Version 1.0.0
Language EN


The goal of this document is to give you enough technical specifics to configure and run the Drone in multi-machine mode. Once you complete this guide you will need to install one or many agents.


Create a Shared Secret

Create a shared secret to authenticate communication between agents and your central Drone server. This shared secret is passed to both the server and agents using the DRONE_RPC_SECRET environment variable.

You can use openssl to generate a shared secret:

$ openssl rand -hex 16


The Drone server is distributed as a lightweight Docker image. The image is self-contained and does not have any external dependencies.

docker pull drone/drone:1

Start the Server

The server container can be started with the below command. The container is configured through environment variables.

$ docker run \
  --volume=/var/lib/drone:/data \
  --env=DRONE_TLS_AUTOCERT=false \
  --env=DRONE_GOGS_SERVER={% your-gogs-server-url %} \
  --env=DRONE_RPC_SECRET={% your-shared-secret %} \
  --env=DRONE_SERVER_HOST={% your-drone-server-host %} \
  --env=DRONE_SERVER_PROTO={% your-drone-server-protocol %} \
  --env=DRONE_GIT_ALWAYS_AUTH=false \
  --publish=80:80 \
  --publish=443:443 \
  --restart=always \
  --detach=true \
  --name=drone \

Configuration Reference

This section provides additional explanation of the configuration variables used earlier in this document. This represents a subset of configuration parameters. For a full list please see the configuration reference.


A required boolean parameter instructs the Drone server to disable running builds directly and to delegate builds to agents.



A string containing your Gogs server address.



A string containing your Drone server protocol scheme. This value should be set to http or https. This field defaults to https if you configure ssl or acme.



A string containing your Drone server hostname or IP address.


An boolean indicating authentication is required when cloning public repositories. The default value is false.



An boolean indicating debug level logs should be use for automatic SSL certification generation and configuration. The default value is false.


Docker Reference


The server listens on standard http and https ports inside the container, which should be published on the host machine:



The server creates a sqlite database and persists to a container volume at /data. To prevent dataloss, we recommend mounting the data volume to the host machine when using the default sqlite database.


On This Page:

Getting Help

Mailing List
Search for information in the mailing list archives, or post a question.
Chat Support
Real-time chat support from maintainers and community members.