mirror of
https://github.com/coder/code-server.git
synced 2024-12-05 07:13:06 +08:00
33717b277a
* Add docs * Add guides for hosting * Inital commit. Add quick start guide for self hosted * Add info for flags * Detail usage flags and provide examples * Correct file types for certificate * Add self-signed certificate guide, update .gitignore * Add additional information.: * Checkout to master * Add transition document, add some links to readme * Comment out some stuff * Revise transition document * Fix typo * Add Google Cloud setup guide * fix link * Add guide links to readme * Add AWS deployment guide * Fixup based on PR suggestions * Fixup ssl guide and readme * Fix typo * Add step to make binary executable * Add digitalocean guide, update readme, add chmod steps just in case * add information about securing the connection to each deploy guide * Update doc/security/ssl.md Co-Authored-By: nol166 <jmccamb@gmail.com> * Fixup from PR suggestions * Add guide for systemd for when ssh closes * Fix typos * VS Code Remote -> code-server * Fix minor stylistics * Update readme (#43) * Update readme * Add details about chrome warning * Add back extension ID settings * Add back SSL guide to readme * State that chmod is likely not necessary * Fix type * Update readme * Remove transition guide * Revise readme based on suggestions. (#45) * Update references to vscode-remote * No Windows support yet
54 lines
2.7 KiB
Markdown
54 lines
2.7 KiB
Markdown
# Generate a self-signed certificate 🔒
|
|
|
|
code-server has the ability to secure your connection between client and server using SSL/TSL certificates. By default, the server will start with an unencrypted connection. We recommend Self-signed TLS/SSL certificates for personal of code-server or within an organization.
|
|
|
|
This guide will show you how to create a self-signed certificate and start code-server using your certificate/key.
|
|
|
|
## TLS / HTTPS
|
|
|
|
You can specify any location that you want to save the certificate and key. In this example, we will navigate to the root directory, create a folder called `certs` and cd into it.
|
|
|
|
```shell
|
|
mkdir ~/certs && cd ~/certs
|
|
```
|
|
|
|
If you don't already have a TLS certificate and key, you can generate them with the command below. They will be placed in `~/certs`
|
|
|
|
```shell
|
|
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ~/certs/MyKey.key -out ~/certs/MyCertificate.crt
|
|
```
|
|
|
|
You will be prompted to add some identifying information about your organization
|
|
```shell
|
|
You are about to be asked to enter information that will be incorporated
|
|
into your certificate request.
|
|
What you are about to enter is what is called a Distinguished Name or a DN.
|
|
There are quite a few fields but you can leave some blank
|
|
For some fields there will be a default value,
|
|
If you enter '.', the field will be left blank.
|
|
-----
|
|
Country Name (2 letter code) [AU]:US
|
|
State or Province Name (full name) [Some-State]:TX
|
|
Locality Name (eg, city) []:Austin
|
|
Organization Name (eg, company) [Coder Technologies]:Coder
|
|
Organizational Unit Name (eg, section) []:Docs
|
|
Common Name (e.g. server FQDN or YOUR name) []:hostname.example.com
|
|
Email Address []:admin@example.com
|
|
```
|
|
>If you already have a TLS certificate and key, you can simply reference them in the `--cert` and `--cert-key` flags when launching code-server
|
|
|
|
|
|
## Starting code-server with certificate and key
|
|
|
|
1. At the end of the path to your binary, add the following flags followed by the path to your certificate and key like so. Then press enter to run code-server.
|
|
```shell
|
|
./code-server --cert=~/certs/MyCertificate.crt --cert-key=~/certs/MyKey.key
|
|
```
|
|
2. After that you will be running a secure code-server.
|
|
|
|
> You will know your connection is secure if the lines `WARN No certificate specified. This could be insecure. WARN Documentation on securing your setup: https://coder.com/docs` no longer appear.
|
|
|
|
## Other options
|
|
|
|
For larger organizations you may wish to rely on a Certificate Authority as opposed to a self-signed certificate. For more information on generating free and open certificates for your site, please check out EFF's [certbot](https://certbot.eff.org/). Certbot is a cli to generate certificates using [LetsEncrypt](https://letsencrypt.org/).
|