woodpecker/docs/versioned_docs/version-3.0/30-administration/40-advanced/20-ssl.md

# SSL

Woodpecker supports SSL configuration by mounting certificates into your container.

```ini
WOODPECKER_SERVER_CERT=/etc/certs/woodpecker.example.com/server.crt
WOODPECKER_SERVER_KEY=/etc/certs/woodpecker.example.com/server.key
```

## Certificate Chain

The most common problem encountered is providing a certificate file without the intermediate chain.

> LoadX509KeyPair reads and parses a public/private key pair from a pair of files. The files must contain PEM encoded data. The certificate file may contain intermediate certificates following the leaf certificate to form a certificate chain.

## Certificate Errors

SSL support is provided using the [ListenAndServeTLS](https://golang.org/pkg/net/http/#ListenAndServeTLS) function from the Go standard library. If you receive certificate errors or warnings please examine your configuration more closely.

## Running in containers

Update your configuration to expose the following ports:

```diff title="docker-compose.yaml"
 services:
   woodpecker-server:
     [...]
     ports:
+      - 80:80
+      - 443:443
       - 9000:9000
```

Update your configuration to mount your certificate and key:

```diff title="docker-compose.yaml"
 services:
   woodpecker-server:
     [...]
     volumes:
+      - /etc/certs/woodpecker.example.com/server.crt:/etc/certs/woodpecker.example.com/server.crt
+      - /etc/certs/woodpecker.example.com/server.key:/etc/certs/woodpecker.example.com/server.key
```

Update your configuration to provide the paths of your certificate and key:

```diff title="docker-compose.yaml"
 services:
   woodpecker-server:
     [...]
     environment:
+      - WOODPECKER_SERVER_CERT=/etc/certs/woodpecker.example.com/server.crt
+      - WOODPECKER_SERVER_KEY=/etc/certs/woodpecker.example.com/server.key
```
Add 2.3 docs (#3306) 2024-01-31 18:47:52 +00:00			`# SSL`

			`Woodpecker supports SSL configuration by mounting certificates into your container.`

			```ini
			`WOODPECKER_SERVER_CERT=/etc/certs/woodpecker.example.com/server.crt`
			`WOODPECKER_SERVER_KEY=/etc/certs/woodpecker.example.com/server.key`
			```

Add docs for 3.0 (#4705) Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com> Co-authored-by: qwerty287 <qwerty287@posteo.de> Co-authored-by: Robert Kaussow <mail@thegeeklab.de> Co-authored-by: Anbraten <anton@ju60.de> Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: Anbraten <6918444+anbraten@users.noreply.github.com> 2025-01-18 19:39:06 +00:00			`## Certificate Chain`
Add 2.3 docs (#3306) 2024-01-31 18:47:52 +00:00
			`The most common problem encountered is providing a certificate file without the intermediate chain.`

			`> LoadX509KeyPair reads and parses a public/private key pair from a pair of files. The files must contain PEM encoded data. The certificate file may contain intermediate certificates following the leaf certificate to form a certificate chain.`

Add docs for 3.0 (#4705) Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com> Co-authored-by: qwerty287 <qwerty287@posteo.de> Co-authored-by: Robert Kaussow <mail@thegeeklab.de> Co-authored-by: Anbraten <anton@ju60.de> Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: Anbraten <6918444+anbraten@users.noreply.github.com> 2025-01-18 19:39:06 +00:00			`## Certificate Errors`
Add 2.3 docs (#3306) 2024-01-31 18:47:52 +00:00
			`SSL support is provided using the [ListenAndServeTLS](https://golang.org/pkg/net/http/#ListenAndServeTLS) function from the Go standard library. If you receive certificate errors or warnings please examine your configuration more closely.`

Add docs for 3.0 (#4705) Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com> Co-authored-by: qwerty287 <qwerty287@posteo.de> Co-authored-by: Robert Kaussow <mail@thegeeklab.de> Co-authored-by: Anbraten <anton@ju60.de> Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: Anbraten <6918444+anbraten@users.noreply.github.com> 2025-01-18 19:39:06 +00:00			`## Running in containers`
Add 2.3 docs (#3306) 2024-01-31 18:47:52 +00:00
			`Update your configuration to expose the following ports:`

			```diff title="docker-compose.yaml"
			`services:`
			`woodpecker-server:`
			`[...]`
			`ports:`
			`+ - 80:80`
			`+ - 443:443`
			`- 9000:9000`
			```

			`Update your configuration to mount your certificate and key:`

			```diff title="docker-compose.yaml"
			`services:`
			`woodpecker-server:`
			`[...]`
			`volumes:`
			`+ - /etc/certs/woodpecker.example.com/server.crt:/etc/certs/woodpecker.example.com/server.crt`
			`+ - /etc/certs/woodpecker.example.com/server.key:/etc/certs/woodpecker.example.com/server.key`
			```

			`Update your configuration to provide the paths of your certificate and key:`

Add 2.6 docs (#3786) 2024-06-13 17:31:54 +00:00			```diff title="docker-compose.yaml"
Add 2.3 docs (#3306) 2024-01-31 18:47:52 +00:00			`services:`
			`woodpecker-server:`
			`[...]`
			`environment:`
			`+ - WOODPECKER_SERVER_CERT=/etc/certs/woodpecker.example.com/server.crt`
			`+ - WOODPECKER_SERVER_KEY=/etc/certs/woodpecker.example.com/server.key`
			```