Welcome to Tencent Cloud + community, get more Tencent mass technology practice dry goods oh ~

This article was published in cloud + Community by V milan, a small blacksmith

introduce

Drone is a popular continuous integration and delivery platform. It integrates many popular version-control repository services, such as GitHub, GitLab, and Bitbucket, to monitor code changes and automatically build and test them when committing.

In this tutorial, we will demonstrate how to set up the complete Drone continuous integration environment for you. We will configure Nginx protected by Tencent Cloud SSL as the front end of Drone. Encrypts requests to Drone Web interfaces and allows CI servers to securely integrate with source servers.

To prepare

To complete this tutorial, you need a CentOS server with a non-root account set up to use sudo and a firewall enabled. If you don’t have a server, you can buy it here. However, I personally recommend you to use the free Tencent Cloud Developer lab to test it and buy the server after learning to install it.

To encrypt the transmission, you will also need an SSL certificate, and how you set this up ** depends on whether you have a domain name that can resolve the server.

  • If you have a domain name, the easiest way to protect your site is to use Tencent Cloud SSL Certificate service, which provides free trusted certificates. Tencent Cloud SSL Certificate Installation Guide Set the SSL certificate.
  • If you do not have a domain name, you are advised to register a domain name here first. If you only use this configuration for testing or personal use, you can use a self-signed certificate and do not need to purchase a domain name. Self-signed certificates provide the same type of encryption but do not have domain name authentication announcements. For self-signed certificates, you can refer to the article creating a self-signed SSL certificate for Apache and how to create a self-signed SSL certificate for Nginx. You need a domain name attached to the CI server to set it up properly.

Docker Compose, Docker Compose, Nginx, SSL certificate, Docker Compose, Docker Compose, Docker Compose, Docker Compose, Nginx, SSL certificate, Docker Compose, Docker Compose, Docker Compose

  • How to install Docker in Ubuntu
  • How to install Docker Compose in Ubuntu: Follow the second step of the tutorial to install Docker Compose.
  • How to install Nginx in Ubuntu: Install Nginx on the server.
  • How to protect Nginx with Ubuntu Encryption: Use a trusted Tencent Cloud SSL certificate to protect Nginx.

After completing the above tutorial, your Drone server should have:

  • Sudo user configured for administrative tasks
  • The UFW firewall is enabled to block all connections except SSH, HTTP, and HTTPS requests on ports 22,80, and 443.
  • Docker and Docker Compose are installed.
  • The Nginx server is configured with the SSL certificate provided by Tencent Cloud

Next we continue the installation tutorial.

Add the program to the source repository

To monitor code changes to trigger the build and test phases, Drone will need access to your source code repository. Drone can be integrated with GitHub, GitLab, Gogs, Bitbucket Cloud and Bitbucket Server.

In this tutorial, we will focus on integration with the GitHub repository, and other systems should be similar to this tutorial. If you are using another source code repository, follow the appropriate links above for the software-specific configuration you need.

Start by accessing your GitHub account. Click on the user icon in the upper right corner and select Settings from the drop-down menu:

Next, find the OAuth application item in the Developer Settings section on the left side of the screen:

On the subsequent page, click Register new Application:

Next, you will see the OAuth Application registry:

Fill in the following fields (these fields exist on GitHub. Other repository providers may have different prompts) :

  • Application name: The name that you choose to identify the integration. If you have no special needs, “Drone” is a good choice.
  • Home page URL: Domain name of your Drone server. Use it herehttps://Because we are using a security domain.
  • Application Description: A brief description of Drone and its purpose.
  • Authorization callback URL: It has to behttps://, followed by the domain name of the Drone server, followed by/authorize. If our domain name isexample.com, this file will be.https://example.com/authorize

When you are ready, click Register application.

On the next page, you’ll see the details of the new application. The two items we need are the client ID and the client key:

Copy these two values. We need these to connect Drone to our GitHub account.

Pull Drone Docker image and prepare for configuration

Drones can be installed and configured on servers. Drone is distributed as a Docker container, so if we use it in the Docker Compose file, it will download automatically. To speed up the process a bit, we can pull down the image ahead of time:

Docker pull drone/drone: 0.7Copy the code

Drone Docker images are a unified container that can operate in several different ways. We’ll run a container running as a Drone server that coordinates repository access, hosts the Web UI, and provides apis. Using the same image with a different setup, we ran another container as a Drone agent that was responsible for building and testing software from the configured repository.

