Add validations for host/ssl roles

Roles with SSL can only have one server. Two roles with SSL can't use the same host.
2024-09-18 17:42:45 +01:00
parent fd0cdc1ca1
commit 63f854ea18
6 changed files with 64 additions and 3 deletions
--- a/lib/kamal/configuration.rb
+++ b/lib/kamal/configuration.rb
@@ -75,6 +75,8 @@ class Kamal::Configuration
    ensure_retain_containers_valid
    ensure_valid_service_name
    ensure_no_traefik_reboot_hooks
+    ensure_one_host_for_ssl_roles
+    ensure_unique_hosts_for_ssl_roles
  end


@@ -349,6 +351,20 @@ class Kamal::Configuration
      true
    end

+    def ensure_one_host_for_ssl_roles
+      roles.each(&:ensure_one_host_for_ssl)
+
+      true
+    end
+
+    def ensure_unique_hosts_for_ssl_roles
+      hosts = roles.select(&:ssl?).map { |role| role.proxy.host }
+      duplicates = hosts.tally.filter_map { |host, count| host if count > 1 }
+
+      raise Kamal::ConfigurationError, "Different roles can't share the same host for SSL: #{duplicates.join(", ")}" if duplicates.any?
+
+      true
+    end

    def role_names
      raw_config.servers.is_a?(Array) ? [ "web" ] : raw_config.servers.keys.sort
--- a/lib/kamal/configuration/proxy.rb
+++ b/lib/kamal/configuration/proxy.rb
@@ -22,6 +22,10 @@ class Kamal::Configuration::Proxy
    proxy_config.fetch("ssl", false)
  end

+  def host
+    proxy_config["host"]
+  end
+
  def deploy_options
    {
      host: proxy_config["host"],
--- a/lib/kamal/configuration/role.rb
+++ b/lib/kamal/configuration/role.rb
@@ -75,6 +75,10 @@ class Kamal::Configuration::Role
    @running_proxy
  end

+  def ssl?
+    running_proxy? && proxy.ssl?
+  end
+
  def stop_args
    # When deploying with the proxy, kamal-proxy will drain request before returning so we don't need to wait.
    timeout = running_proxy? ? nil : config.drain_timeout
@@ -145,6 +149,12 @@ class Kamal::Configuration::Role
    File.join config.assets_directory, "volumes", [ name, version ].join("-")
  end

+  def ensure_one_host_for_ssl
+    if running_proxy? && proxy.ssl? && hosts.size > 1
+      raise Kamal::ConfigurationError, "SSL is only supported on a single server, found #{hosts.size} servers for role #{name}"
+    end
+  end
+
  private
    def initialize_specialized_proxy
      proxy_specializations = specializations["proxy"]