From 9219b87630b861ac4fb25ac452ea3770adb74795 Mon Sep 17 00:00:00 2001
From: acidtib <arubinofaux@gmail.com>
Date: Tue, 29 Apr 2025 19:57:41 -0600
Subject: [PATCH] remove chown for TLS certificates in proxy container

---
 lib/kamal/cli/app/ssl_certificates.rb | 1 -
 lib/kamal/commands/app/proxy.rb       | 4 ----
 test/cli/app_test.rb                  | 1 -
 test/commands/app_test.rb             | 6 ------
 4 files changed, 12 deletions(-)

diff --git a/lib/kamal/cli/app/ssl_certificates.rb b/lib/kamal/cli/app/ssl_certificates.rb
index 5245c215..22ac5095 100644
--- a/lib/kamal/cli/app/ssl_certificates.rb
+++ b/lib/kamal/cli/app/ssl_certificates.rb
@@ -18,7 +18,6 @@ class Kamal::Cli::App::SslCertificates
       if key_content = role.proxy.private_key_pem_content
         execute *app.write_private_key_file(key_content)
       end
-      execute *app.set_certificate_permissions
     end
   end
 
diff --git a/lib/kamal/commands/app/proxy.rb b/lib/kamal/commands/app/proxy.rb
index 099e9e6c..a23cc4ce 100644
--- a/lib/kamal/commands/app/proxy.rb
+++ b/lib/kamal/commands/app/proxy.rb
@@ -33,10 +33,6 @@ module Kamal::Commands::App::Proxy
     [ :sh, "-c", Kamal::Utils.sensitive("cat > #{config.proxy_boot.tls_directory}/key.pem << 'KAMAL_KEY_EOF'\n#{content}\nKAMAL_KEY_EOF", redaction: "cat > #{config.proxy_boot.tls_directory}/key.pem << 'KAMAL_KEY_EOF'\n[PRIVATE KEY CONTENT REDACTED]\nKAMAL_KEY_EOF") ]
   end
 
-  def set_certificate_permissions
-    [ :docker, :exec, "--user", "root", proxy_container_name, "chown", "-R", "kamal-proxy:kamal-proxy", config.proxy_boot.tls_container_directory ]
-  end
-
   private
     def proxy_exec(*command)
       docker :exec, proxy_container_name, "kamal-proxy", *command
diff --git a/test/cli/app_test.rb b/test/cli/app_test.rb
index ebdb55e8..afa54844 100644
--- a/test/cli/app_test.rb
+++ b/test/cli/app_test.rb
@@ -230,7 +230,6 @@ class CliAppTest < CliTestCase
       assert_match "Writing SSL certificates for web on 1.1.1.1", output
       assert_match "mkdir -p .kamal/proxy/apps-config/app/tls", output
       assert_match "sh -c [REDACTED]", output
-      assert_match "docker exec --user root kamal-proxy chown -R kamal-proxy:kamal-proxy", output
       assert_match "--tls-certificate-path=\"/home/kamal-proxy/.apps-config/app/tls/cert.pem\"", output
       assert_match "--tls-private-key-path=\"/home/kamal-proxy/.apps-config/app/tls/key.pem\"", output
     end
diff --git a/test/commands/app_test.rb b/test/commands/app_test.rb
index 71422447..76f17676 100644
--- a/test/commands/app_test.rb
+++ b/test/commands/app_test.rb
@@ -143,12 +143,6 @@ class CommandsAppTest < ActiveSupport::TestCase
       new_command.deploy(target: "172.1.0.2").join(" ")
   end
 
-  test "set certificate permissions" do
-    assert_equal \
-      "docker exec --user root kamal-proxy chown -R kamal-proxy:kamal-proxy /home/kamal-proxy/.apps-config/app/tls",
-      new_command.set_certificate_permissions.join(" ")
-  end
-
   test "remove" do
     assert_equal \
       "docker exec kamal-proxy kamal-proxy remove app-web",