0

I tired to setup local instance of of gitea and drone.io using docker-compose.

I use traefik routing for custom local subdomains .docker.localdev, dnsmasq and locally-trusted certificates with mkcert as described in this article: https://medium.com/soulweb-academy/docker-local-dev-stack-with-traefik-https-dnsmasq-locally-trusted-certificate-for-ubuntu-20-04-5f036c9af83d

I added OAuth2 application in gitea and added redirect URI https://droneio.docker.localdev/login. Client ID & Client Secret added to docker-compose.yaml.

When i authenticate Drone it results in error after final redirection:

Login Failed. Post "https://gitea.docker.localdev/login/oauth/access_token": dial tcp: lookup gitea.docker.localdev on 127.0.0.11:53: no such host

I only managed to get working setup using private LAN addresses with ports instead of treafik subdomains.

How to configure docker to make treafik subdomains accessible between these containers?

My current docker-compose.yaml:

---
version: '3'
services:
  gitea:
    image: gitea/gitea
    environment:
      - SSH_DOMAIN=gitea.docker.localdev
      - SSH_PORT=222
      - SSH_LISTEN_PORT=22
      - ROOT_URL=gitea.docker.localdev

    volumes:
      - ./gitea_data:/data
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.gitea-web.entrypoints=web"
      - "traefik.http.routers.gitea-web.rule=Host(`gitea.docker.localdev`)"
      - "traefik.http.routers.gitea-web.service=gitea-web-svc"
      - "traefik.http.services.gitea-web-svc.loadbalancer.server.port=3000"
      - traefik.http.routers.gitea-http.middlewares=gitea-https
      - traefik.http.middlewares.gitea-https.redirectscheme.scheme=https
      - traefik.http.routers.gitea-https.entrypoints=websecure
      - traefik.http.routers.gitea-https.rule=Host(`gitea.docker.localdev`)
      - traefik.http.routers.gitea-https.tls=true
      - "traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`)"
      - "traefik.tcp.routers.gitea-ssh.entrypoints=ssh"
      - "traefik.tcp.routers.gitea-ssh.service=gitea-ssh-svc"
      - "traefik.tcp.services.gitea-ssh-svc.loadbalancer.server.port=22"
    networks:
      - web

  droneio:
    image: drone/drone:latest
    container_name: droneio
    restart: unless-stopped
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
      - /var/docker/droneio-data:/data
    environment:
      - DRONE_SERVER_HOST=droneio.docker.localdev
      - DRONE_SERVER_PROTO=https
      - DRONE_RPC_SECRET=4810ef8120663ffa960dfa1d78c5d437
      # Gitea Config
      - DRONE_GITEA_SERVER=https://gitea.docker.localdev/
      - DRONE_GITEA_CLIENT_ID=0828a8c9-02f5-459e-9804-8b37ea0b3eb7
      - DRONE_GITEA_CLIENT_SECRET=gto_p6pydy3m5j6jetbcyz6oqzoslrpil7evsi7xbx5xgwngxywn6scq
      - DRONE_LOGS_PRETTY=true
      - DRONE_LOGS_COLOR=true
      - DRONE_DEBUG=true
      - DRONE_TRACE=true
    labels:
      - traefik.enable=true
      - traefik.http.routers.droneio-http.entrypoints=web
      - traefik.http.routers.droneio-http.rule=Host(`droneio.docker.localdev`)
      - traefik.http.routers.droneio-http.middlewares=droneio-https
      - traefik.http.middlewares.droneio-https.redirectscheme.scheme=https
      - traefik.http.routers.droneio-https.entrypoints=websecure
      - traefik.http.routers.droneio-https.rule=Host(`droneio.docker.localdev`)
      - traefik.http.routers.droneio-https.tls=true
    networks:
      - web
    depends_on:
      - gitea
  drone-runner:
    image: drone/drone-runner-docker:1
    container_name: drone-runner
    restart: unless-stopped
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - DRONE_RPC_PROTO=https
      - DRONE_RPC_HOST=droneio.docker.localdev
      - DRONE_RPC_SECRET=4810ef8120663ffa960dfa1d78c5d437 #  random string generated by openssl rand -hex 16
      - DRONE_RUNNER_CAPACITY=2
      - DRONE_RUNNER_NAME=droneio.docker.localdev
    ports:
      - 3500:3000
    depends_on:
      - droneio

networks:
  web:
    external: true
volumes:
  git:
  db:
protob
  • 3,317
  • 1
  • 8
  • 19

2 Answers2

1

The drone container has no way to be aware of what is happening in the gitea container. That does include any locally set up dns records, since your are not setting those in a globally available way. You need to add a way for your drone container to use the gitea container, with traefik included, as your dns resolver.

