13. April 2024

Kamal Deploy with a self signed certificate for SSL

Use Traefik's own self signed certificate feature out of the box

If you use Kamal Deploy behind a service like Cloudflare or some Load Balancer which terminates SSL, and using Let's Encrypt is not an option, you can setup Traefik to use a self signed certificate.

Simply modify the servers and traefik part of your deploy.yml as following:

 1 servers:
 2   web:
 3     hosts:
 4       - your-host
 5     labels:
 6       traefik.http.routers.yourservice.entrypoints: websecure
 7 
 8 traefik:
 9   options:
10     publish:
11       - "443:443"
12   args:
13     entryPoints.websecure.address: ":443"
14     entrypoints.websecure.http.tls: true

And now you can access your server using a https:// link (beware of the ssl error warning of your browser) OR tell Cloudflare to encrypt end-to-end, using a self signed certificate on the server.