Coder.com•3y ago

How can I setup an SSL?

hey there, im running the server on ubuntu 20.04, how can I install an SSL on it? Also, how can I work on a dynamic website using the code server? Like have the codeserver on port 80 and the website on port 30

92 Replies

Phorcys•3y ago

are you talking about code-server or coder ?

vikingOP•3y ago

code-server

Phorcys•3y ago

alright you can use the --cert CLI argument code-server --cert <path to certificate file>

vikingOP•3y ago

alr... and how do i get a certification file?

Phorcys•3y ago

using certbot -> https://certbot.eff.org/

vikingOP•3y ago

aight tx is the cert file a .key file or a .crt file

Phorcys•3y ago

actually code-server --cert cert.crt --cert-key cert.key i forgot the cert key

vikingOP•3y ago

vikingOP•3y ago

kk @Phorcys also how can I make it so the code-server only has rights to edit in the /var/www/html folder?

Phorcys•3y ago

make it run as a user that only has permissions on this folder

vikingOP•3y ago

alr, thanks [2022-10-04T12:15:48.746Z] error listen EADDRINUSE: address already in use 127.0.0.1:80 when i try to run it on port 80 when i run it on any other port it times out

Phorcys•3y ago

are you running anything on port 80 ? yes of course you are apache alright

vikingOP•3y ago

i think i got an nginx server nginx nginx

Phorcys•3y ago

sure it's whatever

vikingOP•3y ago

altho i did do sudo systemctl stop nginx

Phorcys•3y ago

i thought it was apache because of the /var/www/html but anyways wdym times out

vikingOP•3y ago

err timeout when i try to access it on google

Phorcys•3y ago

can you show me how you're running code-server on port 3000? and then show me the error in chrome

vikingOP•3y ago

i go to ip:port and it gives me err connection timeout k code-server --bind-addr 0.0.0.0:3000 --cert localhost.crt --cert-key localhost.key

vikingOP•3y ago

@Phorcys

Phorcys•3y ago

yeh are you accessing it from the public ip ?

vikingOP•3y ago

yes

Phorcys•3y ago

did you port forward ?

vikingOP•3y ago

the website on port 80 works just fine...

Phorcys•3y ago

oh you might have firewall rules

vikingOP•3y ago

ah yea thats why lemme change that nope, allowed the port and its still doing it

Phorcys•3y ago

yeah so uh i don't really have time sorry for that but i'm still pretty sure it's a firewall issue

vikingOP•3y ago

aight ill go digging, thanks tho

Phorcys•3y ago

try to curl https://localhost:3000 on the host it should error because of the cert but it doesn't matter

vikingOP•3y ago

aight

vikingOP•3y ago

yea so its firewalls @Phorcys i fixed the firewall issue.. im now getting this errror NET::ERR_CERT_AUTHORITY_INVALID

Phorcys•3y ago

did you use certbot ?

vikingOP•3y ago

yes i might have ran the wrong commands... lemme try again

openssl req -x509 -out localhost.crt -keyout localhost.key \
  -newkey rsa:2048 -nodes -sha256 \
  -subj '/CN=localhost' -extensions EXT -config <( \
   printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")

openssl req -x509 -out localhost.crt -keyout localhost.key \
  -newkey rsa:2048 -nodes -sha256 \
  -subj '/CN=localhost' -extensions EXT -config <( \
   printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")

thats the command i ran @Phorcys

Phorcys•3y ago

this has nothing to do with certbot lol do you have a domain ?

vikingOP•3y ago

Phorcys•3y ago

yeah then just ignore the warning there's nothing you can do about it

vikingOP•3y ago

i got a subdomain

Phorcys•3y ago

what is it

vikingOP•3y ago

beta.sahara-app.com 1 sec generating an ssl for it

vikingOP•3y ago

yo @Phorcys do u know if theres a way to install code-server on plesk obsidian?

Phorcys•3y ago

no clue and even if you could access a shell, you would be violating the hosting provider's ToS

vikingOP•3y ago

how so? I own the VPS and I installed plesk obsidian on it

Phorcys•3y ago

oh, I thought you were using a pre-installed plesk obsidian instance that only has for purpose to use plesk obsidian what is plesk obsidian exactly?

vikingOP•3y ago

not too sure its a bit similar to plesk almost the exact same

Phorcys•3y ago

I don't know what plesk is either lol

vikingOP•3y ago

do you know what cPanel is?

Phorcys•3y ago

yes

vikingOP•3y ago

Plesk is a bit similar to that but I'd say its a bit more oriented towards re-selling hosting and has less limits.

