我已经在互联网上挖掘了 3 天。我确定在这一点上我只是在做一些愚蠢的事情,但我希望有人能指出那是什么,因为我已经经历了这么多关于此问题的故障排除帖子,我不知道哪条路好了。
我的目标是在我拥有的机器上的子域上运行 Drone 和 Gitea。这种配置似乎让我走得最远,因为 Gitea 和 Drone 都在运行,Drone 为 Oauth 重定向到 Gitea,但随后 Gitea 无法重定向回来。我尝试在各种网络设置中使用 docker 容器的名称,但这似乎没有让我更进一步。
码头工人组成:
version: "3"
networks:
gitnet:
external: false
driver: bridge
services:
gitea:
image: gitea/gitea:latest
container_name: gitea
environment:
- USER_UID=1000
- USER_GID=1000
- ROOT_URL=http://git.example.com
restart: always
networks:
- gitnet
volumes:
- ./gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000"
- "2221:22"
drone:
image: drone/drone:latest
container_name: drone
ports:
- "8000:8000"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./volumes/drone:/var/lib/drone/
restart: always
depends_on:
- gitea
networks:
- gitnet
environment:
- DRONE_AGENTS_ENABLED=true
- DRONE_GITEA_CLIENT_ID=0329da8e-5ec7-44e8-8d23-6d3d9f8bae33
- DRONE_GITEA_CLIENT_SECRET=YFEPxrbcjXilN5m8tbIQCW6hK80e-yH7jS3CjSw-8dM=
- DRONE_GITEA_SERVER=https://git.example.com
- DRONE_GIT_ALWAYS_AUTH=false
- DRONE_TLS_AUTOCERT=false
- DRONE_SERVER_PORT=:8000
- DRONE_SERVER_HOST=drone.example.com
- DRONE_SERVER_PROTO=https
- DRONE_RPC_SECRET=secret
- DRONE_RUNNER_NETWORKS=gitnet
drone-runner-docker:
image: drone/drone-runner-docker:latest
container_name: drone-runner-docker
restart: always
networks:
- gitnet
depends_on:
- drone
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
- DRONE_RPC_HOST=drone.example.com
- DRONE_RPC_PROTO=https
- DRONE_RPC_SECRET=secret
- DRONE_RUNNER_NAME=drone-runner-docker
- DRONE_UI_USERNAME=test
- DRONE_UI_PASSWORD=test
- DRONE_RUNNER_NETWORKS=gitnet
Nginx 配置:
events {
worker_connections 1024;
}
http {
upstream plex_backend {
server localhost:32400;
keepalive 32;
}
upstream drone {
server localhost:8000;
keepalive 32;
}
server {
listen 80;
listen [::]:80;
server_name _;
location / {
return 301 https://$host$request_uri;
}
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name git.example.com;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_pass http://localhost:3000;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name drone.example.com;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_pass_request_headers on;
proxy_pass http://drone;
proxy_redirect off;
proxy_http_version 1.1;
proxy_buffering off;
chunked_transfer_encoding off;
}
# location /rpc/ {
# grpc_pass grpc://drone;
# }
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name plex.example.com;
[...]
}
}
nginx 日志中的错误:
2021/03/23 13:24:25 [error] 10#10: *2 upstream sent too large http2 frame: 4740180 while reading response header from upstream, client: 192.168.1.254, server: drone.example.com, request: "POST /rpc/v2/ping HTTP/2.0", upstream: "grpc://127.0.0.1:8000", host: "drone.example.com"
更新
我尝试回滚 grpc 更改,因为我真的没有看到其他人在使用它并将 git.example.com 和drone.example.com 添加到我的主机文件中。这让我重新成功地使用无人机跑步者 ping 无人机服务器,但在尝试 oauth 时出现以下错误:
[error] 10#10: *6 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 192.168.1.108, server: drone.example.com, request: "GET /login?code=vQhr-[...]YG5F8wx7w%3D&state=4d65822107fcfd52 HTTP/2.0", upstream: "http://127.0.0.1:8000/login?code=vQhr-[...]8wx7w%3D&state=4d65822107fcfd52", host: "drone.example.com"