Docker nginx反向代理背后的Drone和Gitea
我已经在网上翻了三天了。我确信在这一点上,我只是在做一些愚蠢的事情,但我希望有人能指出这是什么,因为我已经通过了这么多关于这个问题的疑难解答帖子,我不知道该怎么办了 我的目标是在我自己的机器上的子域上运行Drone和Gitea。在Gitea和Drone都在运行的情况下,这个配置似乎让我感觉最远,Drone重定向到Gitea for Oauth,但是Gitea无法重定向回。我曾尝试在各种网络设置中使用docker容器的名称,但这似乎并没有让我走得更远 Docker compose:Docker nginx反向代理背后的Drone和Gitea,docker,nginx,server,drone,gitea,Docker,Nginx,Server,Drone,Gitea,我已经在网上翻了三天了。我确信在这一点上,我只是在做一些愚蠢的事情,但我希望有人能指出这是什么,因为我已经通过了这么多关于这个问题的疑难解答帖子,我不知道该怎么办了 我的目标是在我自己的机器上的子域上运行Drone和Gitea。在Gitea和Drone都在运行的情况下,这个配置似乎让我感觉最远,Drone重定向到Gitea for Oauth,但是Gitea无法重定向回。我曾尝试在各种网络设置中使用docker容器的名称,但这似乎并没有让我走得更远 Docker compose: version
version: "3"
networks:
gitnet:
external: false
driver: bridge
services:
gitea:
image: gitea/gitea:latest
container_name: gitea
environment:
- USER_UID=1000
- USER_GID=1000
- ROOT_URL=http://git.example.com
restart: always
networks:
- gitnet
volumes:
- ./gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000"
- "2221:22"
drone:
image: drone/drone:latest
container_name: drone
ports:
- "8000:8000"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./volumes/drone:/var/lib/drone/
restart: always
depends_on:
- gitea
networks:
- gitnet
environment:
- DRONE_AGENTS_ENABLED=true
- DRONE_GITEA_CLIENT_ID=0329da8e-5ec7-44e8-8d23-6d3d9f8bae33
- DRONE_GITEA_CLIENT_SECRET=YFEPxrbcjXilN5m8tbIQCW6hK80e-yH7jS3CjSw-8dM=
- DRONE_GITEA_SERVER=https://git.example.com
- DRONE_GIT_ALWAYS_AUTH=false
- DRONE_TLS_AUTOCERT=false
- DRONE_SERVER_PORT=:8000
- DRONE_SERVER_HOST=drone.example.com
- DRONE_SERVER_PROTO=https
- DRONE_RPC_SECRET=secret
- DRONE_RUNNER_NETWORKS=gitnet
drone-runner-docker:
image: drone/drone-runner-docker:latest
container_name: drone-runner-docker
restart: always
networks:
- gitnet
depends_on:
- drone
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
- DRONE_RPC_HOST=drone.example.com
- DRONE_RPC_PROTO=https
- DRONE_RPC_SECRET=secret
- DRONE_RUNNER_NAME=drone-runner-docker
- DRONE_UI_USERNAME=test
- DRONE_UI_PASSWORD=test
- DRONE_RUNNER_NETWORKS=gitnet
events {
worker_connections 1024;
}
http {
upstream plex_backend {
server localhost:32400;
keepalive 32;
}
upstream drone {
server localhost:8000;
keepalive 32;
}
server {
listen 80;
listen [::]:80;
server_name _;
location / {
return 301 https://$host$request_uri;
}
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name git.example.com;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_pass http://localhost:3000;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name drone.example.com;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_pass_request_headers on;
proxy_pass http://drone;
proxy_redirect off;
proxy_http_version 1.1;
proxy_buffering off;
chunked_transfer_encoding off;
}
# location /rpc/ {
# grpc_pass grpc://drone;
# }
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name plex.example.com;
[...]
