如何解决无人机 CI/CD 登录失败我的 VM 上的响应无效
当我尝试使用 Bitbucket Server 启动我的 Drone 服务器时出现错误。
我有一台带有 Nginx 的 Centos7 虚拟机。我在 127.0.0.1:7990 上使用 docker 启动了我的 bitbucket 服务器,并配置了 Nginx 以进行代理传递。
server {
server_name bitbucket.somniumgame.com;
location / {
if ($http_user_agent = "") { return 404; }
if ($limit_bots = 1) { return 404; }
proxy_pass http://127.0.0.1:7990;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_redirect off;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/bitbucket.somniumgame.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/bitbucket.somniumgame.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-Nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = bitbucket.somniumgame.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name bitbucket.somniumgame.com;
listen 80;
return 404; # managed by Certbot
}
它与通过代理配置相同的 Jira Server 集成效果很好并且成功。 接下来,我尝试将 Drone CI/CD 与这个 Bitbucket Sever 集成。 我使用他们的文档 https://docs.drone.io/server/provider/bitbucket-server/,但它对我不起作用。
我开始使用无人机码头
docker run \
--volume=/var/lib/drone:/var/lib/drone:z \
--volume=/etc/bitbucket/key.pem:/etc/bitbucket/key.pem \
--env=DRONE_GIT_PASSWORD=<user_password> \
--env=DRONE_GIT_USERNAME=<user_name> \
--env=DRONE_GIT_ALWAYS_AUTH=false \
--env=DRONE_STASH_SERVER=https://bitbucket.somniumgame.com/ \
--env=DRONE_STASH_CONSUMER_KEY=OauthKey \
--env=DRONE_STASH_PRIVATE_KEY=/etc/bitbucket/key.pem \
--env=DRONE_SERVER_HOST=drone.somniumgame.com \
--env=DRONE_SERVER_PROTO=https \
--env=DRONE_RPC_SECRET=<shared_secret_generated_by: openssl rand -hex 16> \
--env=DRONE_LOGS_DEBUG=true \
--env=DRONE_LOGS_TEXT=true \
--env=DRONE_LOGS_PRETTY=true \
--env=DRONE_LOGS_COLOR=true \
--publish=127.0.0.1:8090:80 \
--publish=127.0.0.1:8091:443 \
--restart=always \
--detach=true \
--name=drone \
drone/drone:1
在 bitbucket 服务器上,我创建了具有无人机默认权限的用户(没有服务器管理员权限)。并从 https://docs.drone.io/server/provider/bitbucket-server/ 完成 1 步。 但我无处使用个人访问令牌。 我的配置如下所示:
申请详情
Application Name: Drone
Application Type: Generic Application
Application URL: https://drone.somniumgame.com
display URL: https://drone.somniumgame.com
传出身份验证
Service Provider Name: Drone
Consumer Key: OauthKey
Shared Secret: <shared_secret_generated_by: openssl rand -hex 16>
Request Token URL: /
Access Token URL: /
Authorize URL: /
传入身份验证
Consumer Key: OauthKey
Consumer Name: Drone
Public Key: <generated_in_/etc/bitbucket/key.pub>
Consumer Callback URL: None
Allow 2-Legged OAuth: false
Execute as: None
我的无人机码头日志:
DEBU[0000] main: creating the Stash client server="https://bitbucket.somniumgame.com/" skip_verify=false
INFO[0000] main: internal scheduler enabled
DEBU[0000] main: license loaded build.limit=5000 expires="0001-01-01 00:00:00 +0000 UTC" kind=trial repo.limit=0 user.limit=0
INFO[0000] starting the cron scheduler interval=30m0s
INFO[0000] starting the http server acme=false host=drone.somniumgame.com port=":80" proto=https url="https://drone.somniumgame.com"
INFO[0000] starting the zombie build reaper interval=24h0m0s
如果我使用 https proto,我不明白为什么要使用 80 端口?
我的无人机配置:
server {
server_name drone.somniumgame.com;
location / {
if ($http_user_agent = "") { return 404; }
if ($limit_bots = 1) { return 404; }
proxy_pass http://127.0.0.1:8090;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_redirect off;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/drone.somniumgame.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/drone.somniumgame.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-Nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = drone.somniumgame.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name drone.somniumgame.com;
listen 80;
return 404; # managed by Certbot
}
当我尝试打开 https://drone.somniumgame.com/ 时,我登录失败。无效响应。 之后的日志看起来像这样:
DEBU[0301] fields.time="2021-02-07T11:07:18Z" latency="692.791µs" method=GET remote="172.17.0.1:48352" request=/ request-id=1o9PsMWwAnQc8hOwfVIQNUPoECw
DEBU[0302] api: authentication required request-id=1o9PsMaQk8cpmlnMRw1BN0y6Itb
DEBU[0302] api: guest access request-id=1o9PsMaQk8cpmlnMRw1BN0y6Itb
DEBU[0302] fields.time="2021-02-07T11:07:18Z" latency="190.226µs" method=GET remote="172.17.0.1:48356" request=/api/user request-id=1o9PsMaQk8cpmlnMRw1BN0y6Itb
DEBU[0302] events: stream opened request-id=1o9PsLGMLljP8KYN1wUh3fSvXRr
DEBU[0307] cannot authenticate user: Invalid Response
DEBU[0307] fields.time="2021-02-07T11:07:23Z" latency=5.045881375s method=GET remote="172.17.0.1:48364" request=/login request-id=1o9PsMBp3ycu8U0FnUkuLTcm2rj
DEBU[0307] fields.time="2021-02-07T11:07:23Z" latency="130.637µs" method=GET remote="172.17.0.1:48370" request="/login/error?message=Invalid%20Response" request-id=1o9Pt130Alm3Jt9sRnAHiEYssuN
DEBU[0307] events: stream cancelled request-id=1o9PsLGMLljP8KYN1wUh3fSvXRr
DEBU[0307] events: stream closed request-id=1o9PsLGMLljP8KYN1wUh3fSvXRr
DEBU[0307] api: guest access request-id=1o9PsLGMLljP8KYN1wUh3fSvXRr
DEBU[0307] fields.time="2021-02-07T11:07:23Z" latency=5.187463046s method=GET remote="172.17.0.1:48360" request=/api/stream request-id=1o9PsLGMLljP8KYN1wUh3fSvXRr
DEBU[0307] api: authentication required request-id=1o9PtBl2zOctBOLf1KUtbwgPdqj
DEBU[0307] api: guest access request-id=1o9PtBl2zOctBOLf1KUtbwgPdqj
DEBU[0307] fields.time="2021-02-07T11:07:24Z" latency="121.613µs" method=GET remote="172.17.0.1:48374" request=/api/user request-id=1o9PtBl2zOctBOLf1KUtbwgPdqj
DEBU[0307] events: stream opened request-id=1o9Pt8hxtXtKfe3YMxYXkTVMJ9d
解决方法
- 我还必须删除 bitbucket 上的应用程序链接并重新创建它才能解决此问题,
- 我使用相同的公钥删除了其他无人机应用程序链接。
(2) 可能不需要
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。