I have been digging through the internet for 3 days now. I'm sure at this point I'm just doing something silly, but I'm hoping someone can point out what that is as I've gone through so many troubleshooting posts on this I don't know which way is up anymore.
My goal is to run Drone and Gitea on subdomains on a machine I own. This configuration seems to get me the farthest in that Gitea and Drone are both running, Drone redirects to Gitea for Oauth, but then Gitea can't redirect back. I've tried using the names of docker containers in various network settings which doesn't seem to have gotten me any further.
Docker-compose:
version: "3"
networks:
gitnet:
external: false
driver: bridge
services:
gitea:
image: gitea/gitea:latest
container_name: gitea
environment:
- USER_UID=1000
- USER_GID=1000
- ROOT_URL=http://git.example.com
restart: always
networks:
- gitnet
volumes:
- ./gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000"
- "2221:22"
drone:
image: drone/drone:latest
container_name: drone
ports:
- "8000:8000"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./volumes/drone:/var/lib/drone/
restart: always
depends_on:
- gitea
networks:
- gitnet
environment:
- DRONE_AGENTS_ENABLED=true
- DRONE_GITEA_CLIENT_ID=0329da8e-5ec7-44e8-8d23-6d3d9f8bae33
- DRONE_GITEA_CLIENT_SECRET=YFEPxrbcjXilN5m8tbIQCW6hK80e-yH7jS3CjSw-8dM=
- DRONE_GITEA_SERVER=https://git.example.com
- DRONE_GIT_ALWAYS_AUTH=false
- DRONE_TLS_AUTOCERT=false
- DRONE_SERVER_PORT=:8000
- DRONE_SERVER_HOST=drone.example.com
- DRONE_SERVER_PROTO=https
- DRONE_RPC_SECRET=secret
- DRONE_RUNNER_NETWORKS=gitnet
drone-runner-docker:
image: drone/drone-runner-docker:latest
container_name: drone-runner-docker
restart: always
networks:
- gitnet
depends_on:
- drone
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
- DRONE_RPC_HOST=drone.example.com
- DRONE_RPC_PROTO=https
- DRONE_RPC_SECRET=secret
- DRONE_RUNNER_NAME=drone-runner-docker
- DRONE_UI_USERNAME=test
- DRONE_UI_PASSWORD=test
- DRONE_RUNNER_NETWORKS=gitnet
Nginx conf:
events {
worker_connections 1024;
}
http {
upstream plex_backend {
server localhost:32400;
keepalive 32;
}
upstream drone {
server localhost:8000;
keepalive 32;
}
server {
listen 80;
listen [::]:80;
server_name _;
location / {
return 301 https://$host$request_uri;
}
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name git.example.com;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_pass http://localhost:3000;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name drone.example.com;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_pass_request_headers on;
proxy_pass http://drone;
proxy_redirect off;
proxy_http_version 1.1;
proxy_buffering off;
chunked_transfer_encoding off;
}
# location /rpc/ {
# grpc_pass grpc://drone;
# }
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name plex.example.com;
[...]
}
}
Error in nginx logs:
2021/03/23 13:24:25 [error] 10#10: *2 upstream sent too large http2 frame: 4740180 while reading response header from upstream, client: 192.168.1.254, server: drone.example.com, request: "POST /rpc/v2/ping HTTP/2.0", upstream: "grpc://127.0.0.1:8000", host: "drone.example.com"
Update
I tried rolling back the grpc changes since I don't really see anyone else using that and added git.example.com and drone.example.com to my hosts file. This has gotten me back to successfully pinging the drone server with the drone runners, but I get the following error when trying to oauth:
[error] 10#10: *6 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 192.168.1.108, server: drone.example.com, request: "GET /login?code=vQhr-[...]YG5F8wx7w%3D&state=4d65822107fcfd52 HTTP/2.0", upstream: "http://127.0.0.1:8000/login?code=vQhr-[...]8wx7w%3D&state=4d65822107fcfd52", host: "drone.example.com"
