TheLanc3/code-server
1
0
Fork 0
mirror of https://github.com/coder/code-server.git synced 2026-05-06 12:31:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Rewrite and update documentation

Browse Source
This commit is contained in:
Dean Sheather
2019-08-17 05:46:37 +10:00
parent 8c39e085f4
commit 7caef7f49c
12 changed files with 703 additions and 246 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
doc/security/ssl.md
View File

@@ -1,24 +1,33 @@
# Generate a self-signed certificate 🔒
# Generate a Self-signed Certificate 🔒
code-server has the ability to secure your connection between client and server using SSL/TSL certificates. By default, the server will start with an unencrypted connection. We recommend Self-signed TLS/SSL certificates for personal use of code-server or within an organization.
code-server has the ability to secure your connection between client and server
using SSL/TSL certificates. By default, the server will start with an
unencrypted connection. We recommend Self-signed TLS/SSL certificates for
personal use of code-server or within an organization.
This guide will show you how to create a self-signed certificate and start code-server using your certificate/key.
This guide will show you how to create a self-signed certificate and start
code-server using your certificate/key.
## TLS / HTTPS
You can specify any location that you want to save the certificate and key. In this example, we will navigate to the root directory, create a folder called `certs` and cd into it.
You can specify any location that you want to save the certificate and key. In
this example, we will navigate to the root directory, create a folder called
`certs` and cd into it.
```shell
mkdir ~/certs && cd ~/certs
```
If you don't already have a TLS certificate and key, you can generate them with the command below. They will be placed in `~/certs`
If you don't already have a TLS certificate and key, you can generate them with
the command below. They will be placed in `~/certs`.
```shell
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ~/certs/MyKey.key -out ~/certs/MyCertificate.crt
```
You will be prompted to add some identifying information about your organization
You will be prompted to add some identifying information about your
organization:
```shell
You are about to be asked to enter information that will be incorporated
into your certificate request.
@@ -35,19 +44,27 @@ Organizational Unit Name (eg, section) []:Docs
Common Name (e.g. server FQDN or YOUR name) []:hostname.example.com
Email Address []:admin@example.com
```
>If you already have a TLS certificate and key, you can simply reference them in the `--cert` and `--cert-key` flags when launching code-server
> If you already have a TLS certificate and key, you can simply reference them
> in the `--cert` and `--cert-key` flags when launching code-server.
## Starting code-server with certificate and key
## Starting code-server with a Certificate and Key
1. At the end of the path to your binary, add the following flags followed by the path to your certificate and key like so. Then press enter to run code-server.
```shell
./code-server --cert=~/certs/MyCertificate.crt --cert-key=~/certs/MyKey.key
```
2. After that you will be running a secure code-server.
Just add the `--cert` and `--cert-key` flags when you run code-server:
> You will know your connection is secure if the lines `WARN No certificate specified. This could be insecure. WARN Documentation on securing your setup: https://coder.com/docs` no longer appear.
```shell
./code-server --cert=~/certs/MyCertificate.crt --cert-key=~/certs/MyKey.key
```
## Other options
> You should check that the
> `WARN No certificate specified. This could be insecure` are no longer visible
> in the output.
For larger organizations you may wish to rely on a Certificate Authority as opposed to a self-signed certificate. For more information on generating free and open certificates for your site, please check out EFF's [certbot](https://certbot.eff.org/). Certbot is a cli to generate certificates using [LetsEncrypt](https://letsencrypt.org/).
## Other Options
For larger organizations you may wish to rely on a trusted Certificate Authority
as opposed to a self-signed certificate. For more information on generating free
and open certificates for your site, please check out EFF's
[certbot](https://certbot.eff.org/). Certbot is a cli to generate certificates
using [LetsEncrypt](https://letsencrypt.org/).