diff --git a/_config.yml b/_config.yml
index bb50b95..bdb7826 100644
--- a/_config.yml
+++ b/_config.yml
@@ -16,6 +16,7 @@ exclude:
- Gemfile
- Gemfile.lock
- README.md
+ - bin
sass:
style: compressed
diff --git a/_data/github.yml b/_data/github.yml
index fc0beca..21ddac4 100644
--- a/_data/github.yml
+++ b/_data/github.yml
@@ -1,3 +1,3 @@
-tag_name: 2.2.2
+tag_name: 2.4.0
v1:
tag_name: 1.9.2
diff --git a/_data/nav.yml b/_data/nav.yml
index 9b5f09e..d25cc0f 100644
--- a/_data/nav.yml
+++ b/_data/nav.yml
@@ -1,7 +1,7 @@
- title: "Documentation"
url: /docs/
options:
- - title: "Version 2.2.2"
+ - title: "Version 2.4.0"
url: /docs/
- title: "Version 1.9.2"
url: /v1/docs/
diff --git a/_sass/base/_elements.scss b/_sass/base/_elements.scss
index fa87961..dd42aa9 100755
--- a/_sass/base/_elements.scss
+++ b/_sass/base/_elements.scss
@@ -140,6 +140,13 @@ video {
width: 100%;
}
+video::cue {
+ font-family: var(--font-family);
+ font-size: var(--font-size-small);
+ font-weight: 500;
+ line-height: 1;
+}
+
code {
background: var(--color-base-dark);
border-radius: 0.15em;
diff --git a/_sass/modules/_video.scss b/_sass/modules/_video.scss
index 1d32ad0..d791c5b 100755
--- a/_sass/modules/_video.scss
+++ b/_sass/modules/_video.scss
@@ -38,7 +38,7 @@
transition: opacity var(--transition-slow);
}
- span {
+ &:after {
backdrop-filter: blur(5px);
-webkit-backdrop-filter: blur(5px);
background: url('../images/play.svg') center center / 0.65em auto no-repeat rgba(var(--rgb-white), 0.8);
@@ -47,8 +47,10 @@
0 20px 30px -20px rgba(var(--rgb-black), 0.3),
0 10px 20px -10px rgba(var(--rgb-black), 0.5)
;
+ content: '';
display: inline-flex;
height: 2.2em;
+ pointer-events: none;
position: relative;
transition:
background-color var(--transition-slow),
@@ -81,7 +83,7 @@
opacity: 0.9;
}
- span {
+ &:after {
background-color: var(--color-white);
transform: scale(1.04);
}
diff --git a/assets/images/favicon.svg b/assets/images/favicon.svg
index 6230e13..8fc9431 100644
--- a/assets/images/favicon.svg
+++ b/assets/images/favicon.svg
@@ -1 +1 @@
-
\ No newline at end of file
+
\ No newline at end of file
diff --git a/assets/videos/kamal-demo.webp b/assets/videos/kamal-demo.webp
deleted file mode 100644
index 94c2f12..0000000
Binary files a/assets/videos/kamal-demo.webp and /dev/null differ
diff --git a/bin/dev b/bin/dev
new file mode 100755
index 0000000..ee8e8fd
--- /dev/null
+++ b/bin/dev
@@ -0,0 +1,4 @@
+#!/usr/bin/env sh
+
+bundle install
+bundle exec jekyll serve --livereload
diff --git a/docs/commands/proxy.md b/docs/commands/proxy.md
index ee33281..fadf6fe 100644
--- a/docs/commands/proxy.md
+++ b/docs/commands/proxy.md
@@ -43,6 +43,8 @@ Options:
# Default: 80
[--https-port=N] # HTTPS port to publish on the host
# Default: 443
+ [--log-max-size=LOG_MAX_SIZE] # Max size of proxy logs
+ # Default: 10m
[--docker-options=option=value option2=value2] # Docker options to pass to the proxy container
```
diff --git a/docs/commands/secrets.md b/docs/commands/secrets.md
index 0bbade2..b746956 100644
--- a/docs/commands/secrets.md
+++ b/docs/commands/secrets.md
@@ -55,6 +55,8 @@ kamal secrets extract MyVault/MyItem/REGISTRY_PASSWORD
## LastPass
+First, install and configure [the LastPass CLI](https://github.com/lastpass/lastpass-cli).
+
Use the adapter `lastpass`:
```bash
@@ -74,6 +76,8 @@ kamal secrets extract MyFolder/REGISTRY_PASSWORD
## Bitwarden
+First, install and configure [the Bitwarden CLI](https://bitwarden.com/help/cli/).
+
Use the adapter `bitwarden`:
```bash
@@ -91,6 +95,29 @@ kamal secrets extract REGISTRY_PASSWORD
kamal secrets extract MyItem/REGISTRY_PASSWORD
```
+## AWS Secrets Manager
+
+First, install and configure [the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html).
