diff --git a/docs/CONTRIBUTING.md b/docs/CONTRIBUTING.md index e0017bfe..d4bf6f07 100644 --- a/docs/CONTRIBUTING.md +++ b/docs/CONTRIBUTING.md @@ -2,17 +2,16 @@ # Contributing -- [Pull Requests](#pull-requests) - - [Commits](#commits) - [Requirements](#requirements) -- [Development Workflow](#development-workflow) - - [Updating VS Code](#updating-vs-code) - - [Notes about Changes](#notes-about-changes) -- [Build](#build) -- [Testing](#testing) - - [Unit Tests](#unit-tests) - - [Integration Tests](#integration-tests) - - [End-to-End Tests](#end-to-end-tests) +- [Creating pull requests](#creating-pull-requests) + - [Commits and commit history](#commits-and-commit-history) +- [Development workflow](#development-workflow) + - [Updates to VS Code](#updates-to-vs-code) + - [Build](#build) + - [Test](#test) + - [Unit tests](#unit-tests) + - [Integration tests](#integration-tests) + - [End-to-end tests](#end-to-end-tests) - [Structure](#structure) - [Modifications to VS Code](#modifications-to-vs-code) - [Currently Known Issues](#currently-known-issues) @@ -21,41 +20,49 @@ - [Detailed CI and build process docs](../ci) -## Pull Requests - -Please create a [GitHub Issue](https://github.com/cdr/code-server/issues) to address any issue. You can skip this if the proposed fix is minor. - -In your Pull Requests (PR), link to the issue that the PR solves. - -Please ensure that the base of your PR is the **main** branch. - -### Commits - -We prefer a clean commit history. This means you should squash all fixups and fixup-type commits before asking for review (cleanup, squash, force-push). If you need help with this, feel free to leave a comment in your PR and we'll guide you. - ## Requirements -The prerequisites for contributing to code-server are almost the same as those for -[VS Code](https://github.com/Microsoft/vscode/wiki/How-to-Contribute#prerequisites). -There are several differences, however. Here is what is needed: +The prerequisites for contributing to code-server are almost the same as those +for [VS +Code](https://github.com/Microsoft/vscode/wiki/How-to-Contribute#prerequisites). +Here is what is needed: - `node` v14.x - `git` v2.x or greater - [`yarn`](https://classic.yarnpkg.com/en/) - - used to install JS packages and run scripts + - Used to install JS packages and run scripts - [`nfpm`](https://classic.yarnpkg.com/en/) - - used to build `.deb` and `.rpm` packages + - Used to build `.deb` and `.rpm` packages - [`jq`](https://stedolan.github.io/jq/) - - used to build code-server releases + - Used to build code-server releases - [`gnupg`](https://gnupg.org/index.html) - - all commits must be signed and verified - - see GitHub's ["Managing commit signature verification"](https://docs.github.com/en/github/authenticating-to-github/managing-commit-signature-verification) or follow [this tutorial](https://joeprevite.com/verify-commits-on-github) -- `build-essential` (Linux) - - `apt-get install -y build-essential` - used by VS Code + - All commits must be signed and verified; see GitHub's [Managing commit + signature + verification](https://docs.github.com/en/github/authenticating-to-github/managing-commit-signature-verification) + or follow [this tutorial](https://joeprevite.com/verify-commits-on-github) +- `build-essential` (Linux only - used by VS Code) + - Get this by running `apt-get install -y build-essential` - `rsync` and `unzip` - - used for code-server releases + - Used for code-server releases -## Development Workflow +## Creating pull requests + +Please create a [GitHub Issue](https://github.com/cdr/code-server/issues) that +includes context for issues that you see. You can skip this if the proposed fix +is minor. + +In your pull requests (PR), link to the issue that the PR solves. + +Please ensure that the base of your PR is the **main** branch. + +### Commits and commit history + +We prefer a clean commit history. This means you should squash all fixups and +fixup-type commits before asking for a review (e.g., clean up, squash, then force +push). If you need help with this, feel free to leave a comment in your PR, and +we'll guide you. + +## Development workflow ```shell yarn @@ -65,28 +72,30 @@ yarn watch `yarn watch` will live reload changes to the source. -### Updating VS Code +### Updates to VS Code -Updating VS Code requires `git subtree`. On some rpm-based Linux distros, `git subtree` is not included by default, and needs to be installed separately. -To install, run `dnf install git-subtree` or `yum install git-subtree` as necessary. +Updating VS Code requires `git subtree`. On some RPM-based Linux distros, `git subtree` is not included by default and needs to be installed separately. To +install, run `dnf install git-subtree` or `yum install git-subtree`. -To update VS Code, follow these steps: +To update VS Code: 1. Run `yarn update:vscode`. -2. Enter a version. Ex. 1.53 -3. This will open a draft PR for you. -4. There will be merge conflicts. First commit them. - 1. We do this because if we don't, it will be impossible to review your PR. -5. Once they're all fixed, test code-server locally and make sure it all works. -6. Check the version of Node.js that the version of Electron shipped with VSCode uses, and update the version of Node.js if necessary. +2. Enter a version (e.g., `1.53`) +3. This will open a draft pull request for you. +4. There will be merge conflicts. Commit them first, since it will be impossible + for us to review your PR if you don't. +5. Fix the conflicts. Then, test code-server locally to make sure everything + works. +6. Check the Node.js version that's used by Electron (which is shipped with VS + Code. If necessary, update your version of Node.js to match. -#### Notes about Changes +> Watch for updates to +> `lib/vscode/src/vs/code/browser/workbench/workbench.html`. You may need to +> make changes to `src/browser/pages/vscode.html`. -- watch out for updates to `lib/vscode/src/vs/code/browser/workbench/workbench.html`. You may need to make changes to `src/browser/pages/vscode.html` +### Build -## Build - -You can build using: +You can build as follows: ```shell yarn build @@ -94,7 +103,7 @@ yarn build:vscode yarn release ``` -Run your build with: +Run your build: ```shell cd release @@ -111,73 +120,88 @@ yarn test:standalone-release yarn package ``` -NOTE: On Linux, the currently running distro will become the minimum supported version. -In our GitHub Actions CI, we use CentOS 7 for maximum compatibility. -If you need your builds to support older distros, run the build commands -inside a Docker container with all the build requirements installed. +> On Linux, the currently running distro will become the minimum supported +> version. In our GitHub Actions CI, we use CentOS 7 for maximum compatibility. +> If you need your builds to support older distros, run the build commands +> inside a Docker container with all the build requirements installed. -## Testing +### Test There are three kinds of tests in code-server: -1. unit tests -2. integration tests -3. end-to-end tests +1. Unit tests +2. Integration tests +3. End-to-end tests -### Unit Tests +### Unit tests -Our unit tests are written in TypeScript and run using [Jest, the testing framework](https://jestjs.io/). +Our unit tests are written in TypeScript and run using +[Jest](https://jestjs.io/), the testing framework]. These live under [test/unit](../test/unit). We use unit tests for functions and things that can be tested in isolation. -### Integration Tests +### Integration tests -These are a work-in-progress. We build code-server and run a script called [test-standalone-release.sh`](../ci/build/test-standalone-release.sh) -which ensures that code-server's CLI is working. +These are a work in progress. We build code-server and run a script called +[test-standalone-release.sh](../ci/build/test-standalone-release.sh), which +ensures that code-server's CLI is working. -Integration for us means testing things that integrate and rely on each other. For instance, testing the CLI which requires that code-server be built and packaged. +Our integration tests look at components that rely on one another. For example, +testing the CLI requires us to build and package code-server. -### End-to-End Tests +### End-to-end tests -The end-to-end (e2e) are written in TypeScript and run using [Playwright](https://playwright.dev/). +The end-to-end (e2e) tests are written in TypeScript and run using +[Playwright](https://playwright.dev/). These live under [test/e2e](../test/e2e). -Before the e2e tests run, we have a `globalSetup` that runs which makes it so you don't have to login before each test and can reuse the authentication state. +Before the e2e tests run, we run `globalSetup`, which eliminates the need to log +in before each test by preserving the authentication state. -Take a look at `codeServer.test.ts` to see how you use it (look at `test.use`). +Take a look at `codeServer.test.ts` to see how you would use it (see +`test.use`). -We also have a model where you can create helpers to use within tests. Take a look at [models/CodeServer.ts](../test/e2e/models/CodeServer.ts) to see an example. +We also have a model where you can create helpers to use within tests. See +[models/CodeServer.ts](../test/e2e/models/CodeServer.ts) for an example. -Generally speaking, e2e means testing code-server running in the browser, similar to how a user would interact with it. When running these tests with `yarn test:e2e`, you must have code-server running locally. In CI, this is taken care of for you. +Generally speaking, e2e means testing code-server while running in the browser +and interacting with it in a way that's similar to how a user would interact +with it. When running these tests with `yarn test:e2e`, you must have +code-server running locally. In CI, this is taken care of for you. ## Structure -The `code-server` script serves an HTTP API for login and starting a remote VS Code process. +The `code-server` script serves as an HTTP API for login and starting a remote VS +Code process. -The CLI code is in [src/node](../src/node) and the HTTP routes are implemented in -[src/node/routes](../src/node/routes). +The CLI code is in [src/node](../src/node) and the HTTP routes are implemented +in [src/node/routes](../src/node/routes). -Most of the meaty parts are in the VS Code portion of the codebase under [lib/vscode](../lib/vscode), which we described next. +Most of the meaty parts are in the VS Code portion of the codebase under +[lib/vscode](../lib/vscode), which we describe next. ### Modifications to VS Code -In v1 of code-server, we had a patch of VS Code that split the codebase into a front-end -and a server. The front-end consisted of all UI code, while the server ran the extensions -and exposed an API to the front-end for file access and all UI needs. +In v1 of code-server, we had a patch of VS Code that split the codebase into a +front-end and a server. The front-end consisted of the UI code, while the server +ran the extensions and exposed an API to the front-end for file access and all +UI needs. -Over time, Microsoft added support to VS Code to run it on the web. They have made -the front-end open source, but not the server. As such, code-server v2 (and later) uses -the VS Code front-end and implements the server. We do this by using a git subtree to fork and modify VS Code. This code lives under [lib/vscode](../lib/vscode). +Over time, Microsoft added support to VS Code to run it on the web. They have +made the front-end open source, but not the server. As such, code-server v2 (and +later) uses the VS Code front-end and implements the server. We do this by using +a Git subtree to fork and modify VS Code. This code lives under +[lib/vscode](../lib/vscode). -Some noteworthy changes in our version of VS Code: +Some noteworthy changes in our version of VS Code include: - Adding our build file, which includes our code and VS Code's web code - Allowing multiple extension directories (both user and built-in) -- Modifying the loader, websocket, webview, service worker, and asset requests to - use the URL of the page as a base (and TLS, if necessary for the websocket) +- Modifying the loader, WebSocket, webview, service worker, and asset requests to + use the URL of the page as a base (and TLS, if necessary for the WebSocket) - Sending client-side telemetry through the server - Allowing modification of the display language - Making it possible for us to load code on the client @@ -191,7 +215,7 @@ us to ensure that our changes are still applied and work as intended. In the fut we'd like to run VS Code unit tests against our builds to ensure that features work as expected. -**Note**: We have [extension docs](../ci/README.md) on the CI and build system. +> We have [extension docs](../ci/README.md) on the CI and build system. If the functionality you're working on does NOT depend on code from VS Code, please move it out and into code-server. diff --git a/docs/FAQ.md b/docs/FAQ.md index 785ae3b7..cfd41e1f 100644 --- a/docs/FAQ.md +++ b/docs/FAQ.md @@ -3,160 +3,139 @@ # FAQ - [Questions?](#questions) -- [iPad Status?](#ipad-status) -- [Community Projects (awesome-code-server)](#community-projects-awesome-code-server) -- [How can I reuse my VS Code configuration?](#how-can-i-reuse-my-vs-code-configuration) -- [Differences compared to VS Code?](#differences-compared-to-vs-code) - - [Installing an extension](#installing-an-extension) -- [How can I request a missing extension?](#how-can-i-request-a-missing-extension) -- [Installing an extension manually](#installing-an-extension-manually) -- [How do I configure the marketplace URL?](#how-do-i-configure-the-marketplace-url) -- [Where are extensions stored?](#where-are-extensions-stored) -- [How is this different from VS Code Codespaces?](#how-is-this-different-from-vs-code-codespaces) - [How should I expose code-server to the internet?](#how-should-i-expose-code-server-to-the-internet) -- [Can I store my password hashed?](#can-i-store-my-password-hashed) -- [How do I securely access web services?](#how-do-i-securely-access-web-services) - - [Sub-paths](#sub-paths) - - [Sub-domains](#sub-domains) -- [Why does the code-server proxy strip `/proxy/` from the request path?](#why-does-the-code-server-proxy-strip-proxyport-from-the-request-path) - - [Proxying to Create React App](#proxying-to-create-react-app) -- [Multi-tenancy](#multi-tenancy) -- [Docker in code-server container?](#docker-in-code-server-container) -- [How can I disable telemetry?](#how-can-i-disable-telemetry) -- [How does code-server decide what workspace or folder to open?](#how-does-code-server-decide-what-workspace-or-folder-to-open) -- [How do I debug issues with code-server?](#how-do-i-debug-issues-with-code-server) -- [Heartbeat File](#heartbeat-file) -- [Healthz endpoint](#healthz-endpoint) +- [Can I use code-server on the iPad?](#can-i-use-code-server-on-the-ipad) - [How does the config file work?](#how-does-the-config-file-work) -- [Isn't an install script piped into sh insecure?](#isnt-an-install-script-piped-into-sh-insecure) - [How do I make my keyboard shortcuts work?](#how-do-i-make-my-keyboard-shortcuts-work) -- [How do I access my Documents/Downloads/Desktop folders in code-server on OSX?](#how-do-i-access-my-documentsdownloadsdesktop-folders-in-code-server-on-osx) -- [Differences compared to Theia?](#differences-compared-to-theia) -- [`$HTTP_PROXY`, `$HTTPS_PROXY`, `$NO_PROXY`](#http_proxy-https_proxy-no_proxy) +- [Why can't code-server use Microsoft's extension marketplace?](#why-cant-code-server-use-microsofts-extension-marketplace) +- [How can I request an extension that's missing from the marketplace?](#how-can-i-request-an-extension-thats-missing-from-the-marketplace) +- [How do I install an extension?](#how-do-i-install-an-extension) +- [How do I install an extension manually?](#how-do-i-install-an-extension-manually) +- [How do I use my own extensions marketplace?](#how-do-i-use-my-own-extensions-marketplace) +- [Where are extensions stored?](#where-are-extensions-stored) +- [How can I reuse my VS Code configuration?](#how-can-i-reuse-my-vs-code-configuration) +- [How does code-server decide what workspace or folder to open?](#how-does-code-server-decide-what-workspace-or-folder-to-open) +- [How do I access my Documents/Downloads/Desktop folders in code-server on macOS?](#how-do-i-access-my-documentsdownloadsdesktop-folders-in-code-server-on-macos) +- [How do I direct server-side requests through a proxy?](#how-do-i-direct-server-side-requests-through-a-proxy) +- [How do I debug issues with code-server?](#how-do-i-debug-issues-with-code-server) +- [What is the healthz endpoint?](#what-is-the-healthz-endpoint) +- [What is the heartbeat file?](#what-is-the-heartbeat-file) +- [How do I change the password?](#how-do-i-change-the-password) +- [Can I store my password hashed?](#can-i-store-my-password-hashed) +- [Is multi-tenancy possible?](#is-multi-tenancy-possible) +- [Can I use Docker in a code-server container?](#can-i-use-docker-in-a-code-server-container) +- [How do I disable telemetry?](#how-do-i-disable-telemetry) +- [What's the difference