Drone, Gitea, Ngnix, Lets Encrypt

This repos was forked from github user cnbattle

I was inspired to host my own "gitlab/github clone" on my own hardware with docker. This stack has most everything needed for someone to host something from their own box running docker. Each docker service defined in the docker-compose.yml file has a specific job to do.

• Gitea: the git remote host (think github clone)
• Drone: Ci server / runner
• Nginx-proxy: reverse proxy for using one docker host while routing to many domain names.
• Let's Encrypt companion: handles the renewal of ssl certs automagicaly!

Lets get started!

To get started clone down this repository. Observe the contents of example.env, this file is an example of the main configuration file for the docker hosts.

Each of these fields are required and may include differences in configuration depending on the ending configuration. As written example.env assumes that one should like to use every possible option.

Each section corresponds to the associated service docker-compose directive.

#LetsEncrypt
LETSENCRYPT_DEFAULT_EMAIL=youremail@example.com

#Gitea Server
GITEA_HOST=gitea.example.com

#Drone Server 
DRONE_GITEA_SERVER=https://gitea.example.com
DRONE_GITEA_CLIENT_ID=da1cdbdd-a50d-4367-80d8-a7fdff8c65544 #Oauth application id from gitea 
DRONE_GITEA_CLIENT_SECRET=ftJDp0UdFgutff9K3XuFZZKAXCLaHZxKA-psdyS_LkE=  #Oauth application secret
DRONE_RPC_SECRET=a1cf994e8978e95899f31679866c239470f0 #Generated drone RPC secret
DRONE_SERVER_HOST=drone.example.com
DRONE_SERVER_PROTO=https

#Drone Runner
DRONE_RPC_PROTO=http
DRONE_RPC_HOST=drone.example.com:8000 #Set this to the box host to bypass the proxy
DRONE_RUNNER_CAPACITY=2
DRONE_RUNNER_NAME=drone-runner

Considerations for drone

Before running the service cluster we must tell nginx-proxy that the domain with drone will be running with extra http headers. Modify the file located in the proxy/vhost directory to be named with the following schema yourDronedomain.com_location this tells the proxy to only apply these rules to the drone domain.

Make sure the following is in the file.

# pass through headers
proxy_set_header        X-Real-IP $remote_addr;
proxy_set_header        X-Forwarded-For $remote_addr;
proxy_set_header        X-Forwarded-Proto $scheme;

In order to configure drone with Gitea we must run the cluster without drone Oauth configuration so start up with:

docker-compose up -d

Notice that DRONE_GITEA_CLIENT_ID and DRONE_GITEACLIENT_SECRET will be need to be filled in after creating a Oauth application in Gitea. Drone has documentation here.

Follow the tutorial and edit the file with the correct values generated by the Oauth Challenge.

docker-compose down && docker-compose up -d

That should do it, you now have a running remote repo / Ci! Happy codeing!

Troubleshooting

Although this configuration should work for most people there are some gotchas that may trip some people up. There are some assumptions taken by the configuration:

• A publicly reachable host on port 80 and 443, required by letsencrypt
• A Domain that is controlled by a a DNS provider that supports DNSSEC, required by letsencrypt
• A docker host that can expose port 80 and 443 on the host, ngnx-proxy
• Unique dns sub domains for Drone and gitea.

Help, It wont work with my configuration!

Dont panic ! Remember the hitch hikers guide!

This configuration may not meet the needs of people on networks that do not suport the above. Feel free to fork and hack away if that's the case ! If something just isn't lineing up drop us a Issue! We are happy to help!