本番デプロイ設定: SSL, Kamal, API環境変数化, テスト修正

config/deploy.yml

@@ -7,34 +7,25 @@ image: dip_front
 # Deploy to these servers.
 servers:
   web:
-    - 192.168.0.1
+    - 153.127.48.108
   # job:
   #   hosts:
-  #     - 192.168.0.1
+  #     - 153.127.48.108
   #   cmd: bin/jobs
 
 # Enable SSL auto certification via Let's Encrypt and allow for multiple apps on a single web server.
-# If used with Cloudflare, set encryption mode in SSL/TLS setting to "Full" to enable CF-to-app encryption.
-#
-# Using an SSL proxy like this requires turning on config.assume_ssl and config.force_ssl in production.rb!
-#
-# Don't use this when deploying to multiple web servers (then you have to terminate SSL at your load balancer).
-#
-# proxy:
-#   ssl: true
-#   host: app.example.com
+# Kamal Proxy will automatically obtain and renew SSL certificates.
+proxy:
+  ssl: true
+  host: diplo.kontei.net
 
 # Where you keep your container images.
+# Using a local registry on the VPS server.
 registry:
-  # Alternatives: hub.docker.com / registry.digitalocean.com / ghcr.io / ...
   server: localhost:5555
-
-  # Needed for authenticated registries.
-  # username: your-user
-
-  # Always use an access token rather than real password when possible.
-  # password:
-  #   - KAMAL_REGISTRY_PASSWORD
+  username: kamal
+  password:
+    - KAMAL_REGISTRY_PASSWORD
 
 # Inject ENV variables into containers (secrets come from .kamal/secrets).
 env:
@@ -51,9 +42,8 @@ env:
     # Set number of cores available to the application on each server (default: 1).
     # WEB_CONCURRENCY: 2
 
-    # Match this to any external database server to configure Active Record correctly
-    # Use dip_front-db for a db accessory server on same machine via local kamal docker network.
-    # DB_HOST: 192.168.0.2
+    # Diplomacy API URL (dip_api container accessible via Docker host network)
+    DIPLOMACY_API_URL: http://172.17.0.1:8000
 
     # Log everything from Rails
     # RAILS_LOG_LEVEL: debug
@@ -77,28 +67,20 @@ volumes:
 asset_path: /rails/public/assets
 
 # Configure the image builder.
+# Build on the remote VPS server to avoid insecure registry issues.
 builder:
   arch: amd64
+  remote: ssh://kontei@153.127.48.108
 
-  # # Build image via remote server (useful for faster amd64 builds on arm64 computers)
-  # remote: ssh://docker@docker-builder-server
-  #
-  # # Pass arguments and secrets to the Docker build process
-  # args:
-  #   RUBY_VERSION: 4.0.1
-  # secrets:
-  #   - GITHUB_TOKEN
-  #   - RAILS_MASTER_KEY
-
-# Use a different ssh user than root
-# ssh:
-#   user: app
+# Use a non-root ssh user
+ssh:
+  user: kontei
 
 # Use accessory services (secrets come from .kamal/secrets).
 # accessories:
 #   db:
 #     image: mysql:8.0
-#     host: 192.168.0.2
+#     host: 153.127.48.108
 #     # Change to 3306 to expose port to the world instead of just local network.
 #     port: "127.0.0.1:3306:3306"
 #     env:
@@ -113,7 +95,7 @@ builder:
 #       - data:/var/lib/mysql
 #   redis:
 #     image: valkey/valkey:8
-#     host: 192.168.0.2
+#     host: 153.127.48.108
 #     port: 6379
 #     directories:
 #       - data:/data