Just to need to confirm the behaviour of CODER_BROWSER_ONLY
I suspect I know the answer to this, but is the intended behaviour of the CODER_BROWSER_ONLY envvar (--browser-only flag) to prevent port-forwarding to webapps running in my engineer's workspaces?
13 Replies
<#1335910322069962803>
Category
Help needed
Product
Coder (v2)
Platform
Linux
Logs
Please post any relevant logs/error messages.
My guess is yes, otherwise engineers would just run sshd, but I just wanted to confirm.
Ok. The reason I ask is we enabled that switch over the weekend, and now my engineers are shouting at us because they can't reach their services in dev via port forwarding. Are you saying there's possibly a fix for this?
If they're port-forwarding via the CLI, that being blocked would make sense to me. What about if they port forward from the browser?
Following those links results in 502 - Bad Gateway
Actually, it doesn't. 😄
Sorry, just sorting through all the reports. I think the "access a frontend I'm working on" scenario works fine from that dashboard UI.
The complaints are coming from engineers trying to expose gRPC services.
gRPC over HTTP/2 should work w/ web port-forwarding. Are these engineers seeing 502s, if so, is there an error message with that 502?
Let me get back to you. Lots of conflicting reports from engineers. 😄
OK. gRPC users are reporting 464 which I think is an Amazon LB issue.
That makes sense. Make sure they're getting HTTP/2 all the way through to Coder. IIRC another customer had their LB downgrading the connection to HTTP/1.1, causing problems
So I think the only use case I haven't covered off with them are tools that aren't HTTP based at all - some teams were using local tools to query databases in their workspaces.
I'm guessing there we're out of luck?
I believe so :(
but don't quote me on that
pretty much, because for this type of use-case you'd need access outside of the browser
closing this one out as Ethan has answered your question, feel free to reopen at any time though :-)
@Phorcys closed the thread.