Caspertje
Caspertje
PostsComments
CCoder.com
Created by Caspertje on 8/30/2024 in #help
Dev container workflow & security concerns with tunnel.
Could you share? I may recognise it.
75 replies
CCoder.com
Created by Caspertje on 8/30/2024 in #help
Dev container workflow & security concerns with tunnel.
Does it just get stuck or are you getting an error?
75 replies
CCoder.com
Created by Caspertje on 8/30/2024 in #help
Dev container workflow & security concerns with tunnel.
If you are trying to open it in the official VScode Web, you need to set up some wildcard subdomain stuff as well, but the default vscode-server should work fine.
75 replies
CCoder.com
Created by Caspertje on 8/30/2024 in #help
Dev container workflow & security concerns with tunnel.
Hmm... any errors in particular?
75 replies
CCoder.com
Created by Caspertje on 8/30/2024 in #help
Dev container workflow & security concerns with tunnel.
The server running Coder, so my home IP in my case. The Coder back-end sends a request to the hostname you configured, and the health check fails because this request gets blocked by Access. Hence the bypass rule.
75 replies
CCoder.com
Created by Caspertje on 8/30/2024 in #help
Dev container workflow & security concerns with tunnel.
The IP bypass isn't ideal, but the only alternative seems to be setting up Warp for your connections, and I gave up on that after it turned out too involved to be worth the effort.
75 replies
CCoder.com
Created by Caspertje on 8/30/2024 in #help
Dev container workflow & security concerns with tunnel.
Ah, and by the way, this won't work because Access does not check for tokens in WebSocket connections if I recall correctly. I tried the same thing.
75 replies
CCoder.com
Created by Caspertje on 8/30/2024 in #help
Dev container workflow & security concerns with tunnel.
No problem, just let me know if you get stuck. If everything works apart from the WebSocket thing, you're only a single setting removed from getting it up and running I believe.
75 replies
CCoder.com
Created by Caspertje on 8/30/2024 in #help
Dev container workflow & security concerns with tunnel.
But it's probably easier to fix it in the GUI you're already using.
75 replies
CCoder.com
Created by Caspertje on 8/30/2024 in #help
Dev container workflow & security concerns with tunnel.
Or if you don't use tunnels at all.
75 replies
CCoder.com
Created by Caspertje on 8/30/2024 in #help
Dev container workflow & security concerns with tunnel.
So it's something you'd run whenever you want a new tunnel set up. Though I guess it's a one-time setup if you just tunnel your reverse proxy.
75 replies
CCoder.com
Created by Caspertje on 8/30/2024 in #help
Dev container workflow & security concerns with tunnel.
These Terraform files are completely seperate from whatever Coder has going on.
75 replies
CCoder.com
Created by Caspertje on 8/30/2024 in #help
Dev container workflow & security concerns with tunnel.
You don't need the tunnel if you have a public IP.
75 replies
CCoder.com
Created by Caspertje on 8/30/2024 in #help
Dev container workflow & security concerns with tunnel.
With a hardcoded IP of course, I'm using some hacky script execution in the Terraform file to insert my current IP.
75 replies
CCoder.com
Created by Caspertje on 8/30/2024 in #help
Dev container workflow & security concerns with tunnel.
Just adding that bypass policy to your current setup might do the trick.
75 replies
CCoder.com
Created by Caspertje on 8/30/2024 in #help
Dev container workflow & security concerns with tunnel.
@Nipun Agarwal
75 replies
CCoder.com
Created by Caspertje on 8/30/2024 in #help
Dev container workflow & security concerns with tunnel.
This is what makes the health check work: 
resource "cloudflare_zero_trust_access_policy" "service_policy" {
  account_id = local.zones.example_com.account_id
  name       = "service policy"
  decision   = "bypass"

  include {
    ip = [data.external.current_ip.result["output"]]
  }
}
resource "cloudflare_zero_trust_access_policy" "service_policy" {
  account_id = local.zones.example_com.account_id
  name       = "service policy"
  decision   = "bypass"

  include {
    ip = [data.external.current_ip.result["output"]]
  }
}
75 replies
CCoder.com
Created by Caspertje on 8/30/2024 in #help
Dev container workflow & security concerns with tunnel.
https://gist.github.com/te-lang-wakker/bcec0f53437bceca1b385b188a377258 That's for the tunnel (tunnel/main.tf), and this is for Access: https://gist.github.com/te-lang-wakker/f6d531965786199929a5fcc9c1dddad7
75 replies
CCoder.com
Created by Caspertje on 8/30/2024 in #help
Dev container workflow & security concerns with tunnel.
I'm on mobile right now, but I'll check my old repo for the Terraform files.
75 replies
CCoder.com
Created by Caspertje on 8/30/2024 in #help
Dev container workflow & security concerns with tunnel.
You are looking at the wrong thing, but I got stuck on that exact point as well for some time. It's super confusing.
75 replies