woodpecker/docs/administration/ssl.md

Drone supports ssl configuration by mounting certificates into your container.

```diff
services:
  drone-server:
    image: drone/drone:{{% version %}}
    ports:
+     - 80:80
+     - 443:443
      - 9000:9000
    volumes:
      - /var/lib/drone:/var/lib/drone/
+     - /etc/certs/drone.foo.com/server.crt:/etc/certs/drone.foo.com/server.crt
+     - /etc/certs/drone.foo.com/server.key:/etc/certs/drone.foo.com/server.key
    restart: always
    environment:
+     - DRONE_SERVER_CERT=/etc/certs/drone.foo.com/server.crt
+     - DRONE_SERVER_KEY=/etc/certs/drone.foo.com/server.key
```

Update your configuration to expose the following ports:

```diff
services:
  drone-server:
    image: drone/drone:{{% version %}}
    ports:
+     - 80:80
+     - 443:443
      - 9000:9000
```

Update your configuration to mount your certificate and key:

```diff
services:
  drone-server:
    image: drone/drone:{{% version %}}
    ports:
      - 80:80
      - 443:443
      - 9000:9000
    volumes:
      - /var/lib/drone:/var/lib/drone/
+     - /etc/certs/drone.foo.com/server.crt:/etc/certs/drone.foo.com/server.crt
+     - /etc/certs/drone.foo.com/server.key:/etc/certs/drone.foo.com/server.key
```

Update your configuration to provide the paths of your certificate and key:

```diff
services:
  drone-server:
    image: drone/drone:{{% version %}}
    ports:
      - 80:80
      - 443:443
      - 9000:9000
    volumes:
      - /var/lib/drone:/var/lib/drone/
      - /etc/certs/drone.foo.com/server.crt:/etc/certs/drone.foo.com/server.crt
      - /etc/certs/drone.foo.com/server.key:/etc/certs/drone.foo.com/server.key
    restart: always
    environment:
+     - DRONE_SERVER_CERT=/etc/certs/drone.foo.com/server.crt
+     - DRONE_SERVER_KEY=/etc/certs/drone.foo.com/server.key
```

# Certificate Chain

The most common problem encountered is providing a certificate file without the intermediate chain.

> LoadX509KeyPair reads and parses a public/private key pair from a pair of files. The files must contain PEM encoded data. The certificate file may contain intermediate certificates following the leaf certificate to form a certificate chain.

# Certificate Errors

SSL support is provided using the [ListenAndServeTLS](https://golang.org/pkg/net/http/#ListenAndServeTLS) function from the Go standard library. If you receive certificate errors or warnings please examine your configuration more closely. Please do not create issues claiming SSL is broken.
Readme 2019-07-05 13:30:25 +00:00			`Drone supports ssl configuration by mounting certificates into your container.`

			```diff
			`services:`
			`drone-server:`
			`image: drone/drone:{{% version %}}`
			`ports:`
			`+ - 80:80`
			`+ - 443:443`
			`- 9000:9000`
			`volumes:`
			`- /var/lib/drone:/var/lib/drone/`
			`+ - /etc/certs/drone.foo.com/server.crt:/etc/certs/drone.foo.com/server.crt`
			`+ - /etc/certs/drone.foo.com/server.key:/etc/certs/drone.foo.com/server.key`
			`restart: always`
			`environment:`
			`+ - DRONE_SERVER_CERT=/etc/certs/drone.foo.com/server.crt`
			`+ - DRONE_SERVER_KEY=/etc/certs/drone.foo.com/server.key`
			```

			`Update your configuration to expose the following ports:`

			```diff
			`services:`
			`drone-server:`
			`image: drone/drone:{{% version %}}`
			`ports:`
			`+ - 80:80`
			`+ - 443:443`
			`- 9000:9000`
			```

			`Update your configuration to mount your certificate and key:`

			```diff
			`services:`
			`drone-server:`
			`image: drone/drone:{{% version %}}`
			`ports:`
			`- 80:80`
			`- 443:443`
			`- 9000:9000`
			`volumes:`
			`- /var/lib/drone:/var/lib/drone/`
			`+ - /etc/certs/drone.foo.com/server.crt:/etc/certs/drone.foo.com/server.crt`
			`+ - /etc/certs/drone.foo.com/server.key:/etc/certs/drone.foo.com/server.key`
			```

			`Update your configuration to provide the paths of your certificate and key:`

			```diff
			`services:`
			`drone-server:`
			`image: drone/drone:{{% version %}}`
			`ports:`
			`- 80:80`
			`- 443:443`
			`- 9000:9000`
			`volumes:`
			`- /var/lib/drone:/var/lib/drone/`
			`- /etc/certs/drone.foo.com/server.crt:/etc/certs/drone.foo.com/server.crt`
			`- /etc/certs/drone.foo.com/server.key:/etc/certs/drone.foo.com/server.key`
			`restart: always`
			`environment:`
			`+ - DRONE_SERVER_CERT=/etc/certs/drone.foo.com/server.crt`
			`+ - DRONE_SERVER_KEY=/etc/certs/drone.foo.com/server.key`
			```

			`# Certificate Chain`

			`The most common problem encountered is providing a certificate file without the intermediate chain.`

			`> LoadX509KeyPair reads and parses a public/private key pair from a pair of files. The files must contain PEM encoded data. The certificate file may contain intermediate certificates following the leaf certificate to form a certificate chain.`

			`# Certificate Errors`

			`SSL support is provided using the [ListenAndServeTLS](https://golang.org/pkg/net/http/#ListenAndServeTLS) function from the Go standard library. If you receive certificate errors or warnings please examine your configuration more closely. Please do not create issues claiming SSL is broken.`