Add next steps — CF Tunnel SSH, upload testing, portal copy, host migration
This commit is contained in:
parent
7d2784ab4a
commit
b669f75204
@ -113,16 +113,42 @@ Verified flow:
|
|||||||
- `passHostHeader: true` preserves original hostname through to API
|
- `passHostHeader: true` preserves original hostname through to API
|
||||||
- no Caddy, no `:8081`, no per-container DNS/Traefik side effects from API
|
- no Caddy, no `:8081`, no per-container DNS/Traefik side effects from API
|
||||||
|
|
||||||
### Local Dev Access (Headscale/Tailscale — Future)
|
### Local Dev Access — SSH via CF Tunnel (Next Step)
|
||||||
|
|
||||||
|
Decision: Cloudflare Tunnel on bastion VM for SSH access. Free tier covers up to 50 users.
|
||||||
|
|
||||||
|
Planned architecture:
|
||||||
|
|
||||||
|
```
|
||||||
|
Developer laptop
|
||||||
|
↓ ssh dev-6070.zerolaghub.dev
|
||||||
|
Cloudflare edge
|
||||||
|
↓ CF Tunnel (persistent, runs on bastion)
|
||||||
|
Bastion VM (internal)
|
||||||
|
↓ SSH proxy jump
|
||||||
|
Dev container (10.100.x.x)
|
||||||
|
```
|
||||||
|
|
||||||
|
Same hostname as browser IDE — different protocol. Cloudflare routes HTTPS to
|
||||||
|
Traefik and SSH to CF Tunnel separately.
|
||||||
|
|
||||||
|
Developer one-time SSH config:
|
||||||
|
|
||||||
|
```
|
||||||
|
Host *.zerolaghub.dev
|
||||||
|
ProxyCommand cloudflared access ssh --hostname %h
|
||||||
|
```
|
||||||
|
|
||||||
|
After that `ssh dev-6070.zerolaghub.dev` just works. Portal can surface this
|
||||||
|
config snippet as a copyable block.
|
||||||
|
|
||||||
Outstanding:
|
Outstanding:
|
||||||
|
|
||||||
- confirm `zlh-ctl` Headscale server status
|
- Install `cloudflared` on bastion VM
|
||||||
- implement Tailscale addon install in agent
|
- Create CF Tunnel pointed at bastion SSH port
|
||||||
- API auth key generation
|
- Map `*.zerolaghub.dev` SSH through tunnel
|
||||||
- portal setup instructions
|
- Portal SSH config snippet UI
|
||||||
|
- Agent: surface SSH hostname in `/status` or via API
|
||||||
Constraints: `magic_dns: false`, no exit nodes, no DNS takeover
|
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
@ -163,17 +189,33 @@ Completed:
|
|||||||
Outstanding:
|
Outstanding:
|
||||||
|
|
||||||
- confirm "Open IDE" button fully uses hosted URL flow
|
- confirm "Open IDE" button fully uses hosted URL flow
|
||||||
|
- SSH config snippet for local VS Code / terminal access
|
||||||
- Headscale setup instructions
|
- Headscale setup instructions
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
## Pre-Launch Checklist
|
||||||
|
|
||||||
|
Outstanding before launch:
|
||||||
|
|
||||||
|
- **Upload testing** — test file upload flow end-to-end in dev containers
|
||||||
|
- **Portal copy/wording** — site needs rewriting for public audience
|
||||||
|
- **Dedicated host migration** — evaluate GTHost upgrade (Gold 6152, Detroit)
|
||||||
|
- Trial period approach: $5/day up to 10 days
|
||||||
|
- PBS restore for safe migration validation
|
||||||
|
- Two-host split (core vs game/dev) is longer term option
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
## Platform
|
## Platform
|
||||||
|
|
||||||
Future work:
|
Future work:
|
||||||
|
|
||||||
- Tailscale dev access
|
- CF Tunnel SSH access (see Local Dev Access above)
|
||||||
|
- Tailscale dev access (alternative/complement to CF Tunnel)
|
||||||
- artifact version promotion
|
- artifact version promotion
|
||||||
- runtime rollback support
|
- runtime rollback support
|
||||||
|
- Cloudflare R2 for large artifact/mod file delivery at scale
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user