When using the Autocert function with Lets Encrypt Drone is available both over http (80) and https (443), after the https cert is checked out and activated from Lets Encrypt.
Expected behaviour would be that Drone would set a redirect from http to https. But it doesn’t.
Nothing is mentioned in the Docs about this, that I can find.
Environment variables we have set that would concern this:
DRONE_SERVER_PROTO=https
DRONE_TLS_AUTOCERT=true
DRONE_SERVER_HOST=drone.ourexternaldomain.com
Versions: Drone 1.10.x and Drone 2.8.0.
See https://docs.drone.io/server/headers/ for additional security settings that you can enable. Please note that this does not apply to all endpoints.
% curl -v http://cloud.drone.io
* Trying 52.71.60.26...
* TCP_NODELAY set
* Connected to cloud.drone.io (52.71.60.26) port 80 (#0)
> GET / HTTP/1.1
> Host: cloud.drone.io
> User-Agent: curl/7.64.1
> Accept: */*
>
< HTTP/1.1 307 Temporary Redirect
< Cache-Control: no-cache, no-store, must-revalidate, private, max-age=0
< Content-Type: text/html; charset=utf-8
< Expires: Thu, 01 Jan 1970 00:00:00 UTC
< Location: https://cloud.drone.io/
< Pragma: no-cache
< X-Accel-Expires: 0
< Date: Fri, 14 Jan 2022 14:57:28 GMT
< Content-Length: 59
<
<a href="https://cloud.drone.io/">Temporary Redirect</a>.
1 Like