From 1c4efe158286dcfb18efca0d2cc8bbbe168ad743 Mon Sep 17 00:00:00 2001 From: Alexis Lefebvre Date: Wed, 14 Sep 2022 15:15:06 +0200 Subject: [PATCH] use example.com instead of foo.com (#1188) http://example.com/ is a reserved domain name, which is perfect for examples, while foo.com is a random domain name --- .../20-usage/51-plugins/20-sample-plugin.md | 4 +- docs/docs/30-administration/60-ssl.md | 129 ------------------ .../20-usage/51-plugins/20-sample-plugin.md | 4 +- .../version-0.15/30-administration/60-ssl.md | 22 +-- .../frontend/yaml/compiler/option_test.go | 2 +- 5 files changed, 16 insertions(+), 145 deletions(-) delete mode 100644 docs/docs/30-administration/60-ssl.md diff --git a/docs/docs/20-usage/51-plugins/20-sample-plugin.md b/docs/docs/20-usage/51-plugins/20-sample-plugin.md index 255bc8b8e..d7bf5918d 100644 --- a/docs/docs/20-usage/51-plugins/20-sample-plugin.md +++ b/docs/docs/20-usage/51-plugins/20-sample-plugin.md @@ -11,7 +11,7 @@ pipeline: webhook: image: foo/webhook settings: - url: http://foo.com + url: http://example.com method: post body: | hello world @@ -54,7 +54,7 @@ Execute your plugin locally from the command line to verify it is working: ```nohighlight docker run --rm \ -e PLUGIN_METHOD=post \ - -e PLUGIN_URL=http://foo.com \ + -e PLUGIN_URL=http://example.com \ -e PLUGIN_BODY="hello world" \ foo/webhook ``` diff --git a/docs/docs/30-administration/60-ssl.md b/docs/docs/30-administration/60-ssl.md deleted file mode 100644 index 466cd2434..000000000 --- a/docs/docs/30-administration/60-ssl.md +++ /dev/null @@ -1,129 +0,0 @@ -# SSL - -Woodpecker supports two ways of enabling SSL communication. You can either use Let's Encrypt to get automated SSL support with -renewal or provide your own SSL certificates. - -## Let's Encrypt - -Woodpecker supports automated SSL configuration and updates using Let's Encrypt. - -You can enable Let's Encrypt by making the following modifications to your server configuration: - -```diff -# docker-compose.yml -version: '3' - -services: - woodpecker-server: - [...] - ports: -+ - 80:80 -+ - 443:443 - - 9000:9000 - environment: - - [...] -+ - WOODPECKER_LETS_ENCRYPT=true -+ - WOODPECKER_LETS_ENCRYPT_EMAIL=ssl-admin@example.tld -``` - -Note that Woodpecker uses the hostname from the `WOODPECKER_HOST` environment variable when requesting certificates. For example, if `WOODPECKER_HOST=https://foo.com` is set the certificate is requested for `foo.com`. To receive emails before certificates expire Let's Encrypt requires an email address. You can set it with `WOODPECKER_LETS_ENCRYPT_EMAIL=ssl-admin@example.tld`. - -The SSL certificates are stored in `$HOME/.local/share/certmagic` for binary versions of Woodpecker and in `/var/lib/woodpecker` for the Container versions of it. You can set a custom path by setting `XDG_DATA_HOME` if required. - -> Once enabled you can visit the Woodpecker UI with http and the HTTPS address. HTTP will be redirected to HTTPS. - -### Certificate Cache - -Woodpecker writes the certificates to `/var/lib/woodpecker/certmagic/`. - -### Certificate Updates - -Woodpecker uses the official Go acme library which will handle certificate upgrades. There should be no addition configuration or management required. - -## SSL with own certificates - -Woodpecker supports ssl configuration by mounting certificates into your container. - -```diff -# docker-compose.yml -version: '3' - -services: - woodpecker-server: - [...] - ports: -+ - 80:80 -+ - 443:443 - - 9000:9000 - volumes: -+ - /etc/certs/woodpecker.foo.com/server.crt:/etc/certs/woodpecker.foo.com/server.crt -+ - /etc/certs/woodpecker.foo.com/server.key:/etc/certs/woodpecker.foo.com/server.key - environment: - - [...] -+ - WOODPECKER_SERVER_CERT=/etc/certs/woodpecker.foo.com/server.crt -+ - WOODPECKER_SERVER_KEY=/etc/certs/woodpecker.foo.com/server.key -``` - -Update your configuration to expose the following ports: - -```diff -# docker-compose.yml -version: '3' - -services: - woodpecker-server: - [...] - ports: -+ - 80:80 -+ - 443:443 - - 9000:9000 -``` - -Update your configuration to mount your certificate and key: - -```diff -# docker-compose.yml -version: '3' - -services: - woodpecker-server: - [...] - ports: - - 80:80 - - 443:443 - - 9000:9000 - volumes: -+ - /etc/certs/woodpecker.foo.com/server.crt:/etc/certs/woodpecker.foo.com/server.crt -+ - /etc/certs/woodpecker.foo.com/server.key:/etc/certs/woodpecker.foo.com/server.key -``` - -Update your configuration to provide the paths of your certificate and key: - -```diff -# docker-compose.yml -version: '3' - -services: - woodpecker-server: - [...] - ports: - - 80:80 - - 443:443 - - 9000:9000 - volumes: - - /etc/certs/woodpecker.foo.com/server.crt:/etc/certs/woodpecker.foo.com/server.crt - - /etc/certs/woodpecker.foo.com/server.key:/etc/certs/woodpecker.foo.com/server.key - environment: -+ - WOODPECKER_SERVER_CERT=/etc/certs/woodpecker.foo.com/server.crt -+ - WOODPECKER_SERVER_KEY=/etc/certs/woodpecker.foo.com/server.key -``` - -### Certificate Chain - -The most common problem encountered is providing a certificate file without the intermediate chain. - -> LoadX509KeyPair reads and parses a public/private key pair from a pair of files. The files must contain PEM encoded data. The certificate file may contain intermediate certificates following the leaf certificate to form a certificate chain. - -### Certificate Errors - -SSL support is provided using the [ListenAndServeTLS](https://golang.org/pkg/net/http/#ListenAndServeTLS) function from the Go standard library. If you receive certificate errors or warnings please examine your configuration more closely. diff --git a/docs/versioned_docs/version-0.15/20-usage/51-plugins/20-sample-plugin.md b/docs/versioned_docs/version-0.15/20-usage/51-plugins/20-sample-plugin.md index e5a3b1f87..0d9642d12 100644 --- a/docs/versioned_docs/version-0.15/20-usage/51-plugins/20-sample-plugin.md +++ b/docs/versioned_docs/version-0.15/20-usage/51-plugins/20-sample-plugin.md @@ -11,7 +11,7 @@ pipeline: webhook: image: foo/webhook settings: - url: http://foo.com + url: http://example.com method: post body: | hello world @@ -54,7 +54,7 @@ Execute your plugin locally from the command line to verify it is working: ```nohighlight docker run --rm \ -e PLUGIN_METHOD=post \ - -e PLUGIN_URL=http://foo.com \ + -e PLUGIN_URL=http://example.com \ -e PLUGIN_BODY="hello world" \ foo/webhook ``` diff --git a/docs/versioned_docs/version-0.15/30-administration/60-ssl.md b/docs/versioned_docs/version-0.15/30-administration/60-ssl.md index 8af876931..4357e0ca7 100644 --- a/docs/versioned_docs/version-0.15/30-administration/60-ssl.md +++ b/docs/versioned_docs/version-0.15/30-administration/60-ssl.md @@ -26,7 +26,7 @@ services: + - WOODPECKER_LETS_ENCRYPT=true ``` -Note that Woodpecker uses the hostname from the `WOODPECKER_HOST` environment variable when requesting certificates. For example, if `WOODPECKER_HOST=https://foo.com` the certificate is requested for `foo.com`. +Note that Woodpecker uses the hostname from the `WOODPECKER_HOST` environment variable when requesting certificates. For example, if `WOODPECKER_HOST=https://example.com` the certificate is requested for `example.com`. >Once enabled you can visit your website at both the http and the https address @@ -58,12 +58,12 @@ services: + - 443:443 - 9000:9000 volumes: -+ - /etc/certs/woodpecker.foo.com/server.crt:/etc/certs/woodpecker.foo.com/server.crt -+ - /etc/certs/woodpecker.foo.com/server.key:/etc/certs/woodpecker.foo.com/server.key ++ - /etc/certs/woodpecker.example.com/server.crt:/etc/certs/woodpecker.example.com/server.crt ++ - /etc/certs/woodpecker.example.com/server.key:/etc/certs/woodpecker.example.com/server.key environment: - [...] -+ - WOODPECKER_SERVER_CERT=/etc/certs/woodpecker.foo.com/server.crt -+ - WOODPECKER_SERVER_KEY=/etc/certs/woodpecker.foo.com/server.key ++ - WOODPECKER_SERVER_CERT=/etc/certs/woodpecker.example.com/server.crt ++ - WOODPECKER_SERVER_KEY=/etc/certs/woodpecker.example.com/server.key ``` Update your configuration to expose the following ports: @@ -95,8 +95,8 @@ services: - 443:443 - 9000:9000 volumes: -+ - /etc/certs/woodpecker.foo.com/server.crt:/etc/certs/woodpecker.foo.com/server.crt -+ - /etc/certs/woodpecker.foo.com/server.key:/etc/certs/woodpecker.foo.com/server.key ++ - /etc/certs/woodpecker.example.com/server.crt:/etc/certs/woodpecker.example.com/server.crt ++ - /etc/certs/woodpecker.example.com/server.key:/etc/certs/woodpecker.example.com/server.key ``` Update your configuration to provide the paths of your certificate and key: @@ -113,11 +113,11 @@ services: - 443:443 - 9000:9000 volumes: - - /etc/certs/woodpecker.foo.com/server.crt:/etc/certs/woodpecker.foo.com/server.crt - - /etc/certs/woodpecker.foo.com/server.key:/etc/certs/woodpecker.foo.com/server.key + - /etc/certs/woodpecker.example.com/server.crt:/etc/certs/woodpecker.example.com/server.crt + - /etc/certs/woodpecker.example.com/server.key:/etc/certs/woodpecker.example.com/server.key environment: -+ - WOODPECKER_SERVER_CERT=/etc/certs/woodpecker.foo.com/server.crt -+ - WOODPECKER_SERVER_KEY=/etc/certs/woodpecker.foo.com/server.key ++ - WOODPECKER_SERVER_CERT=/etc/certs/woodpecker.example.com/server.crt ++ - WOODPECKER_SERVER_KEY=/etc/certs/woodpecker.example.com/server.key ``` ### Certificate Chain diff --git a/pipeline/frontend/yaml/compiler/option_test.go b/pipeline/frontend/yaml/compiler/option_test.go index 52f0f0c9f..19b91f297 100644 --- a/pipeline/frontend/yaml/compiler/option_test.go +++ b/pipeline/frontend/yaml/compiler/option_test.go @@ -161,7 +161,7 @@ func TestWithProxy(t *testing.T) { } // alter the default values - noProxy = "foo.com" + noProxy = "example.com" httpProxy = "bar.com" httpsProxy = "baz.com"