Skip to content

SSL HTTPS Configuration

Jump to bottom Edit New page
Cyril Rohr edited this page Mar 13, 2026 · 10 revisions

proxy_tls

PullPreview can manage HTTPS for both deployment targets with Caddy and Let's Encrypt.

Set:

with:
  proxy_tls: web:80

Compose behavior

For deployment_target: compose:

  • PullPreview injects a Caddy sidecar into the rendered Compose config
  • Caddy terminates HTTPS and proxies traffic to the Compose service named in proxy_tls
  • the preview URL becomes https://...:443
  • PullPreview avoids keeping an explicit public 80 firewall rule when proxy_tls is enabled

Helm behavior

For deployment_target: helm:

  • proxy_tls is required
  • PullPreview deploys a Caddy Deployment into the preview namespace
  • proxy_tls points at the Kubernetes Service and port to route to
  • placeholders such as {{ release_name }} and {{ namespace }} are supported
  • the preview URL becomes https://...:443

Example:

with:
  deployment_target: helm
  chart: wordpress
  chart_repository: https://charts.bitnami.com/bitnami
  proxy_tls: "{{ release_name }}-wordpress:80"

Strongly recommended: when using proxy_tls, set up a custom domain or use one of the built-in revN.click alternatives. The default my.preview.run domain is shared across all PullPreview users and can hit Let's Encrypt rate limits.

Let's Encrypt rate limits

Let's Encrypt enforces a limit of 50 certificates per registered domain per week.

If you run many preview environments with proxy_tls, rotate to one of PullPreview's built-in alternative DNS suffixes:

rev1.click, rev2.click, rev3.click, rev4.click, rev5.click, rev6.click, rev7.click, rev8.click, rev9.click

Example:

with:
  dns: rev1.click
  proxy_tls: web:80

You can also use a custom domain to get your own certificate quota.

Manual TLS setup

You can still manage TLS yourself.

  • For Compose, keep proxy_tls empty and publish your own ports or reverse proxy.
  • For Helm, proxy_tls is mandatory, so use PullPreview's gateway and point it at your Service.

Related environment variables

These values are written to /etc/pullpreview/env and are available to pre_script and deployments:

  • PULLPREVIEW_PUBLIC_DNS
  • PULLPREVIEW_PUBLIC_IP
  • PULLPREVIEW_URL
  • PULLPREVIEW_DEPLOYMENT_TARGET
  • PULLPREVIEW_NAMESPACE
  • PULLPREVIEW_RELEASE_NAME
  • PULLPREVIEW_FIRST_RUN
Add a custom footer

PullPreview Wiki

Getting started

Configure

Operate

Clone this wiki locally