Drone CI/CD has Login Failed. Invalid Response on my VM

FunnyCOFE · February 8, 2021, 9:24pm

I have an error when I am trying to start my Drone server with Bitbucket Server.

I have one VM with Centos7 with nginx. I started my bitbucket server with docker on 127.0.0.1:7990 and configure nginx for proxy pass on it.

server {
    server_name bitbucket.somniumgame.com;

    location / {
        if ($http_user_agent = "") { return 404; }

        if ($limit_bots = 1) { return 404; }

        proxy_pass http://127.0.0.1:7990;
        proxy_set_header    X-Forwarded-Host $host;
        proxy_set_header    X-Forwarded-Server $host;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    X-Real-IP $remote_addr;
        proxy_set_header    Host $host;
        proxy_redirect      off;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/bitbucket.somniumgame.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/bitbucket.somniumgame.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = bitbucket.somniumgame.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    server_name bitbucket.somniumgame.com;
    listen 80;
    return 404; # managed by Certbot
}

It works great and successful integrated with Jira Server which configured same by proxy. Next, I am trying to integrate Drone CI/CD with this Bitbucket Sever. I using documentation, but it didnt work for me.

I am starting drone docker with

docker run \
  --volume=/var/lib/drone:/var/lib/drone:z \
  --volume=/etc/bitbucket/key.pem:/etc/bitbucket/key.pem \
  --env=DRONE_GIT_PASSWORD=<user_password> \
  --env=DRONE_GIT_USERNAME=<user_name> \
  --env=DRONE_GIT_ALWAYS_AUTH=false \
  --env=DRONE_STASH_SERVER=https://bitbucket.somniumgame.com/ \
  --env=DRONE_STASH_CONSUMER_KEY=OauthKey \
  --env=DRONE_STASH_PRIVATE_KEY=/etc/bitbucket/key.pem \
  --env=DRONE_SERVER_HOST=drone.somniumgame.com \
  --env=DRONE_SERVER_PROTO=https \
  --env=DRONE_RPC_SECRET=<shared_secret_generated_by: openssl rand -hex 16> \
  --env=DRONE_LOGS_DEBUG=true \
  --env=DRONE_LOGS_TEXT=true \
  --env=DRONE_LOGS_PRETTY=true \
  --env=DRONE_LOGS_COLOR=true \
  --publish=127.0.0.1:8090:80 \
  --publish=127.0.0.1:8091:443 \
  --restart=always \
  --detach=true \
  --name=drone \
  drone/drone:1

On bitbucket server I created user with default permission for drone (without server admin privilege). And complete 1 step from Bitbucket Server | Drone . But nowhere I using Personal Access Token. My configurations look like this:

Application Details

Application Name: Drone
Application Type: Generic Application
Application URL: https://drone.somniumgame.com
Display URL: https://drone.somniumgame.com

Outgoing Authentication

Service Provider Name: Drone
Consumer Key: OauthKey
Shared Secret: <shared_secret_generated_by: openssl rand -hex 16>
Request Token URL: /
Access Token URL: /
Authorize URL: /

Incoming Authentication

Consumer Key: OauthKey
Consumer Name: Drone
Public Key: <generated_in_/etc/bitbucket/key.pub> 
Consumer Callback URL: None
Allow 2-Legged OAuth: false
Execute as: None

My docker logs for drone:

DEBU[0000] main: creating the Stash client               server="https://bitbucket.somniumgame.com/" skip_verify=false
INFO[0000] main: internal scheduler enabled
DEBU[0000] main: license loaded                          build.limit=5000 expires="0001-01-01 00:00:00 +0000 UTC" kind=trial repo.limit=0 user.limit=0
INFO[0000] starting the cron scheduler                   interval=30m0s
INFO[0000] starting the http server                      acme=false host=drone.somniumgame.com port=":80" proto=https url="https://drone.somniumgame.com"
INFO[0000] starting the zombie build reaper              interval=24h0m0s

I cant understand why 80 port, if I used https proto?