+
+Use the adapter `aws_secrets_manager`:
+
+```bash
+# Fetch passwords
+kamal secrets fetch --adapter aws_secrets_manager --account default REGISTRY_PASSWORD DB_PASSWORD
+
+# Fetch passwords from an item
+kamal secrets fetch --adapter aws_secrets_manager --account default --from myapp/ REGISTRY_PASSWORD DB_PASSWORD
+
+# Fetch passwords from multiple items
+kamal secrets fetch --adapter aws_secrets_manager --account default myapp/REGISTRY_PASSWORD myapp/DB_PASSWORD
+
+# Extract the secret
+kamal secrets extract REGISTRY_PASSWORD
+kamal secrets extract MyItem/REGISTRY_PASSWORD
+```
+
+**Note:** The `--account` option should be set to your AWS CLI profile name, which is typically `default`. Ensure that your AWS CLI is configured with the necessary permissions to access AWS Secrets Manager.
+
## Doppler
First, install and configure [the Doppler CLI](https://docs.doppler.com/docs/install-cli).
@@ -111,4 +138,4 @@ kamal secrets extract DB_PASSWORD
Doppler organizes secrets in "projects" (like `my-awesome-project`) and "configs" (like `prod`, `stg`, etc), use the pattern `project/config` when defining the `--from` option.
-The doppler adapter does not use the `--account` option, if given it will be ignored.
+The doppler adapter does not use the `--account` option, if given it will be ignored.
\ No newline at end of file
diff --git a/docs/commands/version.md b/docs/commands/version.md
index 43f4c25..0a42886 100644
--- a/docs/commands/version.md
+++ b/docs/commands/version.md
@@ -8,5 +8,5 @@ Returns the version of Kamal you have installed.
```bash
$ kamal version
-2.2.2
+2.4.0
```
diff --git a/docs/configuration/accessories.md b/docs/configuration/accessories.md
index ef753e1..90f4d03 100644
--- a/docs/configuration/accessories.md
+++ b/docs/configuration/accessories.md
@@ -64,8 +64,8 @@ You can set a custom command to run in the container if you do not want to use t
## [Port mappings](#port-mappings)
-See https://docs.docker.com/network/, and especially note the warning about the security
-implications of exposing ports publicly.
+See [https://docs.docker.com/network/](https://docs.docker.com/network/), and
+especially note the warning about the security implications of exposing ports publicly.
```yaml
port: "127.0.0.1:3306:3306"
@@ -132,3 +132,22 @@ They are not created or copied before mounting:
volumes:
- /path/to/mysql-logs:/var/log/mysql
```
+
+## [Network](#network)
+
+The network the accessory will be attached to.
+
+Defaults to kamal:
+
+```yaml
+ network: custom
+```
+
+## [Proxy](#proxy)
+
+You can run your accessory behind the Kamal proxy. See [Proxy](../proxy) for more information.
+
+```yaml
+ proxy:
+ ...
+```
diff --git a/docs/configuration/aliases.md b/docs/configuration/aliases.md
index d8c9af2..8739cfe 100644
--- a/docs/configuration/aliases.md
+++ b/docs/configuration/aliases.md
@@ -11,14 +11,14 @@ Aliases are shortcuts for Kamal commands.
For example, for a Rails app, you might open a console with:
```shell
-kamal app exec -i -r console "rails console"
+kamal app exec -i --reuse "bin/rails console"
```
By defining an alias, like this:
```yaml
aliases:
- console: app exec -r console -i "rails console"
+ console: app exec -i --reuse "bin/rails console"
```
You can now open the console with:
diff --git a/docs/configuration/builders.md b/docs/configuration/builders.md
index 206e3ce..358915a 100644
--- a/docs/configuration/builders.md
+++ b/docs/configuration/builders.md
@@ -144,3 +144,21 @@ The build driver to use, defaults to `docker-container`:
```yaml
driver: docker
```
+
+## [Provenance](#provenance)
+
+It is used to configure provenance attestations for the build result.
+The value can also be a boolean to enable or disable provenance attestations.
+
+```yaml
+ provenance: mode=max
+```
+
+## [SBOM (Software Bill of Materials)](#sbom-(software-bill-of-materials))
+
+It is used to configure SBOM generation for the build result.
+The value can also be a boolean to enable or disable SBOM generation.
+
+```yaml
+ sbom: true
+```
diff --git a/docs/configuration/cron.md b/docs/configuration/cron.md
index d285312..1deae05 100644
--- a/docs/configuration/cron.md
+++ b/docs/configuration/cron.md
@@ -12,7 +12,7 @@ servers:
hosts:
- 192.168.0.1
cmd:
- bash -c "cat config/crontab | crontab - && cron -f"
+ bash -c "(env && cat config/crontab) | crontab - && cron -f"
```
-This assumes that the Cron settings are stored in `config/crontab`.
+This assumes that the Cron settings are stored in `config/crontab`. Cron does not automatically propagate environment variables, the example above copies them into the crontab.
diff --git a/docs/configuration/docker-registry.md b/docs/configuration/docker-registry.md
index cf2f2ad..851f285 100644
--- a/docs/configuration/docker-registry.md
+++ b/docs/configuration/docker-registry.md
@@ -8,6 +8,10 @@ title: Registry
The default registry is Docker Hub, but you can change it using `registry/server`.
