SSL

Woodpecker supports ssl configuration by mounting certificates into your container.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
services:
  woodpecker-server:
    image: laszlocloud/woodpecker-server:v0.9.0
    ports:
+     - 80:80
+     - 443:443
      - 9000:9000
    volumes:
      - /var/lib/drone:/var/lib/drone/
+     - /etc/certs/woodpecker.foo.com/server.crt:/etc/certs/woodpecker.foo.com/server.crt
+     - /etc/certs/woodpecker.foo.com/server.key:/etc/certs/woodpecker.foo.com/server.key
    restart: always
    environment:
+     - DRONE_SERVER_CERT=/etc/certs/woodpecker.foo.com/server.crt
+     - DRONE_SERVER_KEY=/etc/certs/woodpecker.foo.com/server.key

Update your configuration to expose the following ports:

1
2
3
4
5
6
7
services:
  woodpecker-server:
    image: laszlocloud/woodpecker-server:v0.9.0
    ports:
+     - 80:80
+     - 443:443
      - 9000:9000

Update your configuration to mount your certificate and key:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
services:
  woodpecker-server:
    image: laszlocloud/woodpecker-server:v0.9.0
    ports:
      - 80:80
      - 443:443
      - 9000:9000
    volumes:
      - /var/lib/drone:/var/lib/drone/
+     - /etc/certs/woodpecker.foo.com/server.crt:/etc/certs/woodpecker.foo.com/server.crt
+     - /etc/certs/woodpecker.foo.com/server.key:/etc/certs/woodpecker.foo.com/server.key

Update your configuration to provide the paths of your certificate and key:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
services:
  woodpecker-server:
    image: laszlocloud/woodpecker-server:v0.9.0
    ports:
      - 80:80
      - 443:443
      - 9000:9000
    volumes:
      - /var/lib/drone:/var/lib/drone/
      - /etc/certs/woodpecker.foo.com/server.crt:/etc/certs/woodpecker.foo.com/server.crt
      - /etc/certs/woodpecker.foo.com/server.key:/etc/certs/woodpecker.foo.com/server.key
    restart: always
    environment:
+     - DRONE_SERVER_CERT=/etc/certs/woodpecker.foo.com/server.crt
+     - DRONE_SERVER_KEY=/etc/certs/woodpecker.foo.com/server.key

Certificate Chain

The most common problem encountered is providing a certificate file without the intermediate chain.

LoadX509KeyPair reads and parses a public/private key pair from a pair of files. The files must contain PEM encoded data. The certificate file may contain intermediate certificates following the leaf certificate to form a certificate chain.

Certificate Errors

SSL support is provided using the ListenAndServeTLS function from the Go standard library. If you receive certificate errors or warnings please examine your configuration more closely.