Authentication Failed Drone and Gitlab

Got this error message when trying to connect gitlab with drone:
time=“2018-08-13T11:01:24Z” level=error msg=“cannot authenticate user. Error exchanging token. Post http://localhost:30080/oauth/token: dial tcp getsockopt: connection refused”

This is my docker-compose.yml file:

image: drone/drone:0.8
#hostname: droneServer
- 8000:8000
#- 8100:8000
- 9000
- /var/lib/drone:/var/lib/drone/
restart: always
- DRONE_HOST=http://localhost:8000
#- DRONE_HOST =http://localhost:30080
- DRONE_GITLAB_CLIENT=4a5d114d507c49bd5150dd6637d108ce3e8e33e66b18d1befaef9a433b29ccec
- DRONE_GITLAB_SECRET=4818ea64aa773879e48e7c198644ef3e962996bebb917d26d1d06f686a2c252e
- DRONE_GITLAB_URL=http://localhost:30080
- DRONE_SECRET=KZscXnS6DkJXbNJrPEGrBgKm8ZNYLJyiPedbcFxy2bngekFADbzk9pgCae
image: drone/agent:0.8
restart: always
- drone-server
- /var/run/docker.sock:/var/run/docker.sock
#- DRONE_SERVER =ws://localhost/ws/broker
#- DRONE_SERVER=ws://drone-server:8000/ws/broker
- DRONE_SERVER=drone-server:9000
- DRONE_SECRET=KZscXnS6DkJXbNJrPEGrBgKm8ZNYLJyiPedbcFxy2bngekFADbzk9pgCae

Error exchanging token. Post http://localhost:30080/oauth/token: dial tcp getsockopt: connection refused”

It looks like you have your gitlab server address set to localhost. This will never work because containers have isolated networks. localhost refers to the network inside the drone container. You need to deploy gitlab with a proper DNS and then configure Drone to connect to gitlab with DNS.

Hello @bradrydzewski,

I have another issue.

Drone without HTTPs is working absolutely fine behind an Apache reverse Proxy.
However, when I want to turn into HTTPs, am having some issues.

I cannot expose port 443 for the outside of the container since 443 is already being used by Apache.

I have tried to do it like 8000:443 but i end up with a proxy error.

More, i have done a test using the following setup :slight_smile:

  • 8443:8000

RequestHeader set X-Forwarded-Proto “https” in my vhost, i still get a proxy 502 error. It seems that there is something missing to make it work in HTTPs.

A module?

For info, in my broswer, i have the green padlock for my domain name.

Can you please help?


I do not have much experience with Apache, so unfortunately I’m not sure there is much I can do to help. Maybe another community member with Apache experience can provide more details. Also consider posting to StackOverflow where you will have access to Apache subject matter experts.

Good luck!

Thanks @bradrydzewski - i will write to StackOverflow and see the outcome.

One quick question - is it mandatory for Drone to communincate onto 443:443 for SSL?

is it mandatory for Drone to communincate onto 443:443 for SSL?

No, you could do something like 8443:443 for example. However I believe the best practice when using a reverse proxy like Apache would be to terminate SSL at Apache and then forward all traffic to Drone over http. Setting up https for Drone if sitting behind Apache is probably possible, but not something we see people do very often.

I should also point out that Drone has built-in support for TLS so there is really no need to run Apache in front of Drone unless you are using a shared server that is running multiple web applications.

Yes I have using a shared server running multiple-applications that’s why I need Apache to sit in front as a reverse proxy.

Am currently trying using 8443 to see if it works. Will let you know in a couple of minutes.

This configuration sounds a bit strange, though. Typically you would terminate SSL at Apache and then forward https traffic to Drone via http. Is there are reason you are not taking this approach?

Also note that Drone does not listen on port 443 inside the container unless you have configured SSL. Have you configured SSL as defined here ?

Yes i have configured the certificate as a volume and as environment settings as well.

This is what I am trying to achieve actually. So basically, I have a vhost listening on port 443 with the SSL path. Then inside my docker-compose, I have set 443: 8000. But since Apache is already listening to port 443, I cannot use the port 443 for my docker. If I try with port 8443:8000 inside my docker-compose, I end up having a proxy GET error.

I have been using/reffering to the online doc to configure so far


this won’t work because port 8000 is reserved for http and will not be able to process https connections. You would need to do something like -p 8080:80 -p 8443:443 and send https from apache to 8443

So i have done the following:
version: ‘3’
image: drone/drone:latest
container_name: xxxx
- 8443:443
- 9000:9000
- /var/lib/drone:/var/lib/drone/
- /opt/drone/ssl/fullchain.pem:/etc/certs/xxx/fullchain.pem
- /opt/drone/ssl/privkey.pem:/etc/certs/xxx/privkey.pem
restart: always
- DRONE_GITLAB_URL=https://xxxx
- DRONE_SERVER_CERT=/opt/drone/xxx/fullchain.pem
- DRONE_SERVER_KEY=/opt/drone/xxx/privkey.pem

image: drone/agent:latest
restart: always
- drone-server
- /var/run/docker.sock:/var/run/docker.sock
#- DRONE_SERVER =ws://calhost/ws/broker
- DRONE_SERVER=drone-server:9000

and in my Apache virtual host

ProxyPass / retry=1 acquire=3000 timeout=600 Keepalive=On
ProxyPassReverse /

I end up having proxy error.

@bradrydzewski - finally I have been able to make it work in https by killing the TLS on Apache before getting into the container.

However, after authentication on Gitlab, am now having this error:
Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method.

This error message comes from gitlab, so I recommend googling and looking in their documentation/forums to try to understand what causes this error. Maybe look at your gitlab server logs. I have never seen this error before, so I cannot really advise.

@bradrydzewski - i managed to get it working without the hassels of a proxying etc…

However, I made a stupid mistake somewhere while trying to get it on HTTPs. Am trying to revert back my changes but constantly getting
“The redirect URI included is not valid.”

Any idea?
I have strictly follow the documentation and I could manage to get it work at a point in time without https and now when am trying to rollback my changes to get it work again without https am getting this error.

Note that in Gitlab, for the call back, I have used as pattern “http://10...*/authorize”

  1. the value in GitLab must match exactly the URL you see in your browser. This includes protocol and hostname.
  2. setting X-Forwarded-For and X-Forwarded-Proto is essential when using a reverse proxy
  3. If you access the website in the browser from https, the redirect URL registered in GitLab must also use https. In this case it looks like you have configured http and not https, which could indicate a configuration error.

Thanks @bradrydzewski - manage to resolve the issue.

but however another issue again.

my current scenarion:

drone running on port 80:8000 without Apache in front.
I can logon via OAuth from gitlab
I get my list of repo

When i click upon to active, i have the error Failed to activate…

inside my docker-compose.yml, I have set for the drone host the public IP of the machine. I have came across a post of yours [SOLVED] Failed to activate your repository? where it mention a similar issue.

However when i check in chrome developer tools, I see a 404 errror on the link http://35...*/api/repos/Ag76/MX (ip here is IP address of drone itself).

Can you please help