82 lines
3.7 KiB
Markdown
82 lines
3.7 KiB
Markdown
# Drone, Gitea, Ngnix, Lets Encrypt
|
|
*This repos was forked from github user [cnbattle](https://github.com/cnbattle/drone-gitea)*
|
|
|
|
I was inspired to host my own "gitlab/github clone" on my own hardware with docker.
|
|
This stack has most everything needed for someone to host something from their own box running docker.
|
|
Each docker service defined in the `docker-compose.yml` file has a specific job to do.
|
|
|
|
- Gitea: the git remote host (think github clone)
|
|
- Drone: Ci server / runner
|
|
- Nginx-proxy: reverse proxy for using one docker host while routing to many domain names.
|
|
- Let's Encrypt companion: handles the renewal of ssl certs automagicaly!
|
|
|
|
## Lets get started!
|
|
To get started clone down this repository. Observe the contents of `example.env`, this file is an example of the main configuration file for the docker hosts.
|
|
|
|
Each of these fields are required and may include differences in configuration depending on the ending configuration. As written `example.env` assumes that one should like to use every possible option.
|
|
|
|
Each section corresponds to the associated service `docker-compose` directive.
|
|
```
|
|
#LetsEncrypt
|
|
LETSENCRYPT_DEFAULT_EMAIL=youremail@example.com
|
|
|
|
#Gitea Server
|
|
GITEA_HOST=gitea.example.com
|
|
|
|
#Drone Server
|
|
DRONE_GITEA_SERVER=https://gitea.example.com
|
|
DRONE_GITEA_CLIENT_ID=da1cdbdd-a50d-4367-80d8-a7fdff8c65544 #Oauth application id from gitea
|
|
DRONE_GITEA_CLIENT_SECRET=ftJDp0UdFgutff9K3XuFZZKAXCLaHZxKA-psdyS_LkE= #Oauth application secret
|
|
DRONE_RPC_SECRET=a1cf994e8978e95899f31679866c239470f0 #Generated drone RPC secret
|
|
DRONE_SERVER_HOST=drone.example.com
|
|
DRONE_SERVER_PROTO=https
|
|
|
|
#Drone Runner
|
|
DRONE_RPC_PROTO=http
|
|
DRONE_RPC_HOST=drone.example.com:8000 #Set this to the box host to bypass the proxy
|
|
DRONE_RUNNER_CAPACITY=2
|
|
DRONE_RUNNER_NAME=drone-runner
|
|
```
|
|
|
|
#### Considerations for drone
|
|
|
|
Before running the service cluster we must tell `nginx-proxy` that the domain with drone will be running with extra http headers. Modify the file located in the `proxy/vhost` directory to be named with the following schema `yourDronedomain.com_location` this tells the proxy to only apply these rules to the drone domain.
|
|
|
|
Make sure the following is in the file.
|
|
|
|
```
|
|
# pass through headers
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
```
|
|
|
|
In order to configure drone with Gitea we must run the cluster without drone Oauth configuration so start up with:
|
|
|
|
```
|
|
docker-compose up -d
|
|
```
|
|
|
|
Notice that `DRONE_GITEA_CLIENT_ID` and `DRONE_GITEACLIENT_SECRET` will be need to be filled in after creating a Oauth application in Gitea. Drone has documentation [here](https://docs.drone.io/server/provider/gitea/).
|
|
|
|
Follow the tutorial and edit the file with the correct values generated by the Oauth Challenge.
|
|
|
|
```
|
|
docker-compose down && docker-compose up -d
|
|
```
|
|
|
|
That should do it, you now have a running remote repo / Ci! Happy codeing!
|
|
|
|
## Troubleshooting
|
|
|
|
Although this configuration should work for most people there are some gotchas that may trip some people up. There are some assumptions taken by the configuration:
|
|
|
|
- A publicly reachable host on port 80 and 443, required by letsencrypt
|
|
- A Domain that is controlled by a a DNS provider that supports DNSSEC, required by letsencrypt
|
|
- A docker host that can expose port 80 and 443 on the host, ngnx-proxy
|
|
- Unique dns sub domains for Drone and gitea.
|
|
|
|
## Help, It wont work with my configuration!
|
|
*Dont panic ! Remember the hitch hikers guide!*
|
|
|
|
This configuration may not meet the needs of people on networks that do not suport the above. Feel free to fork and hack away if that's the case ! If something just isn't lineing up drop us a Issue! We are happy to help! |