between code-server and Theia?](#whats-the-difference-between-code-server-and-theia) +- [What's the difference between code-server and VS Code Codespaces?](#whats-the-difference-between-code-server-and-vs-code-codespaces) - [Does code-server have any security login validation?](#does-code-server-have-any-security-login-validation) - [Enterprise](#enterprise) +- [Are there community projects involving code-server?](#are-there-community-projects-involving-code-server) ## Questions? -Please file all questions and support requests at . +Please file all questions and support requests at +. -## iPad Status? +## How should I expose code-server to the internet? -Please see [./ipad.md](./ipad.md). +Please see [our instructions on exposing code-server safely to the +internet](./guide.md). -## Community Projects (awesome-code-server) +## Can I use code-server on the iPad? -Visit the [awesome-code-server](https://github.com/cdr/awesome-code-server) repository to view community projects and guides with code-server! Feel free to add your own! +See [iPad](./ipad.md) for information on using code-server on the iPad. -## How can I reuse my VS Code configuration? +## How does the config file work? -The very popular [Settings Sync](https://marketplace.visualstudio.com/items?itemName=Shan.code-settings-sync) extension works. +When `code-server` starts up, it creates a default config file in `~/.config/code-server/config.yaml`: -You can also pass `--user-data-dir ~/.vscode` to reuse your existing VS Code extensions and configuration. +```yaml +bind-addr: 127.0.0.1:8080 +auth: password +password: mew...22 # Randomly generated for each config.yaml +cert: false +``` -Or copy `~/.vscode` into `~/.local/share/code-server`. +The default config defines the following behavior: -## Differences compared to VS Code? +- Listen on the loopback IP port 8080 +- Enable password authorization +- Do not use TLS -`code-server` takes the open source core of VS Code and allows you to run it in the browser. -However, it is not entirely equivalent to Microsoft's VS Code. +Each key in the file maps directly to a `code-server` flag (run `code-server --help` to see a listing of all the flags). Any flags passed to `code-server` +will take priority over the config file. -While the core of VS Code is open source, the marketplace and many published Microsoft extensions are not. +You can change the config file's location using the `--config` flag or +`$CODE_SERVER_CONFIG` environment variable. -Furthermore, Microsoft prohibits the use of any non-Microsoft VS Code from accessing their marketplace. +The default location respects `$XDG_CONFIG_HOME`. -See the [TOS](https://cdn.vsassets.io/v/M146_20190123.39/_content/Microsoft-Visual-Studio-Marketplace-Terms-of-Use.pdf). +## How do I make my keyboard shortcuts work? -> Marketplace Offerings are intended for use only with Visual Studio Products and Services -> and you may only install and use Marketplace Offerings with Visual Studio Products and Services. +Many shortcuts will not work by default, since they'll be "caught" by the browser. -As a result, we cannot offer any extensions on the Microsoft marketplace. Instead, -we have created our own marketplace for open source extensions. -It works by scraping GitHub for VS Code extensions and building them. It's not perfect but getting -better by the day with more and more extensions. +If you use Chrome, you can work around this by installing the progressive web +app (PWA): -These are the closed source extensions presently unavailable: +1. Start the editor +2. Click the **plus** icon in the URL toolbar to install the PWA -1. [Live Share](https://visualstudio.microsoft.com/services/live-share) - - We may implement something similar, see [#33](https://github.com/cdr/code-server/issues/33) -1. [Remote Extensions (SSH, Containers, WSL)](https://github.com/microsoft/vscode-remote-release) - - We may reimplement these at some point, see [#1315](https://github.com/cdr/code-server/issues/1315) +For other browsers, you'll have to remap keybindings for shortcuts to work. -For more about the closed source parts of VS Code, see [vscodium/vscodium](https://github.com/VSCodium/vscodium#why-does-this-exist). +## Why can't code-server use Microsoft's extension marketplace? -### Installing an extension +Though code-server takes the open-source core of VS Code and allows you to run +it in the browser, it is not entirely equivalent to Microsoft's VS Code. -Extensions can be installed from the marketplace using the extensions sidebar in +One major difference is in regards to extensions and the marketplace. The core +of VS code is open source, while the marketplace and many published Microsoft +extensions are not. Furthermore, Microsoft prohibits the use of any +non-Microsoft VS Code from accessing their marketplace. Per the [Terms of +Service](https://cdn.vsassets.io/v/M146_20190123.39/_content/Microsoft-Visual-Studio-Marketplace-Terms-of-Use.pdf): + +> Marketplace Offerings are intended for use only with Visual Studio Products +> and Services, and you may only install and use Marketplace Offerings with +> Visual Studio Products and Services. + +Because of this, we can't offer any extensions on Microsoft's marketplace. +Instead, we've created a marketplace offering open-source extensions. The +marketplace works by scraping GitHub for VS Code extensions and building them. + +These are the closed-source extensions that are presently unavailable: + +1. [Live Share](https://visualstudio.microsoft.com/services/live-share). We may + implement something similar (see + [#33](https://github.com/cdr/code-server/issues/33)) +1. [Remote Extensions (SSH, Containers, + WSL)](https://github.com/microsoft/vscode-remote-release). We may implement + these again at some point, see + ([#1315](https://github.com/cdr/code-server/issues/1315)). + +For more about the closed source portions of VS Code, see [vscodium/vscodium](https://github.com/VSCodium/vscodium#why-does-this-exist). + +## How can I request an extension that's missing from the marketplace? + +We are in the process of transitioning to [Open VSX](https://open-vsx.org/). +Once we've [implemented Open +VSX](https://github.com/eclipse/openvsx/issues/249), we can finalize this +transition. As such, we are not currently accepting new extension requests. + +In the meantime, we suggest: + +- [Switching to Open VSX](#how-do-i-configure-the-marketplace-url) now +- Downloading and [installing the extension manually](#installing-an-extension-manually) + +## How do I install an extension? + +You can install extensions from the marketplace using the extensions sidebar in code-server or from the command line: -```shell +```console code-server --install-extension # example: code-server --install-extension wesbos.theme-cobalt2 -``` -## How can I request a missing extension? - -We are currently in the process of transitioning to [Open VSX](https://open-vsx.org/). -Once -is implemented, we can fully make this transition. Therefore, we are no longer -accepting new requests for extension requests. - -Instead, we suggest one of the following: - -- [Switch to Open VSX](#how-do-i-configure-the-marketplace-url) now -- Download and [install the extension manually](#installing-an-extension-manually) - -## Installing an extension manually - -If an extension is not available from the marketplace or does not work, you can -grab its VSIX from its GitHub releases or build it yourself. - -Once you have downloaded the VSIX to the remote machine you can either: - -- Run the `Extensions: Install from VSIX` command in the Command Palette. -- Use `code-server --install-extension ` - -You can also download extensions from the command line. For instance, downloading off OpenVSX can be done like this: - -```shell -SERVICE_URL=https://open-vsx.org/vscode/gallery ITEM_URL=https://open-vsx.org/vscode/item code-server --install-extension -``` - -## How do I configure the marketplace URL? - -If you have your own marketplace that implements the VS Code Extension Gallery API, it is possible to -point code-server to it by setting `$SERVICE_URL` and `$ITEM_URL`. These correspond directly -to `serviceUrl` and `itemUrl` in VS Code's `product.json`. - -e.g. to use [open-vsx.org](https://open-vsx.org): - -```bash -export SERVICE_URL=https://open-vsx.org/vscode/gallery -export ITEM_URL=https://open-vsx.org/vscode/item -``` - -While you can technically use Microsoft's marketplace with these, please do not do so as it -is against their terms of use. See [above](#differences-compared-to-vs-code) and this -discussion regarding the use of the Microsoft URLs in forks: - - - -See also [VSCodium's docs](https://github.com/VSCodium/vscodium/blob/master/DOCS.md#extensions--marketplace). - -These variables are most valuable to our enterprise customers for whom we have a self hosted marketplace product. - -## Where are extensions stored? - -Defaults to `~/.local/share/code-server/extensions`. - -If the `XDG_DATA_HOME` environment variable is set the data directory will be -`$XDG_DATA_HOME/code-server/extensions`. In general we try to follow the XDG directory spec. - -You can install an extension on the CLI with: - -```bash # From the Coder extension marketplace code-server --install-extension ms-python.python @@ -164,281 +143,101 @@ code-server --install-extension ms-python.python code-server --install-extension downloaded-ms-python.python.vsix ``` -## How is this different from VS Code Codespaces? +## How do I install an extension manually? -VS Code Codespaces is a closed source and paid service by Microsoft. It also allows you to access -VS Code via the browser. +If there's an extension unavailable in the marketplace or an extension that +doesn't work, you can download the VSIX from its GitHub releases or build it +yourself. -However, code-server is free, open source and can be run on any machine without any limitations. +Once you have downloaded the VSIX to the remote machine, you can either: -While you can self host environments with VS Code Codespaces, you still need an Azure billing -account and you have to access VS Code via the Codespaces web dashboard instead of directly -connecting to your instance. +- Run the **Extensions: Install from VSIX** command in the Command Palette. +- Run `code-server --install-extension ` in the terminal -## How should I expose code-server to the internet? - -Please follow [./guide.md](./guide.md) for our recommendations on setting up and using code-server. - -code-server only supports password authentication natively. - -**note**: code-server will rate limit password authentication attempts at 2 a minute and 12 an hour. - -If you want to use external authentication (i.e sign in with Google) you should handle this -with a reverse proxy using something like [Pomerium](https://www.pomerium.io/guides/code-server.html), [oauth2_proxy](https://github.com/pusher/oauth2_proxy) -or [Cloudflare Access](https://teams.cloudflare.com/access). - -For HTTPS, you can use a self signed certificate by passing in just `--cert` or -pass in an existing certificate by providing the path to `--cert` and the path to -the key with `--cert-key`. - -The self signed certificate will be generated into -`~/.local/share/code-server/self-signed.crt`. - -If `code-server` has been passed a certificate it will also respond to HTTPS -requests and will redirect all HTTP requests to HTTPS. - -You can use [Let's Encrypt](https://letsencrypt.org/) to get a TLS certificate -for free. - -Again, please follow [./guide.md](./guide.md) for our recommendations on setting up and using code-server. - -## Can I store my password hashed? - -Yes you can! Set the value of `hashed-password` instead of `password`. Generate the hash with: +You can also download extensions using the command line. For instance, +downloading from OpenVSX can be done like this: ```shell -echo -n "thisismypassword" | npx argon2-cli -e -$argon2i$v=19$m=4096,t=3,p=1$wst5qhbgk2lu1ih4dmuxvg$ls1alrvdiwtvzhwnzcm1dugg+5dto3dt1d5v9xtlws4 +SERVICE_URL=https://open-vsx.org/vscode/gallery ITEM_URL=https://open-vsx.org/vscode/item code-server --install-extension ``` -Of course replace `thisismypassword` with your actual password and **remember to put it inside quotes**! +## How do I use my own extensions marketplace? -Example: +If you own a marketplace that implements the VS Code Extension Gallery API, you +can point code-server to it by setting `$SERVICE_URL` and `$ITEM_URL`. These correspond directly +to `serviceUrl` and `itemUrl` in VS Code's `product.json`. -```yaml -auth: password -hashed-password: "$argon2i$v=19$m=4096,t=3,p=1$wST5QhBgk2lu1ih4DMuxvg$LS1alrVdIWtvZHwnzCM1DUGg+5DTO3Dt1d5v9XtLws4" +For example, to use [open-vsx.org](https://open-vsx.org), run: + +```bash +export SERVICE_URL=https://open-vsx.org/vscode/gallery +export ITEM_URL=https://open-vsx.org/vscode/item ``` -## How do I securely access web services? +Though you can technically use Microsoft's marketplace in this manner, we +strongly discourage you from doing so since this is [against their Terms of Use](#why-cant-code-server-use-microsofts-extension-marketplace). -code-server is capable of proxying to any port using either a subdomain or a -subpath which means you can securely access these services using code-server's -built-in authentication. +For further information, see [this +discussion](https://github.com/microsoft/vscode/issues/31168#issue-244533026) +regarding the use of the Microsoft URLs in forks, as well as [VSCodium's +docs](https://github.com/VSCodium/vscodium/blob/master/DOCS.md#extensions--marketplace). -### Sub-paths +## Where are extensions stored? -Just browse to `/proxy//`. +Extensions are store, by default, to `~/.local/share/code-server/extensions`. -### Sub-domains +If you set the `XDG_DATA_HOME` environment variable, the data directory will be +`$XDG_DATA_HOME/code-server/extensions`. In general, we try to follow the XDG directory spec. -You will need a DNS entry that points to your server for each port you want to -access. You can either set up a wildcard DNS entry for `*.` if your domain -name registrar supports it or you can create one for every port you want to -access (`3000.`, `8080.`, etc). +## How can I reuse my VS Code configuration? -You should also set up TLS certificates for these subdomains, either using a -wildcard certificate for `*.` or individual certificates for each port. +You can use the [Settings +Sync](https://marketplace.visualstudio.com/items?itemName=Shan.code-settings-sync) +extension for this purpose. -Start code-server with the `--proxy-domain` flag set to your domain. - -``` -code-server --proxy-domain -``` - -Now you can browse to `.