TheLanc3/code-server
1
0
Fork 0
mirror of https://github.com/coder/code-server.git synced 2026-05-13 15:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Improved install.sh flags

Browse Source
This commit is contained in:
Anmol Sethi
2020-05-22 15:38:03 -04:00
parent 42b5152888
commit 7ef82d8422
8 changed files with 171 additions and 138 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
doc/guide.md
View File

@@ -15,21 +15,22 @@
<!-- END doctoc generated TOC please keep comment here to allow auto update -->
This guide demonstrates how to setup and use code-server.
To reiterate, code-server lets you run VS Code on a remote server and then access it via a browser.
This guide demonstrates how to setup and use `code-server`.
To reiterate, `code-server` lets you run VS Code on a remote server and then access it via a browser.
Further docs are at:
- [README.md](../README.md) for a general overview
- [FAQ.md](./FAQ.md) for common questions.
- [CONTRIBUTING.md](../doc/CONTRIBUTING.md) for development docs
- [README](../README.md) for a general overview
- [INSTALL](../doc/install.md) for installation
- [FAQ](./FAQ.md) for common questions.
- [CONTRIBUTING](../doc/CONTRIBUTING.md) for development docs
We'll walk you through acquiring a remote machine to run code-server on
We'll walk you through acquiring a remote machine to run `code-server` on
and then exposing `code-server` so you can securely access it.
## 1. Acquire a remote machine
First, you need a machine to run code-server on. You can use a physical
First, you need a machine to run `code-server` on. You can use a physical
machine you have lying around or use a VM on GCP/AWS.
### Requirements
@@ -64,7 +65,6 @@ Once you've signed up and created a GCP project, create a new Compute Engine VM
- Click `Change` under `Boot Disk` and change the type to `SSD Persistent Disk` and the size
to `32`.
- You can always grow your disk later.
- The default OS of Debian 10 is fine.
8. Navigate to `Networking -> Network interfaces` and edit the existing interface
to use a static external IP.
- Click done to save network interface changes.
@@ -78,7 +78,7 @@ to avoid the slow dashboard.
## 2. Install code-server
[We have a script](./install.sh) to install code-server for Linux and macOS.
We have a [script](./install.sh) to install `code-server` for Linux and macOS.
It tries to use the system package manager if possible.
@@ -94,7 +94,7 @@ Now to actually install:
curl -fsSL https://code-server.dev/install.sh | sh
```
The install script will print out how to run and start using code-server.
The install script will print out how to run and start using `code-server`.
Docs on the install script, manual installation and docker image are at [./doc/install.md](./doc/install.md).
@@ -103,32 +103,29 @@ Docs on the install script, manual installation and docker image are at [./doc/i
**Never**, **ever** expose `code-server` directly to the internet without some form of authentication
and encryption as someone can completely takeover your machine with the terminal.
By default, code-server will enable password authentication which will
require you to copy the password from the code-server config file to login. Since it
cannot use TLS by default, it will listen on `localhost` to avoid exposing itself
to the world. This is fine for testing but will not work if you want to access `code-server`
By default, `code-server` will enable password authentication which will require you to copy the
password from the`code-server`config file to login. It will listen on`localhost` to avoid exposing
itself to the world. This is fine for testing but will not work if you want to access `code-server`
from a different machine.
There are several approaches to securely operating and exposing code-server.
There are several approaches to securely operating and exposing `code-server`.
**tip**: You can list the full set of code-server options with `code-server --help`
**tip**: You can list the full set of `code-server` options with `code-server --help`
### SSH forwarding
We highly recommend this approach for not requiring any additional setup, you just need an
SSH server on your remote machine. The downside is you won't be able to access `code-server`
without an SSH client like an iPad. If that's important to you, skip to [Let's Encrypt](#lets-encrypt).
on any machine without an SSH client like on iPad. If that's important to you, skip to [Let's Encrypt](#lets-encrypt).
Recommended reading: https://help.ubuntu.com/community/SSH/OpenSSH/PortForwarding.
First, ssh into your instance and edit your code-server config file to disable password authentication.
First, ssh into your instance and edit your `code-server` config file to disable password authentication.
```bash
# Replaces "auth: password" with "auth: none" in the code-server config.
sed -i.bak 's/auth: password/auth: none/' ~/.config/code-server/config.yaml
```
Restart code-server with (assuming you followed the guide):
Restart `code-server` with (assuming you followed the guide):
```bash
systemctl --user restart code-server
@@ -136,12 +133,14 @@ systemctl --user restart code-server
Now forward local port 8080 to `127.0.0.1:8080` on the remote instance.
