better-argo-tunnels

Commit Graph

Author	SHA1	Message	Date
Leopere	37081ab53e	Add optional HTTP Basic Auth support for tunnel clients ci/woodpecker/push/woodpecker Pipeline failed Details Clients can now set TUNNEL_AUTH_USER and TUNNEL_AUTH_PASS to have the server add a Traefik basicauth middleware in front of the tunnel route. Credentials are sent as tunnel metadata over the SSH channel and the server generates a bcrypt htpasswd entry for Traefik's Docker labels. Co-authored-by: Cursor <cursoragent@cursor.com>	2026-02-09 14:40:58 -05:00
Leopere	f6b40d2432	Fix SSH to ingress: port 65522, auto-load companion cert - keyutil.go / client ssh.go: if <key>-cert.pub exists next to the private key, load it automatically (mirrors openssh behavior) - stack.production.yml: TRAEFIK_SSH_HOST uses port 65522 Co-authored-by: Cursor <cursoragent@cursor.com>	2026-02-08 18:38:31 -05:00
Leopere	d5a805853a	Initial commit: reverse SSH tunnel server for Traefik Go binary pair (server + client) that establishes reverse SSH tunnels and dynamically registers Traefik routes by SSHing into the ingress host to write file-provider config. Clients need only a private key, server address, domain, and local port as envvars. Co-authored-by: Cursor <cursoragent@cursor.com>	2026-02-08 18:16:41 -05:00

Author

SHA1

Message

Date

Leopere

37081ab53e

Add optional HTTP Basic Auth support for tunnel clients

ci/woodpecker/push/woodpecker Pipeline failed Details

Clients can now set TUNNEL_AUTH_USER and TUNNEL_AUTH_PASS to have the
server add a Traefik basicauth middleware in front of the tunnel route.
Credentials are sent as tunnel metadata over the SSH channel and the
server generates a bcrypt htpasswd entry for Traefik's Docker labels.

Co-authored-by: Cursor <cursoragent@cursor.com>

2026-02-09 14:40:58 -05:00

Leopere

f6b40d2432

Fix SSH to ingress: port 65522, auto-load companion cert

- keyutil.go / client ssh.go: if <key>-cert.pub exists next to
  the private key, load it automatically (mirrors openssh behavior)
- stack.production.yml: TRAEFIK_SSH_HOST uses port 65522

Co-authored-by: Cursor <cursoragent@cursor.com>

2026-02-08 18:38:31 -05:00

Leopere

d5a805853a

Initial commit: reverse SSH tunnel server for Traefik

Go binary pair (server + client) that establishes reverse SSH tunnels
and dynamically registers Traefik routes by SSHing into the ingress
host to write file-provider config. Clients need only a private key,
server address, domain, and local port as envvars.

Co-authored-by: Cursor <cursoragent@cursor.com>

2026-02-08 18:16:41 -05:00

3 Commits