Skip to content

autumn deploy: kamal-proxy is run without --tls/--host — managed deploy path has no built-in HTTPS #1969

Description

@madmax983

Found while verifying a Codex review finding on #1967.

The managed autumn deploy path renders exactly two kamal-proxy invocations in autumn-cli/src/deploy/proxy.rs: kamal-proxy run --http-port {port} (proxy.rs:134) and kamal-proxy deploy {svc} --target … --health-check-path … --deploy-timeout … --drain-timeout … (proxy.rs:111-119, pinned by the unit test at :188). Neither passes --tls or --host, and a sweep of autumn-cli/src/deploy/ finds no TLS/certificate handling anywhere. So the push-button deploy stands the proxy up on the plain HTTP public port and provisions no certificate.

kamal-proxy itself supports automatic TLS (--tls plus host specification), so the gap is in what autumn renders, not in the proxy.

Docs were corrected in #1967 to stop claiming the deploy path terminates TLS; as shipped, HTTPS requires either an external TLS-terminating LB/proxy in front, or in-process [server.tls]/ACME (#1603/#1608).

Proposed direction: an opt-in [deploy] TLS/ACME option (e.g. host + enable flag) that wires --tls/--host into the kamal-proxy run/deploy invocations, with docs updated to match.

Related: #1607 (deploy epic), #1938, #1948, #1952 (deploy hardening follow-ups), #1967 (docs correction).

Part of #1607.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions