Run code-server with Apache

black and gray laptop computer
Photo by luis gomes on Pexels.com

code-server is nothing short of amazing. A fully-fledged VSCode environment running in a browser means I can jump from one machine to another, including my beloved Pixelbook, with full access to my development environment and toolset. After months of subscribing to services like Codeanywhere, CodeTasty, replacing this with something under my control (and costing me not a red cent) is pretty cool.

That’s not to say setting it up is easy, especially if you tend to throw all your development skunk-works type activity onto one disposable server as I do. One particular problem is running the system securely over SSL when you already have a web server, like Apache, running on the device.

Keeping Code-Server secure when running remotely

If you’re going to run code-server and make it accessible remotely, you want to do that over SSL. The risks of losing control of your development environment are too great otherwise. The easiest way to do this, in my opinion, is with caddy. Caddy is a web server written in Go that, very handily, grabs an SSL certificate for you when you need it and takes care of your SSL needs. Caddy can create a reverse proxy to code-server, letting you access it over SSL on port 443 easily even though it is really running on some other port internally.

The problem with this is that Caddy needs to be running on port 80 and port 443 to perform its SSL magic and it needs to be able to respond to a reverse-lookup from Let’s Encrypt to get an SSL certificate. This means you can’t be running Apache (or any other web server) on those ports.

Caveat: Yes, you can run code-server remotely this quicker and cheaper, but where’s the fun in that?

If you want to keep things simple, you can of course just spin up an extra image on your cloud host of choice and use one of code-server’s really handy cloud images to install your code-server instance. No fuss, no muss. You don’t have to put all your stuff on one machine and it’s probably advisable not to in a lot of scenarios. However, if you (like me) need, or just want, to run everything off one device then this post will show you do it…


If you don’t already have SSL certificates for your domain, get them

This method won’t work if you’re accessing your server by its IP (or it might, I just haven’t tried).

Use LetsEncrypt to get your domain a certificate if you don’t already have one.

Install Code Server

Install code-server exactly as described by code-server themselves. Trust them, they’re the experts.

Don’t run it yet though, you’re going to make some changes to the config file

Install Caddy

Install Caddy as per the instructions here but (like code-server)… don’t run it yet!

Now, start editing your config files…

code-server config

code server needs to be configured to require no password to access it (Caddy will handle authentication) and use no SSL (Caddy will handle that too)

It doesn’t matter what port code server runs on, as long as it’s a free port, but pay attention to the port as you will need it later.

My code-server config looks like this:

bind-addr: 127.0.0.1:8080
auth: none
cert: false

Caddy config

Caddy needs to be told to

  1. Run on non-standard ports for HTTP and HTTPS.
  2. Use the SSL certificates you already have (see above) rather than try to generate its own
  3. Run a reverse proxy to code server
  4. Require HTTPS authentication to allow access

My Caddy file looks like this:

{
        http_port 9080
        https_port 9443
}

mydomain:9999 {

        basicauth * {
                username passwordhash
        }
        reverse_proxy 127.0.0.1:8080
        tls /path/to/ssl/file /path/to/ssl/key

}

Replace mydomain:9999 with your domain and the port you want to run on.

Replace username and passwordhash with a username and password hash (you can generate a password hash here).

Replace the /path/to/ssl/file and /path/to/ssl/key with paths to the relevant files on your machine. If you generated these with LetsEncrypt and you’re using Apache, like me, you will find these in the configuration file for the domain itself.

Firewall config

It’s unlikely that the ports you picked for Caddy are going to be open on your firewall. (If they are, they probably belong to something already or your firewall config is leaky). You need to ensure that the SSL port Caddy is running on is able to accept inbound connections. You may choose to lock this down to known IP addresses if you have fixed IP addresses that you are going to be remotely accessing the system from.

You’re good to go

Start the code-server service and, once it is running, start Caddy.

code-server &
caddy start

You should be able to connect remotely to your development environment at https://[your-domain]:[caddy-ssl-port]

You will be prompted for the password you configured in the Caddy file (above) – get it right and you should see your remotely accessible code-server in your browser.

Be the first to comment

Leave a Reply