These are all the steps that I have been forced to work on so far.
1. Environment variable changes
So, all the environment variables changed from using .env, which quickly caused conflicts between local development and deployment. The solution is the following:
# 1. First move the destination secrets mv .env.destination .kamal/secrets.destination # 2. Copy the .env file to secrets and clean it out from anything you don't need cp .env .kamal/secrets-common
For example, I don't need the KAMAL_REGISTRY_USERNAME and KAMAL_REGISTRY_PASSWORD locally in my .env. I only need them for deployment, so this is an excellent separation of concerns.
The enhanced vault handling for 1Password is worth looking into as well.Simpler than ever but the inheritance of the secrets seems to have been temporarily broken: https://github.com/basecamp/kamal/pull/924#issuecomment-2342858126
The enhanced vault handling for 1Password is worth looking into as well.
2. Change from Traefik to Kamal Proxy
There isn't much to do. The traefik section and the health check are gone (the health check can be defined inside the proxy configuration if you have a custom configuration).
Below is my entire diff:
Below is my entire diff:
lang-patch
index 3600ff2..7d14ef9 100644
--- a/config/deploy.coding.yml
+++ b/config/deploy.coding.yml
@@ -3,13 +3,6 @@ servers:
web:
hosts:
- 135.181.95.134
- labels:
- traefik.enable: true
- traefik.http.routers.coding.rule: Host(`mhenrixon.com`)
- traefik.http.routers.coding_secure.entrypoints: websecure
- traefik.http.routers.coding_secure.rule: Host(`mhenrixon.com`)
- traefik.http.routers.coding_secure.tls: true
- traefik.http.routers.coding_secure.tls.certresolver: letsencrypt
options:
network: cosmos
job:
@@ -26,6 +19,18 @@ servers:
# cpu-count: 2
# memory: 1GB
+proxy:
+ host: mhenrixon.com
+ app_port: 3000
+ ssl: true
+ response_timeout: 10
+ buffering:
+ requests: true
+ responses: true
+ max_request_body: 40_000_000
+ max_response_body: 0
+ memory: 2_000_000
+
env:
clear:
APP: coding
diff --git a/config/deploy.yml b/config/deploy.yml
index c415ade..688b7cc 100644
--- a/config/deploy.yml
+++ b/config/deploy.yml
@@ -60,30 +60,5 @@ env:
- SPACES_REGION
- SPACES_SECRET_ACCESS_KEY
-traefik:
- options:
- publish:
- - 443:443
- volume:
- - /data/letsencrypt/acme.json:/letsencrypt/acme.json
- network: cosmos
- args:
- accesslog: true
- accesslog.format: json
- certificatesResolvers.letsencrypt.acme.email: "mikael@zoolutions.llc"
- certificatesResolvers.letsencrypt.acme.storage: "/letsencrypt/acme.json" # Must match the path in `volume`
- certificatesResolvers.letsencrypt.acme.httpchallenge: true
- certificatesResolvers.letsencrypt.acme.httpchallenge.entrypoint: web
- entryPoints.web.address: ":80"
- entryPoints.websecure.address: ":443"
- entryPoints.web.http.redirections.entryPoint.to: websecure # We want to force https
- entryPoints.web.http.redirections.entryPoint.scheme: https
- entryPoints.web.http.redirections.entrypoint.permanent: true
-
volumes:
- /data/storage:/rails/storage
-
-healthcheck:
- cord: /tmp/kamal-cord
- max_attempts: 40
- interval: 5sThe main problem if you are deploying to the same server is that you need to kill the existing traefik server before rolling out or port 80 is taken:
Digest: sha256:6ed3301f76b924016e09465dcb6d09f226834770f98d0026a5661f4971c36c93 Status: Downloaded newer image for basecamp/kamal-proxy:v0.4.0 docker: Error response from daemon: driver failed programming external connectivity on endpoint kamal-proxy (cfb1133a29c0bb222091e75f4a314eadcb999f725814d8ac7acba3fe06acc11d): Bind for 0.0.0.0:80 failed: port is already allocated.