search

harness / gitness

Gitness is an Open Source developer platform with Source Control management, Continuous Integration and Continuous Delivery.
https://gitness.com
Apache License 2.0
32.12k stars 2.8k forks source link

[question] drone webhook: Delivery: Post https://IP/hook?secret=R0lLcaCziqICP3: x509: certificate is valid for *, not * #2926

Closed everhopingandwaiting closed 4 years ago

everhopingandwaiting commented 4 years ago

gitea + drone

when gitea send the hook to drone, errors Delivery: Post https://IP/hook?secret=R0lLcaCziqICP3: x509: certificate is valid for , not drone config: 

  drone-server:
    image: drone/drone
    depends_on: 
    - gitea-server
    container_name: drone-server
    ports:
      - "5000:80"
      # - 9000
      # - "5001:443"
    volumes:
      # - ${BASE_PATH}/drone_:/var/lib/drone
      - ${BASE_PATH}/drone_:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    restart: always
    networks:
      - overlay
    environment:
      - DRONE_JSONNET_ENABLED=true
      # GITEA CONFIG
      - DRONE_GITEA_SERVER=${GITEA_SERVER}
      - DRONE_SERVER_HOST=${DRONE_SERVER_HOST}
      - DRONE_AGENTS_ENABLED=true
      - DRONE_GITEA_CLIENT_ID=${DRONE_GITEA_CLIENT_ID}
      - DRONE_GITEA_CLIENT_SECRET=${DRONE_GITEA_CLIENT_SECRET}
      - TZ=Asia/Shanghai
      - DRONE_OPEN=true
      - DRONE_GIT_ALWAYS_AUTH=true
      - DRONE_RPC_SECRET=aa3dad124133bc6d197e10257f5234c9
      # user
      - DRONE_USER_CREATE=username:jyao,admin:true
      # ssl
      - DRONE_GITEA_SKIP_VERIFY=true
      - DRONE_GITHUB_SKIP_VERIFY=true
      - DRONE_GOGS_SKIP_VERIFY=true
      - DRONE_SERVER_PROTO=${DRONE_SERVER_PROTO}
      - DRONE_VALIDATE_PLUGIN_SKIP_VERIFY=true
      - DRONE_WEBHOOK_SKIP_VERIFY=true
      - DRONE_TLS_AUTOCERT=true
      # - DRONE_HTTP_SSL_REDIRECT=true
      # log
      - DRONE_LOGS_COLOR=true
      # cron
      - DRONE_CRON_INTERVAL=1h

runner config: 

  docker-runner:
    image: drone/drone-runner-docker
    depends_on: 
    - drone-vault
    container_name: docker-runner
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      # vault config
      - DRONE_SECRET_PLUGIN_SKIP_VERIFY=true
      - DRONE_SECRET_PLUGIN_ENDPOINT=http://drone-vault:3000
      - DRONE_SECRET_PLUGIN_TOKEN=${VAULT_TOKEN}
      # runner config
      - DRONE_RPC_SKIP_VERIFY=true
      - DRONE_RPC_PROTO=http
      - DRONE_RPC_HOST=drone-server

then nginx config: 


    server {
        listen 443 ssl;
        ssl_certificate /opt/openssl/domain.crt;
        ssl_certificate_key /opt/openssl/domain.key;
        # ssl_session_cache shared:SSL:1m;
        # ssl_session_timeout 5m;
        # ssl_verify_client off;
        # ssl_ciphers HIGH:!aNULL:!MD5;
        # ssl_prefer_server_ciphers on;
        server_name drone;
        location / {
            proxy_pass http://drone-server;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
        error_page 500 502 503 504 /50x.html;
    }

openssl config

openssl req -newkey rsa:4096 -nodes -keyout domain.key -x509 -days 300 -out domain.crt

image

ashwilliams1 commented 4 years ago

:wave: hey there, per our issue template, for end-user support please use one of our support channels, such as our chatroom or our mailing list.