Skip to content

Commit

Permalink
Added support for custom SSL certificate
Browse files Browse the repository at this point in the history
  • Loading branch information
kpumuk committed Sep 28, 2024
1 parent 5036f88 commit 834797a
Show file tree
Hide file tree
Showing 5 changed files with 44 additions and 0 deletions.
16 changes: 16 additions & 0 deletions lib/kamal/configuration/docs/proxy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -98,3 +98,19 @@ proxy:
# By default kamal-proxy will not forward the headers the ssl option is set to true, and
# will forward them if it is set to false.
forward_headers: true

# SSL certificate path
#
# The path to the custom SSL certificate for the host when not using Let's Encrypt.
# The certificate must be in PEM format and contain the full chain.
#
# SSL private key path must also be set.
ssl_certificate_path: /data/cert/foo.example.com/fullchain.pem

# SSL private key path
#
# The path to the custom SSL private key for the host when not using Let's Encrypt.
# The key must be in PEM format.
#
# SSL certificate path must also be set.
ssl_private_key_path: /data/cert/foo.example.com/privkey.pem
2 changes: 2 additions & 0 deletions lib/kamal/configuration/proxy.rb
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@ def deploy_options
{
host: proxy_config["host"],
tls: proxy_config["ssl"] ? true : nil,
"tls-certificate-path": proxy_config["ssl_certificate_path"],
"tls-private-key-path": proxy_config["ssl_private_key_path"],
"deploy-timeout": seconds_duration(config.deploy_timeout),
"drain-timeout": seconds_duration(config.drain_timeout),
"health-check-interval": seconds_duration(proxy_config.dig("healthcheck", "interval")),
Expand Down
8 changes: 8 additions & 0 deletions lib/kamal/configuration/validator/proxy.rb
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,14 @@ def validate!
if config["host"].blank? && config["ssl"]
error "Must set a host to enable automatic SSL"
end

if config["ssl_certificate_path"].present? && config["ssl_private_key_path"].blank?
error "Must set a private key path to use a custom SSL certificate"
end

if config["ssl_private_key_path"].present? && config["ssl_certificate_path"].blank?
error "Must set a certificate path to use a custom SSL private key"
end
end
end
end
8 changes: 8 additions & 0 deletions test/commands/app_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,14 @@ class CommandsAppTest < ActiveSupport::TestCase
new_command.deploy(target: "172.1.0.2").join(" ")
end

test "deploy with custom SSL certificate" do
@config[:proxy] = { "ssl" => true, "host" => "example.com", "ssl_certificate_path" => "/path/to/cert.pem", "ssl_private_key_path" => "/path/to/key.pem" }

assert_equal \
"docker exec kamal-proxy kamal-proxy deploy app-web --target \"172.1.0.2:80\" --host \"example.com\" --tls --tls-certificate-path \"/path/to/cert.pem\" --tls-private-key-path \"/path/to/key.pem\" --deploy-timeout \"30s\" --drain-timeout \"30s\" --buffer-requests --buffer-responses --log-request-header \"Cache-Control\" --log-request-header \"Last-Modified\" --log-request-header \"User-Agent\"",
new_command.deploy(target: "172.1.0.2").join(" ")
end

test "remove" do
assert_equal \
"docker exec kamal-proxy kamal-proxy remove app-web --target \"172.1.0.2:80\"",
Expand Down
10 changes: 10 additions & 0 deletions test/configuration/proxy_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,16 @@ class ConfigurationProxyTest < ActiveSupport::TestCase
assert_not config.proxy.deploy_options.has_key?(:tls)
end

test "ssl with certificate path and no private key path" do
@deploy[:proxy] = { "ssl" => true, "ssl_certificate_path" => "/path/to/cert.pem" }
assert_raises(Kamal::ConfigurationError) { config.proxy.ssl? }
end

test "ssl with private key path and no certificate path" do
@deploy[:proxy] = { "ssl" => true, "ssl_private_key_path" => "/path/to/key.pem" }
assert_raises(Kamal::ConfigurationError) { config.proxy.ssl? }
end

private
def config
Kamal::Configuration.new(@deploy)
Expand Down

0 comments on commit 834797a

Please sign in to comment.