We will use Docker Compose to run these two containers on the Drone host. First create a configuration directory to store the files we need:

sudo mkdir /etc/drone
Copy the code

Next, we will create some files in it to configure our service.

Create the Docker Compose file for Drone

First, create a Docker Compose file in your configuration directory:

sudo nano /etc/drone/docker-compose.yml
Copy the code

We marked the Docker Compose file format as version “3”. After that, we will define services for both of these services.

The Drone-Server service will start the main Drone server container that listens on port 8000. We installed the host’s /var/lib/drone directory inside the container so that Drone could retain its data. We configure the service to restart automatically and read more detailed configuration instructions in the form of environment variables defined in the file we will create in /etc/drone/server.env.

The drone-Agent service uses the same image, starting with the agent command. It receives instructions from the autonomous Drone server instance, so while it doesn’t require normal network access, it does need to boot up after the Drone service. It also needs access to the Docker socket file to launch the container to run the actual build and test steps. Like the drone-server service, this service will automatically restart and read the environment in the /etc/drone/agent.env file for additional configuration.

Configure the two services using the following Docker Compose file. Pay attention to the YAML format of the file, as errors in indentation or formatting can cause errors:

version: '3'Volumes: Services: Drone-server: Image: Drone-Drone :0.7 ports: -127.0.0.1:8000:8000 volumes: - / var/lib/drone: / var/lib/drone restart: always env_file: - / etc/drone/server. The env drone - agent: image: drone/drone: 0.7command: agent
    depends_on:
      - drone-server
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    restart: always
    env_file:
      - /etc/drone/agent.env
Copy the code

When you’re done, save and close the Docker Compose file.

Configure the environment variable file of Drone server

Next, we need the environment variable file for the Drone server referenced in the Docker Compose file.

Before opening the file, we should generate a strong key to verify the proxy and server components. Although our setup will have both components on the same server, strong keys are critical as the test infrastructure expands. On the command line, type the following command to generate the key:

LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 | head -c 65 && echo
Copy the code

This command temporarily sets the language in the shell to a limited character range. It then gets a random byte stream from /dev/urandom and further filters out any non-alphanumeric characters. We use the first 65 characters as keywords.

The output looks like this (do not copy the values below! Generate your own!) :

ERmA7xubDvTa8i0wYBlljc9yjT1NJPG7xOlZBwAdMAmBYL4RZE4QngxWcCLowk9KN
Copy the code

Copy the generated key for use in the server environment file. Create a new file /etc/drone/server.env and open it in a text editor:

sudo nano /etc/drone/server.env
Copy the code

In the file, we define the environment variables that Drone uses to connect to start the service, connect to the repository provider and set the account authorization policy. You need to copy the values from the repository provider to fill in the values correctly.

First, set the DRONE_HOST and DRONE_SECRET values. Set DRONE_SECRET to the key you generate on the command line. DRONE_HOST is set to notify Drone of its publicly accessible address. This should be your Tencent cloud protected domain name, preceded by https://.

# Service settings
DRONE_SECRET=secret_generated_on_command_line
DRONE_HOST=https://example.com
Copy the code

Next, we will configure integration with the VCS provider, GitHub in our example. The Settings that are appropriate for your project may vary, depending on your needs and how GitHub assets are organized.

We’ll lock our Drone installation and disable registration by setting DRONE_OPEN to false. This means that only the GitHub account name specified in DRONE_ADMIN can log in.

Note: If you are using collaborators as GitHub organizations, it is best to set DRONE_OPEN to true and replace DRONE_ADMIN with DRONE_ORGS. The DRONE_ORGS setting allows you to specify one or more allowed members. Drone will limit users who sign up for those groups.

Make sure DRONE_ADMIN includes your GitHub account name.

Then, activate the GitHub integration plug-in by setting DRONE_GITHUB to true. When we registered the Drone app, we set DRONE_GITHUB_CLIENT and DRONE_GITHUB_SECRET to the keys we copied from the GitHub OAuth app page:

# Service settings
DRONE_SECRET=secret_generated_on_command_line
DRONE_HOST=https://example.com

# Registration settings
DRONE_OPEN=false
DRONE_ADMIN=sammytheshark

# GitHub Settings
DRONE_GITHUB=true
DRONE_GITHUB_CLIENT=Client_ID_from_GitHub
DRONE_GITHUB_SECRET=Client_Secret_from_GitHub
Copy the code

We have finished configuring the server components. Before you leave, copy the values in the DRONE_SECRET file. When configuring the proxy, we need to set the same key in the next section. When finished, save and close the file.

