jester/zlh-grind
1
0
Fork 0
Code Issues 14 Pull Requests Actions Packages Projects Releases Wiki Activity

Update CF Tunnel state — connected to bastion, remaining steps tracked

Browse Source
This commit is contained in:
jester 2026-03-25 21:11:24 +00:00
parent 89b2d49f7d
commit afb976c6ff
1 changed files with 15 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
OPEN_THREADS.md
View File

@ -75,6 +75,7 @@ Completed:
2. Dev container `provisioningComplete` state in `/status` 2. Dev container `provisioningComplete` state in `/status`
3. Graceful shutdown verification (SIGTERM + wait for Minecraft) 3. Graceful shutdown verification (SIGTERM + wait for Minecraft)
4. Process reattachment on agent restart 4. Process reattachment on agent restart
5. SSH server install in dev container provisioning pipeline
--- ---
@ -95,23 +96,25 @@ with workspace mounted, extensions panel visible, AI chat panel active.
- reduce legacy `/__ide/:id` compatibility paths once portal button confirmed - reduce legacy `/__ide/:id` compatibility paths once portal button confirmed
- simplify and harden `devProxy` — remove stale path-based assumptions - simplify and harden `devProxy` — remove stale path-based assumptions
### Local Dev Access — SSH via CF Tunnel (Next Step) ### Local Dev Access — SSH via CF Tunnel (In Progress)
Decision: Cloudflare Tunnel on bastion VM. Free tier covers up to 50 users. See `knowledge-base/network/cf-tunnel-ssh.md` for full detail.
Same hostname as browser IDE — different protocols routed separately.
Developer one-time SSH config: Current state:
- ✅ CF Tunnel created and connected to bastion VM
- ✅ Cloudflare Zero Trust free plan active
- ⏳ Tunnel SSH hostname mapping not yet configured in Zero Trust dashboard
- ⏳ Bastion SSH proxy jump config not yet done
- ⏳ Dev container SSH server not yet verified
- ⏳ Portal SSH config snippet not yet built
Developer one-time SSH config (once complete):
``` ```
Host *.zerolaghub.dev Host *.zerolaghub.dev
ProxyCommand cloudflared access ssh --hostname %h ProxyCommand cloudflared access ssh --hostname %h
User dev
``` ```
Outstanding:
- Install `cloudflared` on bastion VM
- Create CF Tunnel pointed at bastion SSH port
- Map `*.zerolaghub.dev` SSH through tunnel
- Portal SSH config snippet UI
--- ---
## API (zpack-api) ## API (zpack-api)
@ -174,8 +177,7 @@ Outstanding before launch:
Future work: Future work:
- CF Tunnel SSH access (see Local Dev Access above) - CF Tunnel SSH access completion (see Local Dev Access above)
- Tailscale dev access (alternative/complement to CF Tunnel)
- artifact version promotion - artifact version promotion
- runtime rollback support - runtime rollback support
- Cloudflare R2 for large artifact/mod file delivery at scale - Cloudflare R2 for large artifact/mod file delivery at scale
@ -200,3 +202,4 @@ Future work:
- ✅ Per-container dev IDE edge publish/unpublish removed from API - ✅ Per-container dev IDE edge publish/unpublish removed from API
- ✅ Wildcard TLS cert `*.zerolaghub.dev` via Let's Encrypt + Cloudflare DNS-01 - ✅ Wildcard TLS cert `*.zerolaghub.dev` via Let's Encrypt + Cloudflare DNS-01
- ✅ Browser IDE fully loading at dev-<vmid>.zerolaghub.dev - ✅ Browser IDE fully loading at dev-<vmid>.zerolaghub.dev
- ✅ CF Tunnel created and connected to bastion VM