[question] gitea+drone webhook: Delivery: Post https://IP/hook?secret=R0lLcaCziqICP3: x509: certificate is valid for *, not * #4930

Closed
opened 2025-11-02 06:07:59 -06:00 by GiteaMirror · 1 comment
Owner

Originally created by @everhopingandwaiting on GitHub (Feb 24, 2020).

  • Gitea version (or commit ref): 1.12.0+dev-365-g062f35109
  • Git version: 2.24.1
  • Operating system: docker ubuntu
  • Database (use [x]):
    • PostgreSQL
    • MySQL
    • MSSQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes (provide example URL)
    • No
    • Not relevant
  • Log gist:

Description

gitea + drone
when gitea send the hook to drone, errors

Delivery: Post https://IP/hook?secret=R0lLcaCziqICP3: x509: certificate is valid for *, not *

drone config:

  drone-server:
    image: drone/drone
    depends_on: 
    - gitea-server
    container_name: drone-server
    ports:
      - "5000:80"
      # - 9000
      # - "5001:443"
    volumes:
      # - ${BASE_PATH}/drone_:/var/lib/drone
      - ${BASE_PATH}/drone_:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    restart: always
    networks:
      - overlay
    environment:
      - DRONE_JSONNET_ENABLED=true
      # GITEA CONFIG
      - DRONE_GITEA_SERVER=${GITEA_SERVER}
      - DRONE_SERVER_HOST=${DRONE_SERVER_HOST}
      - DRONE_AGENTS_ENABLED=true
      - DRONE_GITEA_CLIENT_ID=${DRONE_GITEA_CLIENT_ID}
      - DRONE_GITEA_CLIENT_SECRET=${DRONE_GITEA_CLIENT_SECRET}
      - TZ=Asia/Shanghai
      - DRONE_OPEN=true
      - DRONE_GIT_ALWAYS_AUTH=true
      - DRONE_RPC_SECRET=aa3dad124133bc6d197e10257f5234c9
      # user
      - DRONE_USER_CREATE=username:jyao,admin:true
      # ssl
      - DRONE_GITEA_SKIP_VERIFY=true
      - DRONE_GITHUB_SKIP_VERIFY=true
      - DRONE_GOGS_SKIP_VERIFY=true
      - DRONE_SERVER_PROTO=${DRONE_SERVER_PROTO}
      - DRONE_VALIDATE_PLUGIN_SKIP_VERIFY=true
      - DRONE_WEBHOOK_SKIP_VERIFY=true
      - DRONE_TLS_AUTOCERT=true
      # - DRONE_HTTP_SSL_REDIRECT=true
      # log
      - DRONE_LOGS_COLOR=true
      # cron
      - DRONE_CRON_INTERVAL=1h

runner config:

  docker-runner:
    image: drone/drone-runner-docker
    depends_on: 
    - drone-vault
    container_name: docker-runner
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      # vault config
      - DRONE_SECRET_PLUGIN_SKIP_VERIFY=true
      - DRONE_SECRET_PLUGIN_ENDPOINT=http://drone-vault:3000
      - DRONE_SECRET_PLUGIN_TOKEN=${VAULT_TOKEN}
      # runner config
      - DRONE_RPC_SKIP_VERIFY=true
      - DRONE_RPC_PROTO=http
      - DRONE_RPC_HOST=drone-server

then nginx config:

    server {
        listen 443 ssl;
        ssl_certificate /opt/openssl/domain.crt;
        ssl_certificate_key /opt/openssl/domain.key;
        # ssl_session_cache shared:SSL:1m;
        # ssl_session_timeout 5m;
        # ssl_verify_client off;
        # ssl_ciphers HIGH:!aNULL:!MD5;
        # ssl_prefer_server_ciphers on;
        server_name drone;
        location / {
            proxy_pass http://drone-server;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
        error_page 500 502 503 504 /50x.html;
    }

openssl config

openssl req -newkey rsa:4096 -nodes -keyout domain.key -x509 -days 300 -out domain.crt

...

