在我的gitea实例上设置无人机时遇到了一些问题,并且由于过去几年中针对无人机的不同环境变量使用不同配置的指南太多,我无法以这种方式为我设置它。 是的,我确实知道,他们明确声明“我们强烈建议在专用实例上安装Drone。我们不提供在同一实例上安装Drone和Gitea的最终用户支持。我们不提供最终用户支持排除单实例安装导致的网络复杂性。” 但我认为必须有一种方法可以将其安装在同一服务器上?
我当前的设置
drone docker-compose.yaml
version: "3.7"
services:
drone_server:
image: drone/drone
container_name: drone_server
ports:
- 127.0.0.1:8091:80
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /srv/drone:/var/lib/drone/
restart: always
environment:
- DRONE_GITEA_SERVER=https://gitea.mydomain.tld
- DRONE_GITEA_CLIENT_ID=$GITEA_CLIENT_ID
- DRONE_GITEA_CLIENT_SECRET=$GITEA_CLIENT_SECRET
- DRONE_SERVER_HOST=drone.mydomain.tld
- DRONE_SERVER_PROTO=https
- DRONE_LOGS_DEBUG=true
- DRONE_RPC_SECRET=$DRONE_SECRET
- VIRTUAL_HOST=drone.mydomain.tld
- LETSENCRYPT_HOST=drone.mydomain.tld
networks:
- proxy
networks:
proxy:
external:
name: proxy_default
无人机的相应(自动生成)nginx配置
(gitea相等,但具有不同的子空间)
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
default $http_x_forwarded_proto;
'' $scheme;
}
map $http_x_forwarded_port $proxy_x_forwarded_port {
default $http_x_forwarded_port;
'' $server_port;
}
map $http_upgrade $proxy_connection {
default upgrade;
'' close;
}
server_names_hash_bucket_size 128;
ssl_dhparam /etc/nginx/dhparam/dhparam.pem;
map $scheme $proxy_x_forwarded_ssl {
default off;
https on;
}
gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
log_format vhost '$host $remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
access_log off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ecdhe-ECDSA-AES128-GCM-SHA256:ecdhe-RSA-AES128-GCM-SHA256:ecdhe-ECDSA-AES256-GCM-SHA384:ecdhe-RSA-AES256-GCM-SHA384:ecdhe-ECDSA-CHACHA20-POLY1305:ecdhe-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers off;
resolver 127.0.0.11;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
# drone.mydomain.tld
upstream drone.mydomain.tld {
## Can be connected with "proxy_default" network
# drone_server
server 172.22.0.8:80;
# Cannot connect to network of this container
server 127.0.0.1 down;
}
server {
server_name drone.mydomain.tld;
listen 80 ;
access_log /var/log/nginx/access.log vhost;
return 301 https://$host$request_uri;
}
server {
server_name drone.mydomain.tld;
listen 443 ssl http2 ;
access_log /var/log/nginx/access.log vhost;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/drone.mydomain.tld.crt;
ssl_certificate_key /etc/nginx/certs/drone.mydomain.tld.key;
ssl_dhparam /etc/nginx/certs/drone.mydomain.tld.dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/certs/drone.mydomain.tld.chain.pem;
add_header strict-transport-security "max-age=31536000" always;
include /etc/nginx/vhost.d/default;
location / {
proxy_pass http://drone.mydomain.tld;
}
}
通过gitea Web界面创建gitea_client_id和secret,将重定向URL设置为https://drone.mydomain.tld/login
这是我看到的访问drone.mydomain.tld
单击授权应用程序后,我的浏览器请求中的URL更改为https://drone.mydomain.tld/login?XXXXXXXX,它将一直加载直到nginx抛出502。在此初始授权之后,每个请求只会导致以下日志和错误。
nginx日志
nginx.1 | 2019/11/08 10:44:16 [warn] 3762#3762: *47660 upstream server temporarily disabled while reading response header from upstream,client: 111.111.111.111,server: drone.mydomain.tld,request: "GET /login?XXXXXXXX HTTP/2.0",upstream: "http://172.22.0.8:80/login?XXXXXXXX",host: "drone.mydomain.tld",referrer: "https://drone.mydomain.tld/"
nginx.1 | 2019/11/08 10:44:16 [error] 3762#3762: *47660 upstream timed out (110: Operation timed out) while reading response header from upstream,request: "GET /login?XXXXXXXX HTTP/2.0",referrer: "https://drone.mydomain.tld/"