`. Note that this uses the host header so -ensure your reverse proxy forwards that information if you are using one. - -## Why does the code-server proxy strip `/proxy/` from the request path? - -HTTP servers should strive to use relative URLs to avoid needed to be coupled to the -absolute path at which they are served. This means you must use trailing slashes on all -paths with subpaths. See - -This is really the "correct" way things work and why the striping of the base path is the -default. If your application uses relative URLs and does not assume the absolute path at -which it is being served, it will just work no matter what port you decide to serve it off -or if you put it in behind code-server or any other proxy! - -However many people prefer the cleaner aesthetic of no trailing slashes. This couples you -to the base path as you cannot use relative redirects correctly anymore. See the above -link. - -For users who are ok with this tradeoff, use `/absproxy` instead and the path will be -passed as is. e.g. `/absproxy/3000/my-app-path` - -### Proxying to Create React App - -You must use `/absproxy/` with create-react-app. -See [#2565](https://github.com/cdr/code-server/issues/2565) and -[#2222](https://github.com/cdr/code-server/issues/2222). You will need to inform -create-react-app of the path at which you are serving via `$PUBLIC_URL` and webpack -via `$WDS_SOCKET_PATH`. - -e.g. - -```sh -PUBLIC_URL=/absproxy/3000 \ - WDS_SOCKET_PATH=$PUBLIC_URL/sockjs-node \ - BROWSER=none yarn start -``` - -Then visit `https://my-code-server-address.io/absproxy/3000` to see your app exposed through -code-server! - -Highly recommend using the subdomain approach instead to avoid this class of issue. - -## Multi-tenancy - -If you want to run multiple code-servers on shared infrastructure, we recommend using virtual -machines with a VM per user. This will easily allow users to run a docker daemon. If you want -to use kubernetes, you'll definitely want to use [kubevirt](https://kubevirt.io) or [sysbox](https://github.com/nestybox/sysbox) to give each -user a VM-like experience instead of just a container. - -## Docker in code-server container? - -If you'd like to access docker inside of code-server, mount the docker socket in from `/var/run/docker.sock`. -Install the docker CLI in the code-server container and you should be able to access the daemon! - -You can even make volume mounts work. Lets say you want to run a container and mount in -`/home/coder/myproject` into it from inside the `code-server` container. You need to make sure -the docker daemon's `/home/coder/myproject` is the same as the one mounted inside the `code-server` -container and the mount will just work. - -## How can I disable telemetry? - -Use the `--disable-telemetry` flag to completely disable telemetry. We use the -data collected only to improve code-server. +Alternatively, you can also pass `--user-data-dir ~/.vscode` or copy `~/.vscode` +into `~/.local/share/code-server` to reuse your existing VS Code extensions and +configuration. ## How does code-server decide what workspace or folder to open? -code-server tries the following in order: +code-server tries the following in this order: -1. The `workspace` query parameter. -2. The `folder` query parameter. -3. The workspace or directory passed on the command line. -4. The last opened workspace or directory. +1. The `workspace` query parameter +2. The `folder` query parameter +3. The workspace or directory passed via the command line +4. The last opened workspace or directory -## How do I debug issues with code-server? +## How do I access my Documents/Downloads/Desktop folders in code-server on macOS? -First run code-server with at least `debug` logging (or `trace` to be really -thorough) by setting the `--log` flag or the `LOG_LEVEL` environment variable. -`-vvv` and `--verbose` are aliases for `--log trace`. +Newer versions of macOS require permission through a non-UNIX mechanism for +code-server to access the Desktop, Documents, Pictures, Downloads, and other folders. -``` -code-server --log debug -``` +You may have to give Node.js full disk access, since it doesn't implement any of the macOS permission request features natively: -Once this is done, replicate the issue you're having then collect logging -information from the following places: - -1. The most recent files from `~/.local/share/code-server/coder-logs`. -2. The browser console. -3. The browser network tab. - -Additionally, collecting core dumps (you may need to enable them first) if -code-server crashes can be helpful. - -## Heartbeat File - -`code-server` touches `~/.local/share/code-server/heartbeat` once a minute as long -as there is an active browser connection. - -If you want to shutdown `code-server` if there hasn't been an active connection in X minutes -you can do so by continuously checking the last modified time on the heartbeat file and if it is -older than X minutes, kill `code-server`. - -[#1636](https://github.com/cdr/code-server/issues/1636) will make the experience here better. - -## Healthz endpoint - -`code-server` exposes an endpoint at `/healthz` which can be used to check -whether `code-server` is up without triggering a heartbeat. The response will -include a status (`alive` or `expired`) and a timestamp for the last heartbeat -(defaults to `0`). This endpoint does not require authentication. - -```json -{ - "status": "alive", - "lastHeartbeat": 1599166210566 -} -``` - -## How does the config file work? - -When `code-server` starts up, it creates a default config file in `~/.config/code-server/config.yaml` that looks -like this: - -```yaml -bind-addr: 127.0.0.1:8080 -auth: password -password: mewkmdasosafuio3422 # This is randomly generated for each config.yaml -cert: false -``` - -Each key in the file maps directly to a `code-server` flag. Run `code-server --help` to see -a listing of all the flags. - -The default config here says to listen on the loopback IP port 8080, enable password authorization -and no TLS. Any flags passed to `code-server` will take priority over the config file. - -The `--config` flag or `$CODE_SERVER_CONFIG` can be used to change the config file's location. - -The default location also respects `$XDG_CONFIG_HOME`. - -## Isn't an install script piped into sh insecure? - -Please give -[this wonderful blogpost](https://sandstorm.io/news/2015-09-24-is-curl-bash-insecure-pgp-verified-install) by -[sandstorm.io](https://sandstorm.io) a read. - -## How do I make my keyboard shortcuts work? - -Many shortcuts will not work by default as they'll be caught by the browser. - -If you use Chrome you can get around this by installing the PWA. - -Once you've entered the editor, click the "plus" icon present in the URL toolbar area. -This will install a Chrome PWA and now all keybindings will work! - -For other browsers you'll have to remap keybindings unfortunately. - -## How do I access my Documents/Downloads/Desktop folders in code-server on OSX? - -Newer versions of macOS require permission through a non-UNIX mechanism for access to the Desktop, Documents, Pictures, Downloads, and other folders. - -You may have to give Node "full disk access" since it doesn't implement any of the macOS permission request stuff natively. - -1. Find where Node is installed on your machine +1. Find where Node.js is installed on your machine ```console - ➜ ~ which node + $ which node /usr/local/bin/node ``` -1. Grant Node Full Disk Access: +2. Grant Node.js full disk access. Open **System Preferences** > **Security & + Privacy** > **Privacy** > **Full Disk Access**. Then, click the 🔒 to unlock, + click **+**, and select the Node.js binary you located in the previous step. -Open System Preferences > Security & Privacy > Privacy (horizontal) tab > Full Disk Access (vertical) tab > Click the 🔒 to unlock > Click + and select the Node binary you located. +See [#2794](https://github.com/cdr/code-server/issues/2794) for additional context. -See [#2794](https://github.com/cdr/code-server/issues/2794) for context on this. +## How do I direct server-side requests through a proxy? -## Differences compared to Theia? +> code-server proxies only server-side requests. -[Theia](https://github.com/eclipse-theia/theia) is a browser IDE loosely based on VS Code. It uses the same -text editor library named [Monaco](https://github.com/Microsoft/monaco-editor) and the same -extension API but everything else is very different. It also uses [open-vsx.org](https://open-vsx.org) -for extensions which has an order of magnitude less extensions than our marketplace. -See [#1473](https://github.com/cdr/code-server/issues/1473). +To direct server-side requests through a proxy, code-server supports the +following environment variables: -You can't just use your VS Code config in Theia like you can with code-server. - -To summarize, code-server is a patched fork of VS Code to run in the browser whereas -Theia takes some parts of VS Code but is an entirely different editor. - -## `$HTTP_PROXY`, `$HTTPS_PROXY`, `$NO_PROXY` - -code-server supports the standard environment variables to allow directing -server side requests through a proxy. +- `$HTTP_PROXY` +- `$HTTPS_PROXY` +- `$NO_PROXY` ```sh export HTTP_PROXY=https://134.8.5.4 @@ -448,16 +247,150 @@ export HTTPS_PROXY=https://134.8.5.4 code-server ``` -- See [proxy-from-env](https://www.npmjs.com/package/proxy-from-env#environment-variables) - for a detailed reference on the various environment variables and their syntax. - - code-server only uses the `http` and `https` protocols. -- See [proxy-agent](https://www.npmjs.com/package/proxy-agent) for the various supported - proxy protocols. +- See + [proxy-from-env](https://www.npmjs.com/package/proxy-from-env#environment-variables) + for a detailed reference on these environment variables and their syntax (note + that code-server only uses the `http` and `https` protocols). +- See [proxy-agent](https://www.npmjs.com/package/proxy-agent) for information + on on the supported proxy protocols. -**note**: Only server side requests will be proxied! This includes fetching extensions, -requests made from extensions etc. To proxy requests from your browser you need to -configure your browser separately. Browser requests would cover exploring the extension -marketplace. +## How do I debug issues with code-server? + +First, run code-server with the `debug` logging (or `trace` to be really +thorough) by setting the `--log` flag or the `LOG_LEVEL` environment variable. +`-vvv` and `--verbose` are aliases for `--log trace`. + +First, run code-server with `debug` logging (or `trace` logging for more +thorough messages) by setting the `--log` flag or the `LOG_LEVEL` environment +variable. + +```text +code-server --log debug +``` + +> Note that the `-vvv` and `--verbose` flags are aliases for `--log trace`. + +Next, replicate the issue you're having so that you can collect logging +information from the following places: + +1. The most recent files from `~/.local/share/code-server/coder-logs` +2. The browser console +3. The browser network tab + +Additionally, collecting core dumps (you may need to enable them first) if +code-server crashes can be helpful. + +## What is the healthz endpoint? + +You can use the `/healthz` endpoint exposed by code-server to check whether +code-server is running without triggering a heartbeat. The response includes a +status (e.g., `alive` or `expired`) and a timestamp for the last heartbeat +(the default is `0`). + +```json +{ + "status": "alive", + "lastHeartbeat": 1599166210566 +} +``` + +This endpoint doesn't require authentication. + +## What is the heartbeat file? + +As long as there is an active browser connection, code-server touches +`~/.local/share/code-server/heartbeat` once a minute. + +If you want to shutdown code-server if there hasn't been an active connection +after a predetermined amount of time, you can do so by checking continuously for +the last modified time on the heartbeat file. If it is older than X minutes (or +whatever amount of time you'd like), you can kill code-server. + +Eventually, [#1636](https://github.com/cdr/code-server/issues/1636) will make +this process better. + +## How do I change the password? + +Edit the `password` field in the code-server config file at +`~/.config/code-server/config.yaml`, then restart code-server: + +```bash +sudo systemctl restart code-server@$USER +``` + +## Can I store my password hashed? + +Yes, you can do so by setting the value of `hashed-password` instead of `password`. Generate the hash with: + +```shell +echo -n "thisismypassword" | npx argon2-cli -e +$argon2i$v=19$m=4096,t=3,p=1$wst5qhbgk2lu1ih4dmuxvg$ls1alrvdiwtvzhwnzcm1dugg+5dto3dt1d5v9xtlws4 +``` + +Replace `thisismypassword` with your actual password and **remember to put it +inside quotes**! For example: + +```yaml +auth: password +hashed-password: "$argon2i$v=19$m=4096,t=3,p=1$wST5QhBgk2lu1ih4DMuxvg$LS1alrVdIWtvZHwnzCM1DUGg+5DTO3Dt1d5v9XtLws4" +``` + +The `hashed-password` field takes precedence over `password`. + +## Is multi-tenancy possible? + +If you want to run multiple code-servers on shared infrastructure, we recommend +using virtual machines (provide one VM per user). This will easily allow users +to run a Docker daemon. If you want to use Kubernetes, you'll want to +use [kubevirt](https://kubevirt.io) or +[sysbox](https://github.com/nestybox/sysbox) to give each user a VM-like +experience instead of just a container. + +## Can I use Docker in a code-server container? + +If you'd like to access Docker inside of code-server, mount the Docker socket in +from `/var/run/docker.sock`. Then, install the Docker CLI in the code-server +container, and you should be able to access the daemon. + +You can even make volume mounts work. Let's say you want to run a container and +mount into `/home/coder/myproject` from inside the `code-server` container. You +need to make sure the Docker daemon's `/home/coder/myproject` is the same as the +one mounted inside the `code-server` container, and the mount will work. + +## How do I disable telemetry? + +Use the `--disable-telemetry` flag to disable telemetry. + +> We use the data collected only to improve code-server. + +## What's the difference between code-server and Theia? + +At a high level, code-server is a patched fork of VS Code that runs in the +browser whereas Theia takes some parts of VS Code but is an entirely different +editor. + +[Theia](https://github.com/eclipse-theia/theia) is a browser IDE loosely based +on VS Code. It uses the same text editor library +([Monaco](https://github.com/Microsoft/monaco-editor)) and extension API, but +everything else is different. Theia also uses [Open VSX](https://open-vsx.org) +for extensions. + +Theia doesn't allow you to reuse your existing VS Code config. + +## What's the difference between code-server and VS Code Codespaces? + +Both code-server and VS Code Codespaces allow you to access VS Code via a +browser. + +VS Code Codespaces, however, is a closed-source, paid service offered by +Microsoft. While you can self-host environments with VS Code Codespaces, you +still need an Azure billing account, and you must access VS Code via the +Codespaces web dashboard instead of connecting directly to it. + +On the other hand, code-server is free, open-source, and can be run on any +machine with few limitations. + +<<<<<<< HEAD ## Does code-server have any security login validation? @@ -465,5 +398,12 @@ code-server only supports a single password and limits logins to two per minute ## Enterprise -Visit [our enterprise page](https://coder.com) for more information about our -enterprise offerings. +======= + +## Are there community projects involving code-server? + +> > > > > > > Edit code-server docs + +Visit the [awesome-code-server](https://github.com/cdr/awesome-code-server) +repository to view community projects and guides with code-server! Feel free to +add your own! diff --git a/docs/MAINTAINING.md b/docs/MAINTAINING.md index a36281bc..0bdfc91a 100644 --- a/docs/MAINTAINING.md +++ b/docs/MAINTAINING.md @@ -2,130 +2,157 @@ # Maintaining -- [Maintaining](#maintaining) - - [Workflow](#workflow) - - [Milestones](#milestones) - - [Triage](#triage) - - [Project Boards](#project-boards) - - [Versioning](#versioning) - - [Pull Requests](#pull-requests) - - [Merge Strategies](#merge-strategies) - - [Changelog](#changelog) - - [Release](#release) - - [Release Manager Rotation](#release-manager-rotation) - - [Publishing a release](#publishing-a-release) +- [Workflow](#workflow) + - [Milestones](#milestones) + - [Triage](#triage) + - [Project boards](#project-boards) +- [Versioning](#versioning) +- [Pull requests](#pull-requests) + - [Merge strategies](#merge-strategies) + - [Changelog](#changelog) +- [Releases](#releases) + - [Publishing a release](#publishing-a-release) -# Maintaining - Current maintainers: - @code-asher - @oxy - @jsjoeio -This document is meant to serve current and future maintainers of code-server, but also share openly our workflow for maintaining the project. +This document is meant to serve current and future maintainers of code-server, +as well as share our workflow for maintaining the project. ## Workflow -The workflow used by code-server maintainers is one that aims to be easy to understood by the community and easy enough for new maintainers to jump in and start contributing on day one. +The workflow used by code-server maintainers aims to be easy to understood by +the community and easy enough for new maintainers to jump in and start +contributing on day one. ### Milestones -We operate mainly using [milestones](https://github.com/cdr/code-server/milestones). This was heavily inspired by our friends over at [vscode](https://github.com/microsoft/vscode). +We operate mainly using +[milestones](https://github.com/cdr/code-server/milestones). This was heavily +inspired by our friends over at [vscode](https://github.com/microsoft/vscode). Here are the milestones we use and how we use them: - "Backlog" -> Work not yet planned for a specific release. - "On Deck" -> Work under consideration for upcoming milestones. -- "Backlog Candidates" -> Work that is not yet accepted for the backlog. We wait for the community to weigh in. -- "<0.0.0>" -> Work to be done for that version. +- "Backlog Candidates" -> Work that is not yet accepted for the backlog. We wait + for the community to weigh in. +- "<0.0.0>" -> Work to be done for a specific version. -With this flow, any un-assigned issues are essentially in triage state and once triaged are either "Backlog" or "Backlog Candidates". They will eventually move to "On Deck" (or be closed). Lastly, they will end up on a version milestone where they will be worked on. +With this flow, any un-assigned issues are essentially in triage state. Once +triaged, issues are either "Backlog" or "Backlog Candidates". They will +eventually move to "On Deck" (or be closed). Lastly, they will end up on a +version milestone where they will be worked on. ### Triage We use the following process for triaging GitHub issues: -1. a submitter creates an issue -1. add appropriate labels - 1. if we need to look into it further, add "needs-investigation" -1. add to milestone - 1. if it should be fixed soon, add to version milestone or "On Deck" - 1. if not urgent, add to "Backlog" - 1. otherwise, add to "Backlog Candidate" if it should be considered +1. Create an issue +1. Add appropriate labels to the issue (including "needs-investigation" if we + should look into it further) +1. Add the issue to a milestone + 1. If it should be fixed soon, add to