Unhealthy network using coder access url
I am trying to use
CODER_ACCESS_URL to use my domain to access the coder instance running on my machine.
* I am running coder locally
* I setup a caddy reverse proxy filling the docs
* I have my DNS record pointing at my local machine
I am able to open the dashboard using my domain that I set for the access url.
However I am receiving errors for the health check, DERP, and websockets. Even though my DNS is resolving to my machine and I can access coder using the domain name.
Am I misunderstanding how Access URL is supposed to be used?
27 Replies
<#1248010289731997736>
Category
Help needed
Product
Coder OSS (v2)
Platform
Linux
Logs
Please post any relevant logs/error messages.
hey, what URL are you using to access your Coder instance in your browser?
and what CODER_ACCESS_URL is configured?
CODER_HTTP_ADDRESS=127.0.0.1:3000
CODER_ACCESS_URL=coder.placeholder.com (my real domain is hosted via Route 53 pointing an A record at my home WAN)
I was able to access the Coder instance in my browser using
https://coder.placeholder.com then I saw the errors on the health page.
By access I mean, I was able to create an admin user, login, and make it to the Health page.Here are screenshots of the errors I see when I set
CODER_ACCESS_URL
can you try
CODER_ACCESS_URL=https://coder.placeholder.com ?I tried that and I am able to load the coder dashboard using the above URL. However the Access URL check fails even though I can hit
https://coder.placeholder.com/healtz from the browser.
I am not sure why it is giving the error EACS03 if I can reach the health endpointIf you login to the machine where coder is running and run
curl -v ${CODER_ACCESS_URL}/healthz
What do you get?
If coder is running in a container then exec into the container and run that commanddid you set it starting with https:// ?
Yes, I started it with https://
could that be a caddy config issue? i dont know about caddy myself cuz I use nginx, and nginx requre additional config to allow websocket and DERP connection upgrades
@LightningSnow could you send your Caddy config over ?
I removed any mentions to sensitive data
I had to proxy the healthz check because it kept failing even though I could get a 200 by curling
curl -v ${CODER_ACCESS_URL}/healthz
I had the same issue with the websockects
Would love some guidance on how the health route is supposed to workI don't think you need anything more than
yup, that's probably where your issue comes from
try what Atif sent
also I think the TLS block should be at the top
I'll try the changes, I am fairly certain I tried what you are suggesting and it wasn't working. What I provided worked more for me then what was suggested in the docs.
let us know how it goes
I'm trying it now
I think I am having trouble with NAT hairpinning. When I run coder server without an access url. Everything looks good but it uses the default access url with
try-coder in the domain name. Which I assume is running on a different server.
How do I accomplish the same thing with my domain poinitng at my IP addressyou have to set an access URL for the tunnel (the try-coder URL) to be disabled
I think my problem is not coming across well. I have successfully hit my coder instance externally using my domain pointing at my home network. I did this by setting the access url to my domain name.
However the health check fails because I can’t curl my domain from the coder machine. I think it is because the coder machine is running inside my local network.
How can I fix this?
is the IP in your domain's records a local IP, external IP or something like a Tailscale/ZeroTier IP?
The domain record is pointing at my home router
okay
your access URL does seem to be correct
could you check if running something like
dig/drill/nslookup on your coder.placeholder.com domain actually resolves to the proper IP on the Coder machine/container (basically whatever environment is actually running the Coder daemon)?
then if that's the case, can you run curl <ACCESS URL> -vv successfully?1. If your dns record is correct (use online dns record checker to check), check your router port forwarding settings
2. Is your IP address a static public address? Check by using different ip check services and cross check them, if the two ip matches, your ip is a static public address
3. Check your machine firewall rules
4. Running inside local network shouldn’t affect remote connection if your dns is set up correctly, if you cannot curl your coder instance, you may be using some service like Tailscale, for Tailscale, MagicDNS is enabled by default, and if you setup tailscale by OIDC, and if it match your coder domain, it may enables you to access it on device with tailscale installed. You can check by dig/nslookup/ping to see the ip address. DNS service settings on the machine could also be a problem.
They all resolve to the correct IP address of the machine running my coder instance.
Curl works on every machine except ones running in my local network. I think the router is not resolving its external IP address to the local IP address.
I have been able to create workspaces and templates using my domain
i don't really know, sorry
the thing you'll want to do is make it so that the CODER_ACCESS_URL can actually be accessed from the Coder instance itself and workspaces
it shouldn't matter if it's a local IP or anything, it will still work on your domain
so either change the access URL or change some networking settings to make the Coder daemon able to access that URL
eh actually i might be wrong I think the UI uses that access URL
maybe just override the DNS record on the machine hosting the Coder server
For me it is confusing that the Coder instance seems to be working despite there being healhcheck errors. Hinting that something is broken when it is indeed working correctly,