Supported SSL configuration

Drone Support
1

Is there a supported way to configure SSL for Drone?

I noticed that https://github.com/drone/drone/blob/8aeb81b815100c39c50bef6180c3f4cb37e21b4e/drone/server.go#L40-L49 so it seems like Drone supports it natively? But then I heard this may be a deprecated feature.

So just curious what is the “supported” way to configure SSL for Drone. I ask because I’m having timeouts between drone and maybe my NGINX reverse proxy. So goal is to run something “supported” so if I continue to have issues I can resonablely ask for help. :wink:

2

check out drone.io - setting up a drone server to use TLS/SSL - Stack Overflow :slight_smile:

I ask because I’m having timeouts between drone and maybe my NGINX reverse proxy.

what sort of timeout issues are you seeing? Are these timeouts between drone + agent? I ask because we added the heartbeat which should be pinging the server every 30 seconds to keep the connection alive.

So goal is to run something “supported”

I definitely want to make sure drone works with nginx since it is so widely used, but I’m not an nginx expert by any means.

3

These are not timeouts between drone and the agent. This is some sort of issue with UI. Maybe it’s not a timeout…? Not 100% what is causing this but seeing things like:

Jan  9 13:50:22 drone docker/drone[8879]: #033[31m2017/01/09 13:50:22 [Recovery] panic recovered:
Jan  9 13:50:22 drone docker/drone[8879]: GET /api/user/feed?latest=true HTTP/1.1
Jan  9 13:50:22 drone docker/drone[8879]: Host: drone.company.com
Jan  9 13:50:22 drone docker/drone[8879]: Connection: close
Jan  9 13:50:22 drone docker/drone[8879]: Accept: */*
Jan  9 13:50:22 drone docker/drone[8879]: Accept-Encoding: gzip, deflate, sdch, br
Jan  9 13:50:22 drone docker/drone[8879]: Accept-Language: en-US,en;q=0.8
Jan  9 13:50:22 drone docker/drone[8879]: Connection: close
Jan  9 13:50:22 drone docker/drone[8879]: Cookie: ...
Jan  9 13:50:22 drone docker/drone[8879]: Referer: https://drone.company.com/
Jan  9 13:50:22 drone docker/drone[8879]: User-Agent: ...
Jan  9 13:50:22 drone docker/drone[8879]: X-Forwarded-For: ...
Jan  9 13:50:22 drone docker/drone[8879]: X-Forwarded-Proto: https
Jan  9 13:50:22 drone docker/drone[8879]: X-Real-Ip: ...
Jan  9 13:50:22 drone docker/drone[8879]: 
Jan  9 13:50:22 drone docker/drone[8879]: 
Jan  9 13:50:22 drone docker/drone[8879]: write tcp 172.17.0.2:8000->172.17.0.1:56780: write: broken pipe
Jan  9 13:50:22 drone docker/drone[8879]: /usr/local/go/src/runtime/panic.go:458 (0x443673)
Jan  9 13:50:22 drone docker/drone[8879]: /go/src/github.com/drone/drone/vendor/github.com/gin-gonic/gin/context.go:419 (0x71dfbb)
Jan  9 13:50:22 drone docker/drone[8879]: /go/src/github.com/drone/drone/server/user.go:37 (0x73fefd)
Jan  9 13:50:22 drone docker/drone[8879]: /go/src/github.com/drone/drone/vendor/github.com/gin-gonic/gin/context.go:97 (0x71c5ea)
Jan  9 13:50:22 drone docker/drone[8879]: /go/src/github.com/drone/drone/router/middleware/session/user.go:113 (0x72fb2d)
Jan  9 13:50:22 drone docker/drone[8879]: /go/src/github.com/drone/drone/vendor/github.com/gin-gonic/gin/context.go:97 (0x71c5ea)
Jan  9 13:50:22 drone docker/drone[8879]: /go/src/github.com/drone/drone/router/middleware/token/token.go:26 (0x7300a3)
Jan  9 13:50:22 drone docker/drone[8879]: /go/src/github.com/drone/drone/vendor/github.com/gin-gonic/gin/context.go:97 (0x71c5ea)
Jan  9 13:50:22 drone docker/drone[8879]: /go/src/github.com/drone/drone/router/middleware/session/user.go:68 (0x72f436)
Jan  9 13:50:22 drone docker/drone[8879]: /go/src/github.com/drone/drone/vendor/github.com/gin-gonic/gin/context.go:97 (0x71c5ea)
Jan  9 13:50:22 drone docker/drone[8879]: /go/src/github.com/drone/drone/router/middleware/store.go:17 (0x5808e7)
Jan  9 13:50:22 drone docker/drone[8879]: /go/src/github.com/drone/drone/vendor/github.com/gin-gonic/gin/context.go:97 (0x71c5ea)
Jan  9 13:50:22 drone docker/drone[8879]: /go/src/github.com/drone/drone/vendor/github.com/gin-gonic/contrib/ginrus/ginrus.go:26 (0x5877bc)
Jan  9 13:50:22 drone docker/drone[8879]: /go/src/github.com/drone/drone/vendor/github.com/gin-gonic/gin/context.go:97 (0x71c5ea)
Jan  9 13:50:22 drone docker/drone[8879]: /go/src/github.com/drone/drone/router/middleware/header/header.go:25 (0x72d4a0)
Jan  9 13:50:22 drone docker/drone[8879]: /go/src/github.com/drone/drone/vendor/github.com/gin-gonic/gin/context.go:97 (0x71c5ea)
Jan  9 13:50:22 drone docker/drone[8879]: /go/src/github.com/drone/drone/router/middleware/header/header.go:17 (0x72d441)
Jan  9 13:50:22 drone docker/drone[8879]: /go/src/github.com/drone/drone/vendor/github.com/gin-gonic/gin/context.go:97 (0x71c5ea)
Jan  9 13:50:22 drone docker/drone[8879]: /go/src/github.com/drone/drone/vendor/github.com/gin-gonic/gin/recovery.go:45 (0x72b07a)
Jan  9 13:50:22 drone docker/drone[8879]: /go/src/github.com/drone/drone/vendor/github.com/gin-gonic/gin/context.go:97 (0x71c5ea)
Jan  9 13:50:22 drone docker/drone[8879]: /go/src/github.com/drone/drone/vendor/github.com/gin-gonic/gin/gin.go:284 (0x72256e)
Jan  9 13:50:22 drone docker/drone[8879]: /go/src/github.com/drone/drone/vendor/github.com/gin-gonic/gin/gin.go:265 (0x721e50)
Jan  9 13:50:22 drone docker/drone[8879]: /usr/local/go/src/net/http/server.go:2202 (0x55168d)
Jan  9 13:50:22 drone docker/drone[8879]: /usr/local/go/src/net/http/server.go:1579 (0x54df87)
Jan  9 13:50:22 drone docker/drone[8879]: /usr/local/go/src/runtime/asm_amd64.s:2086 (0x4762a1)
Jan  9 13:50:22 drone docker/drone[8879]: #033[0m

