SSl Not working for 0.7 version of drone

Drone Support
1

Hi Team,

I am not able to configure ssl using 0.7 drone version

Below is my docker-compose file

version: ‘3’

services:
drone-server:
image: drone/drone:0.7
ports:
- 80:8000
- 443:443
volumes:
- /var/lib/drone:/var/lib/drone
- /etc/certs/drone.foo.com/server.crt:/etc/certs/drone-server/server.crt
- /etc/certs/drone.foo.com/server.key:/etc/certs/drone-server/server.key
restart: always
environment:
- DRONE_SECRET=vQO8Ke4eUNjoMo5ScuiFvCRwzRVpnk8ZXuN5rIw2NDb5DBzmrC6AnrzpIfzhAa7dH
- DRONE_HOST=https://drone-server
- DRONE_OPEN=false
- DRONE_GITHUB=true
- DRONE_GITHUB_CLIENT=xxxxxx
- DRONE_GITHUB_SECRET=xxxxxxxxxx
- DRONE_GITHUB_SKIP_VERIFY=false
drone-agent:
image: drone/drone:0.7
command: agent
depends_on:
- drone-server
volumes:
- /var/run/docker.sock:/var/run/docker.sock
restart: always
environment:
- DRONE_SECRET=vQO8Ke4eUNjoMo5ScuiFvCRwzRVpnk8ZXuN5rIw2NDb5DBzmrC6AnrzpIfzhAa7dH
- DRONE_SERVER=wss://drone-server/ws/broker

ERRORLOGS

drone-agent_1 | rpc: error re-connecting: dial tcp 172.18.0.2:443: getsockopt: connection refused

2

SSL does work with drone 0.7. I believe the problem is with your configuration. Since you are running the agent and server on the same machine, and connecting using the drone-server hostname, you should use the default configuration:

-DRONE_SERVER=wss://drone-server/ws/broker
+DRONE_SERVER=ws://drone-server/ws/broker

The problem with trying to use wss://drone-server is that you are using the internal docker hostname (drone-server) which will not match your SSL certificate. Since you are running the agent and server on the same machine, you do not really need to connect over wss. In this case ws will work just fine.

3

Thanks for the reply,

Can you please provide me the complete configuration to run drone with SSL for version 0.7.
Or could you please help me with complete documentation of version 0.7.

Thanks again for the reply.

4

Hi ,

I have made the changes but still I am getting the below logs

drone-agent_1 | rpc: error re-connecting: dial tcp 172.18.0.2:80: getsockopt: connection refused
drone-agent_1 | rpc: error re-connecting: dial tcp 172.18.0.2:80: getsockopt: connection refused
drone-agent_1 | rpc: error re-connecting: dial tcp 172.18.0.2:80: getsockopt: connection refused
drone-server_1 | [GIN-debug] [WARNING] Running in “debug” mode. Switch to “release” mode in production.
drone-server_1 | - using env: export GIN_MODE=release
drone-server_1 | - using code: gin.SetMode(gin.ReleaseMode)

Configurations docker-compose

version: ‘3’

services:
drone-server:
image: drone/drone:0.7
ports:
- 80:8000
- 443:443
volumes:
- /var/lib/drone:/var/lib/drone
- /etc/certs/drone.foo.com/server.crt:/etc/certs/drone-server/server.crt
- /etc/certs/drone.foo.com/server.key:/etc/certs/drone-server/server.key
restart: always
environment:
- DRONE_SECRET=vQO8Ke4eUNjoMo5ScuiFvCRwzRVpnk8ZXuN5rIw2NDb5DBzmrC6AnrzpIfzhAa7dH
- DRONE_HOST=https://drone-server
- DRONE_OPEN=false
- DRONE_GITHUB=true
- DRONE_GITHUB_CLIENT=xxxxxx
- DRONE_GITHUB_SECRET=xxxxxxxx
drone-agent:
image: drone/drone:0.7
command: agent
depends_on:
- drone-server
volumes:
- /var/run/docker.sock:/var/run/docker.sock
restart: always
environment:
- DRONE_SECRET=vQO8Ke4eUNjoMo5ScuiFvCRwzRVpnk8ZXuN5rIw2NDb5DBzmrC6AnrzpIfzhAa7dH
- DRONE_SERVER=ws://drone-server/ws/broker

5

Looks like you are missing the port, ws://drone-server:8000/ws/broker

6

Note that if you are installing from scratch, please consider using 0.8. The 0.7 version will not be supported going forward, and with 0.7 you will be missing critical bug fixes.