jester/zlh-grind
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity

Update open threads — host-based IDE URL blocked on browser HSTS cache

Browse Source
This commit is contained in:
jester 2026-03-21 22:42:38 +00:00
parent 53a40d9e3d
commit 70bc8e36b6
1 changed files with 26 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
OPEN_THREADS.md
View File

@ -80,7 +80,7 @@ Completed:
## Dev IDE Access ## Dev IDE Access
### Browser IDE ✅ Working ### Browser IDE ✅ Working (path-based)
``` ```
Browser → Portal → API (bootstrap) → /__ide/:id/* → container:8080 Browser → Portal → API (bootstrap) → /__ide/:id/* → container:8080
@ -95,20 +95,32 @@ Working flow:
5. all live code-server HTTP + WS traffic proxied through `/__ide/:id/*` 5. all live code-server HTTP + WS traffic proxied through `/__ide/:id/*`
6. API proxies to `http://<container-ip>:8080` 6. API proxies to `http://<container-ip>:8080`
Key fixes that made it work: ### Host-based IDE URL — Caddy edge (BLOCKED)
- token bootstrap fixed new-tab auth loss Goal: open IDE on `dev-<vmid>.zerolaghub.dev` instead of raw API IP.
- `/__ide/:id` tunnel separated from bootstrap to avoid API route interference
- upstream port corrected to `8080` (Chrome blocks `6000` as unsafe)
- `Host` header changed to pass browser host (`req.headers.host`) not container host
- `Origin` override removed — browser origin passed through only when present
- WS proxy separated from shared HTTP proxy — built target-bound WS proxy at upgrade time
- target-bound WS eliminated `ECONNREFUSED 127.0.0.1:8080` fallback bug
Current state: ```
Browser → dev-6070.zerolaghub.dev → Caddy → 127.0.0.1:4000 → API
```
- browser still sees API host/IP until portal is behind a proper domain/reverse proxy State:
- host-based `dev-<vmid>.zlh.dev` support started but reverted — bootstrap path is canonical - API env vars set: `DEV_IDE_HOST_SUFFIX=zerolaghub.dev`, `DEV_IDE_RETURN_HOSTED_URL=true`
- API generating correct absolute URL: `http://dev-6070.zerolaghub.dev/?token=...`
- Caddyfile block correct:
```
http://dev-*.zerolaghub.dev {
@dev host dev-*.zerolaghub.dev
reverse_proxy @dev 127.0.0.1:4000
}
```
- `auto_https off` global option added
Blocking issue: browser HSTS cache forces `zerolaghub.dev` subdomains to HTTPS
regardless of Caddy config. Need to clear Chrome HSTS cache:
- `chrome://net-internals/#hsts`
- Delete `zerolaghub.dev` and `dev-6070.zerolaghub.dev`
Resume here next session.
### Local Dev Access (Headscale/Tailscale — Future) ### Local Dev Access (Headscale/Tailscale — Future)
@ -135,6 +147,7 @@ Completed:
- `GET /api/dev/:id/ide` — bootstrap route (validates token, sets cookie, redirects) - `GET /api/dev/:id/ide` — bootstrap route (validates token, sets cookie, redirects)
- `/__ide/:id/*` — live tunnel proxy (HTTP + WS, target-bound) - `/__ide/:id/*` — live tunnel proxy (HTTP + WS, target-bound)
- dev routing experiment removed (`devRouting.js`, `devDePublisher.js` deleted) - dev routing experiment removed (`devRouting.js`, `devDePublisher.js` deleted)
- host-based URL generation (`DEV_IDE_HOST_SUFFIX`, `DEV_IDE_RETURN_HOSTED_URL`)
Outstanding: Outstanding:
@ -183,4 +196,4 @@ Future work:
- ✅ Crash observability (classification, log tail, exit metadata) - ✅ Crash observability (classification, log tail, exit metadata)
- ✅ Code-server lifecycle endpoints (start/stop/restart) - ✅ Code-server lifecycle endpoints (start/stop/restart)
- ✅ Code-server process detection via /proc scan - ✅ Code-server process detection via /proc scan
- ✅ Dev IDE proxy — browser IDE fully working end-to-end - ✅ Dev IDE proxy — browser IDE fully working end-to-end (path-based)