This happens about ~20 times a day. It seems to only interrupt the UI for people and not affect jobs which is good. It happens for different endpoints as well.

So it seems network traffic between drone container and docker host system gets interrupted. Wanted to remove nginx if I don’t need it to rule it out. Maybe this is a completely unrelated thing I should open a new topic on for though?

4

Any thoughts @bradrydzewski? Should I open a new topic for this? Or do you think trying to remove nginx might help here after all?

5

Can you try to get more of the stacktrace? That might help pinpoint the source of the panic. I think we definitely want to resolve any panics in the codebase.

6

I edited the original stack trace to include the rest. Sorry for snipping it earlier.

7

ok yes I see now … I think you are right that it is an interrupted network connection. In this case the logic next step does seem to be removing nginx to see if that fixes the problem.

8

So I recently did the following:

  • Updated Docker to 1.12.6 (from 1.11.2)
  • Removed NGINX reverse proxy and terminate SSL with Drone itself
  • Updated Drone itself to codebase from 01/12/17 (SHA: 928130d7faae005bfaffe4766e462629fd3d4592)

I still see panics. The error has changed slightly. Instead of write: broken pipe I see http2: stream closed.

Note: I “package” drone and its dependencies so everything is prepended with /go/src/git.company.com/drone/drone-release/vendor/.