version milestone or "On Deck" + 2. If not urgent, add to "Backlog" + 3. Otherwise, add to "Backlog Candidate" for future consideration -### Project Boards +### Project boards We use project boards for projects or goals that span multiple milestones. -Think of this as a place to put miscellaneous things (like testing, clean up stuff, etc). As a maintainer, random todos may come up here and there. This gives you a place to add notes temporarily before opening a new issue. Given that our release milestones function off of issues, we believe tasks should have dedicated issues. +Think of this as a place to put miscellaneous things (like testing, clean up +stuff, etc). As a maintainer, random tasks may come up here and there. The +project boards give you places to add temporary notes before opening a new +issue. Given that our release milestones function off of issues, we believe +tasks should have dedicated issues. -It also gives us a way to separate the issue triage from bigger-picture, long-term work. +Project boards also give us a way to separate the issue triage from +bigger-picture, long-term work. ## Versioning `` -The code-server project follows traditional [semantic versioning](https://semver.org/), with the objective of minimizing major changes that break backward compatibility. We increment the patch level for all releases, except when the upstream Visual Studio Code project increments its minor version or we change the plugin API in a backward-compatible manner. In those cases, we increment the minor version rather than the patch level. +The code-server project follows traditional [semantic +versioning](https://semver.org/), with the objective of minimizing major changes +that break backward compatibility. We increment the patch level for all +releases, except when the upstream Visual Studio Code project increments its +minor version or we change the plugin API in a backward-compatible manner. In +those cases, we increment the minor version rather than the patch level. -## Pull Requests +## Pull requests -Ideally, every PR should fix an issue. If it doesn't, make sure it's associated with a version milestone. +Ideally, every PR should fix an issue. If it doesn't, make sure it's associated +with a version milestone. -If a PR does fix an issue, don't add it to the version milestone. Otherwise, the version milestone will have duplicate information: the issue & the PR fixing the issue. +If a PR does fix an issue, don't add it to the version milestone. Otherwise, the +version milestone will have duplicate information: the issue and the PR fixing +the issue. -### Merge Strategies +### Merge strategies -For most things, we recommend "Squash and Merge". If you're updating `lib/vscode`, we suggest using the "Rebase and Merge" strategy. There may be times where "Create a merge commit" makes sense as well. Use your best judgement. If you're unsure, you can always discuss in the PR with the team. -The code-server project follows traditional [semantic versioning](ttps://semver.org/), with the objective of minimizing major changes that break backward compatibility. We increment the patch level for all releases, except when the upstream Visual Studio Code project increments its minor version or we change the plugin API in a backward-compatible manner. In those cases, we increment the minor version rather than the patch level. +For most things, we recommend the **squash and merge** strategy. If you're +updating `lib/vscode`, we suggest using the **rebase and merge** strategy. There +may be times where **creating a merge commit** makes sense as well. Use your +best judgment. If you're unsure, you can always discuss in the PR with the team. ### Changelog -To save time when creating a new release for code-server, we keep a running changelog at `CHANGELOG.md`. +To save time when creating a new release for code-server, we keep a running +changelog at `CHANGELOG.md`. -If either author or reviewer of a PR believe the change should be mentioned in the `CHANGELOG`, then it should be added. +If either the author or reviewer of a PR believes the change should be mentioned +in the changelog, then it should be added. -If there is not a "Next Version" when you modify `CHANGELOG`, please add it using the template you see near the top of `CHANGELOG`. +If there is not a **Next Version** when you modify `CHANGELOG.md`, please add it +using the template you see near the top of the changelog. -As for what you should write for your changelog item, we should asking yourself these two questions: +When writing your changelog item, ask yourself: 1. How do these changes affect code-server users? -2. What actions do they need to take? (if any) +2. What actions do they need to take (if any)? -If you need inspiration, we suggest looking at the [Emacs changelog](https://github.com/emacs-mirror/emacs/blob/master/etc/NEWS). +If you need inspiration, we suggest looking at the [Emacs +changelog](https://github.com/emacs-mirror/emacs/blob/master/etc/NEWS). -## Release +## Releases -### Release Manager Rotation - -With each release, we rotate the role of "release manager" to ensure every maintainer goes through the process. This helps us keep documentation up-to-date and encourages us to continually review and improve the flow with each set of eyes. +With each release, we rotate the role of release manager to ensure every +maintainer goes through the process. This helps us keep documentation up-to-date +and encourages us to continually review and improve the flow. If you're the current release manager, follow these steps: 1. Create a [release issue](../.github/ISSUE_TEMPLATE/release.md) -2. Fill out checklist -3. After release is published, close release milestone +1. Fill out checklist +1. Publish the release +1. After release is published, close release milestone ### Publishing a release -1. Run `yarn release:prep` and type in the new version i.e. 3.8.1 -2. GitHub actions will generate the `npm-package`, `release-packages` and `release-images` artifacts. - 1. You do not have to wait for these. -3. Run `yarn release:github-draft` to create a GitHub draft release from the template with - the updated version. - 1. Summarize the major changes in the release notes and link to the relevant issues. - 2. Change the @ to target the version branch. Example: `v3.9.0 @ Target: v3.9.0` -4. Wait for the artifacts in step 2 to build. -5. Run `yarn release:github-assets` to download the `release-packages` artifact. - - It will upload them to the draft release. -6. Run some basic sanity tests on one of the released packages. - - Especially make sure the terminal works fine. -7. Publish the release and merge the PR. - 1. CI will automatically grab the artifacts and then: - 1. Publish the NPM package from `npm-package`. - 2. Publish the Docker Hub image from `release-images`. -8. Update the AUR package. - - Instructions on updating the AUR package are at [cdr/code-server-aur](https://github.com/cdr/code-server-aur). -9. Wait for the npm package to be published. +1. Run `yarn release:prep` and type in the new version (e.g., `3.8.1`) +1. GitHub Actions will generate the `npm-package`, `release-packages` and + `release-images` artifacts. You do not have to wait for this step to complete + before proceeding. +1. Run `yarn release:github-draft` to create a GitHub draft release from the + template with the updated version. +1. Summarize the major changes in the release notes and link to the relevant + issues. +1. Change the @ to target the version branch. Example: `v3.9.0 @ Target: v3.9.0` +1. Wait for the `npm-package`, `release-packages` and `release-images` artifacts + to build. +1. Run `yarn release:github-assets` to download the `release-packages` artifact. + They will upload them to the draft release. +1. Run some basic sanity tests on one of the released packages (pay special + attention to making sure the terminal works). +1. Publish the release and merge the PR. CI will automatically grab the + artifacts, publish the NPM package from `npm-package`, and publish the Docker + Hub image from `release-images`. +1. Update the AUR package. Instructions for updating the AUR package are at + [cdr/code-server-aur](https://github.com/cdr/code-server-aur). +1. Wait for the npm package to be published. diff --git a/docs/README.md b/docs/README.md index a62ed2b3..7089ab9b 100644 --- a/docs/README.md +++ b/docs/README.md @@ -2,7 +2,8 @@ [!["GitHub Discussions"](https://img.shields.io/badge/%20GitHub-%20Discussions-gray.svg?longCache=true&logo=github&colorB=purple)](https://github.com/cdr/code-server/discussions) [!["Join us on Slack"](https://img.shields.io/badge/join-us%20on%20slack-gray.svg?longCache=true&logo=slack&colorB=brightgreen)](https://cdr.co/join-community) [![Twitter Follow](https://img.shields.io/twitter/follow/CoderHQ?label=%40CoderHQ&style=social)](https://twitter.com/coderhq) [![codecov](https://codecov.io/gh/cdr/code-server/branch/main/graph/badge.svg?token=5iM9farjnC)](https://codecov.io/gh/cdr/code-server) [![See v3.10.2 docs](https://img.shields.io/static/v1?label=Docs&message=see%20v3.10.2%20&color=blue)](https://github.com/cdr/code-server/tree/v3.10.2/docs) -Run [VS Code](https://github.com/Microsoft/vscode) on any machine anywhere and access it in the browser. +Run [VS Code](https://github.com/Microsoft/vscode) on any machine anywhere and +access it in the browser. ![Screenshot](./assets/screenshot.png) @@ -10,26 +11,31 @@ Run [VS Code](https://github.com/Microsoft/vscode) on any machine anywhere and a - Code on any device with a consistent development environment - Use cloud servers to speed up tests, compilations, downloads, and more -- Preserve battery life when you're on the go; all intensive tasks run on your server +- Preserve battery life when you're on the go; all intensive tasks run on your + server ## Requirements -For a good experience, we recommend at least: +See [requirements](requirements.md) for minimum specs, as well as instructions +on how to set up a Google VM on which you can install code-server. -- 1 GB of RAM -- 2 cores +**TL;DR:** Linux machine with WebSockets enabled, 1 GB RAM, and 2 CPUs -You can use whatever linux distribution floats your boat but in our [guide](https://coder.com/docs/code-server/v3.10.2/guide) we assume Debian on Google Cloud. +## Getting started -## Getting Started +There are three ways to get started: -There are three ways you can get started: +1. Using the [install + script](https://github.com/cdr/code-server/blob/main/install.sh), which + automates most of the process. The script uses the system package manager if + possible. +2. Manually [installing + code-server](https://coder.com/docs/code-server/v3.10.2/install) +3. Using our one-click buttons and guides to [deploy code-server to a cloud + provider](https://github.com/cdr/deploy-code-server) ⚡ -1. Using the [install script](https://github.com/cdr/code-server/blob/main/install.sh), which automates most of the process. The script uses the system package manager (if possible) -2. Manually installing code-server; see [Installation](https://coder.com/docs/code-server/v3.10.2/install) for instructions applicable to most use cases -3. Use our one-click buttons and guides to [deploy code-server to a popular cloud provider](https://github.com/cdr/deploy-code-server) ⚡ - -If you choose to use the install script, you can preview what occurs during the install process: +If you use the install script, you can preview what occurs during the install +process: ```bash curl -fsSL https://code-server.dev/install.sh | sh -s -- --dry-run @@ -41,37 +47,43 @@ To install, run: curl -fsSL https://code-server.dev/install.sh | sh ``` -When done, the install script prints out instructions for running and starting code-server. +When done, the install script prints out instructions for running and starting +code-server. -We also have an in-depth [setup and configuration](https://coder.com/docs/code-server/v3.10.2/guide) guide. +We also have an in-depth [setup and +configuration](https://coder.com/docs/code-server/v3.10.2/guide) guide. ### code-server --link -We're working on a cloud platform that makes deploying and managing code-server easier. -Consider running code-server with the beta flag `--link` if you don't want to worry about +We're working on a cloud platform that makes deploying and managing code-server +easier. Consider running code-server with the beta flag `--link` if you don't +want to worry about: - TLS - Authentication -- Port Forwarding +- Port forwarding ```bash $ code-server --link -Proxying code-server, you can access your IDE at https://valmar-jon.cdr.co +Proxying code-server, you can access your IDE at https://example.cdr.co ``` -## FAQ +## Questions? -See [./FAQ.md](https://coder.com/docs/code-server/v3.10.2/FAQ). +See answers to [frequently asked +questions](https://coder.com/docs/code-server/v3.10.2/FAQ). ## Want to help? -See [CONTRIBUTING](https://coder.com/docs/code-server/v3.10.2/CONTRIBUTING) for details. +See [Contributing](https://coder.com/docs/code-server/v3.10.2/CONTRIBUTING) for +details. ## Hiring -Interested in [working at Coder](https://coder.com/careers)? Check out [our open positions](https://coder.com/careers#openings)! +Interested in [working at Coder](https://coder.com/careers)? Check out [our open +positions](https://coder.com/careers#openings)! ## For Organizations -Want remote development for your organization or enterprise? Visit -[our website](https://coder.com) to learn more about Coder. +Want remote development for your organization or enterprise? Visit [our +website](https://coder.com) to learn more about Coder. diff --git a/docs/SECURITY.md b/docs/SECURITY.md index c4e24ddf..bb7fc717 100644 --- a/docs/SECURITY.md +++ b/docs/SECURITY.md @@ -1,24 +1,30 @@ # Security Policy -The code-server team (and Coder, the organization) care a lot about keeping the project secure and safe for end-users. +Coder and the code-server team want to keep the code-server project secure and safe for end-users. ## Tools -We use a combination of tools to help us stay on top of vulnerabilities. +We use the following tools to help us stay on top of vulnerability mitigation. - [dependabot](https://dependabot.com/) - - Submits pull requests to upgrade dependencies. We use dependabot's version upgrades as well as security updates. + - Submits pull requests to upgrade dependencies. We use dependabot's version + upgrades as well as security updates. - code-scanning - [CodeQL](https://securitylab.github.com/tools/codeql/) - - Semantic code analysis engine that runs on a regular schedule (see `codeql-analysis.yml`) + - Semantic code analysis engine that runs on a regular schedule (see + `codeql-analysis.yml`) - [trivy](https://github.com/aquasecurity/trivy) - - Comprehensive vulnerability scanner that runs on PRs into the default branch and scans both our container image and repository code (see `trivy-scan-repo` and `trivy-scan-image` jobs in `ci.yaml`) + - Comprehensive vulnerability scanner that runs on PRs into the default + branch and scans both our container image and repository code (see + `trivy-scan-repo` and `trivy-scan-image` jobs in `ci.yaml`) - [`audit-ci`](https://github.com/IBM/audit-ci) - - Audits npm and Yarn dependencies in CI (see "Audit for vulnerabilities" step in `ci.yaml`) on PRs into the default branch and fails CI if moderate or higher vulnerabilities(see the `audit.sh` script) are present. + - Audits npm and Yarn dependencies in CI (see `Audit for vulnerabilities` step + in `ci.yaml`) on PRs into the default branch and fails CI if moderate or + higher vulnerabilities (see the `audit.sh` script) are present. ## Supported Versions -Coder sponsors development and maintenance of the code-server project. We will fix security issues within 90 days of receiving a report, and publish the fix in a subsequent release. The code-server project does not provide backports or patch releases for security issues at this time. +Coder sponsors the development and maintenance of the code-server project. We will fix security issues within 90 days of receiving a report and publish the fix in a subsequent release. The code-server project does not provide backports or patch releases for security issues at this time. | Version | Supported | | ----------------------------------------------------- | ------------------ | @@ -26,4 +32,4 @@ Coder sponsors development and maintenance of the code-server project. We will f ## Reporting a Vulnerability -To report a vulnerability, please send an email to security[@]coder.com and our security team will respond to you. +To report a vulnerability, please send an email to security[@]coder.com, and our security team will respond to you. diff --git a/docs/guide.md b/docs/guide.md index b7b2ab87..014fcbc9 100644 --- a/docs/guide.md +++ b/docs/guide.md @@ -2,186 +2,124 @@ # Setup Guide -- [1. Acquire a remote machine](#1-acquire-a-remote-machine) - - [Requirements](#requirements) - - [Google Cloud](#google-cloud) -- [2. Install code-server](#2-install-code-server) -- [3. Expose code-server](#3-expose-code-server) - - [SSH forwarding](#ssh-forwarding) - - [Let's