Skip to content

Commit

Permalink
SSL is only supported on a single server or with custom SSL certificates
Browse files Browse the repository at this point in the history
  • Loading branch information
kpumuk committed Oct 14, 2024
1 parent 81d96bd commit 28d802e
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 3 deletions.
4 changes: 4 additions & 0 deletions lib/kamal/configuration/proxy.rb
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,10 @@ def ssl?
proxy_config.fetch("ssl", false)
end

def custom_tls_certificate?
proxy_config["ssl_certificate_path"].present?
end

def hosts
proxy_config["hosts"] || proxy_config["host"]&.split(",") || []
end
Expand Down
4 changes: 2 additions & 2 deletions lib/kamal/configuration/role.rb
Original file line number Diff line number Diff line change
Expand Up @@ -150,8 +150,8 @@ def asset_volume_directory(version = config.version)
end

def ensure_one_host_for_ssl
if running_proxy? && proxy.ssl? && hosts.size > 1
raise Kamal::ConfigurationError, "SSL is only supported on a single server, found #{hosts.size} servers for role #{name}"
if running_proxy? && proxy.ssl? && hosts.size > 1 && !proxy.custom_tls_certificate?
raise Kamal::ConfigurationError, "SSL is only supported on a single server or with custom SSL certificates, found #{hosts.size} servers for role #{name}"
end
end

Expand Down
11 changes: 10 additions & 1 deletion test/configuration_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -371,7 +371,16 @@ class ConfigurationTest < ActiveSupport::TestCase
Kamal::Configuration.new(@deploy_with_roles)
end

assert_equal "SSL is only supported on a single server, found 2 servers for role workers", exception.message
assert_equal "SSL is only supported on a single server or with custom SSL certificates, found 2 servers for role workers", exception.message
end

test "proxy ssl roles with multiple servers and a custom SSL certificate" do
@deploy_with_roles[:servers]["workers"]["proxy"] = { "ssl" => true, "host" => "foo.example.com", "ssl_certificate_path" => "/path/to/cert.pem", "ssl_private_key_path" => "/path/to/key.pem" }

config = Kamal::Configuration.new(@deploy_with_roles)

assert config.role(:workers).running_proxy?
assert config.role(:workers).ssl?
end

test "two proxy ssl roles with same host" do
Expand Down

0 comments on commit 28d802e

Please sign in to comment.