Is there a way to enforce https on drone v1? 
yes, with the following:
DRONE_HTTP_SSL_REDIRECT=true
DRONE_HTTP_SSL_TEMPORARY_REDIRECT=true
DRONE_HTTP_SSL_HOST=drone.company.com
DRONE_HTTP_STS_SECONDS=315360000
Drone provides a bunch of parameters that can be used to fine tune the http security. I only recommend customizing the parameters listed above. Below is the full list of parameters which are documented here.
DRONE_HTTP_ALLOWED_HOSTS
DRONE_HTTP_PROXY_HEADERS
DRONE_HTTP_SSL_REDIRECT
DRONE_HTTP_SSL_TEMPORARY_REDIRECT
DRONE_HTTP_SSL_HOST
DRONE_HTTP_SSL_PROXY_HEADERS
DRONE_HTTP_STS_SECONDS
DRONE_HTTP_STS_INCLUDE_SUBDOMAINS
DRONE_HTTP_STS_PRELOAD
DRONE_HTTP_STS_FORCE_HEADER
DRONE_HTTP_BROWSER_XSS_FILTER
DRONE_HTTP_FRAME_DENY
DRONE_HTTP_CONTENT_TYPE_NO_SNIFF
DRONE_HTTP_CONTENT_SECURITY_POLICY
DRONE_HTTP_REFERRER_POLICY