Phorcys•3y ago

oh okay well idk if you have shell access you can install it I dont' know what you mean by "on plesk obsidian"

vikingOP•3y ago

alright now it's installed what do I do? actually ima re-install it i messed up can u send link to a video plz or documentation to install it

PixNyb•3y ago

I’m running code-server with nginx too, i might be of some assistance So basically what i did was run code-server on any port that’s not in use by my server, which was 8080 by default. I updated the code-server config to the following:

proxy-domain: {domain}
bind-addr: 127.0.0.1:8080
auth: password
cert: false

proxy-domain: {domain}
bind-addr: 127.0.0.1:8080
auth: password
cert: false

The proxy-domain is what ultimately got code-server to listen to my public domain. I didn’t set up code-server to use certs because i already did that with nginx, which works just fine To access your web application running on localhost:30 you’ll have to configure the proxy in nginx, what i did in my nginx config is listen to anything in the following format: {number}.{domain} and then proxy reverse proxy that to code server (running on localhost:8080). This is what that looks like:

server {
    # Update this line to be your domain
    server_name {domain};

    # Ensure these lines point to your SSL certificate and key
    ssl_certificate /etc/letsencrypt/live/{domain}/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/{domain}/privkey.pem;
    # Use these lines instead if you created a self-signed certificate
    # ssl_certificate /etc/nginx/ssl/cert.pem;
    # ssl_certificate_key /etc/nginx/ssl/key.pem;

    # Ensure this line points to your dhparams file
    ssl_dhparam /etc/ssl/certs/dhparam.pem;


    # These shouldn't need to be changed
    listen [::]:443 ssl; # if your nginx version is >= 1.9.5 you can also add the "http2" flag here
    add_header Strict-Transport-Security "max-age=0";
    # ssl on; # Uncomment if you are using nginx < 1.15.0
    ssl_protocols TLSv1.2;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

    proxy_buffering off;

    location / {
      proxy_redirect off;
      proxy_pass http://localhost:8080/;

      proxy_set_header Host $host;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection upgrade;
      proxy_set_header Accept-Encoding gzip;

      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-Host $host;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

server {
    # Update this line to be your domain
    server_name {domain};

    # Ensure these lines point to your SSL certificate and key
    ssl_certificate /etc/letsencrypt/live/{domain}/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/{domain}/privkey.pem;
    # Use these lines instead if you created a self-signed certificate
    # ssl_certificate /etc/nginx/ssl/cert.pem;
    # ssl_certificate_key /etc/nginx/ssl/key.pem;

    # Ensure this line points to your dhparams file
    ssl_dhparam /etc/ssl/certs/dhparam.pem;


    # These shouldn't need to be changed
    listen [::]:443 ssl; # if your nginx version is >= 1.9.5 you can also add the "http2" flag here
    add_header Strict-Transport-Security "max-age=0";
    # ssl on; # Uncomment if you are using nginx < 1.15.0
    ssl_protocols TLSv1.2;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

    proxy_buffering off;

    location / {
      proxy_redirect off;
      proxy_pass http://localhost:8080/;

      proxy_set_header Host $host;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection upgrade;
      proxy_set_header Accept-Encoding gzip;

      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-Host $host;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

Oh wait this is the domain itself^ I’ll send the proxy thing too No that should just work, i have a separate block to allow http on only proxied ports, but this should do the trick if you’re running a web application and want to access it elsewhere with the code-server authentication All you have to do now is visit 30.{domain} and log in, then you’ll be able to access your app running on localhost:30 Including working ssl

Phorcys•3y ago

I don't think that's the issue though

Phorcys•3y ago

https://coder.com/docs/code-server/latest/install

Install - code-server v4.7.1 docs

How to install code-server.

vikingOP•3y ago

How can I fix this error?

vikingOP•3y ago

@Phorcys

Phorcys•3y ago

how did you make this certificate ?

vikingOP•3y ago

plesk

Phorcys•3y ago

oh uh

vikingOP•3y ago

wait no

Phorcys•3y ago

try using a different browser

vikingOP•3y ago

not even

Phorcys•3y ago

not even

vikingOP•3y ago

i know why

Phorcys•3y ago

the domain is not the right one in the cert

vikingOP•3y ago

how do i fix this

Phorcys•3y ago

can you do systemctl status nginx and show me the output

vikingOP•3y ago

Phorcys•3y ago

do you have anything in your config loading the brotli module ? something like load_module modules/ngx_http_brotli_filter_module.so;

vikingOP•3y ago

not that i know of...

Phorcys•3y ago

well you should take a look because that's what it is

vikingOP•3y ago

can i delete it?

Phorcys•3y ago

well you have to find it in the config first it's complaining that the module doesn't exist so it has somewhere in the config loading it

vikingOP•3y ago

Phorcys•3y ago

do you have a /etc/nginx/sites-enabled

vikingOP•3y ago

yes

Phorcys•3y ago

look for configs in there

vikingOP•3y ago

thats the file in it the only file in it

Phorcys•3y ago

oh then look in /etc/nginx/nginx.conf

vikingOP•3y ago

thats all thats in it

Phorcys•3y ago

hold on run grep -rnw "ngx_http_brotli_filter_module" "/etc/nginx"

vikingOP•3y ago

Phorcys•3y ago

i guess delete that file but it should not even impact

vikingOP•3y ago

ok done

Phorcys•3y ago

does it start now

vikingOP•3y ago

hm no

root@strange-hofstadter:/etc/nginx/modules.available.d# sudo systemctl start nginx
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xeu nginx.service" for details.

root@strange-hofstadter:/etc/nginx/modules.available.d# sudo systemctl start nginx
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xeu nginx.service" for details.

@Phorcys

Phorcys•3y ago

show me the systemctl status

vikingOP•3y ago

yea no this isn't working out with plesk im re-installing it fresh

Phorcys•3y ago

marking this as resolved, had a vc with OP to guide him through the setup

Gaming

Programming

How can I setup an SSL?