Update CF Tunnel state — connected to bastion, remaining steps tracked
This commit is contained in:
parent
89b2d49f7d
commit
afb976c6ff
@ -75,6 +75,7 @@ Completed:
|
||||
2. Dev container `provisioningComplete` state in `/status`
|
||||
3. Graceful shutdown verification (SIGTERM + wait for Minecraft)
|
||||
4. Process reattachment on agent restart
|
||||
5. SSH server install in dev container provisioning pipeline
|
||||
|
||||
---
|
||||
|
||||
@ -95,23 +96,25 @@ with workspace mounted, extensions panel visible, AI chat panel active.
|
||||
- reduce legacy `/__ide/:id` compatibility paths once portal button confirmed
|
||||
- simplify and harden `devProxy` — remove stale path-based assumptions
|
||||
|
||||
### Local Dev Access — SSH via CF Tunnel (Next Step)
|
||||
### Local Dev Access — SSH via CF Tunnel (In Progress)
|
||||
|
||||
Decision: Cloudflare Tunnel on bastion VM. Free tier covers up to 50 users.
|
||||
Same hostname as browser IDE — different protocols routed separately.
|
||||
See `knowledge-base/network/cf-tunnel-ssh.md` for full detail.
|
||||
|
||||
Developer one-time SSH config:
|
||||
Current state:
|
||||
- ✅ CF Tunnel created and connected to bastion VM
|
||||
- ✅ Cloudflare Zero Trust free plan active
|
||||
- ⏳ Tunnel SSH hostname mapping not yet configured in Zero Trust dashboard
|
||||
- ⏳ Bastion SSH proxy jump config not yet done
|
||||
- ⏳ Dev container SSH server not yet verified
|
||||
- ⏳ Portal SSH config snippet not yet built
|
||||
|
||||
Developer one-time SSH config (once complete):
|
||||
```
|
||||
Host *.zerolaghub.dev
|
||||
ProxyCommand cloudflared access ssh --hostname %h
|
||||
User dev
|
||||
```
|
||||
|
||||
Outstanding:
|
||||
- Install `cloudflared` on bastion VM
|
||||
- Create CF Tunnel pointed at bastion SSH port
|
||||
- Map `*.zerolaghub.dev` SSH through tunnel
|
||||
- Portal SSH config snippet UI
|
||||
|
||||
---
|
||||
|
||||
## API (zpack-api)
|
||||
@ -174,8 +177,7 @@ Outstanding before launch:
|
||||
|
||||
Future work:
|
||||
|
||||
- CF Tunnel SSH access (see Local Dev Access above)
|
||||
- Tailscale dev access (alternative/complement to CF Tunnel)
|
||||
- CF Tunnel SSH access completion (see Local Dev Access above)
|
||||
- artifact version promotion
|
||||
- runtime rollback support
|
||||
- Cloudflare R2 for large artifact/mod file delivery at scale
|
||||
@ -200,3 +202,4 @@ Future work:
|
||||
- ✅ Per-container dev IDE edge publish/unpublish removed from API
|
||||
- ✅ Wildcard TLS cert `*.zerolaghub.dev` via Let's Encrypt + Cloudflare DNS-01
|
||||
- ✅ Browser IDE fully loading at dev-<vmid>.zerolaghub.dev
|
||||
- ✅ CF Tunnel created and connected to bastion VM
|
||||
|
||||
Loading…
Reference in New Issue
Block a user