Certificates
Updated 2 years ago
by
Admin
Drone supports native SSL configuration by mounting certificates into the server container. If your server is public you should consider using Lets Encrypt.
- Mount your certificate and key into the server container:
$ docker run \
-v /etc/certs/drone.company.com/server.crt:/etc/certs/drone.company.com/server.crt \
-v /etc/certs/drone.company.com/server.key:/etc/certs/drone.company.com/server.key - Configure the path to your certificate and key:
$ docker run \
-e DRONE_TLS_CERT=/etc/certs/drone.company.com/server.crt \
-e DRONE_TLS_KEY=/etc/certs/drone.company.com/server.key - Expose the standard http and https ports:
$ docker run \
-p 80:80 \
-p 443:443
Lets Encrypt
Drone supports automated SSL configuration and updates using Let’s Encrypt. You can enable Let’s encrypt with the following flag:
- Enable Lets Encrypt with the following parameter:
DRONE_TLS_AUTOCERT=true
- Ensure the desired hostname is configured:
DRONE_SERVER_HOST=domain.com
DRONE_SERVER_PROTO=https - Expose the standard http and https ports:
docker run \
-p 80:80 \
-p 443:443 - Mount the certificate cache to the host:
docker run \
-v /var/lib/drone:/data
Certificate Cache
Drone caches generated certificates on disk at /data/golang-autocert. This prevents the system from re-requesting certificates on restart. It is best practice to bind mount the /data directory to the host.
Certificate Upgrades
Drone uses the official Go acme library which will handle certificate upgrades. There should be no additional configuration or management required.
