Fix SSL validation to allow custom certs without a host/hosts

[zacharymarshal]

The proxy validator was rejecting custom SSL cert configurations that didn't include a host. Automatic SSL requires a host/hosts, but using a custom cert (certificate_pem & private_key_pem) should not.

This allows for things like Cloudflare custom hostnames with origin server certificates.

[Copilot]

Pull request overview

Adjusts proxy SSL validation so that a host/hosts is only required for automatic SSL (ssl: true), not when using custom certificate SSL (ssl: { certificate_pem, private_key_pem }). This aligns validation behavior with documented proxy behavior and enables setups like Cloudflare origin certificates without a host restriction.

Changes:

• Add regression test covering custom SSL cert config without host/hosts.
• Update proxy validator to require host/hosts only when ssl is explicitly true (automatic SSL).

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
test/configuration/proxy_test.rb	Adds a test asserting custom-cert SSL config without a host does not raise during validation.
lib/kamal/configuration/validator/proxy.rb	Narrows the “host required” validation to only apply to automatic SSL (ssl == true).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[clyderankin]

This would be extremely helpful for me as well. ⏳?