Encrypt](#lets-encrypt) - - [NGINX](#nginx) +- [Expose code-server](#expose-code-server) + - [Port forwarding via SSH](#port-forwarding-via-ssh) + - [Using Let's Encrypt with Caddy](#using-lets-encrypt-with-caddy) + - [Using Let's Encrypt with NGINX](#using-lets-encrypt-with-nginx) + - [Using a self-signed certificate](#using-a-self-signed-certificate) +- [External authentication](#external-authentication) +- [HTTPS](#https) - [Self Signed Certificate](#self-signed-certificate) - - [Change the password?](#change-the-password) - - [How do I securely access development web services?](#how-do-i-securely-access-development-web-services) + - [Using a subdomain](#using-a-subdomain) + - [Using a subpath](#using-a-subpath) + - [Stripping `/proxy/` from the request path](#stripping-proxyport-from-the-request-path) + - [Proxying to create a React app](#proxying-to-create-a-react-app) -This guide demonstrates how to setup and use `code-server`. -To reiterate, `code-server` lets you run VS Code on a remote server and then access it via a browser. +This article will walk you through exposing code-server securely once you've +completed the [installation process](install.md). -Further docs are at: +## Expose code-server -- [README](../README.md) for a general overview -- [INSTALL](../docs/install.md) for installation -- [FAQ](./FAQ.md) for common questions. -- [CONTRIBUTING](../docs/CONTRIBUTING.md) for development docs +**Never** expose code-server directly to the internet without some form of +authentication and encryption, otherwise someone can take over your machine via +the terminal. -We highly recommend reading the [FAQ](./FAQ.md) on the [Differences compared to VS Code](./FAQ.md#differences-compared-to-vs-code) before beginning. +By default, code-server uses password authentication. As such, you must copy the +password from code-server's config file to log in. To avoid exposing itself +unnecessarily, code-server listens on `localhost`; this practice is fine for +testing, but it doesn't work if you want to access code-server from a different +machine. -We'll walk you through acquiring a remote machine to run `code-server` on -and then exposing `code-server` so you can securely access it. +> **Rate limits:** code-server rate limits password authentication attempts to +> two per minute and twelve per hour. -## 1. Acquire a remote machine +There are several approaches to operating and exposing code-server securely: -First, you need a machine to run `code-server` on. You can use a physical -machine you have lying around or use a VM on GCP/AWS. +- Port forwarding via SSH +- Using Let's Encrypt with Caddy +- Using Let's Encrypt with NGINX +- Using a self-signed certificate -### Requirements +### Port forwarding via SSH -For a good experience, we recommend at least: +We highly recommend using [port forwarding via +SSH](https://help.ubuntu.com/community/SSH/OpenSSH/PortForwarding) to access +code-server. If you have an SSH server on your remote machine, this approach +doesn't required additional setup. -- 1 GB of RAM -- 2 cores +The downside to SSH forwarding, however, is that you can't access code-server +when using machines without SSH clients (such as iPads). If this applies to you, +we recommend using another method, such as [Let's Encrypt](#let-encrypt) instead. -You can use whatever linux distribution floats your boat but in this guide we assume Debian on Google Cloud. +> To work properly, your environment should have WebSockets enabled, which +> code-server uses to communicate between the browser and server. -In order to work properly, your environment should have WebSockets enabled, which code-server uses to communicate between the browser and server +1. SSH into your instance and edit the code-server config file to disable + password authentication: -### Google Cloud + ```console + # Replaces "auth: password" with "auth: none" in the code-server config. + sed -i.bak 's/auth: password/auth: none/' ~/.config/code-server/config.yaml + ``` -For demonstration purposes, this guide assumes you're using a VM on GCP but you should be -able to easily use any machine or VM provider. +2. Restart code-server: -You can sign up at https://console.cloud.google.com/getting-started. You'll get a 12 month \$300 -free trial. + ```console + sudo systemctl restart code-server@$USER + ``` -Once you've signed up and created a GCP project, create a new Compute Engine VM Instance. +3. Forward local port `8080` to `127.0.0.1:8080` on the remote instance by running the following command on your local machine: -1. Navigate to `Compute Engine -> VM Instances` on the sidebar. -2. Now click `Create Instance` to create a new instance. -3. Name it whatever you want. -4. Choose the region closest to you based on [gcping.com](http://www.gcping.com). -5. Any zone is fine. -6. We'd recommend a `E2` series instance from the General-purpose family. - - Change the type to custom and set at least 2 cores and 2 GB of ram. - - Add more vCPUs and memory as you prefer, you can edit after creating the instance as well. - - https://cloud.google.com/compute/docs/machine-types#general_purpose -7. We highly recommend switching the persistent disk to an SSD of at least 32 GB. - - Click `Change` under `Boot Disk` and change the type to `SSD Persistent Disk` and the size - to `32`. - - You can always grow your disk later. -8. Navigate to `Networking -> Network interfaces` and edit the existing interface - to use a static external IP. - - Click done to save network interface changes. -9. If you do not have a [project wide SSH key](https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys#project-wide), navigate to `Security -> SSH Keys` and add your public key there. -10. Click create! + ```console + # -N disables executing a remote shell + ssh -N -L 8080:127.0.0.1:8080 [user]@ + ``` -Remember, you can shutdown your server when not in use to lower costs. +4. At this point, you can access code-server by pointing your web browser to `http://127.0.0.1:8080`. -We highly recommend learning to use the [`gcloud`](https://cloud.google.com/sdk/gcloud) cli -to avoid the slow dashboard. +5. If you'd like to make the port forwarding via SSH persistent, we recommend + using [mutagen](https://mutagen.io/documentation/introduction/installation) + to do so. Once you've installed mutagen, you can port forward as follows: -## 2. Install code-server + ```console + # This is the same as the above SSH command, but it runs in the background + # continuously. Be sure to add `mutagen daemon start` to your ~/.bashrc to + # start the mutagen daemon when you open a shell. + + mutagen forward create --name=code-server tcp:127.0.0.1:8080 < instance-ip > :tcp:127.0.0.1:8080 + ``` -We have a [script](../install.sh) to install `code-server` for Linux, macOS and FreeBSD. +6. Optional, but highly recommended: add the following to `~/.ssh/config` so + that you can detect bricked SSH connections: -It tries to use the system package manager if possible. + ```bash + Host * + ServerAliveInterval 5 + ExitOnForwardFailure yes + ``` -First run to print out the install process: +> You can [forward your +> SSH](https://developer.github.com/v3/guides/using-ssh-agent-forwarding/) and +> [GPG agent](https://wiki.gnupg.org/AgentForwarding) to the instance to +> securely access GitHub and sign commits without having to copy your keys. -```bash -curl -fsSL https://code-server.dev/install.sh | sh -s -- --dry-run -``` +### Using Let's Encrypt with Caddy -Now to actually install: +Using [Let's Encrypt](https://letsencrypt.org) is an option if you want to +access code-server on an iPad or do not want to use SSH port forwarding. -```bash -curl -fsSL https://code-server.dev/install.sh | sh -``` +1. This option requires that the remote machine be exposed to the internet. Make sure that your instance allows HTTP/HTTP traffic. -The install script will print out how to run and start using `code-server`. +1. You'll need a domain name (if you don't have one, you can purchase one from + [Google Domains](https://domains.google.com) or the domain service of your + choice)). Once you have a domain name, add an A record to your domain that contains your + instance's IP address. -Docs on the install script, manual installation and docker image are at [./install.md](./install.md). +1. Install [Caddy](https://caddyserver.com/docs/download#debian-ubuntu-raspbian): -## 3. Expose code-server - -**Never**, **ever** expose `code-server` directly to the internet without some form of authentication -and encryption as someone can completely takeover your machine with the terminal. - -By default, `code-server` will enable password authentication which will require you to copy the -password from the`code-server`config file to login. It will listen on`localhost` to avoid exposing -itself to the world. This is fine for testing but will not work if you want to access `code-server` -from a different machine. - -There are several approaches to securely operating and exposing `code-server`. - -**tip**: You can list the full set of `code-server` options with `code-server --help` - -### SSH forwarding - -We highly recommend this approach for not requiring any additional setup, you just need an -SSH server on your remote machine. The downside is you won't be able to access `code-server` -on any machine without an SSH client like on iPad. If that's important to you, skip to [Let's Encrypt](#lets-encrypt). - -First, ssh into your instance and edit your `code-server` config file to disable password authentication. - -```bash -# Replaces "auth: password" with "auth: none" in the code-server config. -sed -i.bak 's/auth: password/auth: none/' ~/.config/code-server/config.yaml -``` - -Restart `code-server` with (assuming you followed the guide): - -```bash -sudo systemctl restart code-server@$USER -``` - -Now forward local port 8080 to `127.0.0.1:8080` on the remote instance by running the following command on your local machine. - -Recommended reading: https://help.ubuntu.com/community/SSH/OpenSSH/PortForwarding. - -```bash -# -N disables executing a remote shell -ssh -N -L 8080:127.0.0.1:8080 [user]@ -``` - -Now if you access http://127.0.0.1:8080 locally, you should see `code-server`! - -If you want to make the SSH port forwarding persistent we recommend using -[mutagen](https://mutagen.io/documentation/introduction/installation). - -``` -# Same as the above SSH command but runs in the background continuously. -# Add `mutagen daemon start` to your ~/.bashrc to start the mutagen daemon when you open a shell. -mutagen forward create --name=code-server tcp:127.0.0.1:8080 :tcp:127.0.0.1:8080 -``` - -We also recommend adding the following lines to your `~/.ssh/config` to quickly detect bricked SSH connections: - -```bash -Host * -ServerAliveInterval 5 -ExitOnForwardFailure yes -``` - -You can also forward your SSH and GPG agent to the instance to securely access GitHub -and sign commits without copying your keys. - -1. https://developer.github.com/v3/guides/using-ssh-agent-forwarding/ -2. https://wiki.gnupg.org/AgentForwarding - -### Let's Encrypt - -[Let's Encrypt](https://letsencrypt.org) is a great option if you want to access `code-server` on an iPad -or do not want to use SSH forwarding. This does require that the remote machine be exposed to the internet. - -Assuming you have been following the guide, edit your instance and checkmark the allow HTTP/HTTPS traffic options. - -1. You'll need to buy a domain name. We recommend [Google Domains](https://domains.google.com). -2. Add an A record to your domain with your instance's IP. -3. Install Caddy https://caddyserver.com/docs/download#debian-ubuntu-raspbian. - -```bash +```console sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/cfg/gpg/gpg.155B6D79CA56EA34.key' | sudo apt-key add - curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/cfg/setup/config.deb.txt?distro=debian&version=any-version' | sudo tee -a /etc/apt/sources.list.d/caddy-stable.list @@ -189,133 +127,224 @@ sudo apt update sudo apt install caddy ``` -4. Replace `/etc/caddy/Caddyfile` with sudo to look like this: +1. Replace `/etc/caddy/Caddyfile` using `sudo` so that the file looks like this: -``` -mydomain.com + ```text + mydomain.com -reverse_proxy 127.0.0.1:8080 -``` + reverse_proxy 127.0.0.1:8080 + ``` -If you want to serve `code-server` from a sub-path, below is sample configuration for Caddy: + If you want to serve code-server from a sub-path, you can do so as follows: -``` -mydomain.com/code/* { - uri strip_prefix /code - reverse_proxy 127.0.0.1:8080 -} -``` + ```text + mydomain.com/code/* { + uri strip_prefix /code + reverse_proxy 127.0.0.1:8080 + } + ``` -Remember to replace `mydomain.com` with your domain name! + Remember to replace `mydomain.com` with your domain name! -5. Reload Caddy with: +1. Reload Caddy: -```bash -sudo systemctl reload caddy -``` + ```console + sudo systemctl reload caddy + ``` -Visit `https://` to access `code-server`. Congratulations! +At this point, you should be able to access code-server via +`https://mydomain.com`. -In a future release we plan to integrate Let's Encrypt directly with `code-server` to avoid -the dependency on Caddy. +### Using Let's Encrypt with NGINX -#### NGINX +1. This option requires that the remote machine be exposed to the internet. Make sure that your instance allows HTTP/HTTP traffic. -If you prefer to use NGINX instead of Caddy then please follow steps 1-2 above and then: +1. You'll need a domain name (if you don't have one, you can purchase one from + [Google Domains](https://domains.google.com) or the domain service of your + choice)). Once you have a domain name, add an A record to your domain that contains your + instance's IP address. -3. Install `nginx`: +1. Install NGINX: -```bash -sudo apt update -sudo apt install -y nginx certbot python3-certbot-nginx -``` + ```bash + sudo apt update + sudo apt install -y nginx certbot python3-certbot-nginx + ``` -4. Put the following config into `/etc/nginx/sites-available/code-server` with sudo: +1. Update `/etc/nginx/sites-available/code-server` using sudo with the following + configuration: -```nginx -server { - listen 80; - listen [::]:80; - server_name mydomain.com; + ```text + server { + listen 80; + listen [::]:80; + server_name mydomain.com; - location / { - proxy_pass http://localhost:8080/; - proxy_set_header Host $host; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection upgrade; - proxy_set_header Accept-Encoding gzip; - } -} -``` + location / { + proxy_pass http://localhost:8080/; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection upgrade; + proxy_set_header Accept-Encoding gzip; + } + } + ``` -Remember to replace `mydomain.com` with your domain name! + Be sure to replace `mydomain.com` with your domain name! -5. Enable the config: +1. Enable the config: -```bash -sudo ln -s ../sites-available/code-server /etc/nginx/sites-enabled/code-server -sudo certbot --non-interactive --redirect --agree-tos --nginx -d mydomain.com -m me@example.com -``` + ```console + sudo ln -s ../sites-available/code-server /etc/nginx/sites-enabled/code-server + sudo certbot --non-interactive --redirect --agree-tos --nginx -d mydomain.com -m me@example.com + ``` -Make sure to substitute `me@example.com` with your actual email. + Be sure to replace `me@example.com` with your actual email. -Visit `https://` to access `code-server`. Congratulations! +At this point, you should be able to access code-server via +`https://mydomain.com`. + +### Using a self-signed certificate + +> Self signed certificates do not work with iPad; see [./ipad.md](./ipad.md) for +> more information. + +Before proceeding, we recommend familiarizing yourself with the [risks of +self-signing a certificate for +SSL](https://security.stackexchange.com/questions/8110). + +We recommend self-signed certificates as a last resort, since self-signed +certificates do not work with iPads and may cause unexpected issues with +code-server. You should only proceed with this option if: + +- You do not want to buy a domain or you cannot expose the remote machine to + the internet +- You do not want to use port forwarding via SSH + +To use a self-signed certificate: + +1. This option requires that the remote machine be exposed to the internet. Make + sure that your instance allows HTTP/HTTP traffic. + +1. SSH into your instance and edit your code-server config file to use a + randomly generated self-signed certificate: + + ```console + # Replaces "cert: false" with "cert: true" in the code-server config. + sed -i.bak 's/cert: false/cert: true/' ~/.config/code-server/config.yaml + # Replaces "bind-addr: 127.0.0.1:8080" with "bind-addr: 0.0.0.0:443" in the code-server config. + sed -i.bak 's/bind-addr: 127.0.0.1:8080/bind-addr: 0.0.0.0:443/' ~/.config/code-server/config.yaml + # Allows code-server to listen on port 443. + sudo setcap cap_net_bind_service=+ep /usr/lib/code-server/lib/node + ``` + +1. Restart code-server: + + ```console + sudo systemctl restart code-server@$USER + ``` + +At this point, you should be able to access code-server via +`https://`. + +If you'd like to avoid the warnings displayed by code-server when using a +self-signed certificate, you can use [mkcert](https://mkcert.dev) to create a +self-signed certificate that's trusted by your operating system, then pass the +certificate to code-server via the `cert` and `cert-key` config fields. + +## External authentication + +If you want to use external authentication mechanism (e.g., Sign in with +Google), you can do this with a reverse proxy such as: + +- [Pomerium](https://www.pomerium.io/guides/code-server.html) +- [oauth2_proxy](https://github.com/pusher/oauth2_proxy) +- [Cloudflare Access](https://teams.cloudflare.com/access) + +## HTTPS + +For HTTPS, you can use a self-signed certificate by: + +- Passing in `--cert` +- Passing in an existing certificate by providing the path to `--cert` and the + path to the key with `--cert-key` + +The self signed certificate will be generated to +`~/.local/share/code-server/self-signed.crt`. + +If you pass a certificate to code-server, it will respond to HTTPS requests and +redirect all HTTP requests to HTTPS. + +> You can use [Let's Encrypt](https://letsencrypt.org/) to get a TLS certificate +> for free. Note: if you set `proxy_set_header Host $host;` in your reverse proxy config, it will change the address displayed in the green section of code-server in the bottom left to show the correct address. ### Self Signed Certificate -**note:** Self signed certificates do not work with iPad normally. See [./ipad.md](./ipad.md) for details. +If you're working on a web service and want to access it locally, code-server +can proxy to any port using either a subdomain or a subpath, allowing you to +securely access these services using code-server's built-in authentication. -Recommended reading: https://security.stackexchange.com/a/8112. +### Using a subdomain -We recommend this as a last resort because self signed certificates do not work with iPads and can -cause other bizarre issues. Not to mention all the warnings when you access `code-server`. -Only use this if: +You will need a DNS entry that points to your server for each port you want to +access. You can either set up a wildcard DNS entry for `*.