Add validations for host/ssl roles
Roles with SSL can only have one server. Two roles with SSL can't use the same host.
This commit is contained in:
@@ -75,6 +75,8 @@ class Kamal::Configuration
|
||||
ensure_retain_containers_valid
|
||||
ensure_valid_service_name
|
||||
ensure_no_traefik_reboot_hooks
|
||||
ensure_one_host_for_ssl_roles
|
||||
ensure_unique_hosts_for_ssl_roles
|
||||
end
|
||||
|
||||
|
||||
@@ -349,6 +351,20 @@ class Kamal::Configuration
|
||||
true
|
||||
end
|
||||
|
||||
def ensure_one_host_for_ssl_roles
|
||||
roles.each(&:ensure_one_host_for_ssl)
|
||||
|
||||
true
|
||||
end
|
||||
|
||||
def ensure_unique_hosts_for_ssl_roles
|
||||
hosts = roles.select(&:ssl?).map { |role| role.proxy.host }
|
||||
duplicates = hosts.tally.filter_map { |host, count| host if count > 1 }
|
||||
|
||||
raise Kamal::ConfigurationError, "Different roles can't share the same host for SSL: #{duplicates.join(", ")}" if duplicates.any?
|
||||
|
||||
true
|
||||
end
|
||||
|
||||
def role_names
|
||||
raw_config.servers.is_a?(Array) ? [ "web" ] : raw_config.servers.keys.sort
|
||||
|
||||
@@ -22,6 +22,10 @@ class Kamal::Configuration::Proxy
|
||||
proxy_config.fetch("ssl", false)
|
||||
end
|
||||
|
||||
def host
|
||||
proxy_config["host"]
|
||||
end
|
||||
|
||||
def deploy_options
|
||||
{
|
||||
host: proxy_config["host"],
|
||||
|
||||
@@ -75,6 +75,10 @@ class Kamal::Configuration::Role
|
||||
@running_proxy
|
||||
end
|
||||
|
||||
def ssl?
|
||||
running_proxy? && proxy.ssl?
|
||||
end
|
||||
|
||||
def stop_args
|
||||
# When deploying with the proxy, kamal-proxy will drain request before returning so we don't need to wait.
|
||||
timeout = running_proxy? ? nil : config.drain_timeout
|
||||
@@ -145,6 +149,12 @@ class Kamal::Configuration::Role
|
||||
File.join config.assets_directory, "volumes", [ name, version ].join("-")
|
||||
end
|
||||
|
||||
def ensure_one_host_for_ssl
|
||||
if running_proxy? && proxy.ssl? && hosts.size > 1
|
||||
raise Kamal::ConfigurationError, "SSL is only supported on a single server, found #{hosts.size} servers for role #{name}"
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
def initialize_specialized_proxy
|
||||
proxy_specializations = specializations["proxy"]
|
||||
|
||||
Reference in New Issue
Block a user