Screenshots

image

Originally created by @everhopingandwaiting on GitHub (Feb 24, 2020). - Gitea version (or commit ref): 1.12.0+dev-365-g062f35109 - Git version: 2.24.1 - Operating system: docker ubuntu - Database (use `[x]`): - [ ] PostgreSQL - [ ] MySQL - [ ] MSSQL - [x] SQLite - Can you reproduce the bug at https://try.gitea.io: - [ ] Yes (provide example URL) - [ ] No - [x] Not relevant - Log gist: ## Description gitea + drone when gitea send the hook to drone, errors `Delivery: Post https://IP/hook?secret=R0lLcaCziqICP3: x509: certificate is valid for *, not *` drone config: ``` drone-server: image: drone/drone depends_on: - gitea-server container_name: drone-server ports: - "5000:80" # - 9000 # - "5001:443" volumes: # - ${BASE_PATH}/drone_:/var/lib/drone - ${BASE_PATH}/drone_:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro restart: always networks: - overlay environment: - DRONE_JSONNET_ENABLED=true # GITEA CONFIG - DRONE_GITEA_SERVER=${GITEA_SERVER} - DRONE_SERVER_HOST=${DRONE_SERVER_HOST} - DRONE_AGENTS_ENABLED=true - DRONE_GITEA_CLIENT_ID=${DRONE_GITEA_CLIENT_ID} - DRONE_GITEA_CLIENT_SECRET=${DRONE_GITEA_CLIENT_SECRET} - TZ=Asia/Shanghai - DRONE_OPEN=true - DRONE_GIT_ALWAYS_AUTH=true - DRONE_RPC_SECRET=aa3dad124133bc6d197e10257f5234c9 # user - DRONE_USER_CREATE=username:jyao,admin:true # ssl - DRONE_GITEA_SKIP_VERIFY=true - DRONE_GITHUB_SKIP_VERIFY=true - DRONE_GOGS_SKIP_VERIFY=true - DRONE_SERVER_PROTO=${DRONE_SERVER_PROTO} - DRONE_VALIDATE_PLUGIN_SKIP_VERIFY=true - DRONE_WEBHOOK_SKIP_VERIFY=true - DRONE_TLS_AUTOCERT=true # - DRONE_HTTP_SSL_REDIRECT=true # log - DRONE_LOGS_COLOR=true # cron - DRONE_CRON_INTERVAL=1h ``` runner config: ``` docker-runner: image: drone/drone-runner-docker depends_on: - drone-vault container_name: docker-runner volumes: - /var/run/docker.sock:/var/run/docker.sock:ro environment: # vault config - DRONE_SECRET_PLUGIN_SKIP_VERIFY=true - DRONE_SECRET_PLUGIN_ENDPOINT=http://drone-vault:3000 - DRONE_SECRET_PLUGIN_TOKEN=${VAULT_TOKEN} # runner config - DRONE_RPC_SKIP_VERIFY=true - DRONE_RPC_PROTO=http - DRONE_RPC_HOST=drone-server ``` then nginx config: ``` server { listen 443 ssl; ssl_certificate /opt/openssl/domain.crt; ssl_certificate_key /opt/openssl/domain.key; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 5m; # ssl_verify_client off; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; server_name drone; location / { proxy_pass http://drone-server; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } error_page 500 502 503 504 /50x.html; } ``` openssl config ``` openssl req -newkey rsa:4096 -nodes -keyout domain.key -x509 -days 300 -out domain.crt ``` ... ## Screenshots ![image](https://user-images.githubusercontent.com/6021724/75171909-5f47a400-5767-11ea-8ab8-3edfabde72ce.png) <!-- **If this issue involves the Web Interface, please include a screenshot** -->
Author
Owner

@everhopingandwaiting commented on GitHub (Feb 25, 2020):

it seems that , made a directional error , I should check the gitea config file , but I thought it was a drone problem last night.

app.ini
``
[webhook]
SKIP_TLS_VERIFY=true`

@everhopingandwaiting commented on GitHub (Feb 25, 2020): it seems that , made a directional error , I should check the gitea config file , but I thought it was a drone problem last night. app.ini `` [webhook] SKIP_TLS_VERIFY=true` ```
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#4930