My nginx configuration for drone:

server {
    server_name drone.somniumgame.com;

    location / {
        if ($http_user_agent = "") { return 404; }

        if ($limit_bots = 1) { return 404; }

        proxy_pass http://127.0.0.1:8090;
        proxy_set_header    X-Forwarded-Host $host;
        proxy_set_header    X-Forwarded-Server $host;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    X-Real-IP $remote_addr;
        proxy_set_header    Host $host;
        proxy_redirect      off;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/drone.somniumgame.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/drone.somniumgame.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = drone.somniumgame.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    server_name drone.somniumgame.com;
    listen 80;
    return 404; # managed by Certbot
}

When I am trying to open https://drone.somniumgame.com/ , I had Login Failed. Invalid Response. And logs looks like this after this:

DEBU[0301]                                               fields.time="2021-02-07T11:07:18Z" latency="692.791µs" method=GET remote="172.17.0.1:48352" request=/ request-id=1o9PsMWwAnQc8hOwfVIQNUPoECw
DEBU[0302] api: authentication required                  request-id=1o9PsMaQk8cpmlnMRw1BN0y6Itb
DEBU[0302] api: guest access                             request-id=1o9PsMaQk8cpmlnMRw1BN0y6Itb
DEBU[0302]                                               fields.time="2021-02-07T11:07:18Z" latency="190.226µs" method=GET remote="172.17.0.1:48356" request=/api/user request-id=1o9PsMaQk8cpmlnMRw1BN0y6Itb
DEBU[0302] events: stream opened                         request-id=1o9PsLGMLljP8KYN1wUh3fSvXRr
DEBU[0307] cannot authenticate user: Invalid Response
DEBU[0307]                                               fields.time="2021-02-07T11:07:23Z" latency=5.045881375s method=GET remote="172.17.0.1:48364" request=/login request-id=1o9PsMBp3ycu8U0FnUkuLTcm2rj
DEBU[0307]                                               fields.time="2021-02-07T11:07:23Z" latency="130.637µs" method=GET remote="172.17.0.1:48370" request="/login/error?message=Invalid%20Response" request-id=1o9Pt130Alm3Jt9sRnAHiEYssuN
DEBU[0307] events: stream cancelled                      request-id=1o9PsLGMLljP8KYN1wUh3fSvXRr
DEBU[0307] events: stream closed                         request-id=1o9PsLGMLljP8KYN1wUh3fSvXRr
DEBU[0307] api: guest access                             request-id=1o9PsLGMLljP8KYN1wUh3fSvXRr
DEBU[0307]                                               fields.time="2021-02-07T11:07:23Z" latency=5.187463046s method=GET remote="172.17.0.1:48360" request=/api/stream request-id=1o9PsLGMLljP8KYN1wUh3fSvXRr
DEBU[0307] api: authentication required                  request-id=1o9PtBl2zOctBOLf1KUtbwgPdqj
DEBU[0307] api: guest access                             request-id=1o9PtBl2zOctBOLf1KUtbwgPdqj
DEBU[0307]                                               fields.time="2021-02-07T11:07:24Z" latency="121.613µs" method=GET remote="172.17.0.1:48374" request=/api/user request-id=1o9PtBl2zOctBOLf1KUtbwgPdqj
DEBU[0307] events: stream opened              request-id=1o9Pt8hxtXtKfe3YMxYXkTVMJ9d

bradrydzewski · February 8, 2021, 11:17pm

This is expected because Drone is running on port 80 inside the container, and because you configured nginx to handle ssl, not Drone. When you set DRONE_SERVER_PROTO=https you are not configuring ssl for Drone, you are just telling Drone that its public address uses https. Drone needs to know its public address so that it can create Bitbucket webhooks.

This error indicates making API calls to Bitbucket to authorize the user failed. Have you looked at your Bitbucket Server logs to see if you can get any more details regarding why it returned an error? I also recommending searching this forum for relevant threads, for example this thread may be relevant.

FunnyCOFE · February 10, 2021, 10:43am

@bradrydzewski Bitbucket server nothing write while trying open drone.somniumgame (Checked docker logs and inside container log dir)
And public key was generated like in documentation with 1024 bit length