How to use DRONE_VOLUME for certificates

xoxys · October 23, 2018, 7:17am

Hi,

i try to get drone working with a custom root ca. What i have done so far is setup DRONE_VOLUME in my compose file:

drone-server:
    image: drone/drone:0.8

    ports:
      - 8080:8000
      - 9000
    restart: always
    environment:
      - DRONE_OPEN=true
      - DRONE_HOST=https://drone-ci.example.con
      - DRONE_SECRET=myveryownsecret
      - DRONE_VOLUME=/etc/pki/tls/certs:/etc/ssl/certs

But that is not working. I am stil getting:

level=error msg=“cannot authenticate user. Post https://gitea.example.com/api/v1/users//tokens: x509: certificate signed by unknown authority”

Do i have to name the root certificate in a special way? How can i debug this error?

xoxys · October 23, 2018, 9:18am

Ok, for me it looks a little bit inconsistent. For plugin containers like git you can use DRONE_VOLUME to map your certificates chain but to HAVE to map to /etc/ssl/certs/ca-certificates.crt :

- DRONE_VOLUME=/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:/etc/ssl/certs/ca-certificates.crt

BUT: This seems not to be used for the gitea binding. I can not login to my gitea instance because i am still getting the error shown in my first post. Only workarount is to set skip_verify for gitea.

Is this the expected behavior?