ci/woodpecker/push/woodpecker Pipeline was successfulDetails
All tunnel clients use ~/.ssh/ca-userkey — one key, no divergence.
Server now re-reads authorized_keys on every auth attempt so adding
a key never requires a restart. README documents the two failure
modes (missing key, stale cache) with fix steps.
Co-authored-by: Cursor <cursoragent@cursor.com>
Clients can now set TUNNEL_AUTH_USER and TUNNEL_AUTH_PASS to have the
server add a Traefik basicauth middleware in front of the tunnel route.
Credentials are sent as tunnel metadata over the SSH channel and the
server generates a bcrypt htpasswd entry for Traefik's Docker labels.
Co-authored-by: Cursor <cursoragent@cursor.com>
Go binary pair (server + client) that establishes reverse SSH tunnels
and dynamically registers Traefik routes by SSHing into the ingress
host to write file-provider config. Clients need only a private key,
server address, domain, and local port as envvars.
Co-authored-by: Cursor <cursoragent@cursor.com>
Leopere