Drone infra behind firewall

Did anyone here deploy drone infrastructure behind firewall? If so, appreciate if you could briefly tell me about the setup?
I’m specifically interested in GitHub integration part, where user authentication and authorization is done in addition to build triggers. If I use port 443 setup for SSL config, do I still need port 80 exposed to internet?
Also, I know there is an enterprise version of Drone, will that be of any help in this case?

I made and use https://github.com/pinked/clustered-drone/blob/master/docker-compose.yml because I’m a cheapskate so no ngrok with fixed names and also didn’t want to open ports on firewall
downside is that if someone knows my external localtunnel.me address they could claim it and receive my github webhook notifications - but I don’t have anything sensitive in commit messages to worry about protecting.

I have not set it up through a firewall but this might be helpful:

You will need something to proxy the :443 traffic through the firewall, no need for port 80

1 Like

Thanks for the responses!

No tunnel option for me @chrisns, so can’t do it.

@erkolson That is what I’m planning to do as well, to put drone behind NGINX server.