` if your +domain name registrar supports it, or you can create one for every port you want +to access (`3000.`, `8080.`, etc). -1. You do not want to buy a domain or you cannot expose the remote machine to the internet. -2. You do not want to use SSH forwarding. +You should also set up TLS certificates for these subdomains, either using a +wildcard certificate for `*.` or individual certificates for each port. -ssh into your instance and edit your code-server config file to use a randomly generated self signed certificate: +To set your domain, start code-server with the `--proxy-domain` flag: -```bash -# Replaces "cert: false" with "cert: true" in the code-server config. -sed -i.bak 's/cert: false/cert: true/' ~/.config/code-server/config.yaml -# Replaces "bind-addr: 127.0.0.1:8080" with "bind-addr: 0.0.0.0:443" in the code-server config. -sed -i.bak 's/bind-addr: 127.0.0.1:8080/bind-addr: 0.0.0.0:443/' ~/.config/code-server/config.yaml -# Allows code-server to listen on port 443. -sudo setcap cap_net_bind_service=+ep /usr/lib/code-server/lib/node +```console +code-server --proxy-domain ``` -Assuming you have been following the guide, restart `code-server` with: +Now you can browse to `.`. Note that this uses the host header, so +ensure your reverse proxy (if you're using one) forwards that information. -```bash -sudo systemctl restart code-server@$USER +### Using a subpath + +Simply browse to `/proxy//`. + +### Stripping `/proxy/` from the request path + +You may notice that the code-server proxy strips `/proxy/` from the +request path. + +HTTP servers should use relative URLs to avoid the need to be coupled to the +absolute path at which they are served. This means you must [use trailing +slashes on all paths with +subpaths](https://blog.cdivilly.com/2019/02/28/uri-trailing-slashes). + +This reasoning is why the default behavior is to strip `/proxy/` from the +base path. If your application uses relative URLs and does not assume the +absolute path at which it is being served, it will just work no matter what port +you decide to serve it off or if you put it in behind code-server or any other +proxy. + +However, some prefer the cleaner aesthetic of no trailing slashes. Omitting the +trailing slashes couples you to the base path, since you cannot use relative +redirects correctly anymore. If you're okay with this tradeoff, use `/absproxy` +instead and the path will be passed as is (e.g., `/absproxy/3000/my-app-path`). + +### Proxying to create a React app + +You must use `/absproxy/` with `create-react-app` (see +[#2565](https://github.com/cdr/code-server/issues/2565) and +[#2222](https://github.com/cdr/code-server/issues/2222) for more information). +You will need to inform `create-react-app` of the path at which you are serving +via `$PUBLIC_URL` and webpack via `$WDS_SOCKET_PATH`: + +```sh +PUBLIC_URL=/absproxy/3000 \ + WDS_SOCKET_PATH=$PUBLIC_URL/sockjs-node \ + BROWSER=none yarn start ``` -Edit your instance and checkmark the allow HTTPS traffic option. +You should then be able to visit `https://my-code-server-address.io/absproxy/3000` to see your app exposed through +code-server! -Visit `https://` to access `code-server`. -You'll get a warning when accessing but if you click through you should be good. - -To avoid the warnings, you can use [mkcert](https://mkcert.dev) to create a self signed certificate -trusted by your OS and then pass it into `code-server` via the `cert` and `cert-key` config -fields. - -### Change the password? - -Edit the `password` field in the `code-server` config file at `~/.config/code-server/config.yaml` -and then restart `code-server` with: - -```bash -sudo systemctl restart code-server@$USER -``` - -Alternatively, you can specify the SHA-256 of your password at the `hashed-password` field in the config file. -The `hashed-password` field takes precedence over `password`. - -### How do I securely access development web services? - -If you're working on a web service and want to access it locally, `code-server` can proxy it for you. - -See the [FAQ](./FAQ.md#how-do-i-securely-access-web-services). +> We highly recommend using the subdomain approach instead to avoid this class of issue. diff --git a/docs/install.md b/docs/install.md index abc0242e..b5403aed 100644 --- a/docs/install.md +++ b/docs/install.md @@ -2,96 +2,161 @@ # Install -- [Upgrading](#upgrading) - [install.sh](#installsh) - - [Flags](#flags) - - [Detection Reference](#detection-reference) + - [Detection reference](#detection-reference) +- [yarn, npm](#yarn-npm) +- [Standalone releases](#standalone-releases) - [Debian, Ubuntu](#debian-ubuntu) - [Fedora, CentOS, RHEL, SUSE](#fedora-centos-rhel-suse) - [Arch Linux](#arch-linux) -- [Termux](#termux) -- [Raspberry Pi](#raspberry-pi) -- [yarn, npm](#yarn-npm) - [macOS](#macos) -- [Standalone Releases](#standalone-releases) - [Docker](#docker) -- [helm](#helm) -- [Cloud Providers](#cloud-providers) -- [Troubleshooting Node Issues](#troubleshooting-node-issues) +- [Helm](#helm) +- [Raspberry Pi](#raspberry-pi) +- [Termux](#termux) +- [Cloud providers](#cloud-providers) -This document demonstrates how to install `code-server` on -various distros and operating systems. - -## Upgrading - -When upgrading you can just install the new version over the old one. code-server -maintains all user data in `~/.local/share/code-server` so that it is preserved in between -installations. +This document demonstrates how to install `code-server` on various distros and +operating systems. ## install.sh -We have a [script](../install.sh) to install code-server for Linux, macOS and FreeBSD. +The easiest way to install code-server is to use our [install +script](../install.sh) for Linux, macOS and FreeBSD. The install script +[attempts to use the system package manager](#detection-reference) if possible. -It tries to use the system package manager if possible. - -First run to print out the install process: +You can preview what occurs during the install process: ```bash curl -fsSL https://code-server.dev/install.sh | sh -s -- --dry-run ``` -Now to actually install: +To install, run: ```bash curl -fsSL https://code-server.dev/install.sh | sh ``` -The script will print out how to run and start using code-server. +You can modify the installation process by including one or more of the +following flags: -If you believe an install script used with `curl | sh` is insecure, please give -[this wonderful blogpost](https://sandstorm.io/news/2015-09-24-is-curl-bash-insecure-pgp-verified-install) by -[sandstorm.io](https://sandstorm.io) a read. +- `--dry-run`: echo the commands for the install process without running them. +- `--method`: choose the installation method. + - `--method=detect`: detect the package manager but fallback to + `--method=standalone`. + - `--method=standalone`: install a standalone release archive into `~/.local`. +- `--prefix=/usr/local`: install a standalone release archive system-wide. +- `--version=X.X.X`: install version `X.X.X` instead of latest version. +- `--help`: see usage docs. -If you'd still prefer manual installation despite the below [detection reference](#detection-reference) and `--dry-run` -then continue on for docs on manual installation. The [`install.sh`](../install.sh) script runs the _exact_ same -commands presented in the rest of this document. +When done, the install script prints out instructions for running and starting +code-server. -### Flags +> If you're concerned about the install script's use of `curl | sh` and the +> security implications, please see [this blog +> post](https://sandstorm.io/news/2015-09-24-is-curl-bash-insecure-pgp-verified-install) +> by [sandstorm.io](https://sandstorm.io). -- `--dry-run` to echo the commands for the install process without running them. -- `--method` to choose the installation method. - - `--method=detect` to detect the package manager but fallback to `--method=standalone`. - - `--method=standalone` to install a standalone release archive into `~/.local`. -- `--prefix=/usr/local` to install a standalone release archive system wide. -- `--version=X.X.X` to install version `X.X.X` instead of latest. -- `--help` to see full usage docs. +If you prefer to install code-server manually, despite the [detection +references](#detection-reference) and `--dry-run` feature, then continue on for +information on how to do this. The [`install.sh`](../install.sh) script runs the +_exact_ same commands presented in the rest of this document. -### Detection Reference +### Detection reference -- For Debian and Ubuntu it will install the latest deb package. -- For Fedora, CentOS, RHEL and openSUSE it will install the latest rpm package. -- For Arch Linux it will install the AUR package. -- For any unrecognized Linux operating system it will install the latest standalone release into `~/.local`. +- For Debian and Ubuntu, code-server will install the latest deb package. +- For Fedora, CentOS, RHEL and openSUSE, code-server will install the latest RPM + package. +- For Arch Linux, code-server will install the AUR package. +- For any unrecognized Linux operating system, code-server will install the + latest standalone release into `~/.local`. - - Add `~/.local/bin` to your `$PATH` to run code-server. + - Ensure that you add `~/.local/bin` to your `$PATH` to run code-server. -- For macOS it will install the Homebrew package. +- For macOS, code-server will install the Homebrew package (if you don't have + Homebrew installed, code-server will install the latest standalone release + into `~/.local`). - - If Homebrew is not installed it will install the latest standalone release into `~/.local`. - - Add `~/.local/bin` to your `$PATH` to run code-server. + - Ensure that you add `~/.local/bin` to your `$PATH` to run code-server. -- For FreeBSD, it will install the [npm package](#yarn-npm) with `yarn` or `npm`. +- For FreeBSD, code-server will install the [npm package](#yarn-npm) with `yarn` + or `npm`. -- If ran on an architecture with no releases, it will install the [npm package](#yarn-npm) with `yarn` or `npm`. - - We only have releases for amd64 and arm64 presently. - - The [npm package](#yarn-npm) builds the native modules on postinstall. +- If you're installing code-server onto architecture with no releases, + code-server will install the [npm package](#yarn-npm) with `yarn` or `npm` + - We currently offer releases for amd64 and arm64. + - The [npm package](#yarn-npm) builds the native modules on post-install. + +## yarn, npm + +We recommend installing with `yarn` or `npm` when: + +1. You aren't using a machine with `amd64` or `arm64`. +2. You're on Linux with `glibc` < v2.17, `glibcxx` < v3.4.18 on `amd64`, `glibc` + < v2.23, or `glibcxx` < v3.4.21 on `arm64`. +3. You're running Alpine Linux or are using a non-glibc libc. See + [#1430](https://github.com/cdr/code-server/issues/1430#issuecomment-629883198) + for more information. + +Installing code-server with `yarn` or `npm` builds native modules on install. +This process requires C dependencies; see our guide on [installing these +dependencies][./npm.md](./npm.md) for more information. + +You must have Node.js v12 (or later) installed. See +[#1633](https://github.com/cdr/code-server/issues/1633). + +To install: + +```bash +yarn global add code-server +# Or: npm install -g code-server +code-server +# Now visit http://127.0.0.1:8080. Your password is in ~/.config/code-server/config.yaml +``` + +## Standalone releases + +We publish self-contained `.tar.gz` archives for every release on +[GitHub](https://github.com/cdr/code-server/releases). The archives bundle the +node binary and node modules. + +We create the standalone releases using the [npm package](#yarn-npm), and we +then create the remaining releases using the standalone version. + +The only requirement to use the standalone release is `glibc` >= 2.17 and +`glibcxx` >= v3.4.18 on Linux (for macOS, there is no minimum system +requirement). + +To use a standalone release: + +1. Download the latest release archive for your system from + [GitHub](https://github.com/cdr/code-server/releases). +2. Unpack the release. +3. Run code-server by executing `./bin/code-server`. + +You can add `./bin/code-server` to your `$PATH` so that you can execute +`code-server` without providing full path each time. + +Here is a sample script for installing and using a standalone code-server +release on Linux: + +```bash +mkdir -p ~/.local/lib ~/.local/bin +curl -fL https://github.com/cdr/code-server/releases/download/v$VERSION/code-server-$VERSION-linux-amd64.tar.gz \ + | tar -C ~/.local/lib -xz +mv ~/.local/lib/code-server-$VERSION-linux-amd64 ~/.local/lib/code-server-$VERSION +ln -s ~/.local/lib/code-server-$VERSION/bin/code-server ~/.local/bin/code-server +PATH="~/.local/bin:$PATH" +code-server +# Now visit http://127.0.0.1:8080. Your password is in ~/.config/code-server/config.yaml +``` ## Debian, Ubuntu -NOTE: The standalone arm64 .deb does not support Ubuntu <16.04. -Please upgrade or [build with yarn](#yarn-npm). +> The standalone arm64 .deb does not support Ubuntu 16.04 or earlier. Please +> upgrade or [build with yarn](#yarn-npm). ```bash curl -fOL https://github.com/cdr/code-server/releases/download/v$VERSION/code-server_$VERSION_amd64.deb @@ -102,8 +167,8 @@ sudo systemctl enable --now code-server@$USER ## Fedora, CentOS, RHEL, SUSE -NOTE: The standalone arm64 .rpm does not support CentOS 7. -Please upgrade or [build with yarn](#yarn-npm). +> The standalone arm64 .rpm does not support CentOS 7. Please upgrade or [build +> with yarn](#yarn-npm). ```bash curl -fOL https://github.com/cdr/code-server/releases/download/v$VERSION/code-server-$VERSION-amd64.rpm @@ -115,14 +180,14 @@ sudo systemctl enable --now code-server@$USER ## Arch Linux ```bash -# Installs code-server from the AUR using yay. +# Install code-server from the AUR using yay. yay -S code-server sudo systemctl enable --now code-server@$USER # Now visit http://127.0.0.1:8080. Your password is in ~/.config/code-server/config.yaml ``` ```bash -# Installs code-server from the AUR with plain makepkg. +# Install code-server from the AUR with plain makepkg. git clone https://aur.archlinux.org/code-server.git cd code-server makepkg -si @@ -130,34 +195,6 @@ sudo systemctl enable --now code-server@$USER # Now visit http://127.0.0.1:8080. Your password is in ~/.config/code-server/config.yaml ``` -## Termux - -Please see "Installation" in the [Termux docs](./termux.md#installation) - -## Raspberry Pi - -If you're running a Raspberry Pi, we recommend install code-server with `yarn` or `npm`. See [yarn-npm](#yarn-npm). - -## yarn, npm - -We recommend installing with `yarn` or `npm` when: - -1. You aren't on `amd64` or `arm64`. -2. If you're on Linux with glibc < v2.17 or glibcxx < v3.4.18 on amd64, or glibc < v2.23 or glibcxx < v3.4.21 on arm64. -3. You're running Alpine Linux, or are using a non-glibc libc. See [#1430](https://github.com/cdr/code-server/issues/1430#issuecomment-629883198) - -**note:** Installing