如何在jwilder nginx docker映像后面使用gitea设置无人机

时间:2019-11-08 10:26:38

标签: docker nginx drone gitea

在我的gitea实例上设置无人机时遇到了一些问题,并且由于过去几年中针对无人机的不同环境变量使用不同配置的指南太多,我无法以这种方式为我设置它。 是的,我确实知道,他们明确声明“我们强烈建议在专用实例上安装Drone。我们不提供在同一实例上安装Drone和Gitea的最终用户支持。我们不提供最终用户支持排除单实例安装导致的网络复杂性。” 但我认为必须有一种方法可以将其安装在同一服务器上?

我当前的设置

drone docker-compose.yaml

version: "3.7"
services:
  drone_server:
    image: drone/drone
    container_name: drone_server
    ports:
      - 127.0.0.1:8091:80
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /srv/drone:/var/lib/drone/
    restart: always
    environment:
      - DRONE_GITEA_SERVER=https://gitea.mydomain.tld
      - DRONE_GITEA_CLIENT_ID=$GITEA_CLIENT_ID
      - DRONE_GITEA_CLIENT_SECRET=$GITEA_CLIENT_SECRET
      - DRONE_SERVER_HOST=drone.mydomain.tld
      - DRONE_SERVER_PROTO=https
      - DRONE_LOGS_DEBUG=true
      - DRONE_RPC_SECRET=$DRONE_SECRET
      - VIRTUAL_HOST=drone.mydomain.tld
      - LETSENCRYPT_HOST=drone.mydomain.tld
    networks:
      - proxy

networks:
  proxy:
    external:
      name: proxy_default

无人机的相应(自动生成)nginx配置

(gitea相等,但具有不同的子空间)

map $http_x_forwarded_proto $proxy_x_forwarded_proto {
  default $http_x_forwarded_proto;
  ''      $scheme;
}
map $http_x_forwarded_port $proxy_x_forwarded_port {
  default $http_x_forwarded_port;
  ''      $server_port;
}
map $http_upgrade $proxy_connection {
  default upgrade;
  '' close;
}
server_names_hash_bucket_size 128;
ssl_dhparam /etc/nginx/dhparam/dhparam.pem;
map $scheme $proxy_x_forwarded_ssl {
  default off;
  https on;
}
gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
log_format vhost '$host $remote_addr - $remote_user [$time_local] '
                 '"$request" $status $body_bytes_sent '
                 '"$http_referer" "$http_user_agent"';
access_log off;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
        ssl_prefer_server_ciphers off;
resolver 127.0.0.11;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;

# drone.mydomain.tld
upstream drone.mydomain.tld {
            ## Can be connected with "proxy_default" network
            # drone_server
            server 172.22.0.8:80;
            # Cannot connect to network of this container
            server 127.0.0.1 down;
}
server {
    server_name drone.mydomain.tld;
    listen 80 ;
    access_log /var/log/nginx/access.log vhost;
    return 301 https://$host$request_uri;
}
server {
    server_name drone.mydomain.tld;
    listen 443 ssl http2 ;
    access_log /var/log/nginx/access.log vhost;
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
    ssl_certificate /etc/nginx/certs/drone.mydomain.tld.crt;
    ssl_certificate_key /etc/nginx/certs/drone.mydomain.tld.key;
    ssl_dhparam /etc/nginx/certs/drone.mydomain.tld.dhparam.pem;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/nginx/certs/drone.mydomain.tld.chain.pem;
    add_header Strict-Transport-Security "max-age=31536000" always;
    include /etc/nginx/vhost.d/default;
    location / {
        proxy_pass http://drone.mydomain.tld;
    }
}

通过gitea Web界面创建gitea_client_id和secret,将重定向URL设置为https://drone.mydomain.tld/login

这是我看到的访问drone.mydomain.tld

drone auth

单击授权应用程序后,我的浏览器请求中的URL更改为https://drone.mydomain.tld/login?XXXXXXXX,它将一直加载直到nginx抛出502。在此初始授权之后,每个请求只会导致以下日志和错误。

