Hi,
I am running a DRONE server in a server that is used as a web application server as well (using Apache).
Drone server command:
docker run
–volume=/var/lib/drone:/data
–env=DRONE_GITHUB_CLIENT_ID=CLIENT_ID
–env=DRONE_GITHUB_CLIENT_SECRET=CLIENT_SECRET
–env=DRONE_RPC_SECRET=RPC_SECRET
–env=DRONE_SERVER_HOST=SERVER_IP
–env=DRONE_SERVER_PROTO=https
–env=DRONE_YAML_ENDPOINT=SOME_URL
–publish=8080:80
–publish=8443:443
–restart=always
–detach=true
–name=drone
drone/drone:1
docker ps:
id drone/drone:1 “/bin/drone-server” 29 minutes ago Up 29 minutes 0.0.0.0:8080->80/tcp, 0.0.0.0:8443->443/tcp drone
Now, the whole setup is working with http, means I can reach http://SERVER_IP:8080/ and see the repositories.
But when I try to reach https://SERVER_IP:8443/
I get “This site can’t be reached”, “ERR_CONNECTION_CLOSED”.
Port 8443 is open in firewall, I’ve checked it running from my PC:
nc -zvw3 IP_ADDRESS 8443
Connection to IP_ADDRESS 8443 port [tcp/*] succeeded!
Anyone knows how to fix it?
Thanks
Hi,
Have you tried using lets encrypt, with public certs so that it becomes htts by default?
note that lets encrypt can only be used with port 80 and 443 and cannot be used with other ports. Since this individual already has an Apache web server running on the host using these ports, they would not be able to use lets encrypt.
Do you know how can I fix this issue?
looking at your Drone server configuration, you are attempting to access Drone using the https address but you have not configured or mounted your ssl certificate. If no certificate is mounted, Drone cannot serve https requests. See https://docs.drone.io/server/https/
Hi,
Following Certificates | Drone
I’ve added
–env=DRONE_TLS_AUTOCERT=true
to the server configuration,
Now I get " This site can’t provide a secure connection"
“ERR_SSL_PROTOCOL_ERROR”
I’ve also tried with DRONE_TLS_CERT and DRONE_TLS_KEY, but I don’t have .crt and .key files in Apache ssl folder, just “certificates” and “combined” files.
@Alvaro-solidrun did you see my previous commands here and here. You need to mount your ssl certs as a volume into your container, as shown in the Certificates section of the docs. You cannot use Lets Encrypt (autocert) with Drone because this requires ports 443 and 80 and will not work with the ports you have configured (8443 and 8080).
Thanks for the replay,
I actually did intend to use this approach,
But I got
“Your connection is not private” “ERR_CERT_COMMON_NAME_INVALID” errors.
Drone is written in Go and the Go standard library has a function called ListenAndServeTLS. This function is used to server https traffic, and accepts your certificate file path and your key file path as show below.
func ListenAndServeTLS(addr, certFile, keyFile string, handler Handler) error
It is unlikely to be a bug with the Go standard library and how it handles https, which would therefore lead me to suggest that perhaps there is a problem with your certificate files. I did some quick googling which suggests this may be the case [1]. Unfortunately this is not an area of expertise of mine so I cannot offer much help.
I would also point out that, if your certificates are self-signed, this may also cause problems for clients that are trying to access the Drone server address. You may need to configure these clients to ignore ssl verification before they will proceed.
[1] https://stackoverflow.com/questions/44711260/chrome-59-neterr-cert-common-name-invalid
Ok, I’ll check it out.
Thanks