Docker compose let's you do that using the following structure:

services:
 droneio:
  dns:
   - 8.8.8.8
   - gitea
Rick Rackow
  • 1,490
  • 8
  • 19
  • 1
    Thanks, adding custom dns to docker-compose helped me with traefik subdomain resolving issues within services. I can authenticate now. My config needs some more tweaks to be fully functional. I will post it later maybe it will help someone else in the future. – protob Sep 19 '22 at 19:12
0

My working docker-compose.yaml

---
version: '3'
volumes:
  git:
  db:
services:
  gitea:
    image: gitea/gitea:latest
    ports:
      # - '22:22'
      - '3555:3000'
    restart: unless-stopped
    environment:
      - SSH_DOMAIN=gitea.docker.localdev
      - SSH_PORT=222
      - SSH_LISTEN_PORT=22

    volumes:
      - ${DOCKER_DATA_DIR}/gitea_data:/data
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.gitea-web.entrypoints=web"
      - "traefik.http.routers.gitea-web.rule=Host(`gitea.docker.localdev`)"
      - "traefik.http.routers.gitea-web.service=gitea-web-svc"
      - "traefik.http.services.gitea-web-svc.loadbalancer.server.port=3000"

      - traefik.http.routers.gitea-http.middlewares=gitea-https
      - traefik.http.middlewares.gitea-https.redirectscheme.scheme=https

      - traefik.http.routers.gitea-https.entrypoints=websecure
      - traefik.http.routers.gitea-https.rule=Host(`gitea.docker.localdev`)
      - traefik.http.routers.gitea-https.tls=true

      - "traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`)"
      - "traefik.tcp.routers.gitea-ssh.entrypoints=ssh"
      - "traefik.tcp.routers.gitea-ssh.service=gitea-ssh-svc"
      - "traefik.tcp.services.gitea-ssh-svc.loadbalancer.server.port=22"
    networks:
      - web
    dns:
      - 8.8.8.8
      - 000.000.0.000 # change it to local LAN adress
      - 1.1.1.1
      - gitea
    extra_hosts:
      - "gitea.docker.localdev:000.000.0.000" # change it to local LAN adress
      - "droneio.docker.localdev:000.000.0.000" # change it to local LAN adress
  droneio:
    image: drone/drone:latest
    container_name: droneio
    restart: unless-stopped
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
      - ${DOCKER_DATA_DIR}/droneio-data:/data

    environment:
      - DRONE_SERVER_HOST=droneio.docker.localdev
      - DRONE_SERVER_PROTO=https
      - DRONE_RPC_SECRET=4810ef8120663ffa960dfa1d78c5d437
      # Gitea Config
      - DRONE_GITEA_SERVER=https://gitea.docker.localdev/
      - DRONE_GITEA_CLIENT_ID=${DRONE_GITEA_CLIENT_ID}
      - DRONE_GITEA_CLIENT_SECRET=${DRONE_GITEA_CLIENT_SECRET}
      - DRONE_GITEA_SKIP_VERIFY=true
      - DRONE_LOGS_PRETTY=true
      - DRONE_LOGS_COLOR=true
      - DRONE_DEBUG=true
      - DRONE_OPEN=true
      - DRONE_TRACE=true
      - DRONE_NETWORK=default

    depends_on:
      - gitea
    labels:
      - traefik.enable=true
      - traefik.http.routers.droneio-http.entrypoints=web
      - traefik.http.routers.droneio-http.rule=Host(`droneio.docker.localdev`)
      - traefik.http.routers.droneio-http.middlewares=droneio-https
      - traefik.http.middlewares.droneio-https.redirectscheme.scheme=https
      - traefik.http.routers.droneio-https.entrypoints=websecure
      - traefik.http.routers.droneio-https.rule=Host(`droneio.docker.localdev`)
      - traefik.http.routers.droneio-https.tls=true

    networks:
      - web
    dns:
      - 8.8.8.8
      - 000.000.0.000 # change it to local LAN adress
      - 1.1.1.1
      - gitea

  drone-runner:
    image: drone/drone-runner-docker:latest
    container_name: drone-runner
    restart: unless-stopped
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
      - /var/run/docker.sock:/var/run/docker.sock
    ports:
      - "3556:3000"
    labels:
      - traefik.enable=true
      - traefik.http.routers.dronerunner-http.entrypoints=web
      - traefik.http.routers.dronerunner-http.rule=Host(`dronerunner.docker.localdev`)
      - traefik.http.routers.dronerunner-http.middlewares=dronerunner-https
      - traefik.http.middlewares.dronerunner-https.redirectscheme.scheme=https
      - traefik.http.routers.dronerunner-https.entrypoints=websecure
      - traefik.http.routers.dronerunner-https.rule=Host(`dronerunner.docker.localdev`)
      - traefik.http.routers.dronerunner-https.tls=true
    depends_on:
      - droneio
      # - gitea
    networks:
      - web

    dns:
      - 8.8.8.8
      - 000.000.0.000 # change it to local LAN adress
      - 1.1.1.1
      - gitea

    environment:
      - DRONE_RPC_PROTO=https
      - DRONE_RPC_HOST=droneio.docker.localdev
      - DRONE_RPC_SECRET=4810ef8120663ffa960dfa1d78c5d437 # PRC SECRET random string generated by openssl rand -hex 16
      - DRONE_RUNNER_CAPACITY=2
      - DRONE_RPC_SKIP_VERIFY=true
      - DRONE_DEBUG=true
      - DRONE_RUNNER_NAME=drone-runner-docker
      - DRONE_RUNNER_NETWORKS=web,proxy

networks:
  proxy:
    external: true
  web:
    external: true

and also these aliases should be added to traefik's docker-compose.yaml

services:
  traefik:
    ...
    ...
    networks:
      # Define the network on which traefik is going to operate.
      proxy:
        aliases:
          - gitea.docker.localdev
          - droneio.docker.localdev
      web:
protob
  • 3,317
  • 1
  • 8
  • 19