How to Setup a Docker Drone CI with HTTPS

R2D2, you know better than to trust a strange computer! [beeps]

In general, this Drone server enables continuous integration (CI) and is a stepping stone for continuous delivery (CD), including gh-pages and gh-actions like functionality.

For this to function correctly, you will need to have a working instance of Gitea running on your own system.

This tutorial doesn’t guide you on how-to create your own HTTPS server using Let’s Encrypt and Certbot. I have added the certbot resource below [Setting Up HTTPS Certs] I will document this in more detail in the near future. However, this article is similar to how to get https on your server setup. How-to get HTTPS on your server

As a stack developer and business owner, I am working on so many things! It is difficult to remember everything, so documentation is critical for me to remember.

Note 1: If you see a [name-goes-here], I am linking to the references shared at the end of the article. Note 2: Be sure your firewall sudo ufw status allows port 80 and 443. sudo ufw allow http && sudo ufw allow https. Note 3: If you want to use Docker Engine without sudo, follow this url: Linux Docker Post-Install

Requirements

• Basic Linux CLI knowledge
• A hardened remote SSH server see Linux VPS hardening
• A running Gitea server: Git with a cup of tea
• Docker Engine
• a basic understanding of how to use Docker Engine
• basic Nginx, Gitea and Certbot/Let’s Encrypt experience
• openssl

Let’s Begin!

Preparing the Environment

Creating our super-duper-shared secret

openssl rand -hex 16
bea26a2221fd8090ea38720fc445eca6

Creating an OAuth application on Gitea

1. Goto your git.example.com and login
2. Navigate to your profile settings (not the administrator settings, but personal profile)
3. At the top below the main navigation bar, click on Applications
4. Scroll down to the bottom of the page and create a new App name and Redirect URI

Applications Name: drone
Redirect URI: https://drone.example.com/login

1. Click Create Application
2. Copy and save your Client Secret; you will only be able to see this secret one time.
3. In the next section, we will use these credentials to authenticate with Gitea and launch the Drone server.

Create & configure the Docker Container

Download docker drone image from Dockerhub

docker pull drone/drone:2 docker image

Begin configuring and starting drone

The below command creates a container and starts the Docker runner. Remember to replace the environment variables below with your Drone server details.

docker run \
  --volume=/var/lib/drone:/data \
  --env=DRONE_TLS_AUTOCERT=true \
  --env=DRONE_HTTP_SSL_REDIRECT=true \
  --env=DRONE_HTTP_SSL_TEMPORARY_REDIRECT=true \
  --env=DRONE_HTTP_SSL_HOST=drone.example.com \
  --env=DRONE_HTTP_STS_SECONDS=315360000 \
  --env=DRONE_SERVER_CERT=/etc/letsencrypt/live/drone.example.com/fullchain.pem \
  --env=DRONE_SERVER_KEY=/etc/letsencrypt/live/drone.example.com/privkey.pem \
  --env=DRONE_GITEA_SERVER=https://git.example.com \
  --env=DRONE_GITEA_CLIENT_ID=e69c443c-6bc2-4a35-000b-a2f36a885400 \
  --env=DRONE_GITEA_CLIENT_SECRET=3aY2000000c2Np7zX4e1Z9nlYhelENfX7nmWyxsgVixRg \
  --env=DRONE_RPC_SECRET=bea26a2221fd80900000038720fc445eca6 \
  --env=DRONE_SERVER_HOST=drone.example.com \
  --env=DRONE_SERVER_PROTO=https \
  --env=DRONE_USER_FILTER=gitea-user-account \
  --publish=80:80 \
  --publish=443:443 \
  --restart=always \
  --detach=true \
  --name=st-drone-ssl \
  drone/drone:2

Going the extra yards

After you create the docker container, it will automatically restart to remember your configuration, but if you create a shell script, you are able to ./shell-script.sh and run the Docker image.

vi shell-script.sh
copy/paste docker config via CTRL+SHIFT+V
double check for typos
hit ESC
press SHIFT+Z,Z (saves and quits)
chmod +x shell-script.sh (makes script executable)
then, run the script with: ./shell-script.sh

Verify

docker logs st-drone-ssl

INFO[0000] starting the server
INFO[0000] successfully pinged the remote server

Stop & Start Container

sudo docker container stop st-drone-ssl
sudo docker container start st-drone-ssl

Part II - Configure a Drone Runner Pipeline with Docker Engine

You may view this article at the following link: https://www.sharpetronics.com/blog/how-to/2022/06/28/how-to-setup-a-secure-docker-drone-runner-with-drone-ci/

Financial Support & Donations

I mainly debug code, drive, yak shave and deep dive into research for Linux base operating systems.

I am a Free Software Associate (FSF), privacy advocate and Cosmopolitan that enjoys philosophie, meta-physics, hacking and debugging computer hardware/software.

https://liberapay.com/oDinZu/

References

• Setting up HTTPS certs
• Drone Configuration Options
• Drone Gitea Setup
• Drone Server Docker Installation
• What is CI/CD
• Unsplash - Studbee

Top

More Posts

Welcome To An Appalachian Technology Company

Welcome to SharpeTronics, where light travels at high altitudes.  We are a mountain made company in the Appalachians of...

• Continue >

Configure a Static Qt5 from Source on...

Configure, Build, Install & Setup Qt 5.15.2 Source on Ubuntu 18.04 with X11 Support This tutorial will teach you...

• Continue >

Linux VPS Hardening

Planting Seeds Administration of a virtual private Linux server (VPS) without a GUI cpanel is the only way to...

• Continue >