#mynavi(Gitea&DroneでCI/CD環境構築) #setlinebreak(on); * 概要 [#a71b8118] #html(<div class="pl10">) [[Gitea&DroneでCI/CD環境構築]] で作成した環境にリバースプロキシ(nginx) を挟んで https 接続経由で利用できるようにした。 尚、gitea 、 drone の URL は以下の通り設定した。 | サーバ | URL | 補足 |h | gitea | https://xxxx.xxxx.xxxx/gitea/ | サブディレクトリ /gitea 配下で公開 | | drone | https://xxxx.xxxx.xxxx/ | ルートディレクトリで公開(droneはサブディレクトリ配下での公開に対応していない為、苦肉の策) | 当記事はAzureのVMを利用して検証している為、gitea、drone のURLはそれぞれ以下のようになる。 | サーバ | URL |h | gitea | https://vm名.リージョン.cloudapp.azure.com/gitea/ | | drone | https://vm名.リージョン.cloudapp.azure.com/ | &color(red){[注意]}; &color(red){ 尚、gitea、drone の認証連携で OAuth が使用される為、オレオレ証明書だと動作しない。}; #html(</div>) * 目次 [#pb477ddd] #contents - 関連 -- [[Gitea&DroneでCI/CD環境構築]] * 環境構築 [#o61e5dce] #html(<div class="pl10">) ** docker インストール [#h933b27b] #html(<div class="pl10">) Azure に新しいVMを作成して検証した為、docker 及び docker-compose のインストールから。(既に環境がある場合はスキップしてOK) #myterm2(){{ sudo apt-get update sudo apt-get install -y apt-transport-https ca-certificates curl gnupg-agent software-properties-common curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - sudo add-apt-repository \ "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ $(lsb_release -cs) \ stable" sudo apt-get update sudo apt-get install -y docker-ce docker-ce-cli containerd.io sudo curl -L "https://github.com/docker/compose/releases/download/1.26.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose sudo chmod +x /usr/local/bin/docker-compose }} #html(</div>) ** SSL証明書作成 [#f5883bd8] #html(<div class="pl10">) Let's Encrypt で取得。 #myterm2(){{ domain_name=XXX.XXX.XXX sudo docker run --rm -p 80:80 \ -v /etc/letsencrypt:/etc/letsencrypt \ -v /etc/letsencrypt/logs:/var/log/letsencrypt \ certbot/certbot certonly --standalone \ -d $domain_name \ --register-unsafely-without-email \ --non-interactive --agree-tos \ --force-renewal \ --renew-by-default \ --preferred-challenges http }} #html(</div>) ** コンテナ作成 [#k4c9a836] #html(<div class="pl10">) 基本的には [[Gitea&DroneでCI/CD環境構築]] を同じ為、重複部分は省略。 #html(){{ <div id="tabs1"> <ul> <li><a href="#tabs1-1">.env</a></li> <li><a href="#tabs1-2">docker-compose.yml</a></li> <li><a href="#tabs1-3">nginx/default.conf</a></li> </ul> }} // START tabs1-1 #html(<div id="tabs1-1">) #mycode2(){{ GITEA_HOST=XXX.XXX.XXX <- ドメイン名 #GITEA_HTTP_PORT=13000 GITEA_SSH_PORT=10022 GITEA_USER_GID=1000 GITEA_USER_UID=1000 GITEA_DB_HOST=gitea-db:5432 GITEA_DB_NAME=gitea GITEA_DB_PASSWD=gitea GITEA_DB_PASSWORD=gitea GITEA_DB_USER=gitea DRONE_HOST=XXX.XXX.XXX <- ドメイン名 #DRONE_PORT=8000 DRONE_GITEA_CLIENT_ID= DRONE_GITEA_CLIENT_SECRET= DRONE_RPC_SECRET=secret DRONE_RUNNER_CAPACITY=2 REGISTRY_PORT=15000 }} #html(</div>) // END tabs1-1 // START tabs1-2 #html(<div id="tabs1-2">) #mycode2(){{ version: "3" services: gitea-proxy: image: nginx:latest hostname: gitea-proxy container_name: gitea-proxy ports: - "80:80" - "443:443" volumes: - ./nginx/default.conf:/etc/nginx/conf.d/default.conf - /etc/letsencrypt:/etc/letsencrypt - ./www:/var/www links: - gitea-app depends_on: - gitea-app #networks: # - my-drone-network gitea-app: image: gitea/gitea:latest hostname: gitea-app container_name: gitea-app environment: USER_UID: "${GITEA_USER_UID}" USER_GID: "${GITEA_USER_GID}" #DOMAIN: "${GITEA_HOST}" #HTTP_PORT: "${GITEA_HTTP_PORT}" #ROOT_URL: "http://${GITEA_HOST}:${GITEA_HTTP_PORT}" ROOT_URL: "https://${GITEA_HOST}/gitea" DB_TYPE: "postgres" DB_HOST: "${GITEA_DB_HOST}" DB_NAME: "${GITEA_DB_NAME}" DB_USER: "${GITEA_DB_USER}" DB_PASSWD: "${GITEA_DB_PASSWD}" SSH_DOMAIN: "${GITEA_HOST}" SSH_PORT: "${GITEA_SSH_PORT}" SKIP_TLS_VERIFY: "true" TZ: "Japan" #ports: # - "${GITEA_HTTP_PORT}:${GITEA_HTTP_PORT}" volumes: - ./volumes/gitea-app:/data #- /etc/timezone:/etc/timezone:ro #- :/etc/localtime:ro links: - gitea-db #networks: # - my-drone-network gitea-db: image: postgres:latest hostname: gitea-db container_name: gitea-db volumes: - ./volumes/gitea-db:/var/lib/postgresql/data environment: POSTGRES_DB: "${GITEA_DB_NAME}" POSTGRES_USER: "${GITEA_DB_USER}" POSTGRES_PASSWORD: "${GITEA_DB_PASSWD}" #networks: # - my-drone-network drone-app: image: drone/drone:latest hostname: drone-app container_name: drone-app environment: links: - gitea-app depends_on: - gitea-app environment: DOCKER_API_VERSION: "1.39" DRONE_AGENT_ENABLED: "true" #DRONE_GITEA_SERVER: "http://${GITEA_HOST}:${GITEA_HTTP_PORT}" DRONE_GITEA_SERVER: "https://${GITEA_HOST}/gitea" DRONE_GITEA_CLIENT_ID: "${DRONE_GITEA_CLIENT_ID}" DRONE_GITEA_CLIENT_SECRET: "${DRONE_GITEA_CLIENT_SECRET}" DRONE_RPC_SECRET: "${DRONE_RPC_SECRET}" #DRONE_SERVER_HOST: "${DRONE_HOST}:${DRONE_PORT}" DRONE_SERVER_HOST: "${DRONE_HOST}" DRONE_SERVER_PROTO: "https" DRONE_USER_CREATE: "username:droneadmin,admin:true" DRONE_GITEA_SKIP_VERIFY: "true" DRONE_GITEA_ALWAYS_AUTH: "false" DRONE_TLS_AUTOCERT: "false" #ports: # - "${DRONE_PORT}:80" volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - ./volumes/drone-app:/var/lib/drone #networks: # - my-drone-network drone-runner: image: drone/drone-runner-docker:latest hostname: drone-runner container_name: drone-runner links: - drone-app - gitea-app volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - ./.env:/etc/drone.env:ro environment: DOCKER_API_VERSION: "1.39" DRONE_RPC_PROTO: "https" #DRONE_RPC_HOST: "${DRONE_HOST}:${DRONE_PORT}" DRONE_RPC_HOST: "${DRONE_HOST}" DRONE_RPC_SECRET: "${DRONE_RPC_SECRET}" DRONE_RUNNER_CAPACITY: "${DRONE_RUNNER_CAPACITY}" DRONE_RUNNER_NAME: "drone-runner" DRONE_RUNNER_ENV_FILE: "/etc/drone.env" DRONE_TRACE: "true" DRONE_RPC_DUMP_HTTP: "true" DRONE_RPC_DUMP_HTTP_BODY: "true" #DRONE_RUNNER_NETWORKS: my-drone-network #networks: # - my-drone-network local-registry: image: registry:2 hostname: local-registry container_name: local-registry ports: - "${REGISTRY_PORT}:5000" volumes: - ./volumes/local-registry:/var/lib/registry #networks: # - my-drone-network #networks: # my-drone-network: # driver: bridge }} #html(</div>) // END tabs1-2 // START tabs1-3 #html(<div id="tabs1-3">) #mycode2(){{ # http server{ listen 80; listen [::]:80; server_name ドメイン名; return 301 https://\$host\$request_uri; } # https server{ listen 443 ssl; listen [::]:443 ssl; server_name ドメイン名; ssl_certificate /etc/letsencrypt/live/ドメイン名/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ドメイン名/privkey.pem; location /gitea/ { proxy_pass http://gitea-app:3000/; } location / { proxy_pass http://drone-app/; } } }} #html(</div>) // END tabs1-3 #html(</div>) // END tabs1 #html(<script>$(function() { $("#tabs1").tabs(); });</script>) コンテナ起動 #myterm2(){{ docker-compose up -d }} Gitea環境構築 [[Gitea&DroneでCI/CD環境構築>Gitea&DroneでCI/CD環境構築#s097d3c2]] を参照 .env の OAuth用のクライアントID、シークレットを修正。 #mycode2(){{ DRONE_GITEA_CLIENT_ID=XXXXXXXXXXXXXXXXXX DRONE_GITEA_CLIENT_SECRET=XXXXXXXXXXXXXXX }} drone コンテナを再作成。 #myterm2(){{ docker stop drone-runner && docker rm drone-runner docker stop drone-app && docker rm drone-app docker-compose up -d }} Drone環境構築 [[Gitea&DroneでCI/CD環境構築>Gitea&DroneでCI/CD環境構築#ea3c206b]] を参照 動作確認 [[Gitea&DroneでCI/CD環境構築>Gitea&DroneでCI/CD環境構築#p5b63121]] を参照 #html(</div>) #html(</div>)