I tried to setup a drone server with SSL.
Using self-signed certificate it seems to work to a certain extent (even if I get a lot of TLS errors, maybe due to docker, not sure yet).
But when I tried to use the DRONE_TLS_AUTOCERT setting, the server does not support TLS at all.
I get the following error:
TLS handshake error from XX.XX.XX.XX:57745: acme/autocert: missing server name
Please provide more details such as a sample configuration.
The DRONE_TLS_AUTOCERT is definitely working because this is how we enable SSL for cloud.drone.io.
I use an EC2 instance behind an elastic IP with ubuntu 18.04 on it to host the drone server.
The process is deployed and configured with Ansible.
Here is the task that launch the drone server:
- name: Run drone.io server container
docker_container:
name: drone
image: drone/drone:1.0.0-rc.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/drone:/data
- /etc/ssl/crt/drone-io-ci.crt:/etc/ssl/crt/drone-io-ci.crt
- /etc/ssl/private/drone-io-ci.pem:/etc/ssl/private/drone-io-ci.pem
env:
DRONE_GITHUB_SERVER: https://github.com
DRONE_GITHUB_CLIENT_ID: “{{ github_client_id }}”
DRONE_GITHUB_CLIENT_SECRET: “{{ github_client_secret }}”
DRONE_SERVER_HOST: 18.XXX.XX.XXX (my elastic IP)
DRONE_SERVER_PROTO: https
DRONE_TLS_AUTOCERT: true
DRONE_USER_FILTER: myorg
DRONE_REPOSITORY_FILTER: myorg
DRONE_RPC_SECRET: correct-horse-batter-staple
ports:
- “443:443”
- “80:80”
restart: yes
detach: yes
become: yes
When I test if the server support TLS with chrome or https://www.ssllabs.com/, it fails and the docker logs show the following errors:
2018/12/11 15:10:29 http: TLS handshake error from 194.98.50.138:58217: acme/autocert: missing server name
2018/12/11 15:10:29 http: TLS handshake error from 194.98.50.138:58219: acme/autocert: missing server name
2018/12/11 15:10:32 http: TLS handshake error from 194.98.50.138:58221: acme/autocert: missing server name
DRONE_SERVER_HOST must be set to your domain name (e.g. company.com) not your IP