-
Notifications
You must be signed in to change notification settings - Fork 16
SSL HTTPS Configuration
PullPreview can automatically inject a Caddy service that obtains Let's Encrypt certificates and proxies HTTPS traffic to your app service.
Set:
with:
proxy_tls: web:80That means:
- incoming HTTPS traffic is terminated by Caddy
- requests are proxied to
webservice on port80 - preview URL output/comment/status uses
https://...:443
If your compose already publishes host port 443, PullPreview logs a warning and skips proxy injection.
Strongly recommended: When using
proxy_tls, set up a custom domain or use one of the built-inrevN.clickalternatives (see below). The defaultmy.preview.rundomain is shared across all PullPreview users, and you will likely hit Let's Encrypt rate limits if multiple environments request certificates on the same domain.
Let's Encrypt enforces a limit of 50 certificates per registered domain per week. If you run many preview environments with proxy_tls enabled, you may hit this limit on the default my.preview.run domain.
To work around this, PullPreview provides built-in alternative DNS suffixes that you can rotate between:
rev1.click, rev2.click, rev3.click, rev4.click, rev5.click, rev6.click, rev7.click, rev8.click, rev9.click
Set the dns input in your workflow:
with:
dns: rev1.click
proxy_tls: web:80Each revN.click domain has its own rate-limit quota, giving you up to 500 certificates per week across all built-in domains (including my.preview.run).
You can also use a custom domain to get your own independent quota.
You can still manage TLS directly in your own compose files if preferred (custom Caddy/Nginx/Traefik config).
In that case, keep proxy_tls empty and configure service/ports yourself.
These environment variables are available to your runtime:
PULLPREVIEW_PUBLIC_DNSPULLPREVIEW_PUBLIC_IPPULLPREVIEW_URLPULLPREVIEW_FIRST_RUN