Drone supports automated ssl configuration and updates using let’s encrypt. You can enable let’s encrypt by making the following modifications to your server configuration:
services:
drone-server:
image: drone/drone:0.7
ports:
+ - 80:80
+ - 443:443
- 9000:9000
volumes:
- /var/lib/drone:/var/lib/drone/
restart: always
environment:
- DRONE_OPEN=true
- DRONE_HOST=${DRONE_HOST}
- DRONE_GITHUB=true
- DRONE_GITHUB_CLIENT=${DRONE_GITHUB_CLIENT}
- DRONE_GITHUB_SECRET=${DRONE_GITHUB_SECRET}
- DRONE_SECRET=${DRONE_SECRET}
+ - DRONE_LETS_ENCRYPT=true
Note that Drone uses the hostname from the DRONE_HOST
environment variable when requesting certificates. For example, if DRONE_HOST=https://foo.com
the certificate is requested for foo.com
.
Certificate Cache
Drone writes the certificates to the below directory:
/var/lib/drone/golang-autocert
Certificate Updates
Drone uses the official Go acme library which will handle certificate upgrades. There should be no addition configuration or management required.