Agent stuck at Connecting
Hello,
I have Coder OSS installed on a Debian server and given a domain.
I can access the dashboard from outside and do everything. But when I start a workspace, the agent gets stuck at the status "Connecting".
I have already seen that this can be because the agent cannot reach the server.
How can I test if this is the case?
Are there any other reasons why this can happen?
14 Replies
What template are you using? If you're using Docker, what does
docker logs for the workspace say?I use the following template:
Code-Server-Docker
The container has the following error::
curl: (60) SSL certificate problem: unable to get local issuer certificateIs your Coder server running behind HTTPS? If it's not self-signed, you may need to install
ca-certificates on the Docker image you're using for workspaces.
I guess you could do that either by re-building the image or by modifying the entrypoint in the template.Yes it is.
I use pfSense in conjunction with HAProxy and Acme (LetsEncrypt).
Trying to install
ca-certificates showed that the package is already installed.Hmm, depending on the distro/age it might also be necessary to run
update-ca-certificates -f (might not be available). Which distro/release are you using as base?
Could also be a coder server configuration issue, i.e. what certificates are you passing to coder server? You'll need to use the fullchain cert for --tls-cert-file.Best way to troubleshoot this is to exec into the workspace and try to curl
$CODER_ACCESS_URL
If you want to see the exact script that gets executed by a workspace at startup, check out https://github.com/coder/coder/blob/main/provisionersdk/scripts/bootstrap_linux.shThis often occurs when the
CODER_ACCESS_URL is not reachable by your workspace. As @Cian points out, his test can prove that.
Is your Access Url localhost or something like, or not specified? Or please share.
And if you enabled TLS, make sure the Access Url has https instead of httpMy config is as follows:
CODER_ACCESS_URL=https://coding.henomedia.de
CODER_ADDRESS=192.168.1.44:3000
If I "ping" my TLD (henomedia.de, other server/IP) from the container with curl everything works, as soon as it goes to the subdomain the same error occurs.Could be a firewall/routing issue then. Are you using a firewall? For instance, even if you've allowed port 3000 on, say,
eth0. You may need to enable it on docker0 as well.
and TLS is enabled?
Are you using a Docker provider? Could you try setting
CODER_ADDRESS=0.0.0.0:3000 ? I had to do this for the lima-vm setup https://github.com/coder/coder/blob/main/examples/lima/coder.yaml (note: ignore the bits about host.lima.internal in there)
The best way to troubleshoot this further is to SSH to the server running Coder and run docker exec -it <workspace_container> bash and try to curl $CODER_ACCESS_URLI have now taken out the unnecessary part.
I removed the domain assignment, adjusted the config to the internal IP and disabled TLS.
Then everything worked. So I connected HAProxy to the server again and I can access it from the outside again without problems. The agent also connects now without problems.
The only drawback now is that when I open the terminal, for example, it with the IP and not with the domain. But I can live with that for now.
Hmm... it sounds like an issue with the TLS certificate then?
The error you posted above "unable to get local issuer certificate" tends to only crop up with self-signed certificates but when I check
coding.henomedia.de everything looks to be OK with that certificate :\
I wonder if your HAProxy and Coder are using the same TLS certificate?Yes they do