-
|
I'm working on a multi-tenant Rails app where tenants can choose to either use the provided subdomain, or bring their custom domain name. From looking at #1531, it's either a custom cert, or Let's Encrypt. Not both. Or am I wrong? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 15 replies
-
|
Yes, I believe so as well. This is a limit in https://github.com/basecamp/kamal-proxy, so if they add it kamal would possibly be able to support it as well. I've worked around this by running something like This isn't great as there is a short period during a deploy that the someotherdomain.com might end up on an old release of app-web or not even that, but it's what we have to work with. Another option for you would be to have 2 deploys of your app on the same server so they can still share services like a database. One deploy with custom cert and one with Let's Encrypt certs. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks Frank, that's very useful information! If this were to be implemented properly at a certain point, I think two deploys wouldn't be that bad for now. Downtime between deploys is not really an option for me. My alternative is sticking with Caprover, which runs Nginx. That would give me full control certs. But a Rails-native tool would be better, of course. |
Beta Was this translation helpful? Give feedback.
-
|
I'm using that workaround and the downtime is not really noticeable. I think it's less than one second, I've only seen an error message once myself in the past 6 months with multiple deploys every week. |
Beta Was this translation helpful? Give feedback.
-
|
Okay, if it's a fraction of a second, that could be workable. |
Beta Was this translation helpful? Give feedback.
-
|
I had good results sticking Caddy in front of kamal-proxy. Very little configuration required and it just requires you add an endpoint in your app so that Caddy can probe if it should generate a cert for a particular hostname or not. Let me know if you want me to put the config here. It's just an accessory. |
Beta Was this translation helpful? Give feedback.
-
Hey Brendon thanks for sharing this. I really want to use this approach but I'm not familiar with caddy at all and still relatively new to kamal. I tried adding the accessory block to my app. and I ran the step with the proxy. Also disabled ssl and allowed all hosts proxy:
ssl: false
hosts: [""]I'm curious whats the next step. I also added the check route but not sure what to put inside of it since I don't know the params getting sent I was going to debug this. I just don't see how to hook caddy and kamal together. Also if you put together a blog post or article with the full process anyone with a basic kamal knowledge could follow I'm sure that would help a lot of people like me :) Thanks |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the prod :) I'll take a look at writing something up. I don't have a blog though, so will have to find somewhere to put it :) Let me know if you have any ideas! I don't have that proxy config. I don't even have the key in play in my deploy.yml file so you can probably omit that. Regarding the check from Caddy, it supplies the parameter Now that I look at this line, I think I put you wrong. It might be that I documented it and forgot to update it. It would make more sense for it to be:
My intuition tells me that you could have just done:
But you'll need to run the prior to undo the changes I think. These are documented here: https://kamal-deploy.org/docs/commands/proxy/ This way Caddy listens to port 80 and 443 on the host machine, then forwards those requests to the I hope that helps :) Let me know how you get on :) |
Beta Was this translation helpful? Give feedback.
-
|
@brendon a GitHub Gist could be a good way for you to publish it easily and for others to comment. |
Beta Was this translation helpful? Give feedback.
-
First of all thank you for responding. For hosting the guide. I would suggest using simple github repo or a "github gist". I'm trying to get this to work right now as we speak. One thing I realized is when adding an accessory kamal does not deploy this when you run the standard kamal deploy you need to manually run
However after doing this I ran kamal accessory details caddy and it returns an empty list of containers. also if I manually go into server and run a Update: Okay now I see the caddy container I'm not sure what was the change but it finally shows up. I did remove the proxy block and changed some things and it finally shows up on Update 2: I see the request being made for /check with ?domain param. This is awesome. It was sending a GET request and my route was POST. I think I almost have this completed. Thanks so much Brendon for the help. Im sure this would have taken way longer on my own |
Beta Was this translation helpful? Give feedback.
-
|
So glad to see this working for you :) I had to muddle it through just the same. I wasn't overly familiar with Docker but had some Podman experience which is nearly the same kind of thing :) |
Beta Was this translation helpful? Give feedback.
Yes, I believe so as well. This is a limit in https://github.com/basecamp/kamal-proxy, so if they add it kamal would possibly be able to support it as well.
I've worked around this by running something like
docker exec kamal-proxy kamal-proxy deploy someotherdomain --target="app-web" --tls --host="someotherdomain.com"after adding a docker network alias in my config:This isn't great as there is a short period during a deploy that the someotherdomain.com might end up on an old release of app-web or not even that, but it's what we have to work with.
Another option for you would be to have 2 deploys of your app on the same server so they can still …