Recommended reading: https://help.ubuntu.com/community/SSH/OpenSSH/PortForwarding.
```bash
# -N disables executing a remote shell
ssh -N -L 8080:127.0.0.1:8080 <instance-ip>
```
Now if you access http://127.0.0.1:8080 locally, you should see code-server!
Now if you access http://127.0.0.1:8080 locally, you should see `code-server`!
If you want to make the SSH port forwarding persistent we recommend using
[mutagen](https://mutagen.io/documentation/introduction/installation).
@@ -168,8 +167,8 @@ and sign commits without copying your keys.
### Let's Encrypt
[Let's Encrypt](https://letsencrypt.org) is a great option if you want to access code-server on an iPad
or do not want to use SSH forwarding. This does require that the remote machine is exposed to the internet.
[Let's Encrypt](https://letsencrypt.org) is a great option if you want to access `code-server` on an iPad
or do not want to use SSH forwarding. This does require that the remote machine be exposed to the internet.
Assuming you have been following the guide, edit your instance and checkmark the allow HTTP/HTTPS traffic options.
@@ -198,9 +197,9 @@ reverse_proxy 127.0.0.1:8080
sudo systemctl reload caddy
```
Visit `https://<your-domain-name>` to access code-server. Congratulations!
Visit `https://<your-domain-name>` to access `code-server`. Congratulations!
In a future release we plan to integrate Let's Encrypt directly with code-server to avoid
In a future release we plan to integrate Let's Encrypt directly with `code-server` to avoid
the dependency on caddy.
### Self Signed Certificate
@@ -210,13 +209,12 @@ have to use [Let's Encrypt](#lets-encrypt) instead. See the [FAQ](https://github
Recommended reading: https://security.stackexchange.com/a/8112.
We recommend this as a last resort as self signed certificates do not work with iPads and can
cause other bizarre issues. Not to mention all the warnings when you access code-server.
We recommend this as a last resort because self signed certificates do not work with iPads and can
cause other bizarre issues. Not to mention all the warnings when you access `code-server`.
Only use this if:
1. You do not want to buy a domain.
2. You cannot expose the remote machine to the internet.
3. You do not want to use SSH forwarding.
1. You do not want to buy a domain or you cannot expose the remote machine to the internet.
2. You do not want to use SSH forwarding.
ssh into your instance and edit your code-server config file to use a randomly generated self signed certificate:
@@ -229,7 +227,7 @@ sed -i.bak 's/bind-addr: 127.0.0.1:8080/bind-addr: 0.0.0.0:443/' ~/.config/code-
sudo setcap cap_net_bind_service=+ep /usr/lib/code-server/lib/node
```
Assuming you have been following the guide, restart code-server with:
Assuming you have been following the guide, restart `code-server` with:
```bash
systemctl --user restart code-server
@@ -237,17 +235,17 @@ systemctl --user restart code-server
Edit your instance and checkmark the allow HTTPS traffic option.
Visit `https://<your-instance-ip>` to access code-server.
Visit `https://<your-instance-ip>` to access `code-server`.
You'll get a warning when accessing but if you click through you should be good.
To avoid the warnings, you can use [mkcert](https://mkcert.dev) to create a self signed certificate
trusted by your OS and then pass it into code-server via the `cert` and `cert-key` config
trusted by your OS and then pass it into `code-server` via the `cert` and `cert-key` config
fields.
### Change the password?
Edit the `password` field in the code-server config file at `~/.config/code-server/config.yaml`
and then restart code-server with:
Edit the `password` field in the `code-server` config file at `~/.config/code-server/config.yaml`
and then restart `code-server` with:
```bash
systemctl --user restart code-server
@@ -255,6 +253,6 @@ systemctl --user restart code-server
### How do I securely access development web services?
If you're working on a web service and want to access it locally, code-server can proxy it for you.
If you're working on a web service and want to access it locally, `code-server` can proxy it for you.
See [FAQ.md](https://github.com/cdr/code-server/blob/master/doc/FAQ.md#how-do-i-securely-access-web-services).
See the [FAQ](https://github.com/cdr/code-server/blob/master/doc/FAQ.md#how-do-i-securely-access-web-services).