2019-08-17 03:46:37 +08:00
|
|
|
# Generate a Self-signed Certificate 🔒
|
2019-03-05 02:31:27 +08:00
|
|
|
|
2019-08-17 03:46:37 +08:00
|
|
|
code-server has the ability to secure your connection between client and server
|
|
|
|
using SSL/TSL certificates. By default, the server will start with an
|
|
|
|
unencrypted connection. We recommend Self-signed TLS/SSL certificates for
|
|
|
|
personal use of code-server or within an organization.
|
2019-03-05 02:31:27 +08:00
|
|
|
|
2019-08-17 03:46:37 +08:00
|
|
|
This guide will show you how to create a self-signed certificate and start
|
|
|
|
code-server using your certificate/key.
|
2019-03-05 02:31:27 +08:00
|
|
|
|
|
|
|
## TLS / HTTPS
|
|
|
|
|
2019-08-17 03:46:37 +08:00
|
|
|
You can specify any location that you want to save the certificate and key. In
|
|
|
|
this example, we will navigate to the root directory, create a folder called
|
|
|
|
`certs` and cd into it.
|
2019-03-05 02:31:27 +08:00
|
|
|
|
|
|
|
```shell
|
|
|
|
mkdir ~/certs && cd ~/certs
|
|
|
|
```
|
|
|
|
|
2019-08-17 03:46:37 +08:00
|
|
|
If you don't already have a TLS certificate and key, you can generate them with
|
|
|
|
the command below. They will be placed in `~/certs`.
|
2019-03-05 02:31:27 +08:00
|
|
|
|
|
|
|
```shell
|
|
|
|
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ~/certs/MyKey.key -out ~/certs/MyCertificate.crt
|
|
|
|
```
|
|
|
|
|
2019-08-17 03:46:37 +08:00
|
|
|
You will be prompted to add some identifying information about your
|
|
|
|
organization:
|
|
|
|
|
2019-03-05 02:31:27 +08:00
|
|
|
```shell
|
|
|
|
You are about to be asked to enter information that will be incorporated
|
|
|
|
into your certificate request.
|
|
|
|
What you are about to enter is what is called a Distinguished Name or a DN.
|
|
|
|
There are quite a few fields but you can leave some blank
|
|
|
|
For some fields there will be a default value,
|
|
|
|
If you enter '.', the field will be left blank.
|
|
|
|
-----
|
|
|
|
Country Name (2 letter code) [AU]:US
|
|
|
|
State or Province Name (full name) [Some-State]:TX
|
|
|
|
Locality Name (eg, city) []:Austin
|
|
|
|
Organization Name (eg, company) [Coder Technologies]:Coder
|
|
|
|
Organizational Unit Name (eg, section) []:Docs
|
|
|
|
Common Name (e.g. server FQDN or YOUR name) []:hostname.example.com
|
|
|
|
Email Address []:admin@example.com
|
|
|
|
```
|
|
|
|
|
2019-08-17 03:46:37 +08:00
|
|
|
> If you already have a TLS certificate and key, you can simply reference them
|
|
|
|
> in the `--cert` and `--cert-key` flags when launching code-server.
|
|
|
|
|
|
|
|
|
|
|
|
## Starting code-server with a Certificate and Key
|
2019-03-05 02:31:27 +08:00
|
|
|
|
2019-08-17 03:46:37 +08:00
|
|
|
Just add the `--cert` and `--cert-key` flags when you run code-server:
|
2019-03-05 02:31:27 +08:00
|
|
|
|
2019-08-17 03:46:37 +08:00
|
|
|
```shell
|
|
|
|
./code-server --cert=~/certs/MyCertificate.crt --cert-key=~/certs/MyKey.key
|
|
|
|
```
|
2019-03-05 02:31:27 +08:00
|
|
|
|
2019-08-17 03:46:37 +08:00
|
|
|
> You should check that the
|
|
|
|
> `WARN No certificate specified. This could be insecure` are no longer visible
|
|
|
|
> in the output.
|
2019-03-05 02:31:27 +08:00
|
|
|
|
2019-08-17 03:46:37 +08:00
|
|
|
## Other Options
|
2019-03-05 02:31:27 +08:00
|
|
|
|
2019-08-17 03:46:37 +08:00
|
|
|
For larger organizations you may wish to rely on a trusted Certificate Authority
|
|
|
|
as opposed to a self-signed certificate. For more information on generating free
|
|
|
|
and open certificates for your site, please check out EFF's
|
|
|
|
[certbot](https://certbot.eff.org/). Certbot is a cli to generate certificates
|
|
|
|
using [LetsEncrypt](https://letsencrypt.org/).
|