allow defining certificates directly within ssl hash instead of at the proxy root level
This commit is contained in:
@@ -49,7 +49,7 @@ proxy:
|
||||
# unless you explicitly set `forward_headers: true`
|
||||
#
|
||||
# Defaults to `false`:
|
||||
ssl: true
|
||||
ssl: ...
|
||||
|
||||
# Custom SSL certificate
|
||||
#
|
||||
@@ -59,8 +59,13 @@ proxy:
|
||||
#
|
||||
# A reference to a secret (in this case, `CERTIFICATE_PEM` and `PRIVATE_KEY_PEM`) will look up the secret
|
||||
# in the local environment:
|
||||
certificate_pem: CERTIFICATE_PEM
|
||||
private_key_pem: PRIVATE_KEY_PEM
|
||||
#
|
||||
# Examples:
|
||||
# ssl: true # Enable SSL with Let's Encrypt
|
||||
# ssl: false # Disable SSL
|
||||
# ssl: # Enable custom SSL
|
||||
# certificate_pem: CERTIFICATE_PEM
|
||||
# private_key_pem: PRIVATE_KEY_PEM
|
||||
|
||||
# SSL redirect
|
||||
#
|
||||
|
||||
@@ -28,15 +28,21 @@ class Kamal::Configuration::Proxy
|
||||
end
|
||||
|
||||
def custom_ssl_certificate?
|
||||
proxy_config["certificate_pem"].present? && proxy_config["private_key_pem"].present?
|
||||
ssl = proxy_config["ssl"]
|
||||
return false unless ssl.is_a?(Hash)
|
||||
ssl["certificate_pem"].present? && ssl["private_key_pem"].present?
|
||||
end
|
||||
|
||||
def certificate_pem_content
|
||||
secrets[proxy_config["certificate_pem"]]
|
||||
ssl = proxy_config["ssl"]
|
||||
return nil unless ssl.is_a?(Hash)
|
||||
secrets[ssl["certificate_pem"]]
|
||||
end
|
||||
|
||||
def private_key_pem_content
|
||||
secrets[proxy_config["private_key_pem"]]
|
||||
ssl = proxy_config["ssl"]
|
||||
return nil unless ssl.is_a?(Hash)
|
||||
secrets[ssl["private_key_pem"]]
|
||||
end
|
||||
|
||||
def certificate_pem
|
||||
@@ -54,7 +60,7 @@ class Kamal::Configuration::Proxy
|
||||
def deploy_options
|
||||
{
|
||||
host: hosts,
|
||||
tls: proxy_config["ssl"].presence,
|
||||
tls: ssl? ? true : nil,
|
||||
"tls-certificate-path": certificate_pem,
|
||||
"tls-private-key-path": private_key_pem,
|
||||
"deploy-timeout": seconds_duration(config.deploy_timeout),
|
||||
|
||||
@@ -24,7 +24,9 @@ class Kamal::Configuration::Validator
|
||||
example_value = example[key]
|
||||
|
||||
if example_value == "..."
|
||||
unless key.to_s == "proxy" && boolean?(value.class)
|
||||
if key.to_s == "ssl"
|
||||
validate_type! value, TrueClass, FalseClass, Hash
|
||||
elsif key.to_s != "proxy" || !boolean?(value.class)
|
||||
validate_type! value, *(Array if key == :servers), Hash
|
||||
end
|
||||
elsif key == "hosts"
|
||||
|
||||
@@ -11,12 +11,14 @@ class Kamal::Configuration::Validator::Proxy < Kamal::Configuration::Validator
|
||||
error "Specify one of 'host' or 'hosts', not both"
|
||||
end
|
||||
|
||||
if config["certificate_pem"].present? && config["private_key_pem"].blank?
|
||||
error "Missing private_key_pem setting (required when certificate_pem is present)"
|
||||
end
|
||||
if config["ssl"].is_a?(Hash)
|
||||
if config["ssl"]["certificate_pem"].present? && config["ssl"]["private_key_pem"].blank?
|
||||
error "Missing private_key_pem setting (required when certificate_pem is present)"
|
||||
end
|
||||
|
||||
if config["private_key_pem"].present? && config["certificate_pem"].blank?
|
||||
error "Missing certificate_pem setting (required when private_key_pem is present)"
|
||||
if config["ssl"]["private_key_pem"].present? && config["ssl"]["certificate_pem"].blank?
|
||||
error "Missing certificate_pem setting (required when private_key_pem is present)"
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user