All role specific proxy configuration

By default only the primary role runs the proxy. To disable the proxy
for that role, you can set `proxy: false` under it.

For other roles they default to not running the proxy, but you can
enable it by setting `proxy: true` for the role, or alternatively
setting a proxy configuration.

The proxy configuration will be merged into the root proxy configuration.

lib/kamal/cli/app.rb

@@ -47,7 +47,7 @@ class Kamal::Cli::App < Kamal::Cli::Base
             endpoint = capture_with_info(*app.container_id_for_version(version)).strip
             raise Kamal::Cli::BootError, "Failed to get endpoint for #{role} on #{host}, did the container boot?" if endpoint.empty?
 
-            execute *KAMAL.proxy.deploy(role.container_prefix, target: endpoint)
+            execute *app.deploy(target: endpoint)
           end
         end
       end
@@ -68,7 +68,7 @@ class Kamal::Cli::App < Kamal::Cli::Base
             version = capture_with_info(*app.current_running_version, raise_on_non_zero_exit: false).strip
             endpoint = capture_with_info(*app.container_id_for_version(version)).strip
             if endpoint.present?
-              execute *KAMAL.proxy.remove(role.container_prefix, target: endpoint), raise_on_non_zero_exit: false
+              execute *app.remove(target: endpoint), raise_on_non_zero_exit: false
             end
           end
 

lib/kamal/cli/app/boot.rb

@@ -54,7 +54,7 @@ class Kamal::Cli::App::Boot
       if running_proxy?
         endpoint = capture_with_info(*app.container_id_for_version(version)).strip
         raise Kamal::Cli::BootError, "Failed to get endpoint for #{role} on #{host}, did the container boot?" if endpoint.empty?
-        execute *KAMAL.proxy.deploy(role.container_prefix, target: endpoint)
+        execute *app.deploy(target: endpoint)
       else
         Kamal::Cli::Healthcheck::Poller.wait_for_healthy(pause_after_ready: true) { capture_with_info(*app.status(version: version)) }
       end

lib/kamal/cli/proxy.rb

@@ -13,8 +13,8 @@ class Kamal::Cli::Proxy < Kamal::Cli::Base
 
         version = capture_with_info(*KAMAL.proxy.version).strip.presence
 
-        if version && Kamal::Utils.older_version?(version, Kamal::Configuration::Proxy::MINIMUM_VERSION)
-          raise "kamal-proxy version #{version} is too old, please reboot to update to at least #{Kamal::Configuration::Proxy::MINIMUM_VERSION}"
+        if version && Kamal::Utils.older_version?(version, Kamal::Configuration::PROXY_MINIMUM_VERSION)
+          raise "kamal-proxy version #{version} is too old, please reboot to update to at least #{Kamal::Configuration::PROXY_MINIMUM_VERSION}"
         end
         execute *KAMAL.proxy.start_or_run
       end
@@ -52,7 +52,7 @@ class Kamal::Cli::Proxy < Kamal::Cli::Base
 
               if endpoint.present?
                 info "Deploying #{endpoint} for role `#{role}` on #{host}..."
-                execute *KAMAL.proxy.deploy(role.container_prefix, target: endpoint)
+                execute *app.deploy(target: endpoint)
               end
             end
           end

lib/kamal/commands/app.rb

@@ -1,5 +1,5 @@
 class Kamal::Commands::App < Kamal::Commands::Base
-  include Assets, Containers, Execution, Images, Logging
+  include Assets, Containers, Execution, Images, Logging, Proxy
 
   ACTIVE_DOCKER_STATUSES = [ :running, :restarting ]
 

lib/kamal/commands/app/proxy.rb

@@ -0,0 +1,16 @@
+module Kamal::Commands::App::Proxy
+  delegate :proxy_container_name, to: :config
+
+  def deploy(target:)
+    proxy_exec :deploy, role.container_prefix, *role.proxy.deploy_command_args(target: target)
+  end
+
+  def remove(target:)
+    proxy_exec :remove, role.container_prefix, *role.proxy.remove_command_args(target: target)
+  end
+
+  private
+    def proxy_exec(*command)
+      docker :exec, proxy_container_name, "kamal-proxy", *command
+    end
+end

lib/kamal/commands/proxy.rb

@@ -1,13 +1,5 @@
 class Kamal::Commands::Proxy < Kamal::Commands::Base
   delegate :argumentize, :optionize, to: Kamal::Utils
-  delegate :container_name, :app_port, to: :proxy_config
-
-  attr_reader :proxy_config
-
-  def initialize(config)
-    super
-    @proxy_config = config.proxy
-  end
 
   def run
     docker :run,
@@ -15,11 +7,11 @@ class Kamal::Commands::Proxy < Kamal::Commands::Base
       "--network", "kamal",
       "--detach",
       "--restart", "unless-stopped",
-      *proxy_config.publish_args,
+      *config.proxy_publish_args,
       "--volume", "/var/run/docker.sock:/var/run/docker.sock",
-      *proxy_config.config_volume.docker_args,
+      *config.proxy_config_volume.docker_args,
       *config.logging_args,
-      proxy_config.image
+      config.proxy_image
   end
 
   def start
@@ -34,14 +26,6 @@ class Kamal::Commands::Proxy < Kamal::Commands::Base
     combine start, run, by: "||"
   end
 
