woodpecker/docs/docs/administration/ssl.md
2019-11-13 20:04:14 +01:00

2.5 KiB

SSL

Woodpecker supports ssl configuration by mounting certificates into your container.

services:
  woodpecker-server:
    image: laszlocloud/woodpecker-server:v0.9.0
    ports:
+     - 80:80
+     - 443:443
      - 9000:9000
    volumes:
      - /var/lib/drone:/var/lib/drone/
+     - /etc/certs/woodpecker.foo.com/server.crt:/etc/certs/woodpecker.foo.com/server.crt
+     - /etc/certs/woodpecker.foo.com/server.key:/etc/certs/woodpecker.foo.com/server.key
    restart: always
    environment:
+     - DRONE_SERVER_CERT=/etc/certs/woodpecker.foo.com/server.crt
+     - DRONE_SERVER_KEY=/etc/certs/woodpecker.foo.com/server.key

Update your configuration to expose the following ports:

services:
  woodpecker-server:
    image: laszlocloud/woodpecker-server:v0.9.0
    ports:
+     - 80:80
+     - 443:443
      - 9000:9000

Update your configuration to mount your certificate and key:

services:
  woodpecker-server:
    image: laszlocloud/woodpecker-server:v0.9.0
    ports:
      - 80:80
      - 443:443
      - 9000:9000
    volumes:
      - /var/lib/drone:/var/lib/drone/
+     - /etc/certs/woodpecker.foo.com/server.crt:/etc/certs/woodpecker.foo.com/server.crt
+     - /etc/certs/woodpecker.foo.com/server.key:/etc/certs/woodpecker.foo.com/server.key

Update your configuration to provide the paths of your certificate and key:

services:
  woodpecker-server:
    image: laszlocloud/woodpecker-server:v0.9.0
    ports:
      - 80:80
      - 443:443
      - 9000:9000
    volumes:
      - /var/lib/drone:/var/lib/drone/
      - /etc/certs/woodpecker.foo.com/server.crt:/etc/certs/woodpecker.foo.com/server.crt
      - /etc/certs/woodpecker.foo.com/server.key:/etc/certs/woodpecker.foo.com/server.key
    restart: always
    environment:
+     - DRONE_SERVER_CERT=/etc/certs/woodpecker.foo.com/server.crt
+     - DRONE_SERVER_KEY=/etc/certs/woodpecker.foo.com/server.key

Certificate Chain

The most common problem encountered is providing a certificate file without the intermediate chain.

LoadX509KeyPair reads and parses a public/private key pair from a pair of files. The files must contain PEM encoded data. The certificate file may contain intermediate certificates following the leaf certificate to form a certificate chain.

Certificate Errors

SSL support is provided using the ListenAndServeTLS function from the Go standard library. If you receive certificate errors or warnings please examine your configuration more closely.