These are all the steps that I have been forced to work on so far.
1. Environment variable changes
So, all the environment variables changed from using .env, which quickly caused conflicts between local development and deployment. The solution is the following:
# 1. First move the destination secrets mv .env.destination .kamal/secrets.destination # 2. Copy the .env file to secrets and clean it out from anything you don't need cp .env .kamal/secrets-common
For example, I don't need the KAMAL_REGISTRY_USERNAME and KAMAL_REGISTRY_PASSWORD locally in my .env. I only need them for deployment, so this is an excellent separation of concerns.
The enhanced vault handling for 1Password is worth looking into as well.Simpler than ever but the inheritance of the secrets seems to have been temporarily broken: https://github.com/basecamp/kamal/pull/924#issuecomment-2342858126
The above was fixed in: https://github.com/basecamp/kamal/pull/933
The enhanced vault handling for 1Password is worth looking into as well.
2. Change from Traefik to Kamal Proxy
There isn't much to do. The traefik section and the health check are gone (the health check can be defined inside the proxy configuration if you have a custom configuration).
Below is my entire diff:
Below is my entire diff:
lang-patch index 3600ff2..7d14ef9 100644 --- a/config/deploy.coding.yml +++ b/config/deploy.coding.yml @@ -3,13 +3,6 @@ servers: web: hosts: - 135.181.95.134 - labels: - traefik.enable: true - traefik.http.routers.coding.rule: Host(`mhenrixon.com`) - traefik.http.routers.coding_secure.entrypoints: websecure - traefik.http.routers.coding_secure.rule: Host(`mhenrixon.com`) - traefik.http.routers.coding_secure.tls: true - traefik.http.routers.coding_secure.tls.certresolver: letsencrypt options: network: cosmos job: @@ -26,6 +19,18 @@ servers: # cpu-count: 2 # memory: 1GB +proxy: + host: mhenrixon.com + app_port: 3000 + ssl: true + response_timeout: 10 + buffering: + requests: true + responses: true + max_request_body: 40_000_000 + max_response_body: 0 + memory: 2_000_000 + env: clear: APP: coding diff --git a/config/deploy.yml b/config/deploy.yml index c415ade..688b7cc 100644 --- a/config/deploy.yml +++ b/config/deploy.yml @@ -60,30 +60,5 @@ env: - SPACES_REGION - SPACES_SECRET_ACCESS_KEY -traefik: - options: - publish: - - 443:443 - volume: - - /data/letsencrypt/acme.json:/letsencrypt/acme.json - network: cosmos - args: - accesslog: true - accesslog.format: json - certificatesResolvers.letsencrypt.acme.email: "[email protected]" - certificatesResolvers.letsencrypt.acme.storage: "/letsencrypt/acme.json" # Must match the path in `volume` - certificatesResolvers.letsencrypt.acme.httpchallenge: true - certificatesResolvers.letsencrypt.acme.httpchallenge.entrypoint: web - entryPoints.web.address: ":80" - entryPoints.websecure.address: ":443" - entryPoints.web.http.redirections.entryPoint.to: websecure # We want to force https - entryPoints.web.http.redirections.entryPoint.scheme: https - entryPoints.web.http.redirections.entrypoint.permanent: true - volumes: - /data/storage:/rails/storage - -healthcheck: - cord: /tmp/kamal-cord - max_attempts: 40 - interval: 5s
The main problem if you are deploying to the same server is that you need to kill the existing traefik server before rolling out or port 80 is taken:
Digest: sha256:6ed3301f76b924016e09465dcb6d09f226834770f98d0026a5661f4971c36c93 Status: Downloaded newer image for basecamp/kamal-proxy:v0.4.0 docker: Error response from daemon: driver failed programming external connectivity on endpoint kamal-proxy (cfb1133a29c0bb222091e75f4a314eadcb999f725814d8ac7acba3fe06acc11d): Bind for 0.0.0.0:80 failed: port is already allocated.