Configure the environment variable file of Drone Agent

Next, we’ll create an environment file for the Drone agent component. Open a new file to set the proxy environment variable:

sudo nano /etc/drone/agent.env
Copy the code

We only need to define two values. DRONE_SECRET will match the configuration in sever. Env.

DRONE_SERVER sets how configuration agents are connected to Drone server components. It will start with the WSS :// protocol prefix, indicating that the connection will use an encrypted Web socket, followed by the domain name of the Drone server, and append /ws/broker:

DRONE_SECRET=secret_generated_on_command_line
DRONE_SERVER=wss://example.com/ws/broker
Copy the code

When finished, save and close the file.

Configure DRONE system unit files

Now that our configuration files are in place, we can define a Systemd unit file to manage Drone services.

Open a new.service file in /etc/systemd/system to configure the service:

sudo nano /etc/systemd/system/drone.service
Copy the code

Paste the following contents inside:

[Unit]
Description=Drone server
After=docker.service nginx.service

[Service]
Restart=always
ExecStart=/usr/local/bin/docker-compose -f /etc/drone/docker-compose.yml up
ExecStop=/usr/local/bin/docker-compose -f /etc/drone/docker-compose.yml stop

[Install]
WantedBy=multi-user.target
Copy the code

The first part tells Systemd to start the service when Docker and Nginx are available. The second part tells the system to automatically restart service in the event of a failure. It then uses Docker Compose and the configuration file we created earlier to define commands to start and stop Drone services. Finally, the last section defines how to make the service start at boot time.

When finished, save and close the file.

Before we could start the Drone service, we had to configure Nginx. The Drone agent needs to be able to connect to the Drone server, and the connection depends on the Nginx agent.

Configure Nginx to proxy requests to Drone

Next, we need to modify the configuration of Nginx to proxy requests to Drone servers. First find the Nginx configuration that handles Tencent cloud SSL. Search for the server_name attribute in all enabled server blocks by typing the following:

grep -R server_name /etc/nginx/sites-enabled
Copy the code
/etc/nginx/sites-enabled/default:   server_name example.com;
/etc/nginx/sites-enabled/default:   return 301 https://$server_name$request_uri;
/etc/nginx/sites-enabled/default:   server_name example.com;
/etc/nginx/sites-enabled/default:# server_name example.com;
Copy the code

In the output above, the domain name (example.com in this example) is being defined in the /etc/nginx/sites-enabled/default file. You need to edit the file associated with your domain name.

You might also see something like this:

/etc/nginx/sites-enabled/default:   server_name _;
/etc/nginx/sites-enabled/default:   return 301 https://$server_name$request_uri;
/etc/nginx/sites-enabled/default:   server_name _;
/etc/nginx/sites-enabled/default:# server_name example.com;
Copy the code

In the output above, server_name _; Represents a server block used as a backup mechanism. The “_” host specifier is an invalid host, so it will never match.

In the configuration, these configurations are paired with the LISTEN directive, which sets the default_server option so that it acts as the default if the requested host does not match another server block. If you cannot find a server_name definition that matches your domain name, the file that defines these fallback blocks should be used.

Open the file most relevant to your domain in a text editor:

sudo nano /etc/nginx/sites-enabled/default 
Copy the code

Internally, we will first add two parts to the existing server block:

Upstream drone {server 127.0.0.1:8000; } map$http_upgrade $connection_upgrade {
    default upgrade;
    ' '      close;
}

server {
    . . .
Copy the code

The first block is configured with an upstream request named Drone in which we can broker requests. The Server directive defines how to connect to our Drone service, which will run on port 8000.

The second block sets a user-defined variable named $http_upgrade based on the value of the $connection_upgrade variable, which Nginx sets when it receives the “Upgrade” HTTP header. If an Upgrade header is received, Nginx sets the $connection_upgrade variable to Upgrade. If not, it is set to off. These variables allow us to set the correct header when proxying WebSocket requests.

