Skip to content

Need a complete example for how to use the --proxy-domain feature ... #1838

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
nmvega opened this issue Jun 26, 2020 · 9 comments
Closed

Need a complete example for how to use the --proxy-domain feature ... #1838

nmvega opened this issue Jun 26, 2020 · 9 comments

Comments

@nmvega
Copy link

nmvega commented Jun 26, 2020
edited
Loading

Hello Friends:

I've been searching for, as well as playing with the --proxy-domain feature of code-server(1), but I can't yet understand how to use it. I suspect it may be useful for my use-case, but need a complete example of how to use it. Can friends here provide a multi-user / multi-instance example illustrating how each connecting user would get routed to it's awaiting code-server(1) instance?

Thank you in advance. (◠﹏◠)
@nmvega nmvega added the feature label Jun 26, 2020
@code-asher
Copy link
Member

code-server has a built-in reverse proxy for proxying ports on the same server code-server is running on. For example, if you had some Webpack development server running on port 8000 you could access it through domain.tld/proxy/8000/.

--proxy-domain lets you do the same thing except with subdomains so you can browse to 8080.domain.tld instead of using the sub-path. This requires that you point 8000.domain.tld to code-server (or use a wildcard like *.domain.tld) and pass in --proxy-domain domain.tld.

Hopefully that clears up --proxy-domain, if not please hit me up with more questions.

For multi-tenancy these might be helpful:
https://github.com/cdr/code-server/blob/master/doc/FAQ.md#multi-tenancy
#792 (comment)

@nmvega
Copy link
Author

nmvega commented Jun 29, 2020
edited
Loading

Hi @code-asher Thank you for your reply. =:)

I think I understand, but let's use a concrete example.

Let's say I have a Linux server that run's between 1 and 100 code-server instances, and where the port number for a given code-server instance is the UID of the UNIX user assigned to that code-server instance . This strategy ensures port number uniqueness.

So a ps(1) output might logically look like this:

code-server --host 0.0.0.0 --port 5001 (...) --proxy-domain ???
code-server --host 0.0.0.0 --port 5002 (...) --proxy-domain ???
[ ... snip ... ]
code-server --host 0.0.0.0 --port 5100 (...) --proxy-domain ???

These instances are ephemeral (e.g. start when a user logs in; terminate when they log out).

Using this example, how, if possible, can --proxy-domain help to avoid opening up all of those ports?

(Note: These can't run in their own containers, for separate design reasons).

Thank you.

@code-asher
Copy link
Member

In this case I think you would run code-server with something like:

code-server --host 0.0.0.0 --port $UID --proxy-domain $UID.domain.tld

Then if I'm user 5001 for example I can access code-server at 5001.domain.tld and I can also access my development servers at <port>.5001.domain.tld.

@code-asher
Copy link
Member

code-asher commented Jun 30, 2020
edited
Loading

Although I may have misunderstood what you meant by "avoid opening up all of those ports". If you mean the per-user ports, --proxy-domain won't help here unfortunately. You'd need to use an external reverse proxy like nginx. --proxy-domain only affects the routing once the request has already made it to code-server.

@nmvega
Copy link
Author

nmvega commented Jun 30, 2020

Although I may have misunderstood what you meant by "avoid opening up all of those ports". If you mean the per-user ports, --proxy-domain won't help here unfortunately. You'd need to use an external reverse proxy like nginx. --proxy-domain only affects the routing once the request has already made it to code-server.

Exactly. I didn't mention nginx because I wanted to keep the question concise, but that's what I'm doing: combining both --proxy-domain capability and nginx to accomplish this. It's not pretty (a few moving parts), but it''s a solution. :)

@nmvega
Copy link
Author

nmvega commented Jun 30, 2020

In this case I think you would run code-server with something like:

code-server --host 0.0.0.0 --port $UID --proxy-domain $UID.domain.tld

Then if I'm user 5001 for example I can access code-server at 5001.domain.tld and I can also access my development servers at <port>.5001.domain.tld.

That's what I suspected but needed a little hand-holding to be certain. =:) Thank you.

@code-asher
Copy link
Member

No problem! I'll go ahead and close the issue but please feel free to drop more questions here. If you happen to have any ideas on improving the FAQ entry let me know as well.

@sibidharan
Copy link

Can code-server's domain and --proxy-domain be different?

For example:

my code-server is running at xxyy.selfmade.codes
I am giving --proxy-domain fun.selfmade.fun

Now the code-server running at xxyy.selfmade.codes is showing port.fun.selfmade.fun when forwarded. But when I click, it is asking for password. Any idea how to solve this?

@code-asher
Copy link
Member

Yup, that should work just fine but cookies are not cross-domain so unfortunately you will end up needing to log in again. It should set one at .xxyy.selfmade.codes I think, which makes it valid for all sub-domains. So you should end up only having to log in twice, once for the main instance, and again for the proxy. If you are having to log in for every forwarded port then that sounds like a bug.

There is not currently a mechanism for cross-domain authentication although if someone is interested enough to implement it please feel free to submit a PR.

A workaround might be to use external authentication.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nmvega @sibidharan @code-asher