Great Blog

05 Feb 2021

DroneCI behind NGiNX reverse proxy

This so far has been working for me to have DroneCI behind an NGiNX reverse proxy working with Gitea

NGiNX Code

nano /etc/nginx/sites-available/droneci.domain.com

ln -s /etc/nginx/sites-available/droneci.domain.com /etc/nginx/sites-enabled

upstream droneci {
        server 127.0.0.1:8080;
}
server {
        server_name droneci.domain.com drone.domain.com;

        listen 443 ssl http2;
        ssl_certificate            /etc/certs/droneci.domain.com/fullchain.crt;
        ssl_certificate_key        /etc/certs/droneci.domain.com/key;
        ssl_session_cache  builtin:1000  shared:SSL:10m;
        ssl_protocols TLSv1.2 TLSv1.3;

        location / {
                proxy_set_header X-Forwarded-For $remote_addr;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header Host droneci.domain.com;
                proxy_pass http://droneci;
                proxy_redirect off;
                proxy_http_version 1.1;
                proxy_buffering off;
                chunked_transfer_encoding off;
        }
}

Here is the code for the docker container

docker run \
--volume=/var/lib/drone:/data \
--env=DRONE_GITEA_SERVER="https://git.domain.com" \
--env=DRONE_GITEA_CLIENT_ID="CLIENTIDHERE" \
--env=DRONE_GITEA_CLIENT_SECRET="CLIENTSECRETHERE" \
--env=DRONE_RPC_SECRET=RPCSECRETHERE \
--env=DRONE_SERVER_HOST="droneci.domain.com" \
--env=DRONE_SERVER_PROTO="https" \
--publish=8080:80 \
--restart=always \
--detach=true \
--name="droneci.domain.com" \
drone/drone:1