mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2024-12-23 08:56:29 +00:00
use example.com instead of foo.com (#1188)
http://example.com/ is a reserved domain name, which is perfect for examples, while foo.com is a random domain name
This commit is contained in:
parent
795bbd8988
commit
1c4efe1582
5 changed files with 16 additions and 145 deletions
|
@ -11,7 +11,7 @@ pipeline:
|
|||
webhook:
|
||||
image: foo/webhook
|
||||
settings:
|
||||
url: http://foo.com
|
||||
url: http://example.com
|
||||
method: post
|
||||
body: |
|
||||
hello world
|
||||
|
@ -54,7 +54,7 @@ Execute your plugin locally from the command line to verify it is working:
|
|||
```nohighlight
|
||||
docker run --rm \
|
||||
-e PLUGIN_METHOD=post \
|
||||
-e PLUGIN_URL=http://foo.com \
|
||||
-e PLUGIN_URL=http://example.com \
|
||||
-e PLUGIN_BODY="hello world" \
|
||||
foo/webhook
|
||||
```
|
||||
|
|
|
@ -1,129 +0,0 @@
|
|||
# SSL
|
||||
|
||||
Woodpecker supports two ways of enabling SSL communication. You can either use Let's Encrypt to get automated SSL support with
|
||||
renewal or provide your own SSL certificates.
|
||||
|
||||
## Let's Encrypt
|
||||
|
||||
Woodpecker supports automated SSL configuration and updates using Let's Encrypt.
|
||||
|
||||
You can enable Let's Encrypt by making the following modifications to your server configuration:
|
||||
|
||||
```diff
|
||||
# docker-compose.yml
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
woodpecker-server:
|
||||
[...]
|
||||
ports:
|
||||
+ - 80:80
|
||||
+ - 443:443
|
||||
- 9000:9000
|
||||
environment:
|
||||
- [...]
|
||||
+ - WOODPECKER_LETS_ENCRYPT=true
|
||||
+ - WOODPECKER_LETS_ENCRYPT_EMAIL=ssl-admin@example.tld
|
||||
```
|
||||
|
||||
Note that Woodpecker uses the hostname from the `WOODPECKER_HOST` environment variable when requesting certificates. For example, if `WOODPECKER_HOST=https://foo.com` is set the certificate is requested for `foo.com`. To receive emails before certificates expire Let's Encrypt requires an email address. You can set it with `WOODPECKER_LETS_ENCRYPT_EMAIL=ssl-admin@example.tld`.
|
||||
|
||||
The SSL certificates are stored in `$HOME/.local/share/certmagic` for binary versions of Woodpecker and in `/var/lib/woodpecker` for the Container versions of it. You can set a custom path by setting `XDG_DATA_HOME` if required.
|
||||
|
||||
> Once enabled you can visit the Woodpecker UI with http and the HTTPS address. HTTP will be redirected to HTTPS.
|
||||
|
||||
### Certificate Cache
|
||||
|
||||
Woodpecker writes the certificates to `/var/lib/woodpecker/certmagic/`.
|
||||
|
||||
### Certificate Updates
|
||||
|
||||
Woodpecker uses the official Go acme library which will handle certificate upgrades. There should be no addition configuration or management required.
|
||||
|
||||
## SSL with own certificates
|
||||
|
||||
Woodpecker supports ssl configuration by mounting certificates into your container.
|
||||
|
||||
```diff
|
||||
# docker-compose.yml
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
woodpecker-server:
|
||||
[...]
|
||||
ports:
|
||||
+ - 80:80
|
||||
+ - 443:443
|
||||
- 9000:9000
|
||||
volumes:
|
||||
+ - /etc/certs/woodpecker.foo.com/server.crt:/etc/certs/woodpecker.foo.com/server.crt
|
||||
+ - /etc/certs/woodpecker.foo.com/server.key:/etc/certs/woodpecker.foo.com/server.key
|
||||
environment:
|
||||
- [...]