nginx日志

nginx.1    | 2019/11/08 10:44:16 [warn] 3762#3762: *47660 upstream server temporarily disabled while reading response header from upstream, client: 111.111.111.111, server: drone.mydomain.tld, request: "GET /login?XXXXXXXX HTTP/2.0", upstream: "http://172.22.0.8:80/login?XXXXXXXX", host: "drone.mydomain.tld", referrer: "https://drone.mydomain.tld/"
nginx.1    | 2019/11/08 10:44:16 [error] 3762#3762: *47660 upstream timed out (110: Operation timed out) while reading response header from upstream, client: 111.111.111.111, server: drone.mydomain.tld, request: "GET /login?XXXXXXXX  HTTP/2.0", upstream: "http://172.22.0.8:80/login?XXXXXXXX", host: "drone.mydomain.tld", referrer: "https://drone.mydomain.tld/"
nginx.1    | 2019/11/08 10:44:16 [error] 3762#3762: *47660 no live upstreams while connecting to upstream, client: 111.111.111.111, server: drone.mydomain.tld, request: "GET /login?XXXXXXXX HTTP/2.0", upstream: "http://drone.mydomain.tld/login?XXXXXXXX", host: "drone.mydomain.tld", referrer: "https://drone.mydomain.tld/"

无人机日志

{"level":"debug","msg":"api: authentication required","request-id":"1TKR8MAfIewZpiiwn2YkUNEqBrt","time":"2019-11-08T09:50:39Z"}
{"level":"debug","msg":"api: guest access","request-id":"1TKR8MAfIewZpiiwn2YkUNEqBrt","time":"2019-11-08T09:50:39Z"}
{"fields.time":"2019-11-08T09:50:39Z","latency":109385,"level":"debug","method":"GET","msg":"","remote":"172.22.0.2:60330","request":"/api/user","request-id":"1TKR8MAfIewZpiiwn2YkUNEqBrt","time":"2019-11-08T09:50:39Z"}
{"fields.time":"2019-11-08T09:50:39Z","latency":64377,"level":"debug","method":"GET","msg":"","remote":"172.22.0.2:60332","request":"/login","request-id":"1TKR8IicJybGXkQf3ebpiGV4VXi","time":"2019-11-08T09:50:39Z"}
{"level":"debug","msg":"events: stream opened","request-id":"1TKR8Jv7zQrCQSzRyCFbeRLeC8M","time":"2019-11-08T09:50:39Z"}
{"level":"debug","msg":"events: stream cancelled","request-id":"1TKR8Jv7zQrCQSzRyCFbeRLeC8M","time":"2019-11-08T09:51:39Z"}
{"level":"debug","msg":"events: stream closed","request-id":"1TKR8Jv7zQrCQSzRyCFbeRLeC8M","time":"2019-11-08T09:51:39Z"}
{"level":"debug","msg":"api: guest access","request-id":"1TKR8Jv7zQrCQSzRyCFbeRLeC8M","time":"2019-11-08T09:51:39Z"}
{"fields.time":"2019-11-08T09:51:39Z","latency":60182954972,"level":"debug","method":"GET","msg":"","remote":"172.22.0.2:60334","request":"/api/stream","request-id":"1TKR8Jv7zQrCQSzRyCFbeRLeC8M","time":"2019-11-08T09:51:39Z"}
{"level":"error","msg":"oauth: cannot exchange code: ysvAfRKVkRz4ZtN9zX635Vd-mnB__oXW7Rmqpra1VGU=: Post https://gitea.mydomain.tld/login/oauth/access_token: dial tcp 144.76.155.172:443: connect: connection timed out","time":"2019-11-08T09:52:32Z"}
{"level":"debug","msg":"cannot authenticate user: Post https://gitea.mydomain.tld/login/oauth/access_token: dial tcp 144.76.155.172:443: connect: connection timed out","time":"2019-11-08T09:52:32Z"}

gitea日志

[Macaron] 2019-11-08 10:50:21: Started GET /login/oauth/authorize?client_id=$GITEA_CLIENT_ID&redirect_uri=https%3A%2F%2Fdrone.mydomain.tld%2Flogin&response_type=code&state=c697f48392907a0 for 134.96.216.2
[Macaron] 2019-11-08 10:50:21: Completed GET /login/oauth/authorize?client_id=$GITEA_CLIENT_ID&redirect_uri=https%3A%2F%2Fdrone.mydomain.tld%2Flogin&response_type=code&state=c697f48392907a0 302 Found in 58.954698ms
[Macaron] 2019-11-08 10:50:39: Started GET /login/oauth/authorize?client_id=$GITEA_CLIENT_ID&redirect_uri=https%3A%2F%2Fdrone.mydomain.tld%2Flogin&response_type=code&state=68255aaf95e94627 for 134.96.216.2
[Macaron] 2019-11-08 10:50:39: Completed GET /login/oauth/authorize?client_id=$GITEA_CLIENT_ID&redirect_uri=https%3A%2F%2Fdrone.mydomain.tld%2Flogin&response_type=code&state=68255aaf95e94627 302 Found in 78.11159ms