-  def deploy(service, target:)
-    docker :exec, container_name, "kamal-proxy", :deploy, service, *optionize({ target: "#{target}:#{app_port}" }), *proxy_config.deploy_command_args
-  end
-
-  def remove(service, target:)
-    docker :exec, container_name, "kamal-proxy", :remove, service, *optionize({ target: "#{target}:#{app_port}" })
-  end
-
   def info
     docker :ps, "--filter", "name=^#{container_name}$"
   end
@@ -85,4 +69,9 @@ class Kamal::Commands::Proxy < Kamal::Commands::Base
         docker(:image, :prune, "--all", "--force", "--filter", "label=org.opencontainers.image.title=Traefik")
       )
   end
+
+  private
+    def container_name
+      config.proxy_container_name
+    end
 end

lib/kamal/configuration.rb

@@ -14,6 +14,10 @@ class Kamal::Configuration
 
   include Validation
 
+  PROXY_MINIMUM_VERSION = "v0.3.0"
+  PROXY_HTTP_PORT = 80
+  PROXY_HTTPS_PORT = 443
+
   class << self
     def create_from(config_file:, destination: nil, version: nil)
       raw_config = load_config_files(config_file, *destination_config_file(config_file, destination))
@@ -61,7 +65,7 @@ class Kamal::Configuration
     @env = Env.new(config: @raw_config.env || {}, secrets: secrets)
 
     @logging = Logging.new(logging_config: @raw_config.logging)
-    @proxy = Proxy.new(config: self)
+    @proxy = Proxy.new(config: self, proxy_config: @raw_config.proxy || {})
     @ssh = Ssh.new(config: self)
     @sshkit = Sshkit.new(config: self)
 
@@ -244,6 +248,24 @@ class Kamal::Configuration
     env_tags.detect { |t| t.name == name.to_s }
   end
 
+  def proxy_publish_args
+    argumentize "--publish", [ "#{PROXY_HTTP_PORT}:#{PROXY_HTTP_PORT}", "#{PROXY_HTTPS_PORT}:#{PROXY_HTTPS_PORT}" ]
+  end
+
+  def proxy_image
+    "basecamp/kamal-proxy:#{PROXY_MINIMUM_VERSION}"
+  end
+
+  def proxy_container_name
+    "kamal-proxy"
+  end
+
+  def proxy_config_volume
+    Kamal::Configuration::Volume.new \
+      host_path: File.join(proxy_directory, "config"),
+      container_path: "/home/kamal-proxy/.config/kamal-proxy"
+  end
+
 
   def to_h
     {

lib/kamal/configuration/docs/proxy.yml

@@ -9,6 +9,12 @@
 #
 # They are application specific, so are not shared when multiple applications
 # run on the same proxy.
+#
+# The proxy is enabled by default on the primary role, but can be disabled by
+# setting `proxy: false`.
+#
+# It is disabled by default on all other roles, but can be enabled by setting
+# `proxy: true`, or providing a proxy configuration.
 proxy:
 
   # Host

lib/kamal/configuration/docs/role.yml

@@ -35,13 +35,14 @@ servers:
     hosts:
       - 172.1.0.3
       - 172.1.0.4: experiment1
-    proxy: true
     cmd: "bin/jobs"
     options:
       memory: 2g
       cpus: 4
     logging:
       ...
+    proxy:
+      ...
     labels:
       my-label: workers
     env:

lib/kamal/configuration/proxy.rb

@@ -1,36 +1,23 @@
 class Kamal::Configuration::Proxy
   include Kamal::Configuration::Validation
 
-  MINIMUM_VERSION = "v0.3.0"
-  DEFAULT_HTTP_PORT = 80
-  DEFAULT_HTTPS_PORT = 443
-  DEFAULT_IMAGE = "basecamp/kamal-proxy:#{MINIMUM_VERSION}"
   DEFAULT_LOG_REQUEST_HEADERS = [ "Cache-Control", "Last-Modified", "User-Agent" ]
+  CONTAINER_NAME = "kamal-proxy"
 
   delegate :argumentize, :optionize, to: Kamal::Utils
 
-  def initialize(config:)
+  attr_reader :config, :proxy_config
+
+  def initialize(config:, proxy_config:, context: "proxy")
     @config = config
-    @proxy_config = config.raw_config.proxy || {}
-    validate! proxy_config, with: Kamal::Configuration::Validator::Proxy
+    @proxy_config = proxy_config
+    validate! @proxy_config, with: Kamal::Configuration::Validator::Proxy, context: context
   end
 
