Merge pull request #1531 from acidtib/feat/custom-ssl

feat: Add support for custom certificates
2025-06-17 09:25:15 +01:00
parent 89c56910c9 99f763d742
commit 8a7260d1e9
16 changed files with 196 additions and 14 deletions
--- a/test/configuration/proxy/boot_test.rb
+++ b/test/configuration/proxy/boot_test.rb
@@ -25,5 +25,7 @@ class ConfigurationProxyBootTest < ActiveSupport::TestCase
    assert_equal "/home/kamal-proxy/.apps-config/app", @proxy_boot_config.app_container_directory
    assert_equal ".kamal/proxy/apps-config/app/error_pages", @proxy_boot_config.error_pages_directory
    assert_equal "/home/kamal-proxy/.apps-config/app/error_pages", @proxy_boot_config.error_pages_container_directory
+    assert_equal ".kamal/proxy/apps-config/app/tls", @proxy_boot_config.tls_directory
+    assert_equal "/home/kamal-proxy/.apps-config/app/tls", @proxy_boot_config.tls_container_directory
  end
 end
--- a/test/configuration/proxy_test.rb
+++ b/test/configuration/proxy_test.rb
@@ -45,6 +45,64 @@ class ConfigurationProxyTest < ActiveSupport::TestCase
    end
  end

+  test "ssl with certificate and private key from secrets" do
+    with_test_secrets("secrets" => "CERT_PEM=certificate\nKEY_PEM=private_key") do
+      @deploy[:proxy] = {
+        "ssl" => {
+          "certificate_pem" => "CERT_PEM",
+          "private_key_pem" => "KEY_PEM"
+        },
+        "host" => "example.com"
+      }
+
+      proxy = config.proxy
+      assert_equal "/home/kamal-proxy/.apps-config/app/tls/cert.pem", proxy.certificate_pem
+      assert_equal "/home/kamal-proxy/.apps-config/app/tls/key.pem", proxy.private_key_pem
+    end
+  end
+
+  test "deploy options with custom ssl certificates" do
+    with_test_secrets("secrets" => "CERT_PEM=certificate\nKEY_PEM=private_key") do
+      @deploy[:proxy] = {
+        "ssl" => {
+          "certificate_pem" => "CERT_PEM",
+          "private_key_pem" => "KEY_PEM"
+        },
+        "host" => "example.com"
+      }
+
+      proxy = config.proxy
+      options = proxy.deploy_options
+      assert_equal true, options[:tls]
+      assert_equal "/home/kamal-proxy/.apps-config/app/tls/cert.pem", options[:"tls-certificate-path"]
+      assert_equal "/home/kamal-proxy/.apps-config/app/tls/key.pem", options[:"tls-private-key-path"]
+    end
+  end
+
+  test "ssl with certificate and no private key" do
+    with_test_secrets("secrets" => "CERT_PEM=certificate") do
+      @deploy[:proxy] = {
+        "ssl" => {
+          "certificate_pem" => "CERT_PEM"
+        },
+        "host" => "example.com"
+      }
+      assert_raises(Kamal::ConfigurationError) { config.proxy.ssl? }
+    end
+  end
+
+  test "ssl with private key and no certificate" do
+    with_test_secrets("secrets" => "KEY_PEM=private_key") do
+      @deploy[:proxy] = {
+        "ssl" => {
+          "private_key_pem" => "KEY_PEM"
+        },
+        "host" => "example.com"
+      }
+      assert_raises(Kamal::ConfigurationError) { config.proxy.ssl? }
+    end
+  end
+
  private
    def config
      Kamal::Configuration.new(@deploy)