via `yarn` or `npm` builds native modules on install and so requires C dependencies. -See [./npm.md](./npm.md) for installing these dependencies. - -You will need at least node v12 installed. See [#1633](https://github.com/cdr/code-server/issues/1633). - -```bash -yarn global add code-server -# Or: npm install -g code-server -code-server -# Now visit http://127.0.0.1:8080. Your password is in ~/.config/code-server/config.yaml -``` - ## macOS ```bash @@ -166,34 +203,6 @@ brew services start code-server # Now visit http://127.0.0.1:8080. Your password is in ~/.config/code-server/config.yaml ``` -## Standalone Releases - -We publish self contained `.tar.gz` archives for every release on [github](https://github.com/cdr/code-server/releases). -They bundle the node binary and `node_modules`. - -These are created from the [npm package](#yarn-npm) and the rest of the releases are created from these. -Only requirement is glibc >= 2.17 && glibcxx >= v3.4.18 on Linux and for macOS there is no minimum system requirement. - -1. Download the latest release archive for your system from [github](https://github.com/cdr/code-server/releases). -2. Unpack the release. -3. You can run code-server by executing `./bin/code-server`. - -You can add the code-server `bin` directory to your `$PATH` to easily execute `code-server` -without the full path every time. - -Here is an example script for installing and using a standalone `code-server` release on Linux: - -```bash -mkdir -p ~/.local/lib ~/.local/bin -curl -fL https://github.com/cdr/code-server/releases/download/v$VERSION/code-server-$VERSION-linux-amd64.tar.gz \ - | tar -C ~/.local/lib -xz -mv ~/.local/lib/code-server-$VERSION-linux-amd64 ~/.local/lib/code-server-$VERSION -ln -s ~/.local/lib/code-server-$VERSION/bin/code-server ~/.local/bin/code-server -PATH="~/.local/bin:$PATH" -code-server -# Now visit http://127.0.0.1:8080. Your password is in ~/.config/code-server/config.yaml -``` - ## Docker ```bash @@ -214,33 +223,26 @@ docker run -it --name code-server -p 127.0.0.1:8080:8080 \ codercom/code-server:latest ``` -Our official image supports `amd64` and `arm64`. +Our official image supports `amd64` and `arm64`. For `arm32` support, you can +use a [community-maintained code-server +alternative](https://hub.docker.com/r/linuxserver/code-server). -For `arm32` support there is a popular community maintained alternative: +## Helm -[https://hub.docker.com/r/linuxserver/code-server](https://hub.docker.com/r/linuxserver/code-server) +You can install code-server via [Helm](../ci/helm-chart/README.md). -## helm +## Raspberry Pi -See [the chart](../ci/helm-chart). +We recommend installing code-server onto Raspberry Pi with [`yarn` or +`npm`](#yarn-npm). -## Cloud Providers +## Termux -We maintain one-click apps and install scripts for different cloud providers such as DigitalOcean, Railway, Heroku, Azure, etc. Check out the repository: +Please see code-server's [Termux docs](./termux.md#installation) for more +information. -[https://github.com/cdr/deploy-code-server](https://github.com/cdr/deploy-code-server) +## Cloud providers -## Troubleshooting Node Issues - -Occassionally, you may run into issues with node. - -If you install code-server with `yarn`/`npm` and upgrade your node version, you may need to reinstall code-server to recompile native modules. Sometimes you can get around this by `cd`'ing into the `lib/vscode` directory under code-server and running `npm rebuild` to recompile those native modules. - -An example of this might look like: - -1. You installed code-server using `brew install code-server` -2. You `cd` into the directory `cd /usr/local/Cellar/code-server//libexec/lib/vscode/` -3. You recompile native modules by running `npm rebuild` -4. You restart code-server - -If you get stuck or need help, post on our [GitHub Discussions page](https://github.com/cdr/code-server/discussions). +We maintain [one-click apps and install scripts for cloud +providers](https://github.com/cdr/deploy-code-server) such as DigitalOcean, +Railway, Heroku, and Azure. diff --git a/docs/ipad.md b/docs/ipad.md index 5ffaa50d..d1447e33 100644 --- a/docs/ipad.md +++ b/docs/ipad.md @@ -2,162 +2,200 @@ # iPad -- [Known Issues](#known-issues) -- [How to install PWA](#how-to-install-pwa) -- [How to access code-server with a self signed certificate on iPad?](#how-to-access-code-server-with-a-self-signed-certificate-on-ipad) - - [Servediter iPad App](#servediter-ipad-app) -- [Raspberry Pi USB-C Network](#raspberry-pi-usb-c-network) -- [Ctrl C Workaround](#ctrl-c-workaround) +- [Using the code-server progressive web app (PWA)](#using-the-code-server-progressive-web-app-pwa) +- [Access code-server with a self-signed certificate on an iPad](#access-code-server-with-a-self-signed-certificate-on-an-ipad) + - [Certificate requirements](#certificate-requirements) + - [Sharing a self-signed certificate with an iPad](#sharing-a-self-signed-certificate-with-an-ipad) +- [Access code-server using Servediter](#access-code-server-using-servediter) +- [Raspberry Pi USB-C network](#raspberry-pi-usb-c-network) - [Recommendations](#recommendations) -- [By 2022 iPad coding more desirable on Arm Macs](#by-2022-ipad-coding-more-desirable-on-arm-macs) +- [Known issues](#known-issues) + - [Workaround for issue with `ctrl+c` not stopping a running process in the terminal](#workaround-for-issue-with-ctrlc-not-stopping-a-running-process-in-the-terminal) -## Known Issues +Once you've installed code-server, you can access it from an iPad. -- Getting self signed certificates certificates to work is involved, see below. -- Keyboard issues - - May disappear sometimes [#1313](https://github.com/cdr/code-server/issues/1313), [#979](https://github.com/cdr/code-server/issues/979) - - Some short cuts expectations may not be met - - `command + n` opens new browser window instead of new file and difficult to even set to another quick key - - In general it's just note worthy you most likely will need to edit keyboard shortcuts - - No escape key by default on Magic Keyboard but everyone sets the globe key to be an escape key - - Opinion: It's actually an awesome joy having the escape key at bottom of keyboard -- Trackpad scrolling does not work [#1455](https://github.com/cdr/code-server/issues/1455) - - [Bug tracking of a WebKit fix here](https://bugs.webkit.org/show_bug.cgi?id=210071#c13) - - [tracking of WebKit patch](https://trac.webkit.org/changeset/270712/webkit) - - Alternative: Install line-jump extension and use keyboard to nav by jumping large amount of lines - - Alternative: Just use touch scrolling -- See [issues tagged with the iPad label](https://github.com/cdr/code-server/issues?q=is%3Aopen+is%3Aissue+label%3AiPad) for more. -- `ctrl+c` does not stop a long-running process in the browser - - Tracking upstream issue here: [#114009](https://github.com/microsoft/vscode/issues/114009) - - See [workaround](#ctrl-c-workaround) +## Using the code-server progressive web app (PWA) -## How to install PWA +To use code-server on an iPad, we recommend installing the code-server +progressive web app (PWA): -To install the code-server PWA, follow these steps: +1. Open code-server in Safari. +2. Click the **Share** icon. +3. Click **Add to Home Screen**. -1. Open code-server in Safari -2. Click the Share icon -3. Click "Add to Home Screen" +You can now open code-server from the Home screen, and when you do, you'll be +using the PWA. Running code-server as a PWA gets you more screen real estate and +access to top-level keyboard shortcuts since its running like a native app. -Now when you open code-server from the home screen, you will be using the PWA. -The advantages of this are more screen real estate and access to top-level keyboard shortcuts because it's running like an app. -An example shortcut is the `cmd+w` to close an active file in the workbench. You can add this to your `keybindings.json` by doing the following: +For example, you can use `cmd+w` to close an active file in the workbench. You +can add this to `keybindings.json`: -1. Open up code-serer -2. `Command Palette > Open Keyboard Shortcuts (JSON)` -3. Add the following to your `keybindings.json` +1. Open code-server +2. Go to **Command Palette** > **Open Keyboard Shortcuts (JSON)** +3. Add the following to `keybindings.json` -```json -{ - "key": "cmd+w", - "command": "workbench.action.closeActiveEditor" -} -``` + ```json + { + "key": "cmd+w", + "command": "workbench.action.closeActiveEditor" + } + ``` -Test out command by hitting `cmd+w` to close an active file +4. Test the command by using `cmd+w` to close an active file. -## How to access code-server with a self signed certificate on iPad? +## Access code-server with a self-signed certificate on an iPad -Accessing a self signed certificate on iPad isn't as easy as accepting through all -the security warnings. Safari will prevent WebSocket connections unless the certificate -is installed as a profile on the device. +If you've installed code-server and are [running it with a self-signed +certificate](./guide.md#using-a-self-signed-certificate), you may see multiple +security warnings from Safari. To fix this, you'll need to install the +self-signed certificate generated by code-server as a profile on your device (you'll also need to do this to +enable WebSocket connections). -The below assumes you are using the self signed certificate that code-server -generates for you. If not, that's fine but you'll have to make sure your certificate -abides by the following guidelines from Apple: https://support.apple.com/en-us/HT210176 +### Certificate requirements -**note**: Another undocumented requirement we noticed is that the certificate has to have `basicConstraints=CA:true`. +- We're assuming that you're using the self-signed certificate code-server + generates for you (if not, make sure that your certificate [abides by the + guidelines issued by Apple](https://support.apple.com/en-us/HT210176)). +- We've noticed that the certificate has to include `basicConstraints=CA:true`. +- Your certificate must have a subject alt name that matches the hostname you'll + use to access code-server from the iPad. You can pass this name to code-server + so that it generates the certificate correctly using `--cert-host`. -The following instructions assume you have code-server installed and running -with a self signed certificate. If not, please first go through [./guide.md](./guide.md)! +### Sharing a self-signed certificate with an iPad + +To share a self-signed certificate with an iPad: + +1. Get the location of the certificate code-server generated; code-server prints + the certificate's location in its logs: + + ```console + [2020-10-30T08:55:45.139Z] info - Using generated certificate and key for HTTPS: ~/.local/share/code-server/mymbp_local.crt + ``` + +2. Send the certificate to the iPad, either by emailing it to yourself or using + Apple's Airdrop feature. + +3. Open the `*.crt` file so that you're prompted to go into Settings to install. + +4. Go to **Settings** > **General** > **Profile**, and select the profile. Tap **Install**. + +5. Go to **Settings** > **About** > **Certificate Trust Settings** and [enable + full trust for your certificate](https://support.apple.com/en-us/HT204477). + +You should be able to access code-server without all of Safari's warnings now. **warning**: Your iPad must access code-server via a domain name. It could be local -DNS like `mymacbookpro.local` but it must be a domain name. Otherwise Safari will -refuse to allow WebSockets to connect. +DNS like `mymacbookpro.local`, but it must be a domain name. Otherwise, Safari will +not allow WebSockets connections. -1. Your certificate **must** have a subject alt name that matches the hostname - at which you will access code-server from your iPad. You can pass this to code-server - so that it generates the certificate correctly with `--cert-host`. -2. Share your self signed certificate with the iPad. - - code-server will print the location of the certificate it has generated in the logs. +## Access code-server using Servediter -``` -[2020-10-30T08:55:45.139Z] info - Using generated certificate and key for HTTPS: ~/.local/share/code-server/mymbp_local.crt -``` +If you are unable to get the self-signed certificate working, or you do not have a domain +name to use, you can use [Servediter for code-server](https://apps.apple.com/us/app/servediter-for-code-server/id1504491325). -- You can mail it to yourself or if you have a Mac, it's easiest to just Airdrop to the iPad. +> Servediter for code-server is **not** officially supported by the code-server team! -3. When opening the `*.crt` file, you'll be prompted to go into settings to install. -4. Go to `Settings -> General -> Profile`, select the profile and then hit `Install`. - - It should say the profile is verified. -5. Go to `Settings -> About -> Certificate Trust Settings` and enable full trust for - the certificate. [more apple support here](https://support.apple.com/en-us/HT204477) -6. Now you can access code-server! 🍻 +To use Servediter: -### Servediter iPad App +1. Download the app from the App Store. +2. When prompted, provide your server information. If you are running a local + server or a [Raspberry Pi connected via USB-C](#raspberry-pi-usb-c-network), you will input your settings + into **Self Hosted Server**. -If you are unable to get the self signed certificate working or you do not have a domain -name to use, you can use the Servediter iPad App instead! +## Raspberry Pi USB-C network -**note**: This is not an officially supported app by the code-server team! +We've heard of users having great success using code-server on an iPad connected +to a Raspberry Pi via USB-C (the Raspberry Pi provides both power and direct +network access). Setting this up requires you to turn on **Network over USB-C** +on the Raspberry Pi, then continuing with code-server as usual on the iPad. -Download [Serveediter](https://apps.apple.com/us/app/servediter-for-code-server/id1504491325) from the -App Store and then input your server information. If you are running a local server or mabye a usb-c -connected Raspberry Pi, you will input your settings into "Self Hosted Server". +For more information, see: -## Raspberry Pi USB-C Network - -It is a bit out of scope for this project, however, great success is being reported using iPad on the go with just a single USB-C cable connected to a Raspberry Pi both powering and supplying direct network access. Many support articles already exist but the key steps boil down to turning on Network over USB-C on the Raspberry Pi itself and the rest of the steps are just like getting Code Server running any where else. - -Resources worthy of review: - -- [General intro to Pi as an iPad accessory](https://www.youtube.com/watch?v=IR6sDcKo3V8) +- [General introduction to Pi as an iPad + accessory](https://www.youtube.com/watch?v=IR6sDcKo3V8) - [iPad with Pi FAQ](https://www.youtube.com/watch?v=SPSlyqo5Q2Q) -- [Technical guide to perform the steps](https://www.geeky-gadgets.com/connect-a-raspberry-pi-4-to-an-ipad-pro-21-01-2020/) +- [Technical guide to connecting a Raspberry Pi to an + iPad](https://www.geeky-gadgets.com/connect-a-raspberry-pi-4-to-an-ipad-pro-21-01-2020/) -> Here are my keys to success. I bought a 4" touch screen with fan included that attaches as a case to the Pi. I use the touch screen for anytime I have connection issues, otherwise I turn off the Pi screen. I gave my Pi a network name so I can easily connect at home on wifi or when on go with 1 usb-c cable that supplys both power and network connectivity. Lastly, not all usb-c cables are equal and not all will work so try different usb-c cables if you are going mad (confirm over wifi first then move to cable). -> -> -- [Acker Apple](http://github.com/ackerapple/) +You may also find the following tips from [Acker +Apple](http://github.com/ackerapple/) helpful: -## Ctrl C Workaround - -There is currently an issue with `ctrl+c` not stopping a running process in the integrated terminal. We have filed an issue upstream and are tracking [here](https://github.com/microsoft/vscode/issues/114009). As a temporary workaround, it works if you manually define the shortcut like so: - -1. Open Command Palette -2. Look for "Preferences: Open Keyboard Shortcuts (JSON)" -3. Add this: - -```json -{ - "key": "ctrl+c", - "command": "workbench.action.terminal.sendSequence", - "args": { - "text": "\u0003" - }, - "when": "terminalFocus" -} -``` - -Source: [StackOverflow](https://stackoverflow.com/a/52735954/3015595) +> Here are my keys to success. I bought a 4" touch screen with fan included that +> attaches as a case to the Pi. I use the touch screen for anytime I have +> connection issues, otherwise I turn off the Pi screen. I gave my Pi a network +> name so I can easily connect at home on wifi or when on go with 1 usb-c cable +> that supplys both power and network connectivity. Lastly, not all usb-c cables +> are equal and not all will work so try different usb-c cables if you are going +> mad (confirm over wifi first then move to cable). ## Recommendations -Once you have code-server accessible to your iPad a few things could help save you time: +Once you can access code-server on your iPad, you may find the following tips +and tricks helpful: -- Use multi task mode to make code changes and see browser at the same time - - Prevents iOs background dropping an App's state if you are full screen switching between code-server and browser -- Be sure you are using the debug/terminal that is built into VS Code so that you don’t need another terminal app running - - Again, prevents switching between full screen app and losing your view to iOs background app memory management -- You should be of a mindset willing to deal and adapt with differences in having an imperfect experience, for the perceived joyful benefits of interacting with your computer in more intuitive ways +- Use multi-task mode to make code changes and see the browser at the same time + - This prevents the iOS background from dropping an app's state if you are + switching between code-server and browser (with both in full-screen) +- Be sure you are using the debug/terminal that is built into VS Code so that + you don’t need another terminal app running + - This also prevents switching between full screen apps and losing your view + due to iOS' background app memory management -## By 2022 iPad coding more desirable on Arm Macs +## Known issues -> This section is generalized opinions intended to inform fellow Apple product consumers of perceived over time changes coming down the line +- Getting self-signed certificates to work [is an involved + process](#access-code-server-with-a-self-signed-certificate-on-an-ipad) +- Keyboard issues: + - The keyboard disappear sometimes + [#1313](https://github.com/cdr/code-server/issues/1313), + [#979](https://github.com/cdr/code-server/issues/979) + - Some expectations regarding shortcuts may not be met: + - `cmd + n` opens new browser window instead of new file, and it's difficult + to set alternative as a workaround + - In general, expect to edit your keyboard shortcuts + - There's no escape key by default on the Magic Keyboard, so most users set + the globe key to be an escape key +- Trackpad scrolling does not work + ([#1455](https://github.com/cdr/code-server/issues/1455)) + - Bug tracking of a WebKit fix + [here](https://bugs.webkit.org/show_bug.cgi?id=210071#c13) + - Tracking of [WebKit patch](https://trac.webkit.org/changeset/270712/webkit) + - Alternatives: + - Install line-jump extension and use keyboard to navigate by jumping large + amount of lines + - Use touch scrolling +- `ctrl+c` does not stop a long-running process in the browser + - Tracking upstream issue here: + [#114009](https://github.com/microsoft/vscode/issues/114009) + - See [workaround](#ctrl-c-workaround) -The general feeling from overall Apple movements recently, is that the Mac arm processors are in fact helping support the direction of having Macs with touch screens. Many great YouTube videos of interest call out highly suggestive evidence. In the past Apple has hard declared reasons of body fatigue and such as why not to encourage nor further developments on the iPad touch experience mixed with a keyboard/mouse/trackpad. Regardless, products and software have been released further supporting just that very experience. +Additionally, see [issues in the code-server repo that are tagged with the iPad +label](https://github.com/cdr/code-server/issues?q=is%3Aopen+is%3Aissue+label%3AiPad) +for more information. -The iPad coding experience has been a joy for some of us that are willing to trade an imperfect experience for a uniquely effective focus driven experience. Note worthy, some of us think it's a trashy waste of time. This experience is undoubtably going to get better just by the work that can be seen by all parties, even in our own code-server attempt to make it better. +### Workaround for issue with `ctrl+c` not stopping a running process in the terminal -Lastly, it is note worthy that if you have decided to incorporate a Raspberry Pi into you iPad coding experience, they are Arm processors. You are perfectly lined up with the future of Macs as well. +This's currently an issue with `ctrl+c` not stopping a running process in the +integrated terminal. We have filed an issue upstream and are tracking +[here](https://github.com/microsoft/vscode/issues/114009). + +In the meantime, you can manually define a shortcut as a workaround: + +1. Open the Command Palette +2. Look for **Preferences: Open Keyboard Shortcuts (JSON)** +3. Add the following snippet: + + ```json + { + "key": "ctrl+c", + "command": "workbench.action.terminal.sendSequence", + "args": { + "text": "\u0003" + }, + "when": "terminalFocus" + } + ``` + +_Source: [StackOverflow](https://stackoverflow.com/a/52735954/3015595)_ diff --git a/docs/npm.md b/docs/npm.md index 9386dd27..d16d4943 100644 --- a/docs/npm.md +++ b/docs/npm.md @@ -2,23 +2,28 @@ # npm Install Requirements +- [Node.js version](#nodejs-version) - [Ubuntu, Debian](#ubuntu-debian) - [Fedora, CentOS, RHEL](#fedora-centos-rhel) - [Alpine](#alpine) - [macOS](#macos) - [FreeBSD](#freebsd) +- [Issues with Node.js after version upgrades](#issues-with-nodejs-after-version-upgrades) -If you're installing the npm module you'll need certain dependencies to build the native modules used by VS Code. +If you're installing code-server via `npm`, you'll need to install additional +dependencies required to build the native modules used by VS Code. This article +includes installing instructions based on your operating system. -- Node.js: version `= 14`. Other versions may work, but your mileage may vary. +## Node.js version -_Note: We use the same major version of Node.js that is shipped in VSCode's Electron. VS Code also lists Node.js requirements. See [here](https://github.com/microsoft/vscode/wiki/How-to-Contribute#prerequisites)._ +We use the same major version of Node.js shipped with VSCode's Electron, +which is currently `14.x`. VS Code also [lists Node.js +requirements](https://github.com/microsoft/vscode/wiki/How-to-Contribute#prerequisites). -Related: - -- [#1633](https://github.com/cdr/code-server/issues/1633) +Using other versions of Node.js [may lead to unexpected +behavior](https://github.com/cdr/code-server/issues/1633). ## Ubuntu, Debian @@ -58,3 +63,22 @@ xcode-select --install pkg install -y git python npm-node14 yarn-node14 pkgconf pkg install -y libinotify ``` + +## Issues with Node.js after version upgrades + +Occasionally, you may run into issues with Node.js. + +If you install code-server using `yarn` or `npm`, and you upgrade your Node.js +version, you may need to reinstall code-server to recompile native modules. +Sometimes, you can get around this by navigating into code-server's `lib/vscode` +directory and running `npm rebuild` to recompile the modules. + +A step-by-step example of how you might do this is: + +1. Install code-server: `brew install code-server` +2. Navigate into the directory: `cd /usr/local/Cellar/code-server//libexec/lib/vscode/` +3. Recompile the native modules: `npm rebuild` +4. Restart code-server + +If you need further assistance, post on our [GitHub Discussions +page](https://github.com/cdr/code-server/discussions). diff --git a/docs/requirements.md b/docs/requirements.md new file mode 100644 index 00000000..d67a4670 --- /dev/null +++ b/docs/requirements.md @@ -0,0 +1,55 @@ +# Requirements + +You'll need a machine on which you can run code-server. You can use a physical +machine you have, or you can use a VM on GCP/AWS. + +At the minimum, we recommend: + +- 1 GB of RAM +- 2 CPU cores + +You can use any Linux distribution, but [our +docs](https://coder.com/docs/code-server/v3.10.2/guide) assume that you're using +Debian hosted by Google Cloud (see the following section for instructions on +setting this up). + +Your environment must have WebSockets enabled, since code-server uses WebSockets +for communication between the browser and the server. + +## Set up a VM on Google Cloud + +The following steps walk you through setting up a VM running Debian using Google +Cloud (though you are welcome to use any machine or VM provider). + +If you're [signing up with Google](https://console.cloud.google.com/getting-started) for the first time, you should get a 12-month trial with +$300 of credits. + +After you sign up and create a new Google Cloud Provider (GCP) project, create a +new Compute Engine VM instance: + +1. Using the sidebar, navigate to **Compute Engine** > **VM Instances**. +2. Click **Create Instance**. +3. Provide a **name** for new instance. +4. Choose the **region** that's closest to you based on [GCP + ping](https://gcping.com/). +5. Choose a **zone** (any option is fine). +6. We recommend choose an **E2 series instance** from the [general-purpose + family](https://cloud.google.com/compute/docs/machine-types#general_purpose). +7. Change the instance type to **custom** and set at least **2 cores** and **2 + GB of RAM**. You can add more resources if desired, though you can also edit + your instance at a later point. +8. Though optional, we highly recommend switching the persistent disk to an SSD + with at least 32 GB. To do so, click **change** under **Boot Disk**. Then, + change the type to **SSD Persistent Disk**, and set the size to **32**. (You + can also grow your disk at a later date). +9. Go to **Networking** > **Networking Interfaces** and edit the existing + interface to use a static internal IP. Click **Done** to save. +10. If you don't have a [project-wide SSH + key](https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys#project-wide), + go to **Security** > **SSH Keys** to add your public key. +11. Click **Create** to proceed. + +Notes: + +- To lower costs, you can shut down your server when you're not using it. +- We recommend using the `gcloud cli` to avoid using the GCP Dashboard if possible. diff --git a/docs/termux.md b/docs/termux.md index 7b923329..db350cd9 100644 --- a/docs/termux.md +++ b/docs/termux.md @@ -2,69 +2,70 @@ # Termux -- [Termux](#termux) - - [Installation](#installation) - - [Upgrading](#upgrading) - - [Known Issues](#known-issues) - - [Search issue](#search-issue) - - [Backspace not working](#backspace-not-working) +- [Install](#install) +- [Upgrade](#upgrade) +- [Known Issues](#known-issues) + - [Search doesn't work](#search-doesnt-work) + - [Backspace doesn't work](#backspace-doesnt-work) -# Termux +Termux is a terminal application and Linux environment that you can also use to +run code-server from your Android phone. -Termux is an Android terminal application and Linux environment, which can also run code-server from your phone. +## Install -## Installation +1. Install Termux from [F-Droid](https://f-droid.org/en/packages/com.termux/). +1. Make sure it's up-to-date: `apt update && apt upgrade` +1. Install required packages: `apt install build-essential python git nodejs yarn` +1. Install code-server: `yarn global add code-server` +1. Run code-server: `code-server` and navigate to localhost:8080 in your browser -1. Install Termux from [F-Droid](https://f-droid.org/en/packages/com.termux/) -2. Make sure it's up-to-date by running `apt update && apt upgrade` -3. Install required packages: `apt install build-essential python git nodejs yarn` -4. Install code-server: `yarn global add code-server` -5. Run code-server: `code-server` and navigate to localhost:8080 in your browser - -## Upgrading +## Upgrade To upgrade run: `yarn global upgrade code-server --latest` ## Known Issues -### Search issue +The following details known issues and suggested workarounds for using +code-server with Termux. -There is a known issue with search not working on Android because it's missing `bin/rg`. To fix: +### Search doesn't work + +There is a known issue with search not working on Android because it's missing +`bin/rg` ([context](https://github.com/cdr/code-server/issues/1730#issuecomment-721515979)). To fix this: 1. Install `ripgrep` with `pkg` + ```sh pkg install ripgrep ``` -2. Make a soft link using `ln -s` -```sh -# run this command inside the code-server directory -ln -s $PREFIX/bin/rg ./lib/vscode/node_modules/vscode-ripgrep/bin/rg -``` +1. Make a soft link using `ln -s` -For more context, see [comment](https://github.com/cdr/code-server/issues/1730#issuecomment-721515979). + ```sh + # run this command inside the code-server directory + ln -s $PREFIX/bin/rg ./lib/vscode/node_modules/vscode-ripgrep/bin/rg + ``` -### Backspace not working +### Backspace doesn't work -There is a known issue with the backspace key not working correctly when using the on-screen keyboard on Android. This is due to an upstream issue. Read more: +When using Android's on-screen keyboard, the backspace key doesn't work +properly. This is a known upstream issue: -- [Issues with Backspace in Codespaces on Android (Surface Duo)](https://github.com/microsoft/vscode/issues/107602) +- [Issues with backspace in Codespaces on Android (Surface Duo)](https://github.com/microsoft/vscode/issues/107602) - [Support mobile platforms](https://github.com/xtermjs/xterm.js/issues/1101) -Workaround #1: Modify Keyboard Dispatch Settings +There are two workarounds. + +**Option 1:** Modify keyboard dispatch settings 1. Open the Command Palette -2. Search for "Preferences: Open Settings (JSON)" +2. Search for **Preferences: Open Settings (JSON)** 3. Add `"keyboard.dispatch": "keyCode"` -The backspace button should work now. -(Thanks to @Nefomemes for the suggestion! See [comment](https://github.com/cdr/code-server/issues/1141#issuecomment-789463707)) +The backspace button should work at this point. -Workaround #2: use a Bluetooth keyboard. +_Thanks to @Nefomemes for the [suggestion](https://github.com/cdr/code-server/issues/1141#issuecomment-789463707)!_ -For more context, see issues: - -- [500 error: 3.9.2 not working on Android + Termux](https://github.com/cdr/code-server/issues/3036) -- [Issue #3079](https://github.com/cdr/code-server/issues/3079) +**Option 2:** Use a Bluetooth keyboard. diff --git a/docs/triage.md b/docs/triage.md index e508df41..5717c5eb 100644 --- a/docs/triage.md +++ b/docs/triage.md @@ -1,37 +1,35 @@ # Triage -## Filter - Triaging code-server issues is done with the following issue filter: -``` +```text is:issue is:open no:project sort:created-asc -label:blocked -label:upstream -label:waiting-for-info -label:extension-request ``` This will show issues that: 1. Are open. -2. Have no assigned project. -3. Are not `blocked` or tagged for work by `upstream` (VS Code core team) - - If an upstream issue is detrimental to the code-server experience we may fix it in - our patch instead of waiting for the VS Code team to fix it. - - Someone should periodically go through these issues to see if they can be unblocked - though! -4. Are not in `waiting-for-info`. -5. Are not extension requests. +1. Have no assigned project. +1. Are not `blocked` or tagged for work by `upstream` (the VS Code core team). + If an upstream issue is detrimental to the code-server experience we may fix + it in our patch instead of waiting for the VS Code team to fix it. Someone + should periodically go through these issues to see if they can be unblocked! +1. Are not labeled `waiting-for-info`. +1. Are not extension requests. -## Process +## Triage process -1. If an issue is a question/discussion it should be converted into a GitHub discussion. -2. Next, give the issue the appropriate labels and feel free to create new ones if - necessary. - - There are no hard and set rules for labels. We don't have many so look through and - see how they've been used throughout the repository. They all also have descriptions. -3. If more information is required, please ask the submitter and tag as +1. If an issue is a question/discussion, it should be converted into a GitHub + discussion. +1. Otherwise, give the issue the appropriate labels (feel free to create new + ones if necessary). There are no hard and set rules for labels. We don't have + many so look through and see how they've been used throughout the repository. + They all also have descriptions. +1. If more information is required, please ask the submitter and tag as `waiting-for-info` and wait. -4. Finally, the issue should be moved into the - [code-server](https://github.com/cdr/code-server/projects/1) project where we pick - out issues to fix and track their progress. +1. Finally, the issue should be moved into the + [code-server](https://github.com/cdr/code-server/projects/1) project where we + pick out issues to fix and track their progress. -We also use [milestones](https://github.com/cdr/code-server/milestones) to track what -issues are planned/or were closed for what release. +We also use [milestones](https://github.com/cdr/code-server/milestones) to track +what issues are planned/or were closed for what release. diff --git a/docs/upgrade.md b/docs/upgrade.md new file mode 100644 index 00000000..f4f90e6c --- /dev/null +++ b/docs/upgrade.md @@ -0,0 +1,5 @@ +# Upgrade + +To upgrade code-server, install the new version over the old version. All user +data is in `~/.local/share/code-server`, so they are preserved between +installations.