+By default, Docker Hub creates public repositories. To avoid making your images public,
+set up a private repository before deploying, or change the default repository privacy
+settings to private in your [Docker Hub settings](https://hub.docker.com/repository-settings/default-privacy).
+
A reference to a secret (in this case, `DOCKER_REGISTRY_TOKEN`) will look up the secret
in the local environment:
diff --git a/docs/configuration/proxy.md b/docs/configuration/proxy.md
index 42dab4d..07c00c2 100644
--- a/docs/configuration/proxy.md
+++ b/docs/configuration/proxy.md
@@ -61,12 +61,28 @@ This requires that we are deploying to one server and the host option is set.
The host value must point to the server we are deploying to, and port 443 must be
open for the Let's Encrypt challenge to succeed.
+If you set `ssl` to `true`, `kamal-proxy` will stop forwarding headers to your app,
+unless you explicitly set `forward_headers: true`
+
Defaults to `false`:
```yaml
ssl: true
```
+## [Forward headers](#forward-headers)
+
+Whether to forward the `X-Forwarded-For` and `X-Forwarded-Proto` headers.
+
+If you are behind a trusted proxy, you can set this to `true` to forward the headers.
+
+By default, kamal-proxy will not forward the headers if the `ssl` option is set to `true`, and
+will forward them if it is set to `false`.
+
+```yaml
+ forward_headers: true
+```
+
## [Response timeout](#response-timeout)
How long to wait for requests to complete before timing out, defaults to 30 seconds:
@@ -123,16 +139,3 @@ By default, `Cache-Control`, `Last-Modified`, and `User-Agent` request headers a
- X-Request-ID
- X-Request-Start
```
-
-## [Forward headers](#forward-headers)
-
-Whether to forward the `X-Forwarded-For` and `X-Forwarded-Proto` headers.
-
-If you are behind a trusted proxy, you can set this to `true` to forward the headers.
-
-By default, kamal-proxy will not forward the headers if the `ssl` option is set to `true`, and
-will forward them if it is set to `false`.
-
-```yaml
- forward_headers: true
-```
diff --git a/docs/installation/index.md b/docs/installation/index.md
index 85ff0a4..0f2d20a 100644
--- a/docs/installation/index.md
+++ b/docs/installation/index.md
@@ -10,7 +10,7 @@ If you have a Ruby environment available, you can install Kamal globally with:
gem install kamal
```
-Otherwise, you can run a dockerized version via an alias (add this to your `~/.bashrc` or similar to simplify reuse).
+Otherwise, you can run a dockerized version via an alias (add this to your `~/.bashrc`, `~/.zshrc` or similar to simplify reuse).
On macOS, use:
diff --git a/docs/search/index.md b/docs/search/index.md
index e4c957c..043bb09 100644
--- a/docs/search/index.md
+++ b/docs/search/index.md
@@ -16,7 +16,7 @@ search: false
{% unless page.path contains 'v1/' %}
"{{ page.url | slugify }}": {
"title": "{{ page.title | smartify | xml_escape }}",
- "content": {{ page.content | markdownify | strip_html | strip_newlines | jsonify }},
+ "content": {{ page.content | markdownify | strip_html | normalize_whitespace | jsonify }},
"section": "{{ page.url }}".split("/").filter(element => element !== "").slice(1).join("/"),
"url": "{{ page.url | xml_escape }}"
}{% unless forloop.last %},{% endunless %}
diff --git a/docs/upgrading/proxy-changes.md b/docs/upgrading/proxy-changes.md
index c7f69e2..da6e5b4 100644
--- a/docs/upgrading/proxy-changes.md
+++ b/docs/upgrading/proxy-changes.md
@@ -32,7 +32,7 @@ These use cases were unsupported and error-prone, though, and we wanted to provi
### Hard to understand errors
-Traefik has its own domain language — Routers, Services, Endpoints. So if it failed, the errors would be in that language and disconnected from what Kamal was doing. This made it tricky to diagnose failures.
+Traefik has its own domain language — Routers, Services, EntryPoints. So if it failed, the errors would be in that language and disconnected from what Kamal was doing. This made it tricky to diagnose failures.
### Other options
diff --git a/docs/upgrading/secrets-changes.md b/docs/upgrading/secrets-changes.md
index 4880267..233eb96 100644
--- a/docs/upgrading/secrets-changes.md
+++ b/docs/upgrading/secrets-changes.md
@@ -6,7 +6,7 @@ title: Secrets changes
Secrets have moved from `.env`/`.env.rb` to `.kamal/secrets`.
-If you are using destinations, secrets will be read from `.kamal/secrets.` first or `.kamal/secrets` if it is not found.
+If you are using destinations, secrets will be read from `.kamal/secrets.` first or `.kamal/secrets-common` if it is not found.
## [Interpolating secrets](#interpolating-secrets)
diff --git a/index.html b/index.html
index 5ca5b9d..4d9b88d 100644
--- a/index.html
+++ b/index.html
@@ -12,10 +12,10 @@