- 追加された行はこの色です。
- 削除された行はこの色です。
#author("2020-09-07T04:38:33+00:00","","")
#mynavi(Gitea&DroneでCI/CD環境構築)
#setlinebreak(on);
* 概要 [#a71b8118]
#html(<div>)
#TODO
#html(<div class="pl10">)
[[Gitea&DroneでCI/CD環境構築]] で作成した環境にリバースプロキシ(nginx) を挟んで https 接続経由で利用できるようにした。
尚、gitea 、 drone の URL は以下の通り設定した。
| サーバ | URL | 補足 |h
| gitea | https://xxxx.xxxx.xxxx/gitea/ | サブディレクトリ /gitea 配下で公開 |
| drone | https://xxxx.xxxx.xxxx/ | ルートディレクトリで公開(droneはサブディレクトリ配下での公開に対応していない為、苦肉の策) |
当記事はAzureのVMを利用して検証している為、gitea、drone のURLはそれぞれ以下のようになる。
| サーバ | URL |h
| gitea | https://vm名.リージョン.cloudapp.azure.com/gitea/ |
| drone | https://vm名.リージョン.cloudapp.azure.com/ |
&color(red){[注意]};
&color(red){ 尚、gitea、drone の認証連携で OAuth が使用される為、オレオレ証明書だと動作しない。};
#html(</div>)
* 目次 [#pb477ddd]
#contents
- 関連
-- [[Gitea&DroneでCI/CD環境構築]]
* 環境構築 [#o61e5dce]
#html(<div class="pl10">)
** docker インストール [#h933b27b]
#html(<div class="pl10">)
Azure に新しいVMを作成して検証した為、docker 及び docker-compose のインストールから。(既に環境がある場合はスキップしてOK)
#myterm2(){{
sudo apt-get update
sudo apt-get install -y apt-transport-https ca-certificates curl gnupg-agent software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable"
sudo apt-get update
sudo apt-get install -y docker-ce docker-ce-cli containerd.io
sudo curl -L "https://github.com/docker/compose/releases/download/1.26.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
}}
#html(</div>)
** SSL証明書作成 [#f5883bd8]
#html(<div class="pl10">)
Let's Encrypt で取得。
#myterm2(){{
domain_name=XXX.XXX.XXX
sudo docker run --rm -p 80:80 \
-v /etc/letsencrypt:/etc/letsencrypt \
-v /etc/letsencrypt/logs:/var/log/letsencrypt \
certbot/certbot certonly --standalone \
-d $domain_name \
--register-unsafely-without-email \
--non-interactive --agree-tos \
--force-renewal \
--renew-by-default \
--preferred-challenges http
}}
#html(</div>)
** コンテナ作成 [#k4c9a836]
#html(<div class="pl10">)
基本的には [[Gitea&DroneでCI/CD環境構築]] を同じ為、重複部分は省略。
#html(){{
<div id="tabs1">
<ul>
<li><a href="#tabs1-1">.env</a></li>
<li><a href="#tabs1-2">docker-compose.yml</a></li>
<li><a href="#tabs1-3">nginx/default.conf</a></li>
</ul>
}}
// START tabs1-1
#html(<div id="tabs1-1">)
#mycode2(){{
GITEA_HOST=XXX.XXX.XXX <- ドメイン名
#GITEA_HTTP_PORT=13000
GITEA_SSH_PORT=10022
GITEA_USER_GID=1000
GITEA_USER_UID=1000
GITEA_DB_HOST=gitea-db:5432
GITEA_DB_NAME=gitea
GITEA_DB_PASSWD=gitea
GITEA_DB_PASSWORD=gitea
GITEA_DB_USER=gitea
DRONE_HOST=XXX.XXX.XXX <- ドメイン名
#DRONE_PORT=8000
DRONE_GITEA_CLIENT_ID=
DRONE_GITEA_CLIENT_SECRET=
DRONE_RPC_SECRET=secret
DRONE_RUNNER_CAPACITY=2
REGISTRY_PORT=15000
}}
#html(</div>)
// END tabs1-1
// START tabs1-2
#html(<div id="tabs1-2">)
#mycode2(){{
version: "3"
services:
gitea-proxy:
image: nginx:latest
hostname: gitea-proxy
container_name: gitea-proxy
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx/default.conf:/etc/nginx/conf.d/default.conf
- /etc/letsencrypt:/etc/letsencrypt
- ./www:/var/www
links:
- gitea-app
depends_on:
- gitea-app
#networks:
# - my-drone-network
gitea-app:
image: gitea/gitea:latest
hostname: gitea-app
container_name: gitea-app
environment:
USER_UID: "${GITEA_USER_UID}"
USER_GID: "${GITEA_USER_GID}"
#DOMAIN: "${GITEA_HOST}"
#HTTP_PORT: "${GITEA_HTTP_PORT}"
#ROOT_URL: "http://${GITEA_HOST}:${GITEA_HTTP_PORT}"
ROOT_URL: "https://${GITEA_HOST}/gitea"
DB_TYPE: "postgres"
DB_HOST: "${GITEA_DB_HOST}"
DB_NAME: "${GITEA_DB_NAME}"
DB_USER: "${GITEA_DB_USER}"
DB_PASSWD: "${GITEA_DB_PASSWD}"
SSH_DOMAIN: "${GITEA_HOST}"
SSH_PORT: "${GITEA_SSH_PORT}"
