hook?sercret=XXXXX Allowed HTTP Method


I just migrating from gitea to bitbucket. I run drone on docker with below env only


My drone is running as http behind nginx , nginx handle the ssl
so it is https to http

the nginx config for drone is like this

upstream drone {
    server XXXXXX:80;

server {
    listen 443 ssl;
    server_name XXXXX.com;

    ssl_certificate /etc/nginx/ssl/XXXXX.com.crt
    ssl_certificate_key /etc/nginx/ssl/XXXXX.com.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header Strict-Transport-Security "max-age=31536000";
    add_header X-XSS-Protection "1; mode=block";

    server_tokens off;
    proxy_hide_header X-Powered-By;

    error_log /var/log/nginx/drone.error.log;
    access_log /var/log/nginx/drone.access.log;

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://drone;
        proxy_redirect off;
        proxy_http_version 1.1;
        proxy_buffering off;

        chunked_transfer_encoding off;

I successfully connect drone to bitbucket, can login and setup repo and enable push webhook.
So this is means there is no firewall or proxy problem in between.
But each time bitbucket call repo:push the result according to bitbucket is this

HTTP status: -2

Request time: 33 seconds ago


<null response>

According to bitbucket this is the url they call


Funny things is there is no access recorded in the nginx access log nor error log when hook is running in bitbucket, and since drone behind nginx there is also no log there

I try call the url directly in browser which mean method is in GET and got 405. Since I call it directly the log appear in nginx and drone.

I’m not sure what HTTP Method bitbucket use to call drone, but it looks like it should be POST.
For drone it self which HTTP Method should they receive and allow in /hook ?