nginx.1 | 2019/11/08 10:44:16 [error] 3762#3762: *47660 no live upstreams while connecting to upstream,upstream: "http://drone.mydomain.tld/login?XXXXXXXX",referrer: "https://drone.mydomain.tld/"
无人机日志
{"level":"debug","msg":"api: authentication required","request-id":"1TKR8MAfIewZpiiwn2YkUNEqBrt","time":"2019-11-08T09:50:39Z"}
{"level":"debug","msg":"api: guest access","time":"2019-11-08T09:50:39Z"}
{"fields.time":"2019-11-08T09:50:39Z","latency":109385,"level":"debug","method":"GET","msg":"","remote":"172.22.0.2:60330","request":"/api/user","latency":64377,"remote":"172.22.0.2:60332","request":"/login","request-id":"1TKR8IicJybGXkQf3ebpiGV4VXi","msg":"events: stream opened","request-id":"1TKR8Jv7zQrCQSzRyCFberLeC8M","msg":"events: stream cancelled","time":"2019-11-08T09:51:39Z"}
{"level":"debug","msg":"events: stream closed","time":"2019-11-08T09:51:39Z"}
{"fields.time":"2019-11-08T09:51:39Z","latency":60182954972,"remote":"172.22.0.2:60334","request":"/api/stream","time":"2019-11-08T09:51:39Z"}
{"level":"error","msg":"oauth: cannot exchange code: ysvAfRKVkRz4ZtN9zX635Vd-mnB__oXW7Rmqpra1VGU=: Post https://gitea.mydomain.tld/login/oauth/access_token: dial tcp 144.76.155.172:443: connect: connection timed out","time":"2019-11-08T09:52:32Z"}
{"level":"debug","msg":"cannot authenticate user: Post https://gitea.mydomain.tld/login/oauth/access_token: dial tcp 144.76.155.172:443: connect: connection timed out","time":"2019-11-08T09:52:32Z"}
gitea日志
[Macaron] 2019-11-08 10:50:21: Started GET /login/oauth/authorize?client_id=$GITEA_CLIENT_ID&redirect_uri=https%3A%2F%2Fdrone.mydomain.tld%2Flogin&response_type=code&state=c697f48392907a0 for 134.96.216.2
[Macaron] 2019-11-08 10:50:21: Completed GET /login/oauth/authorize?client_id=$GITEA_CLIENT_ID&redirect_uri=https%3A%2F%2Fdrone.mydomain.tld%2Flogin&response_type=code&state=c697f48392907a0 302 Found in 58.954698ms
[Macaron] 2019-11-08 10:50:39: Started GET /login/oauth/authorize?client_id=$GITEA_CLIENT_ID&redirect_uri=https%3A%2F%2Fdrone.mydomain.tld%2Flogin&response_type=code&state=68255aaf95e94627 for 134.96.216.2
[Macaron] 2019-11-08 10:50:39: Completed GET /login/oauth/authorize?client_id=$GITEA_CLIENT_ID&redirect_uri=https%3A%2F%2Fdrone.mydomain.tld%2Flogin&response_type=code&state=68255aaf95e94627 302 Found in 78.11159ms
页面源
这是我的浏览器显示的,很明显,JavaScript已激活
<!DOCTYPE html>
<html lang=en>
<head>
<meta charset=utf-8>
<meta http-equiv=x-ua-compatible content="IE=edge">
<meta name=viewport content="width=device-width,initial-scale=1,user-scalable=0">
<link id=favicon rel=icon href=/favicon.png type=image/png>
<title>Drone | Continuous Integration</title>
<link href=/css/app.835f40e0.css rel=preload as=style>
<link href=/js/app.2c99ed98.js rel=preload as=script>
<link href=/js/chunk-vendors.f5840117.js rel=preload as=script>
<link href=/css/app.835f40e0.css rel=stylesheet>
</head>
<body>
<noscript><strong>We're sorry but Drone does not work properly without JavaScript enabled. Please enable it to continue.</strong></noscript>
<div id=app></div>
<script src=/js/chunk-vendors.f5840117.js></script>
<script src=/js/app.2c99ed98.js></script>
</body>
</html>
是否缺少任何配置或过时的环境变量(我遵循了不同的指南,但最后使用drone docs检查了所有内容)?有人在运行类似的设置并可以与我共享他的配置吗?我几乎尝试了http / https组合的每种组合以及用于无人机的不同过时的env var,但从未尝试过实际的Webfrontend。