Code-server installed and configured for multiple users reverse proxy (the Nginx)

1. Install the code-server

project code-server URL in cdr / code-server .

In the README code-server provides two deployment guides, one for deployment in the AWS cloud services such as Deploy , another is that we want to use for deployment in a local QuickStart .

Guide very concise, on three steps:

1. In releases page to find the corresponding structure and binary packages on the system and download.
2. Unpack and run the binary file ( ./code-server).
3. In the browser through localhost:8080to visit.

For indeed in terms of the local people used, it was enough, but taking into account the need for long-term operation and remote access on the server side, need to do some hands and feet:

1. Server-side to stand more than one code-server, so not all use the default port 8080.
2. There is a huge risk with http remote access, but code-server SSL encryption comes after an update fails, so use a reverse proxy.

Anti speak on behalf to the part of the code-server somehow.

To change the port, simply by adding parameters at startup, for example --port 23333.

By default it every time when it starts to generate a random password, display in the terminal

can also customize other password or simply do not, then do not directly add parameters --auth noneto the password, then you need to define variables in the environment PASSWORD, and plain text, so to make this variable as a local variable, not only for security reasons, but a different code-server can not use the same password for it ...

2. Configure Reverse Proxy (Nginx)

Anti-generation server I use Nginx, to install: apt install nginxAfter the need to modify the /etc/nginx/nginx.confconfiguration file.

All modifications are located httpunder the module.

First, we need to add SSL settings:

http {
  #前面的东西省略

  ssl on
  ssl_certificate     /path/to/crt/chain.crt
  ssl_certificate_key /path/to/key/key.key

  #后面的也省略
}

protocols like SSL settings are not changed.

Then, at the end of http module plus anti generation configuration (this can be copied in quickstart inside):

http {
  #前面的东西省略

  #SSL的东西也省略

  #中间可能还有东西, 继续省略

  server {
    listen 8080; #这个是客户端访问反代服务器时的端口
    listen [::]:8080; #这个应该也是, 但是是IPv6的配置
    server_name mycodeserver.com itscodeserver.com;
    #填访问时用的域名, 可填多个, 空格分隔
    location /path/ { #等会细讲 #1
      proxy_pass http://localhost:23333/;
      #这是反代访问code-server的地址,
      #所以端口也是填code-server的端口
      proxy_redirect http:// https://;
      #把外部的https转成内部的http
      proxy_set_header Host $host:443/path;
      #等会细讲 #2
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection upgrade;
      proxy_set_header Accept-Encoding gzip;
      #最后三行不知道干嘛的, 从quickstart上直接抄下来的
    }
    #可能存在的第二个第三个location模块, 反正和上面那个差不多
  }
}

So will now go into detail # 1: This path is mounted on an entire generation of anti-Nginx position, that is, when the access https://mycodeserver.com:443/path/time, that is, visit this anti-generation (443 is the default port for https, and if you can not change. into another, and this port, and below that is the need to maintain a consistent 443)

So will now go into detail # 2:: "443 / path $ path" , so the purpose is to change the URL appears in the code-server, this line is the meaning of "Host" (Host) This parameter re-set Host will be referring to this change. For example, when there is a password, it will jump to the URL localhost:23333/login, relatively, in the browser URL should be https://mycodeserver.com:443/path/login, and should not be https://mycodeserver.com:443/login.

Not difficult to find, a few lines to configure the main thing to do is to be seen as http://localhost:23333/all replaced https://mycodeserver.com:443/path/.

Finally, service nginx restartto restart Nginx and reconfigure.

PS: code-server open the folder rely on parameters of URL, like this:
https://mycodeserver.com:443/path/?folder=vscode-remote://mycodeserver.com:443/path2yourworkspace/,
if /path/not the root directory ( /), then there will be some minor bugs.

For example, I want to open a folder /home/user/workspace/,
its argument is supposed to be ?folder=vscode-remote://mycodeserver.com:443/home/user/workspace/,
but it will lead to anti generation will become ?folder=vscode-remote://mycodeserver.com:443/path/home/user/workspace/,
you can see one more /path, you can manually delete it, and save the bookmark, the bookmark will point directly Okay. (in fact, this should be Nginx configuration error,
but since I can not bother to get to the bottom)

Configuration code-server

After de-generation configuration is complete, you just need to code-server can also be configured to service just fine (this also may be copied in quickstart inside).

