I didn’t find much documentation on the configuration of Drone and Gitea behind a Nginx reverseproxy, I share a possible solution.
For integration between Gitea and Drone follow: https://docs.drone.io/server/provider/gitea/
Drone and gitea make calls directly (without passing through the browser), this could cause problems if there is a firewall in the host.
The concept is to allow the two services to call each other directly in the docker network.
Configuration of the network in docker-compose.yml for the service reverseproxy:
reverseproxy:
image: nginx
container_name: reverseproxy
restart: always
networks:
mynet:
aliases:
- gitea.domain.com
- drone.domain.com
In this way calls to Drone and Gitea go directly to the reverseproxy service.
Using drone-runner-dockers also the containers created by Drone must know the network, so add to the drone-runner service the variable:
- DRONE_RUNNER_NETWORKS=mynet
nginx.conf of the reverseproxy:
# gitea
server {
listen 443 ssl;
server_name gitea.domain.com
resolver 127.0.0.11 ipv6=off;
set $upstream_endpoint http://gitea:3000;
ssl_certificate /etc/nginx/ca.pem;
ssl_certificate_key /etc/nginx/ca.key;
client_max_body_size 100M;
location / {
proxy_set_header Host $http_host;
proxy_pass $upstream_endpoint;
}
}
# drone
server {
listen 443 ssl;
server_name drone.domain.com
resolver 127.0.0.11 ipv6=off;
set $upstream_endpoint http://drone;
ssl_certificate /etc/nginx/ca.pem;
ssl_certificate_key /etc/nginx/ca.key;
location / {
proxy_set_header Host $http_host;
proxy_pass $upstream_endpoint;
}
}
docker-compose.yml for Gitea, Drone and Drone runner:
gitea:
image: gitea/gitea
container_name: gitea
environment:
- APP_NAME=Gitea
- RUN_MODE=prod
- ROOT_URL=https://gitea.domain.com/
- SECRET_KEY=${GITEA_SECRET_KEY}
- DB_TYPE=mysql
- DB_HOST=${GITEA_DB_HOST}
- DB_NAME=${GITEA_DB_NAME}
- DB_USER=${GITEA_DB_USER}
- DB_PASSWD=${GITEA_DB_PASSWD}
restart: always
networks:
- mynet
volumes:
- ${GITEA_VOLUME}:/data
depends_on:
- mysql
drone:
image: drone/drone
container_name: drone
restart: always
environment:
- DRONE_AGENTS_ENABLED=true
- DRONE_GITEA_SERVER=https://gitea.domain.com
- DRONE_GITEA_CLIENT_ID=${DRONE_GITEA_CLIENT_ID}
- DRONE_GITEA_CLIENT_SECRET=${DRONE_GITEA_CLIENT_SECRET}
- DRONE_GIT_ALWAYS_AUTH=true
- DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
- DRONE_SERVER_HOST=drone.domain.com
- DRONE_SERVER_PROTO=https
volumes:
- ${DRONE_VOLUME}:/data
networks:
- mynet
drone-runner:
image: drone/drone-runner-docker
container_name: drone-runner
restart: always
environment:
- DRONE_RPC_HOST=drone.domain.com
- DRONE_RPC_PROTO=https
- DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
- DRONE_RUNNER_CAPACITY=2
- DRONE_RUNNER_NETWORKS=mynet
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- mynet