}
}
Nginx配置:
version: "3"
networks:
gitnet:
external: false
driver: bridge
services:
gitea:
image: gitea/gitea:latest
container_name: gitea
environment:
- USER_UID=1000
- USER_GID=1000
- ROOT_URL=http://git.example.com
restart: always
networks:
- gitnet
volumes:
- ./gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000"
- "2221:22"
drone:
image: drone/drone:latest
container_name: drone
ports:
- "8000:8000"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./volumes/drone:/var/lib/drone/
restart: always
depends_on:
- gitea
networks:
- gitnet
environment:
- DRONE_AGENTS_ENABLED=true
- DRONE_GITEA_CLIENT_ID=0329da8e-5ec7-44e8-8d23-6d3d9f8bae33
- DRONE_GITEA_CLIENT_SECRET=YFEPxrbcjXilN5m8tbIQCW6hK80e-yH7jS3CjSw-8dM=
- DRONE_GITEA_SERVER=https://git.example.com
- DRONE_GIT_ALWAYS_AUTH=false
- DRONE_TLS_AUTOCERT=false
- DRONE_SERVER_PORT=:8000
- DRONE_SERVER_HOST=drone.example.com
- DRONE_SERVER_PROTO=https
- DRONE_RPC_SECRET=secret
- DRONE_RUNNER_NETWORKS=gitnet
drone-runner-docker:
image: drone/drone-runner-docker:latest
container_name: drone-runner-docker
restart: always
networks:
- gitnet
depends_on:
- drone
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
- DRONE_RPC_HOST=drone.example.com
- DRONE_RPC_PROTO=https
- DRONE_RPC_SECRET=secret
- DRONE_RUNNER_NAME=drone-runner-docker
- DRONE_UI_USERNAME=test
- DRONE_UI_PASSWORD=test
- DRONE_RUNNER_NETWORKS=gitnet
events {
worker_connections 1024;
}
http {
upstream plex_backend {
server localhost:32400;
keepalive 32;
}
upstream drone {
server localhost:8000;
keepalive 32;
}
server {
listen 80;
listen [::]:80;
server_name _;
location / {
return 301 https://$host$request_uri;
}
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name git.example.com;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_pass http://localhost:3000;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name drone.example.com;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_pass_request_headers on;
proxy_pass http://drone;
proxy_redirect off;
proxy_http_version 1.1;
proxy_buffering off;
chunked_transfer_encoding off;
}
# location /rpc/ {
# grpc_pass grpc://drone;
# }
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name plex.example.com;
[...]
}
}
nginx日志中出现错误:
version: "3"
networks:
gitnet:
external: false
driver: bridge
services:
gitea:
image: gitea/gitea:latest
container_name: gitea
environment:
- USER_UID=1000
- USER_GID=1000
- ROOT_URL=http://git.example.com
restart: always
networks:
- gitnet
volumes:
- ./gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000"
- "2221:22"
drone:
image: drone/drone:latest
container_name: drone
ports:
- "8000:8000"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./volumes/drone:/var/lib/drone/
restart: always
depends_on:
- gitea
networks:
- gitnet
environment:
- DRONE_AGENTS_ENABLED=true
- DRONE_GITEA_CLIENT_ID=0329da8e-5ec7-44e8-8d23-6d3d9f8bae33
- DRONE_GITEA_CLIENT_SECRET=YFEPxrbcjXilN5m8tbIQCW6hK80e-yH7jS3CjSw-8dM=
- DRONE_GITEA_SERVER=https://git.example.com
- DRONE_GIT_ALWAYS_AUTH=false
- DRONE_TLS_AUTOCERT=false
- DRONE_SERVER_PORT=:8000
- DRONE_SERVER_HOST=drone.example.com
- DRONE_SERVER_PROTO=https
- DRONE_RPC_SECRET=secret
- DRONE_RUNNER_NETWORKS=gitnet
drone-runner-docker:
image: drone/drone-runner-docker:latest
container_name: drone-runner-docker
restart: always
networks:
- gitnet
depends_on:
- drone
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
- DRONE_RPC_HOST=drone.example.com
- DRONE_RPC_PROTO=https
- DRONE_RPC_SECRET=secret
- DRONE_RUNNER_NAME=drone-runner-docker
- DRONE_UI_USERNAME=test
- DRONE_UI_PASSWORD=test
- DRONE_RUNNER_NETWORKS=gitnet
events {
worker_connections 1024;
}
http {
upstream plex_backend {
server localhost:32400;
keepalive 32;
}
upstream drone {
server localhost:8000;
keepalive 32;
}
server {
listen 80;
listen [::]:80;
server_name _;
location / {
return 301 https://$host$request_uri;
}
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name git.example.com;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_pass http://localhost:3000;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name drone.example.com;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_pass_request_headers on;
proxy_pass http://drone;
proxy_redirect off;
proxy_http_version 1.1;
proxy_buffering off;
chunked_transfer_encoding off;
}
# location /rpc/ {
# grpc_pass grpc://drone;
# }
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name plex.example.com;
[...]
}
}
2021/03/23 13:24:25[错误]10#10:*2上游在从上游读取响应头时发送了太大的http2帧:4740180,客户端:192.168.1.254,服务器:drone.example.com,请求:“POST/rpc/v2/ping HTTP/2.0”,上游:grpc://127.0.0.1:8000,主机:“drone.example.com”
更新
我尝试回滚grpc更改,因为我没有看到其他人使用它,并将git.example.com和drone.example.com添加到我的主机文件中。这使我重新成功地使用无人机运行程序ping无人机服务器,但在尝试oauth时,我遇到以下错误:
[error]10#10:*6从上游读取响应头时上游超时(110:连接超时),客户端:192.168.1.108,服务器:drone.example.com,请求:“GET/login?code=vQhr-[…]YG5F8wx7w%3D&state=4d65822107fcfd52 HTTP/2.0”,上游:http://127.0.0.1:8000/login?code=vQhr-[…]8wx7w%3D&state=4d65822107fcfd52“,主机:“drone.example.com”