Jan 26 14:09:35 drone drone[9888]: #033[31m2017/01/26 14:09:35 [Recovery] panic recovered:
Jan 26 14:09:35 drone drone[9888]: GET /api/user/feed?latest=true HTTP/2.0
Jan 26 14:09:35 drone drone[9888]: Host: drone.company.com
Jan 26 14:09:35 drone drone[9888]: Accept: */*
Jan 26 14:09:35 drone drone[9888]: Accept-Encoding: gzip, deflate
Jan 26 14:09:35 drone drone[9888]: Accept-Language: en-us
Jan 26 14:09:35 drone drone[9888]: Dnt: 1
Jan 26 14:09:35 drone drone[9888]: Referer: https://drone.company.com/
Jan 26 14:09:35 drone drone[9888]: User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/601.7.8 (KHTML, like Gecko) Version/9.1.3 Safari/601.7.8
Jan 26 14:09:35 drone drone[9888]: 
Jan 26 14:09:35 drone drone[9888]: 
Jan 26 14:09:35 drone drone[9888]: http2: stream closed
Jan 26 14:09:35 drone drone[9888]: /usr/local/go/src/runtime/panic.go:443 (0x44d329)
Jan 26 14:09:35 drone drone[9888]: /go/src/git.company.com/drone/drone-release/vendor/github.com/drone/drone/vendor/github.com/gin-gonic/gin/context.go:419 (0x79a9e5)
Jan 26 14:09:35 drone drone[9888]: /go/src/git.company.com/drone/drone-release/vendor/github.com/drone/drone/server/user.go:37 (0x7c688f)
Jan 26 14:09:35 drone drone[9888]: /go/src/git.company.com/drone/drone-release/vendor/github.com/drone/drone/vendor/github.com/gin-gonic/gin/context.go:97 (0x798e9a)
Jan 26 14:09:35 drone drone[9888]: /go/src/git.company.com/drone/drone-release/vendor/github.com/drone/drone/router/middleware/session/user.go:113 (0x7b0a71)
Jan 26 14:09:35 drone drone[9888]: /go/src/git.company.com/drone/drone-release/vendor/github.com/drone/drone/vendor/github.com/gin-gonic/gin/context.go:97 (0x798e9a)
Jan 26 14:09:35 drone drone[9888]: /go/src/git.company.com/drone/drone-release/vendor/github.com/drone/drone/router/middleware/token/token.go:26 (0x7b0e3d)
Jan 26 14:09:35 drone drone[9888]: /go/src/git.company.com/drone/drone-release/vendor/github.com/drone/drone/vendor/github.com/gin-gonic/gin/context.go:97 (0x798e9a)
Jan 26 14:09:35 drone drone[9888]: /go/src/git.company.com/drone/drone-release/vendor/github.com/drone/drone/router/middleware/session/user.go:68 (0x7b03e5)
Jan 26 14:09:35 drone drone[9888]: /go/src/git.company.com/drone/drone-release/vendor/github.com/drone/drone/vendor/github.com/gin-gonic/gin/context.go:97 (0x798e9a)
Jan 26 14:09:35 drone drone[9888]: /go/src/git.company.com/drone/drone-release/vendor/github.com/drone/drone/router/middleware/store.go:17 (0x5ba293)
Jan 26 14:09:35 drone drone[9888]: /go/src/git.company.com/drone/drone-release/vendor/github.com/drone/drone/vendor/github.com/gin-gonic/gin/context.go:97 (0x798e9a)
Jan 26 14:09:35 drone drone[9888]: /go/src/git.company.com/drone/drone-release/vendor/github.com/drone/drone/vendor/github.com/gin-gonic/contrib/ginrus/ginrus.go:26 (0x5c2a5c)
Jan 26 14:09:35 drone drone[9888]: /go/src/git.company.com/drone/drone-release/vendor/github.com/drone/drone/vendor/github.com/gin-gonic/gin/context.go:97 (0x798e9a)
Jan 26 14:09:35 drone drone[9888]: /go/src/git.company.com/drone/drone-release/vendor/github.com/drone/drone/router/middleware/header/header.go:25 (0x7ad314)
Jan 26 14:09:35 drone drone[9888]: /go/src/git.company.com/drone/drone-release/vendor/github.com/drone/drone/vendor/github.com/gin-gonic/gin/context.go:97 (0x798e9a)
Jan 26 14:09:35 drone drone[9888]: /go/src/git.company.com/drone/drone-release/vendor/github.com/drone/drone/router/middleware/header/header.go:17 (0x7ad150)
Jan 26 14:09:35 drone drone[9888]: /go/src/git.company.com/drone/drone-release/vendor/github.com/drone/drone/vendor/github.com/gin-gonic/gin/context.go:97 (0x798e9a)
Jan 26 14:09:35 drone drone[9888]: /go/src/git.company.com/drone/drone-release/vendor/github.com/drone/drone/vendor/github.com/gin-gonic/gin/recovery.go:45 (0x7aa4b1)
Jan 26 14:09:35 drone drone[9888]: /go/src/git.company.com/drone/drone-release/vendor/github.com/drone/drone/vendor/github.com/gin-gonic/gin/context.go:97 (0x798e9a)
Jan 26 14:09:35 drone drone[9888]: /go/src/git.company.com/drone/drone-release/vendor/github.com/drone/drone/vendor/github.com/gin-gonic/gin/gin.go:284 (0x79faf2)
Jan 26 14:09:35 drone drone[9888]: /go/src/git.company.com/drone/drone-release/vendor/github.com/drone/drone/vendor/github.com/gin-gonic/gin/gin.go:265 (0x79f727)
Jan 26 14:09:35 drone drone[9888]: /usr/local/go/src/net/http/server.go:2081 (0x58703e)
Jan 26 14:09:35 drone drone[9888]: /usr/local/go/src/net/http/server.go:2489 (0x5888d1)
Jan 26 14:09:35 drone drone[9888]: <autogenerated>:253 (0x5af696)
Jan 26 14:09:35 drone drone[9888]: /usr/local/go/src/net/http/h2_bundle.go:3847 (0x59c6f0)
Jan 26 14:09:35 drone drone[9888]: /usr/local/go/src/net/http/h2_bundle.go:4060 (0x55e69f)
Jan 26 14:09:35 drone drone[9888]: /usr/local/go/src/runtime/asm_amd64.s:1998 (0x47fc31)
Jan 26 14:09:35 drone drone[9888]: #033[0m