1
autostart = true
send_hup = true
stdout_stream.class = FileStream
stdout_stream.filename = /home/taiga/logs/gunicorn.stdout.log
stdout_stream.max_bytes = 10485760
stdout_stream.backup_count = 4
stderr_stream.class = FileStream
stderr_stream.filename = /home/taiga/logs/gunicorn.stderr.log
stderr_stream.max_bytes = 10485760
stderr_stream.backup_count = 4
[env:taiga]
PATH = /home/taiga/.virtualenvs/taiga/bin:$PATH
TERM=rxvt-256color
SHELL=/bin/bash
USER=taiga
LANG=en_US.UTF-8
HOME=/home/taiga
PYTHONPATH=/home/taiga/.virtualenvs/taiga/lib/python3.5/site-packages
Create a new Circus configuration for running Taiga Events.
sudo nano /etc/circus/conf.d/taiga-events.ini
Populate the file.
[watcher:taiga-events]
working_dir = /home/taiga/taiga-events
cmd = /usr/local/bin/coffee
args = index.coffee
uid = taiga
numprocesses = 1
autostart = true
send_hup = true
stdout_stream.class = FileStream
stdout_stream.filename = /home/taiga/logs/taigaevents.stdout.log
stdout_stream.max_bytes = 10485760
stdout_stream.backup_count = 12
stderr_stream.class = FileStream
stderr_stream.filename = /home/taiga/logs/taigaevents.stderr.log
stderr_stream.max_bytes = 10485760
stderr_stream.backup_count = 12
Restart Circus and enable to start at boot time automatically.
sudo systemctl restart circusd
sudo systemctl enable circusd
Check the status of Circus.
circusctl status
If Circus has started all the Taiga processes correctly, then you will see following output.
user@vultr:~$ circusctl status
circusd-stats: active
plugin:flapping: active
taiga: active
taiga-events: active
If you see any of the process not active, run sudo chmod -R 777 /home/taiga/logs and restart Circus. Check the status of the Circus processes again, this time you will definitely find the service running.
Now, we have Taiga successfully installed and running. Before we can use it, we need to expose the installation using any production web server.
We will use Nginx as a reverse proxy to serve the application to the users. We will also obtain and install SSL certificates from Let's Encrypt.
Certbot is the official certificates issuing client for Let's Encrypt CA. Add the Certbot PPA repository into the system.
sudo add-apt-repository ppa:certbot/certbot
sudo apt update
Install Nginx and Certbot.
sudo apt -y install nginx certbot
Note: To obtain certificates from Let's Encrypt CA, you must ensure that the domain for which you wish to generate the certificates is pointed towards the server. If not, then make the necessary changes to the DNS records of your domain and wait for the DNS to propagate before making the certificate request again. Certbot checks the domain authority before providing the certificates.
Now use the built-in web server in Certbot to generate the certificates for your domain.
sudo certbot certonly --standalone -d taiga.example.com
The generated certificates are likely to be stored in the /etc/letsencrypt/live/taiga.example.com/ directory. The SSL certificate will be retained as fullchain.pem, and the private key will be saved as privkey.pem.
Let's Encrypt certificates expire in 90 days, so it is recommended to set up auto-renewal for the certificates using Cron jobs. Cron is a system service which is used to run periodic tasks.
Open the cron job file.
sudo crontab -e
Add the following line.
0 0 * * * /usr/bin/certbot renew --quiet
The above cron job will run daily at midnight. If the certificate is due for expiration, it will automatically renew the certificates.
Generate a strong Diffie-Hellman parameter. It provides an extra layer of security for data exchange between host and server.
sudo openssl dhparam -out /etc/ssl/dhparam.pem 2048
Create a new Nginx server block to serve the Taiga frontend.
sudo nano /etc/nginx/sites-available/taiga
Populate the file with the following.
server {
listen 80;
server_name taiga.example.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name taiga.example.com;
access_log /home/taiga/logs/nginx.access.log;
error_log /home/taiga/logs/nginx.error.log;
large_client_header_buffers 4 32k;
client_max_body_size 50M;
charset utf-8;
index index.html;
# Frontend
location / {
root /home/taiga/taiga-front-dist/dist/;
try_files $uri $uri/ /index.html;
}
# Backend
location /api {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8001/api;
proxy_redirect off;
}
location /admin {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8001$request_uri;
proxy_redirect off;
}
# Static files
location /static {
alias /home/taiga/taiga-back/static;
}
# Media files
location /media {
alias /home/taiga/taiga-back/media;
}
location /events {
proxy_pass http://127.0.0.1:8888/events;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_connect_timeout 7d;
proxy_send_timeout 7d;
proxy_read_timeout 7d;
}
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header Public-Key-Pins 'pin-sha256="klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY="; pin-sha256="633lt352PKRXbOwf4xSEa1M517scpD3l5f79xMD9r9Q="; max-age=2592000; includeSubDomains';
ssl on;
ssl_certificate /etc/letsencrypt/live/taiga.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/taiga.example.com/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_session_cache shared:SSL:10m;
ssl_dhparam /etc/ssl/dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
}
Be sure to change the domain name and the path to the SSL certificates. Enable the virtual host.
sudo ln -s /etc/nginx/sites-available/taiga /etc/nginx/sites-enabled/taiga
Now you can restart the Nginx web server and enable it to start at boot automatically.
sudo systemctl restart nginx
sudo systemctl status nginx
Finally, fix the ownership and permission on Taiga files.
sudo chown -R taiga:taiga /home/taiga/
sudo chmod o+x /home/taiga/
You can now access the Taiga installation by going to https://taiga.example.com. Log in using the initial administrator account with username "admin" and password "123123". Your installation is now ready for production use. Start by creating a new project or evaluating the product. If you are already managing a project on Github, Jira, or Trello, you can easily import the projects into Taiga using the importers.