Update project context — hosted IDE flow working, Traefik wildcard model current
This commit is contained in:
parent
8f7a4bf5ba
commit
c499be3e1e
@ -29,9 +29,9 @@ System posture: stable, controlled expansion phase.
|
||||
| 1001 | zlh-dns | Technitium DNS |
|
||||
| 1002 | zlh-proxy | Traefik — core/frontend SSL termination (portal traffic) |
|
||||
| 1003 | zlh-artifacts | Runtime binaries + Minecraft server jars (agent install source) |
|
||||
| 1004 | zlh-zpack-proxy | Traefik — game server traffic only |
|
||||
| 1004 | zlh-zpack-proxy | Traefik — game/dev edge routing + dev IDE wildcard TLS |
|
||||
| 1005 | zpack-api | Node.js API |
|
||||
| 1006 | zlh-zpack-router | Game server router |
|
||||
| 1006 | zlh-zpack-router | Game/dev router |
|
||||
| 1100 | zpack-portal | Next.js frontend |
|
||||
| 2001 | zlh-back | PBS backup + Backblaze B2 |
|
||||
|
||||
@ -95,24 +95,60 @@ access. Pulls runtimes + server jars from zlh-artifacts (VM 1003).
|
||||
- code-server detection: `/proc/*/cmdline` scan
|
||||
- agent port: `18888`
|
||||
|
||||
**Current blocking issue:** code-server missing `--base-path /api/dev/<vmid>/ide`
|
||||
in launch args. Causes WS 1006, filesystem provider failure, extension host crash.
|
||||
Fix is one line in the agent launch script.
|
||||
Code-server launch model:
|
||||
|
||||
- binds to `0.0.0.0`
|
||||
- `--auth none`
|
||||
- API/hosted flow handles auth and proxying
|
||||
|
||||
---
|
||||
|
||||
## Dev Container Access Model
|
||||
|
||||
### Browser IDE (API implemented, agent fix pending)
|
||||
### Browser IDE (Current Working Model)
|
||||
|
||||
```
|
||||
Browser → Portal → API (/api/dev/:id/ide) → container:6000
|
||||
Browser
|
||||
↓
|
||||
Traefik (dev-<vmid>.zerolaghub.dev, 10.70.0.242)
|
||||
↓
|
||||
API (10.60.0.245:4000)
|
||||
↓
|
||||
container:6000
|
||||
```
|
||||
|
||||
Portal calls `POST /api/dev/:id/ide-token`, opens returned URL in new tab.
|
||||
Token TTL: 300s. Proxy accepts `Authorization: Bearer` or `?token=`.
|
||||
WebSocket upgrades validated with same token.
|
||||
Containers never publicly exposed.
|
||||
Working hosted flow:
|
||||
|
||||
1. frontend calls `POST /api/dev/:id/ide-token`
|
||||
2. API returns `https://dev-<vmid>.zerolaghub.dev/?token=...`
|
||||
3. browser opens hosted URL
|
||||
4. Traefik wildcard router forwards to API at `http://10.60.0.245:4000`
|
||||
5. API validates token, sets HTTP-only IDE cookie, redirects to clean hosted URL
|
||||
6. subsequent cookie-backed request proxied to container code-server
|
||||
7. code-server redirects to `/?folder=/home/dev/workspace`
|
||||
8. IDE loads successfully
|
||||
|
||||
Curl-verified response chain:
|
||||
|
||||
- `GET /?token=...` → `302` + `Set-Cookie`
|
||||
- `GET /` with cookie → `302` to `/?folder=/home/dev/workspace`
|
||||
- `GET /?folder=/home/dev/workspace` → `200` code-server HTML
|
||||
|
||||
### Traefik Role
|
||||
|
||||
- terminates TLS via wildcard cert `*.zerolaghub.dev` (Let's Encrypt DNS-01 via Cloudflare)
|
||||
- matches `dev-*.zerolaghub.dev` via `HostRegexp`
|
||||
- forwards to API at `http://10.60.0.245:4000`
|
||||
- preserves original `Host` header (`passHostHeader: true`)
|
||||
- does NOT route directly to containers
|
||||
|
||||
### API Role
|
||||
|
||||
- extracts vmid from `Host` header via `handleHostedProxy`
|
||||
- validates short-lived IDE token
|
||||
- sets HTTP-only `zlh_dev_ide_token` cookie
|
||||
- redirects token URL to clean hostname URL
|
||||
- proxies all live code-server HTTP + WebSocket traffic to correct container
|
||||
|
||||
### Local Developer Access (Future)
|
||||
|
||||
@ -120,23 +156,27 @@ Headscale/Tailscale for SSH, VS Code Remote, local tools.
|
||||
Headscale server: `zlh-ctl` (status to be confirmed).
|
||||
Constraints: no exit nodes, `magic_dns: false`.
|
||||
|
||||
### Removed
|
||||
### Removed / No Longer Current
|
||||
|
||||
DNS-per-container + Traefik dynamic routing abandoned.
|
||||
Removed from API: `devRouting.js`, `devDePublisher.js`, Traefik file writes.
|
||||
`proxyClient.js` retained — still used by game edge publish path.
|
||||
- path-based `/api/dev/:id/ide` as primary browser entry
|
||||
- Caddy-hosted dev IDE edge
|
||||
- per-container Traefik file creation from dev provisioning
|
||||
- per-container Cloudflare/Technitium publish/unpublish from API for dev IDE access
|
||||
|
||||
`proxyClient.js` remains in repo — still used by game edge publish logic.
|
||||
|
||||
---
|
||||
|
||||
## API Routes — Dev IDE
|
||||
|
||||
```
|
||||
POST /api/dev/:id/ide-token — generate short-lived IDE token
|
||||
GET /api/dev/:id/ide — proxy to container:6000
|
||||
GET /api/dev/:id/ide/* — proxy to container:6000
|
||||
GET /api/servers/:id/status — expose polled agent state to frontend
|
||||
POST /api/dev/:id/ide-token — generate short-lived IDE token + hosted URL
|
||||
```
|
||||
|
||||
Hosted requests land on the API through Traefik using the dev hostname.
|
||||
API handles host-based vmid extraction, token bootstrap, cookie handoff,
|
||||
HTTP + WebSocket proxy to code-server.
|
||||
|
||||
---
|
||||
|
||||
## API / Frontend Status
|
||||
@ -174,8 +214,8 @@ Revenue multiplier: 1 developer → ~10 players → $147.50/mo total.
|
||||
|
||||
## Open Threads
|
||||
|
||||
1. **Agent:** fix code-server `--base-path /api/dev/<vmid>/ide` — unblocks IDE
|
||||
2. **Portal:** "Open IDE" button calling `/api/dev/:id/ide-token`
|
||||
1. Verify full browser behavior + WebSocket under hosted wildcard flow
|
||||
2. Confirm "Open IDE" button in portal uses hosted URL in production path
|
||||
3. Confirm Headscale `zlh-ctl` VM status
|
||||
4. Curated provenance — tracking install origin
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user