|
||||
+ - WOODPECKER_SERVER_CERT=/etc/certs/woodpecker.foo.com/server.crt
|
||||
+ - WOODPECKER_SERVER_KEY=/etc/certs/woodpecker.foo.com/server.key
|
||||
```
|
||||
|
||||
Update your configuration to expose the following ports:
|
||||
|
||||
```diff
|
||||
# docker-compose.yml
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
woodpecker-server:
|
||||
[...]
|
||||
ports:
|
||||
+ - 80:80
|
||||
+ - 443:443
|
||||
- 9000:9000
|
||||
```
|
||||
|
||||
Update your configuration to mount your certificate and key:
|
||||
|
||||
```diff
|
||||
# docker-compose.yml
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
woodpecker-server:
|
||||
[...]
|
||||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
- 9000:9000
|
||||
volumes:
|
||||
+ - /etc/certs/woodpecker.foo.com/server.crt:/etc/certs/woodpecker.foo.com/server.crt
|
||||
+ - /etc/certs/woodpecker.foo.com/server.key:/etc/certs/woodpecker.foo.com/server.key
|
||||
```
|
||||
|
||||
Update your configuration to provide the paths of your certificate and key:
|
||||
|
||||
```diff
|
||||
# docker-compose.yml
|
||||
version: '3'
|
||||
|
||||
services:
|
||||
woodpecker-server:
|
||||
[...]
|
||||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
- 9000:9000
|
||||
volumes:
|
||||
- /etc/certs/woodpecker.foo.com/server.crt:/etc/certs/woodpecker.foo.com/server.crt
|
||||
- /etc/certs/woodpecker.foo.com/server.key:/etc/certs/woodpecker.foo.com/server.key
|
||||
environment:
|
||||
+ - WOODPECKER_SERVER_CERT=/etc/certs/woodpecker.foo.com/server.crt
|
||||
+ - WOODPECKER_SERVER_KEY=/etc/certs/woodpecker.foo.com/server.key
|
||||
```
|
||||
|
||||
### Certificate Chain
|
||||
|
||||
The most common problem encountered is providing a certificate file without the intermediate chain.
|
||||
|
||||
> LoadX509KeyPair reads and parses a public/private key pair from a pair of files. The files must contain PEM encoded data. The certificate file may contain intermediate certificates following the leaf certificate to form a certificate chain.
|
||||
|
||||
### Certificate Errors
|
||||
|
||||
SSL support is provided using the [ListenAndServeTLS](https://golang.org/pkg/net/http/#ListenAndServeTLS) function from the Go standard library. If you receive certificate errors or warnings please examine your configuration more closely.
|
|
@ -11,7 +11,7 @@ pipeline:
|
|||
webhook:
|
||||
image: foo/webhook
|
||||
settings:
|
||||
url: http://foo.com
|
||||
url: http://example.com
|
||||
method: post
|
||||
body: |
|
||||
hello world
|
||||
|
@ -54,7 +54,7 @@ Execute your plugin locally from the command line to verify it is working:
|
|||
```nohighlight
|
||||
docker run --rm \
|
||||
-e PLUGIN_METHOD=post \
|
||||
-e PLUGIN_URL=http://foo.com \
|
||||
-e PLUGIN_URL=http://example.com \
|
||||
-e PLUGIN_BODY="hello world" \
|
||||
foo/webhook
|
||||
```
|
||||
|
|
|
@ -26,7 +26,7 @@ services:
|
|||
+ - WOODPECKER_LETS_ENCRYPT=true
|
||||
```
|
||||
|
||||
Note that Woodpecker uses the hostname from the `WOODPECKER_HOST` environment variable when requesting certificates. For example, if `WOODPECKER_HOST=https://foo.com` the certificate is requested for `foo.com`.
