spacebar/kamal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update custom cert docs

Browse Source 
Remove ssl: ..., reword some of the docs and ensure the formatting is
correct.
This commit is contained in:
Donal McBreen
2025-06-18 11:09:13 +01:00
parent aa2ceaa92a
commit e61d96d154
2 changed files with 13 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
lib/kamal/configuration/docs/proxy.yml
View File

@@ -45,27 +45,23 @@ proxy:
# unless you explicitly set `forward_headers: true` # unless you explicitly set `forward_headers: true`
# #
# Defaults to `false`: # Defaults to `false`:
ssl: ... ssl: true
# Custom SSL certificate # Custom SSL certificate
# #
# In some cases, using Let's Encrypt for automatic certificate management is not an # In some cases, using Let's Encrypt for automatic certificate management is not an
# option, for example if you are running from host than one host. Or you may already # option, for example if you are running from host than one host.
# have SSL certificates issued by a different Certificate Authority (CA).
# Kamal supports loading custom SSL certificates
# directly from secrets.
# #
# Examples: # Or you may already have SSL certificates issued by a different Certificate Authority (CA).
# ssl: true # Enable SSL with Let's Encrypt
# ssl: false # Disable SSL
# ssl: # Enable custom SSL
# certificate_pem: CERTIFICATE_PEM
# private_key_pem: PRIVATE_KEY_PEM
# #
# Kamal supports loading custom SSL certificates directly from secrets. You should
# pass a hash mapping the `certificate_pem` and `private_key_pem` to the secret names.
ssl:
certificate_pem: CERTIFICATE_PEM
private_key_pem: PRIVATE_KEY_PEM
# ### Notes # ### Notes
# - If the certificate or key is missing or invalid, kamal-proxy will fail to start. # - If the certificate or key is missing or invalid, deployments will fail.
# - Always handle SSL certificates and private keys securely. Avoid hard-coding them in deploy.yml files or source control. # - Always handle SSL certificates and private keys securely. Avoid hard-coding them in source control.
# - For automated certificate management, consider using the built-in Let's Encrypt integration instead.
# SSL redirect # SSL redirect
# #

6
lib/kamal/configuration/validator.rb
View File

@@ -24,11 +24,11 @@ class Kamal::Configuration::Validator
example_value = example[key] example_value = example[key]
if example_value == "..." if example_value == "..."
if key.to_s == "ssl" unless key.to_s == "proxy" && boolean?(value.class)
validate_type! value, TrueClass, FalseClass, Hash
elsif key.to_s != "proxy" || !boolean?(value.class)
validate_type! value, *(Array if key == :servers), Hash validate_type! value, *(Array if key == :servers), Hash
end end
elsif key.to_s == "ssl"
validate_type! value, TrueClass, FalseClass, Hash
elsif key == "hosts" elsif key == "hosts"
validate_servers! value validate_servers! value
elsif example_value.is_a?(Array) elsif example_value.is_a?(Array)