From e9d480b514ea150f5eadaa8db2db700ca7a43aa3 Mon Sep 17 00:00:00 2001
From: Donal McBreen <donal@37signals.com>
Date: Tue, 10 Sep 2024 14:47:33 +0100
Subject: [PATCH] Add the proxy/ssl config and pass on to kamal-proxy

---
 lib/kamal/configuration/docs/proxy.yml     |  7 ++++++
 lib/kamal/configuration/proxy.rb           |  7 +++++-
 lib/kamal/configuration/validator/proxy.rb |  9 ++++++++
 test/configuration/proxy_test.rb           | 25 ++++++++++++++++++++++
 4 files changed, 47 insertions(+), 1 deletion(-)
 create mode 100644 lib/kamal/configuration/validator/proxy.rb
 create mode 100644 test/configuration/proxy_test.rb

diff --git a/lib/kamal/configuration/docs/proxy.yml b/lib/kamal/configuration/docs/proxy.yml
index 8d5b201f..2d101aef 100644
--- a/lib/kamal/configuration/docs/proxy.yml
+++ b/lib/kamal/configuration/docs/proxy.yml
@@ -56,6 +56,13 @@ proxy:
   # requests for other apps that do have a host set.
   host: foo.example.com
 
+  # SSL
+  #
+  # Kamal Proxy can automatically obtain and renew TLS certificates for your applications.
+  # To ensure this set, the ssl flag. This only works if we are deploying to one server and
+  # the host flag is set.
+  ssl: true
+
   # Deploy timeout
   #
   # How long to wait for the app to boot when deploying, defaults to 30 seconds
diff --git a/lib/kamal/configuration/proxy.rb b/lib/kamal/configuration/proxy.rb
index dd5aac1d..69b79be7 100644
--- a/lib/kamal/configuration/proxy.rb
+++ b/lib/kamal/configuration/proxy.rb
@@ -10,7 +10,7 @@ class Kamal::Configuration::Proxy
 
   def initialize(config:)
     @proxy_config = config.raw_config.proxy || {}
-    validate! proxy_config
+    validate! proxy_config, with: Kamal::Configuration::Validator::Proxy
   end
 
   def enabled?
@@ -37,9 +37,14 @@ class Kamal::Configuration::Proxy
     argumentize "--publish", [ "#{DEFAULT_HTTP_PORT}:#{DEFAULT_HTTP_PORT}", "#{DEFAULT_HTTPS_PORT}:#{DEFAULT_HTTPS_PORT}" ]
   end
 
+  def ssl?
+    proxy_config.fetch("ssl", false)
+  end
+
   def deploy_options
     {
       host: proxy_config["host"],
+      tls: proxy_config["ssl"],
       "deploy-timeout": proxy_config["deploy_timeout"],
       "drain-timeout": proxy_config["drain_timeout"],
       "health-check-interval": proxy_config.dig("health_check", "interval"),
diff --git a/lib/kamal/configuration/validator/proxy.rb b/lib/kamal/configuration/validator/proxy.rb
new file mode 100644
index 00000000..a4ee19bf
--- /dev/null
+++ b/lib/kamal/configuration/validator/proxy.rb
@@ -0,0 +1,9 @@
+class Kamal::Configuration::Validator::Proxy < Kamal::Configuration::Validator
+  def validate!
+    super
+
+    if config["host"].blank? && config["ssl"]
+      error "Must set a host to enable automatic SSL"
+    end
+  end
+end
diff --git a/test/configuration/proxy_test.rb b/test/configuration/proxy_test.rb
new file mode 100644
index 00000000..3aa3f85e
--- /dev/null
+++ b/test/configuration/proxy_test.rb
@@ -0,0 +1,25 @@
+require "test_helper"
+
+class ConfigurationEnvTest < ActiveSupport::TestCase
+  setup do
+    @deploy = {
+      service: "app", image: "dhh/app", registry: { "username" => "dhh", "password" => "secret" },
+      builder: { "arch" => "amd64" }, servers: [ "1.1.1.1" ]
+    }
+  end
+
+  test "ssl with host" do
+    @deploy[:proxy] = { "ssl" => true, "host" => "example.com" }
+    assert_equal true, config.proxy.ssl?
+  end
+
+  test "ssl with no host" do
+    @deploy[:proxy] = { "ssl" => true }
+    assert_raises(Kamal::ConfigurationError) { config.proxy.ssl? }
+  end
+
+  private
+    def config
+      Kamal::Configuration.new(@deploy)
+    end
+end