mirrors/woodpecker
1
0
Fork 0
mirror of https://github.com/woodpecker-ci/woodpecker.git synced 2024-06-02 21:49:25 +00:00
Code Issues Projects Releases Wiki Activity
woodpecker/docs/administration/ssl.md
Laszlo Fogas c6326bdd19 Readme
2019-07-08 15:13:18 +02:00

2.4 KiB
Raw Blame History

Drone supports ssl configuration by mounting certificates into your container.

services:
  drone-server:
    image: drone/drone:{{% version %}}
    ports:
+     - 80:80
+     - 443:443
      - 9000:9000
    volumes:
      - /var/lib/drone:/var/lib/drone/
+     - /etc/certs/drone.foo.com/server.crt:/etc/certs/drone.foo.com/server.crt
+     - /etc/certs/drone.foo.com/server.key:/etc/certs/drone.foo.com/server.key
    restart: always
    environment:
+     - DRONE_SERVER_CERT=/etc/certs/drone.foo.com/server.crt
+     - DRONE_SERVER_KEY=/etc/certs/drone.foo.com/server.key

Update your configuration to expose the following ports:

services:
  drone-server:
    image: drone/drone:{{% version %}}
    ports:
+     - 80:80
+     - 443:443
      - 9000:9000

Update your configuration to mount your certificate and key:

services:
  drone-server:
    image: drone/drone:{{% version %}}
    ports:
      - 80:80
      - 443:443
      - 9000:9000
    volumes:
      - /var/lib/drone:/var/lib/drone/
+     - /etc/certs/drone.foo.com/server.crt:/etc/certs/drone.foo.com/server.crt
+     - /etc/certs/drone.foo.com/server.key:/etc/certs/drone.foo.com/server.key

Update your configuration to provide the paths of your certificate and key:

services:
  drone-server:
    image: drone/drone:{{% version %}}
    ports:
      - 80:80
      - 443:443
      - 9000:9000
    volumes:
      - /var/lib/drone:/var/lib/drone/
      - /etc/certs/drone.foo.com/server.crt:/etc/certs/drone.foo.com/server.crt
      - /etc/certs/drone.foo.com/server.key:/etc/certs/drone.foo.com/server.key
    restart: always
    environment:
+     - DRONE_SERVER_CERT=/etc/certs/drone.foo.com/server.crt
+     - DRONE_SERVER_KEY=/etc/certs/drone.foo.com/server.key

Certificate Chain

The most common problem encountered is providing a certificate file without the intermediate chain.

LoadX509KeyPair reads and parses a public/private key pair from a pair of files. The files must contain PEM encoded data. The certificate file may contain intermediate certificates following the leaf certificate to form a certificate chain.

Certificate Errors

SSL support is provided using the ListenAndServeTLS function from the Go standard library. If you receive certificate errors or warnings please examine your configuration more closely. Please do not create issues claiming SSL is broken.