   def app_port
     proxy_config.fetch("app_port", 80)
   end
 
-  def image
-    proxy_config.fetch("image", DEFAULT_IMAGE)
-  end
-
-  def container_name
-    "kamal-proxy"
-  end
-
-  def publish_args
-    argumentize "--publish", [ "#{DEFAULT_HTTP_PORT}:#{DEFAULT_HTTP_PORT}", "#{DEFAULT_HTTPS_PORT}:#{DEFAULT_HTTPS_PORT}" ]
-  end
-
   def ssl?
     proxy_config.fetch("ssl", false)
   end
@@ -56,19 +43,19 @@ class Kamal::Configuration::Proxy
     }.compact
   end
 
-  def deploy_command_args
-    optionize deploy_options
+  def deploy_command_args(target:)
+    optionize ({ target: "#{target}:#{app_port}" }).merge(deploy_options)
   end
 
-  def config_volume
-    Kamal::Configuration::Volume.new \
-      host_path: File.join(config.proxy_directory, "config"),
-      container_path: "/home/kamal-proxy/.config/kamal-proxy"
+  def remove_command_args(target:)
+    optionize({ target: "#{target}:#{app_port}" })
+  end
+
+  def merge(other)
+    self.class.new config: config, proxy_config: proxy_config.deep_merge(other.proxy_config)
   end
 
   private
-    attr_reader :config, :proxy_config
-
     def seconds_duration(value)
       value ? "#{value}s" : nil
     end

lib/kamal/configuration/role.rb

@@ -3,7 +3,7 @@ class Kamal::Configuration::Role
 
   delegate :argumentize, :optionize, to: Kamal::Utils
 
-  attr_reader :name, :config, :specialized_env, :specialized_logging
+  attr_reader :name, :config, :specialized_env, :specialized_logging, :specialized_proxy
 
   alias to_s name
 
@@ -23,6 +23,8 @@ class Kamal::Configuration::Role
     @specialized_logging = Kamal::Configuration::Logging.new \
       logging_config: specializations.fetch("logging", {}),
       context: "servers/#{name}/logging"
+
+    initialize_specialized_proxy
   end
 
   def primary_host
@@ -65,6 +67,14 @@ class Kamal::Configuration::Role
     @logging ||= config.logging.merge(specialized_logging)
   end
 
+  def proxy
+    @proxy ||= config.proxy.merge(specialized_proxy) if running_proxy?
+  end
+
+  def running_proxy?
+    @running_proxy
+  end
+
   def stop_args
     # When deploying with the proxy, kamal-proxy will drain request before returning so we don't need to wait.
     timeout = running_proxy? ? nil : config.drain_timeout
@@ -98,16 +108,8 @@ class Kamal::Configuration::Role
   end
 
 
-  def running_proxy?
-    if specializations["proxy"].nil?
-      primary?
-    else
-      specializations["proxy"]
-    end
-  end
-
   def primary?
-    self == @config.primary_role
+    name == @config.primary_role_name
   end
 
 
@@ -144,6 +146,27 @@ class Kamal::Configuration::Role
   end
 
   private
+    def initialize_specialized_proxy
+      proxy_specializations = specializations["proxy"]
+
+      if primary?
+        # only false means no proxy for non-primary roles
+        @running_proxy = proxy_specializations != false
+      else
+        # false and nil both mean no proxy for non-primary roles
+        @running_proxy = !!proxy_specializations
+      end
+
+      if running_proxy?
+        proxy_config = proxy_specializations == true || proxy_specializations.nil? ? {} : proxy_specializations
+
+        @specialized_proxy = Kamal::Configuration::Proxy.new \
+          config: config,
+          proxy_config: proxy_config,
+          context: "servers/#{name}/proxy"
+      end
+    end
+
     def tagged_hosts
       {}.tap do |tagged_hosts|
         extract_hosts_from_config.map do |host_config|

lib/kamal/configuration/validator.rb

@@ -24,7 +24,9 @@ class Kamal::Configuration::Validator
             example_value = example[key]
 
             if example_value == "..."
-              validate_type! value, *(Array if key == :servers), Hash
+              unless key.to_s == "proxy" && boolean?(value.class)
+                validate_type! value, *(Array if key == :servers), Hash
+              end
             elsif key == "hosts"
               validate_servers! value
             elsif example_value.is_a?(Array)

lib/kamal/configuration/validator/proxy.rb

@@ -1,9 +1,11 @@
 class Kamal::Configuration::Validator::Proxy < Kamal::Configuration::Validator
   def validate!
-    super
+    unless config.nil?
+      super
 
-    if config["host"].blank? && config["ssl"]
-      error "Must set a host to enable automatic SSL"
+      if config["host"].blank? && config["ssl"]
+        error "Must set a host to enable automatic SSL"
+      end
     end
   end
 end