Add next steps — CF Tunnel SSH, upload testing, portal copy, host migration
This commit is contained in:
parent
7d2784ab4a
commit
b669f75204
@ -113,16 +113,42 @@ Verified flow:
|
||||
- `passHostHeader: true` preserves original hostname through to API
|
||||
- no Caddy, no `:8081`, no per-container DNS/Traefik side effects from API
|
||||
|
||||
### Local Dev Access (Headscale/Tailscale — Future)
|
||||
### Local Dev Access — SSH via CF Tunnel (Next Step)
|
||||
|
||||
Decision: Cloudflare Tunnel on bastion VM for SSH access. Free tier covers up to 50 users.
|
||||
|
||||
Planned architecture:
|
||||
|
||||
```
|
||||
Developer laptop
|
||||
↓ ssh dev-6070.zerolaghub.dev
|
||||
Cloudflare edge
|
||||
↓ CF Tunnel (persistent, runs on bastion)
|
||||
Bastion VM (internal)
|
||||
↓ SSH proxy jump
|
||||
Dev container (10.100.x.x)
|
||||
```
|
||||
|
||||
Same hostname as browser IDE — different protocol. Cloudflare routes HTTPS to
|
||||
Traefik and SSH to CF Tunnel separately.
|
||||
|
||||
Developer one-time SSH config:
|
||||
|
||||
```
|
||||
Host *.zerolaghub.dev
|
||||
ProxyCommand cloudflared access ssh --hostname %h
|
||||
```
|
||||
|
||||
After that `ssh dev-6070.zerolaghub.dev` just works. Portal can surface this
|
||||
config snippet as a copyable block.
|
||||
|
||||
Outstanding:
|
||||
|
||||
- confirm `zlh-ctl` Headscale server status
|
||||
- implement Tailscale addon install in agent
|
||||
- API auth key generation
|
||||
- portal setup instructions
|
||||
|
||||
Constraints: `magic_dns: false`, no exit nodes, no DNS takeover
|
||||
- Install `cloudflared` on bastion VM
|
||||
- Create CF Tunnel pointed at bastion SSH port
|
||||
- Map `*.zerolaghub.dev` SSH through tunnel
|
||||
- Portal SSH config snippet UI
|
||||
- Agent: surface SSH hostname in `/status` or via API
|
||||
|
||||
---
|
||||
|
||||
@ -163,17 +189,33 @@ Completed:
|
||||
Outstanding:
|
||||
|
||||
- confirm "Open IDE" button fully uses hosted URL flow
|
||||
- SSH config snippet for local VS Code / terminal access
|
||||
- Headscale setup instructions
|
||||
|
||||
---
|
||||
|
||||
## Pre-Launch Checklist
|
||||
|
||||
Outstanding before launch:
|
||||
|
||||
- **Upload testing** — test file upload flow end-to-end in dev containers
|
||||
- **Portal copy/wording** — site needs rewriting for public audience
|
||||
- **Dedicated host migration** — evaluate GTHost upgrade (Gold 6152, Detroit)
|
||||
- Trial period approach: $5/day up to 10 days
|
||||
- PBS restore for safe migration validation
|
||||
- Two-host split (core vs game/dev) is longer term option
|
||||
|
||||
---
|
||||
|
||||
## Platform
|
||||
|
||||
Future work:
|
||||
|
||||
- Tailscale dev access
|
||||
- CF Tunnel SSH access (see Local Dev Access above)
|
||||
- Tailscale dev access (alternative/complement to CF Tunnel)
|
||||
- artifact version promotion
|
||||
- runtime rollback support
|
||||
- Cloudflare R2 for large artifact/mod file delivery at scale
|
||||
|
||||
---
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user