页面源

这是我的浏览器显示的,很明显,JavaScript已激活

<!DOCTYPE html>
<html lang=en>

<head>
    <meta charset=utf-8>
    <meta http-equiv=X-UA-Compatible content="IE=edge">
    <meta name=viewport content="width=device-width,initial-scale=1,user-scalable=0">
    <link id=favicon rel=icon href=/favicon.png type=image/png>
    <title>Drone | Continuous Integration</title>
    <link href=/css/app.835f40e0.css rel=preload as=style>
    <link href=/js/app.2c99ed98.js rel=preload as=script>
    <link href=/js/chunk-vendors.f5840117.js rel=preload as=script>
    <link href=/css/app.835f40e0.css rel=stylesheet>
</head>

<body>
    <noscript><strong>We're sorry but Drone does not work properly without JavaScript enabled. Please enable it to continue.</strong></noscript>
    <div id=app></div>
    <script src=/js/chunk-vendors.f5840117.js></script>
    <script src=/js/app.2c99ed98.js></script>
</body>

</html>

是否缺少任何配置或过时的环境变量(我遵循了不同的指南,但最后使用drone docs检查了所有内容)?有人在运行类似的设置并可以与我共享他的配置吗?我几乎尝试了http / https组合的每种组合以及用于无人机的不同过时的env var,但从未尝试过实际的Webfrontend。

2 个答案:

答案 0 :(得分:0)

通过将gitea网络添加到无人机容器中,我能够在同一台服务器上同时运行gitea和无人机。

打开防火墙很可能达到相同的目的,但是我不确定要更改哪些规则,我也不想打开那么多。

答案 1 :(得分:0)

我已经一起运行无人机和gitea一段时间了。对我来说,我创建了无人机作为gitea域的子域。这是我的docker-compose.yml脚本可供参考:

version: "3.2"

services:
  git:
    image: gitea/gitea:1
    environment:
      - DB_TYPE=mysql
      - DB_HOST=db:3306
      - DB_NAME=gitea
      - DB_USER=gitea
      - DB_PASSWD=*********(same as below)
    volumes:
      - ./data:/data
    ports:
      - "22:22"
    depends_on:
      - db
    restart: always
  db:
    image: mariadb:10
    restart: always
    environment:
      - MYSQL_ROOT_PASSWORD=*******
      - MYSQL_DATABASE=gitea
      - MYSQL_USER=gitea
      - MYSQL_PASSWORD=***********(same as above)
    volumes:
      - ./db/:/var/lib/mysql

  nginx:
    restart: always
    image: linuxserver/letsencrypt
    links:
      - git
    ports:
      - "80:80"
      - "443:443"
    environment:
      - URL=git.mydomain.com
      - SUBDOMAINS=drone
      - EMAIL=josh@mydomain.com
    volumes:
      - ./nginx:/config
    depends_on:
      - git
      - drone-server

  drone-server:
    image: drone/drone:1
    links:
      - git
    volumes:
      - ./dronedata:/data
      - /var/run/docker.sock:/var/run/docker.sock
    restart: always
    environment:
      - DRONE_AGENTS_ENABLED=true
      - DRONE_GITEA_SERVER=https://git.mydomain.com
      - DRONE_GITEA_CLIENT_ID=${DRONE_GITEA_CLIENT_ID}
      - DRONE_GITEA_CLIENT_SECRET=${DRONE_GITEA_CLIENT_SECRET}
      - DRONE_GIT_ALWAYS_AUTH=false
      - DRONE_SERVER_HOST=drone.git.mydomain.com
      - DRONE_SERVER_PROTO=https
      - DRONE_TLS_AUTOCERT=false
      - DRONE_RPC_SECRET=${DRONE_SECRET}
      - DRONE_RUNNER_CAPACITY=2
      - DRONE_ADMIN=joshua

  drone-runner:
    image: drone/drone-runner-docker:1
    links:
      - drone-server
    restart: always
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - DRONE_RPC_PROTO=http
      - DRONE_RPC_HOST=drone-server
      - DRONE_RPC_SECRET=${DRONE_SECRET}
      - DRONE_RUNNER_CAPACITY=2
      - DRONE_RUNNER_NAME=${HOSTNAME}