R2D2, you know better than to trust a strange computer! [beeps]
In general, this Drone server enables continuous integration (CI) and is a stepping stone for continuous delivery (CD), including gh-pages and gh-actions like functionality.
For this to function correctly, you will need to have a working instance of Gitea running on your own system.
This tutorial doesn’t guide you on how-to create your own HTTPS server using Let’s Encrypt and Certbot. I have added the certbot resource below [Setting Up HTTPS Certs] I will document this in more detail in the near future. However, this article is similar to how to get https on your server setup. How-to get HTTPS on your server
As a stack developer and business owner, I am working on so many things! It is difficult to remember everything, so documentation is critical for me to remember.
Note 1: If you see a [name-goes-here], I am linking to the references shared at the end of the article. Note 2: Be sure your firewall
sudo ufw status allows port 80 and 443.
sudo ufw allow http &&
sudo ufw allow https. Note 3: If you want to use Docker Engine without sudo, follow this url: Linux Docker Post-Install
- Basic Linux CLI knowledge
- A hardened remote SSH server see Linux VPS hardening
- A running Gitea server: Git with a cup of tea
- Docker Engine
- a basic understanding of how to use Docker Engine
- basic Nginx, Gitea and Certbot/Let’s Encrypt experience
Preparing the Environment
Creating our super-duper-shared secret
openssl rand -hex 16 bea26a2221fd8090ea38720fc445eca6
Creating an OAuth application on Gitea
- Goto your git.example.com and login
- Navigate to your profile settings (not the administrator settings, but personal profile)
- At the top below the main navigation bar, click on Applications
- Scroll down to the bottom of the page and create a new App name and Redirect URI
Applications Name: drone Redirect URI: https://drone.example.com/login
- Click Create Application
- Copy and save your Client Secret; you will only be able to see this secret one time.
- In the next section, we will use these credentials to authenticate with Gitea and launch the Drone server.
Create & configure the Docker Container
Download docker drone image from Dockerhub
docker pull drone/drone:2
Begin configuring and starting drone
The below command creates a container and starts the Docker runner. Remember to replace the environment variables below with your Drone server details.
docker run \ --volume=/var/lib/drone:/data \ --env=DRONE_TLS_AUTOCERT=true \ --env=DRONE_HTTP_SSL_REDIRECT=true \ --env=DRONE_HTTP_SSL_TEMPORARY_REDIRECT=true \ --env=DRONE_HTTP_SSL_HOST=drone.example.com \ --env=DRONE_HTTP_STS_SECONDS=315360000 \ --env=DRONE_SERVER_CERT=/etc/letsencrypt/live/drone.example.com/fullchain.pem \ --env=DRONE_SERVER_KEY=/etc/letsencrypt/live/drone.example.com/privkey.pem \ --env=DRONE_GITEA_SERVER=https://git.example.com \ --env=DRONE_GITEA_CLIENT_ID=e69c443c-6bc2-4a35-000b-a2f36a885400 \ --env=DRONE_GITEA_CLIENT_SECRET=3aY2000000c2Np7zX4e1Z9nlYhelENfX7nmWyxsgVixRg \ --env=DRONE_RPC_SECRET=bea26a2221fd80900000038720fc445eca6 \ --env=DRONE_SERVER_HOST=drone.example.com \ --env=DRONE_SERVER_PROTO=https \ --env=DRONE_USER_FILTER=gitea-user-account \ --publish=80:80 \ --publish=443:443 \ --restart=always \ --detach=true \ --name=st-drone-ssl \ drone/drone:2
Going the extra yards
After you create the docker container, it will automatically restart to remember your configuration, but if you create a shell script, you are able to
./shell-script.sh and run the Docker image.
vi shell-script.sh copy/paste docker config via CTRL+SHIFT+V double check for typos hit ESC press SHIFT+Z,Z (saves and quits) chmod +x shell-script.sh (makes script executable) then, run the script with: ./shell-script.sh
docker logs st-drone-ssl INFO starting the server INFO successfully pinged the remote server
Stop & Start Container
sudo docker container stop st-drone-ssl sudo docker container start st-drone-ssl
Part II - Configure a Drone Runner Pipeline with Docker Engine
You may view this article at the following link: https://www.sharpetronics.com/blog/how-to/2022/06/28/how-to-setup-a-secure-docker-drone-runner-with-drone-ci/
Financial Support & Donations
I mainly debug code, drive, yak shave and deep dive into research for Linux base operating systems.
I am a Free Software Associate (FSF), privacy advocate and Cosmopolitan that enjoys philosophie, meta-physics, hacking and debugging computer hardware/software.