[Unit]
Description=Code Server NO.1
After=network.target

[Service]
Type=simple
User=username
EnvironmentFile=/home/username/.envfile
WorkingDirectory=/home/username/
Restart=on-failure
RestartSec=10

ExecStart=/path/to/code-server/code-server --port 23333

StandardOutput=file:/path/to/output/output.log
StandardError=file:/path/to/error/error.log

[Install]
WantedBy=multi-user.target

That is EnvironmentFile before running the program sourcefile, which can be written in PASSWORDvariables, but also in the PATHpath of the program (for example, clang) the need to call on which is written, the file name is preceded by point to hidden files, but in reality nothing useful. so, this should probably file a long way:

PASSWORD="yourpassword"
PATH="path"

PATHIf one does not know what put the filling /etc/environmentinside cleaning up she wants to direct.

There is also a place to note that all addresses appear absolutely need to fill in the address, relative address can not fill.

Some of the remaining configuration, not one will be able to read it (such as Description), can try to change to change the look so what would be the effect, I did not know it at the spade and the error will be changed often stuff (such as After , Type, WantedBy). there are interested can ask search engines.

Finally, the extension of this file is changed serviceand thrown /etc/systemd/system/down, and executed systemctl restart name.service, remember namethe name into the file.

If there is no error, you can try to access the browser, you can also systemctl enable name.servicemake the post.

Appendix: Probably is a common error (problem) Solution

Q: how to download binary packages on a Linux machine?
A: wget <URL>, or curl -O <URL>, or WinSCP.

Q: how unzip .tar.gzfiles?
A: tar -zxvf <file>.

Q: copying files can not /etc/systemd/system/?
Q: systemctlcan not perform?
Q: servicecan not execute?
Q: modify the /etc/nginx/nginx.confdisplay file read-only?
A: sudo.

Q: systemctl restart name.serviceAfter performing error?
A: being given a good look inside to write what the general did not file to serviceas a suffix, is to forget to file copying /etc/systemd/system/, or write a non-absolute address.

Q: service restart nginxAfter performing error?
A: Probably /etc/nginx/nginx.confa syntax error, it is easy to find self-examination about the problem can refer to. Nginx Documentation , or Nginx Chinese documents .

Q: servicefile Typemean?
A: simpleis the kind of program will run in the terminal, do not Ctrl+Cnot use the terminal there is a relatively common type yes. oneshot, Is executed once immediately after the return to the terminal, registers itself running in the background, such as vlmcsd.

Q: code-server login password does not live or die?
A: There may be a character is escaped, such as colon and backslash, either avoid these characters or sub-righteousness back.

Q: code-server links always jump jump place 404?
A: Anti-generation is where not wrong.

Q: code-server in turn on the display open folder after folder?
A: Anti behalf and did not hang on the root is about the same problem, manually change it inside the URL folderaddress just fine.

Q: folderbehind a pile percent sign, dazzled?
A: is the URL of escape, and not difficult to find, %3Aa colon, %2Fa slash, which is composed of ASCII or HEX percent-plus of UTF-8 characters in the form of control will know.

Q: debug Golang when there are various errors?
A: When you start adding parameter-Server code --security-opt seccomp=unconfined, with ms-vscode-gocommissioning details, please read Issue # 725 .

Q: When debugging vscode plug various error?
A: This is one of Known Issues, as follows (to 2020.2.11) or go to. The README inside.

• Creating custom VS Code extensions and debugging them doesn’t work.
• Extension profiling and tips are currently disabled.

Q: Some plug-ins can not search / version is a little old?
A: It uses its own Marketplace, from the Extensions for Visual Studio to find vscode plug-ins inside and download, to the server-side through the vsix installation.

Q: In vscode the terminal which is missing a bunch of instructions?
A: lack of environment variables, right, try to run before the start code-server source /etc/environmentor have other PATHfiles, if not directly start the CLI (such as service) will be considered in the configuration file Riga environment variable.

Q: internal vscode not OTA?
A: can consider yourself Patch ( the README there are tutorials), and so on, or a new binary packages chant.

Q: Latex Workshop Preview pdf of failure?
A: DevTools can see inside, sending a http request to a five-digit port, then this error does not allow http repair them more complicated if the conditions allow it, you can choose to use. after vscode + Remote-SSH, the server side vscode upload plugin, then you can see the preview. BTW, this vscode and code-server is absolutely no conflict, even driving (vscode server vscode closed locally at the same time it stopped working), Git use is the same one, plug-ins and settings are counted separately (work area set up inside the course is still the same).

Note: All operations effectively measured in Ubuntu Server 18.04, the location and command of some files may fail with different environments.