|
||||
Note that Woodpecker uses the hostname from the `WOODPECKER_HOST` environment variable when requesting certificates. For example, if `WOODPECKER_HOST=https://example.com` the certificate is requested for `example.com`.
|
||||
|
||||
>Once enabled you can visit your website at both the http and the https address
|
||||
|
||||
|
@ -58,12 +58,12 @@ services:
|
|||
+ - 443:443
|
||||
- 9000:9000
|
||||
volumes:
|
||||
+ - /etc/certs/woodpecker.foo.com/server.crt:/etc/certs/woodpecker.foo.com/server.crt
|
||||
+ - /etc/certs/woodpecker.foo.com/server.key:/etc/certs/woodpecker.foo.com/server.key
|
||||
+ - /etc/certs/woodpecker.example.com/server.crt:/etc/certs/woodpecker.example.com/server.crt
|
||||
+ - /etc/certs/woodpecker.example.com/server.key:/etc/certs/woodpecker.example.com/server.key
|
||||
environment:
|
||||
- [...]
|
||||
+ - WOODPECKER_SERVER_CERT=/etc/certs/woodpecker.foo.com/server.crt
|
||||
+ - WOODPECKER_SERVER_KEY=/etc/certs/woodpecker.foo.com/server.key
|
||||
+ - WOODPECKER_SERVER_CERT=/etc/certs/woodpecker.example.com/server.crt
|
||||
+ - WOODPECKER_SERVER_KEY=/etc/certs/woodpecker.example.com/server.key
|
||||
```
|
||||
|
||||
Update your configuration to expose the following ports:
|
||||
|
@ -95,8 +95,8 @@ services:
|
|||
- 443:443
|
||||
- 9000:9000
|
||||
volumes:
|
||||
+ - /etc/certs/woodpecker.foo.com/server.crt:/etc/certs/woodpecker.foo.com/server.crt
|
||||
+ - /etc/certs/woodpecker.foo.com/server.key:/etc/certs/woodpecker.foo.com/server.key
|
||||
+ - /etc/certs/woodpecker.example.com/server.crt:/etc/certs/woodpecker.example.com/server.crt
|
||||
+ - /etc/certs/woodpecker.example.com/server.key:/etc/certs/woodpecker.example.com/server.key
|
||||
```
|
||||
|
||||
Update your configuration to provide the paths of your certificate and key:
|
||||
|
@ -113,11 +113,11 @@ services:
|
|||
- 443:443
|
||||
- 9000:9000
|
||||
volumes:
|
||||
- /etc/certs/woodpecker.foo.com/server.crt:/etc/certs/woodpecker.foo.com/server.crt
|
||||
- /etc/certs/woodpecker.foo.com/server.key:/etc/certs/woodpecker.foo.com/server.key
|
||||
- /etc/certs/woodpecker.example.com/server.crt:/etc/certs/woodpecker.example.com/server.crt
|
||||
- /etc/certs/woodpecker.example.com/server.key:/etc/certs/woodpecker.example.com/server.key
|
||||
environment:
|
||||
+ - WOODPECKER_SERVER_CERT=/etc/certs/woodpecker.foo.com/server.crt
|
||||
+ - WOODPECKER_SERVER_KEY=/etc/certs/woodpecker.foo.com/server.key
|
||||
+ - WOODPECKER_SERVER_CERT=/etc/certs/woodpecker.example.com/server.crt
|
||||
+ - WOODPECKER_SERVER_KEY=/etc/certs/woodpecker.example.com/server.key
|
||||
```
|
||||
|
||||
### Certificate Chain
|
||||
|
|
|
@ -161,7 +161,7 @@ func TestWithProxy(t *testing.T) {
|
|||
}
|
||||
|
||||
// alter the default values
|
||||
noProxy = "foo.com"
|
||||
noProxy = "example.com"
|
||||
httpProxy = "bar.com"
|
||||
httpsProxy = "baz.com"
|
||||
|
||||
|
|
Loading…
Reference in a new issue