Merge pull request #9 from taigaio/add-taiga-protected

Add taiga-protected
2025-07-28 16:34:13 +02:00 · 2021-01-05 14:01:18 +01:00 · 2021-01-05 14:01:18 +01:00 · c6afcf458a
commit c6afcf458a
parent bc50ddcb99 e48f9e4363
3 changed files with 39 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -41,6 +41,8 @@ Where the database is set. By default, it's meant to be in the same host as the

 Is the secret key of Taiga. Should be the same as this var in `taiga-events` and `taiga-async`

+Besides, this should have the same value of `SECRET_KEY` in `taiga-protected`.
+
 ##### `TAIGA_SITES_SCHEME`, `TAIGA_SITES_DOMAIN`

 Should have the url where this is served: https[://]taiga.mycompany.com
@ -136,6 +138,16 @@ Get these in your profile https://github.com/settings/apps or in your organizati
 Used for login with GitLab.
 Get these in your profile https://{YOUR-GITLAB}/profile/applications or in your organization profile https://{YOUR-GITLAB}/admin/applications

+### taiga-protected
+
+##### `SECRET_KEY`
+
+Should be the same as this var in `taiga-back`.
+
+##### `MAX_AGE`
+
+The attachments will be accesible with a token during MAX_AGE (in seconds). After that, the token will expire.
+

 ### taiga-events

--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -133,6 +133,14 @@ services:
    networks:
      - taiga

+  taiga-protected:
+    image: taigaio/taiga-protected:alpha
+    environment:
+      MAX_AGE: 360
+      SECRET_KEY: "taiga-back-secret-key"
+    networks:
+      - taiga
+
  taiga-gateway:
    image: nginx:1.19-alpine
    ports:
--- a/taiga-gateway/taiga.conf
+++ b/taiga-gateway/taiga.conf
@ -40,8 +40,26 @@ server {
    }

    # Media
+    location /_protected {
+        internal;
+        alias /taiga/media/;
+        add_header Content-disposition "attachment";
+    }
+
+    # Unprotected section
+    location /media/exports {
+        alias /taiga/media/exports/;
+        add_header Content-disposition "attachment";
+    }
+
    location /media {
-        root /taiga;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Scheme $scheme;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_pass http://taiga-protected:8003/;
+        proxy_redirect off;
    }

    # Events