SKIP_TLS_VERIFY: "true"
TZ: "Japan"
#ports:
# - "${GITEA_HTTP_PORT}:${GITEA_HTTP_PORT}"
volumes:
- ./volumes/gitea-app:/data
#- /etc/timezone:/etc/timezone:ro
#- :/etc/localtime:ro
links:
- gitea-db
#networks:
# - my-drone-network
gitea-db:
image: postgres:latest
hostname: gitea-db
container_name: gitea-db
volumes:
- ./volumes/gitea-db:/var/lib/postgresql/data
environment:
POSTGRES_DB: "${GITEA_DB_NAME}"
POSTGRES_USER: "${GITEA_DB_USER}"
POSTGRES_PASSWORD: "${GITEA_DB_PASSWD}"
#networks:
# - my-drone-network
drone-app:
image: drone/drone:latest
hostname: drone-app
container_name: drone-app
environment:
links:
- gitea-app
depends_on:
- gitea-app
environment:
DOCKER_API_VERSION: "1.39"
DRONE_AGENT_ENABLED: "true"
#DRONE_GITEA_SERVER: "http://${GITEA_HOST}:${GITEA_HTTP_PORT}"
DRONE_GITEA_SERVER: "https://${GITEA_HOST}/gitea"
DRONE_GITEA_CLIENT_ID: "${DRONE_GITEA_CLIENT_ID}"
DRONE_GITEA_CLIENT_SECRET: "${DRONE_GITEA_CLIENT_SECRET}"
DRONE_RPC_SECRET: "${DRONE_RPC_SECRET}"
#DRONE_SERVER_HOST: "${DRONE_HOST}:${DRONE_PORT}"
DRONE_SERVER_HOST: "${DRONE_HOST}"
DRONE_SERVER_PROTO: "https"
DRONE_USER_CREATE: "username:droneadmin,admin:true"
DRONE_GITEA_SKIP_VERIFY: "true"
DRONE_GITEA_ALWAYS_AUTH: "false"
DRONE_TLS_AUTOCERT: "false"
#ports:
# - "${DRONE_PORT}:80"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./volumes/drone-app:/var/lib/drone
#networks:
# - my-drone-network
drone-runner:
image: drone/drone-runner-docker:latest
hostname: drone-runner
container_name: drone-runner
links:
- drone-app
- gitea-app
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./.env:/etc/drone.env:ro
environment:
DOCKER_API_VERSION: "1.39"
DRONE_RPC_PROTO: "https"
#DRONE_RPC_HOST: "${DRONE_HOST}:${DRONE_PORT}"
DRONE_RPC_HOST: "${DRONE_HOST}"
DRONE_RPC_SECRET: "${DRONE_RPC_SECRET}"
DRONE_RUNNER_CAPACITY: "${DRONE_RUNNER_CAPACITY}"
DRONE_RUNNER_NAME: "drone-runner"
DRONE_RUNNER_ENV_FILE: "/etc/drone.env"
DRONE_TRACE: "true"
DRONE_RPC_DUMP_HTTP: "true"
DRONE_RPC_DUMP_HTTP_BODY: "true"
#DRONE_RUNNER_NETWORKS: my-drone-network
#networks:
# - my-drone-network
local-registry:
image: registry:2
hostname: local-registry
container_name: local-registry
ports:
- "${REGISTRY_PORT}:5000"
volumes:
- ./volumes/local-registry:/var/lib/registry
#networks:
# - my-drone-network
#networks:
# my-drone-network:
# driver: bridge
}}
#html(</div>)
// END tabs1-2
// START tabs1-3
#html(<div id="tabs1-3">)
#mycode2(){{
# http
server{
listen 80;
listen [::]:80;
server_name ドメイン名;
return 301 https://\$host\$request_uri;
}
# https
server{
listen 443 ssl;
listen [::]:443 ssl;
server_name ドメイン名;
ssl_certificate /etc/letsencrypt/live/ドメイン名/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ドメイン名/privkey.pem;
location /gitea/ {
proxy_pass http://gitea-app:3000/;
}
location / {
proxy_pass http://drone-app/;
}
}
}}
#html(</div>)
// END tabs1-3
#html(</div>)
// END tabs1
#html(<script>$(function() { $("#tabs1").tabs(); });</script>)
コンテナ起動
#myterm2(){{
docker-compose up -d
}}
Gitea環境構築
[[Gitea&DroneでCI/CD環境構築>Gitea&DroneでCI/CD環境構築#s097d3c2]] を参照
.env の OAuth用のクライアントID、シークレットを修正。
#mycode2(){{
DRONE_GITEA_CLIENT_ID=XXXXXXXXXXXXXXXXXX
DRONE_GITEA_CLIENT_SECRET=XXXXXXXXXXXXXXX
}}
drone コンテナを再作成。
#myterm2(){{
docker stop drone-runner && docker rm drone-runner
docker stop drone-app && docker rm drone-app
docker-compose up -d
}}
Drone環境構築
[[Gitea&DroneでCI/CD環境構築>Gitea&DroneでCI/CD環境構築#ea3c206b]] を参照
動作確認
[[Gitea&DroneでCI/CD環境構築>Gitea&DroneでCI/CD環境構築#p5b63121]] を参照
#html(</div>)
#html(</div>)