Next, find the server block that contains the Listen 443 directive. Replace the content with the following instructions. Make sure to comment out or remove any existing configuration in this block to avoid conflicts:

. . .
server {
    listen 443 ssl;
    . . .
    location / {
        # try_files $uri $uri/ =404;
        proxy_pass http://drone;

        include proxy_params;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade; proxy_redirect off; Proxy_http_version 1.1; proxy_buffering off; chunked_transfer_encoding off; proxy_read_timeout 86400; }..}Copy the code

The proxy_pass line tells Nginx to pass all traffic outside this block to the upstream we defined earlier. Next, we include some proxy header definitions in the proxy_params file and add other headers based on the previous map Settings. We then adjusted some other agent-specific Settings to ensure that the WebSocket proxy worked properly and that our components could communicate effectively.

After you finish saving and closing the file.

Test and restart Nginx and Drone

Our configuration is now complete. We just need to start or restart our service to implement the configuration.

First, check the Nginx configuration for syntax errors:

sudo nginx -t
Copy the code
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Copy the code

If the output indicates a configuration problem, go back and check the Nginx configuration again. Restart Nginx:

sudo systemctl restart nginx
Copy the code

Now that Nginx is available for proxy requests between proxies and servers, we can launch Drone:

sudo systemctl start drone
Copy the code

Check to ensure that the service can start successfully:

sudo systemctl status drone
Copy the code
Low drone. Service - drone server the Loaded: the Loaded (/ etc/systemd/system/drone. Service; disabled; vendor preset: enabled) Active: active (running) since Fri 2017-06-09 21:56:33 UTC; 2min 58s ago Main PID: 7575 (docker-compose) Tasks: 5 Memory: 37.7m CPU: 1.544s CGroup: / system. Slice/drone. Service ├ ─ 15225 / usr /local/bin/docker-compose -fThe/etc/drone/docker - compose. Yml up └ ─ 15228 / usr /local/bin/docker-compose -f /etc/drone/docker-compose.yml up

. . .
Jun 09 21:56:35 drone docker-compose[15225]: drone-agent_1   | pipeline: request next execution
Copy the code

If the service is marked active (running) and there are no errors in the log, Drone is up and running.

If you encounter problems, type the following command to check the Nginx log:

sudo less /var/log/nginx/error.log
Copy the code

You can check Drone’s log by entering the following:

sudo journalctl -u drone
Copy the code

If all goes well, please enable Drone by entering the following:

sudo systemctl enable drone
Copy the code

Drone services will start when Docker and Nginx services become available.

Sign in Drone to authorize access to your repository

Now that Drone is up and running, we can log into the Web interface and authorize the app to use our GitHub account.

Visit the domain name of the server in the Web browser to view the Drone Web interface:

https://example.com
Copy the code

On your first visit, you will be prompted to log in:

Click login to authenticate with Drone using your GitHub account. If you are not currently logged into GitHub, you will be instructed to log in to GitHub first.

After that, the system will prompt you to allow Drone to access your GitHub account:

After viewing the requested permissions and making any adjustments, click the Authorize User name button to authorize Drone.

You will be redirected back to your Drone server:

Now you can activate and configure the repository to test your code automatically.

conclusion

In this tutorial, we set Drone up as the continuous integration and delivery server for the GitHub project. We set up Drone to handle authentication and listen for changes from our repository. We also configured a Drone agent that can run tests and manage containers. We also configured Nginx as a secure reverse proxy. Tencent Cloud Continuous Integration (CCI) service will be opened soon. CCI will provide developers with Continuous Integration services supporting multiple languages and terminals. It provides the upstream basic services for the continuous integration system of the project and improves the efficiency of project research and development. For more Linux tutorials, please visit Tencent Cloud + community to learn more knowledge.


Reference: How To Install and Configure Drone on Ubuntu 16.04

Question and answer

How does Angular2 handle HTTP responses?

reading

Server Push best practices for HTTP/2

How to back up your MySQL database

This section describes the changes in MySQL 8.0

Cloud, college courses, recommend | tencent senior engineer, bring you a quick introduction to machine learning

This article has been published by Tencent Cloud + community authorized by the author.Cloud.tencent.com/developer/a…

Search concern public number “cloud plus community”, the first time to obtain technical dry goods, after concern reply 1024 send you a technical course gift package!

Massive technical practice experience, all in the cloud plus community!