Caspertje
CCoder.com
•Created by Caspertje on 8/30/2024 in #help
Dev container workflow & security concerns with tunnel.
Noted, thanks! I will look into Kubernetes 🙂.
32 replies
CCoder.com
•Created by Caspertje on 8/30/2024 in #help
Dev container workflow & security concerns with tunnel.
I mean running my workspaces in Docker.
32 replies
CCoder.com
•Created by Phet(Dam) on 9/10/2024 in #help
Error: Error pinging Docker server: Cannot connect to the Docker daemon at unix:///var/run/docker.so
Are you sure you sure you have Docker installed and running in the environment on which Coder runs?
You need to mount the Docker socket of your host if you are running Coder as a container using the default template:
9 replies
CCoder.com
•Created by Caspertje on 8/30/2024 in #help
Dev container workflow & security concerns with tunnel.
Haha, nice to know I'm not doing anything too weird.
There are some caveats in particular if you want to run the official VSCode Web due to its dependence on wildcard subdomains, but I'll turn my current setup into a basic Terraform config to get everything up and running.
One thing I still haven't gotten around to solving is getting the WebSocket to work with Access without a blanket IP bypass — CloudFlare ignores its special authentication headers for WebSocket traffic, and Warp is quite a mess to set up programmatically.
--
That aside, I have an unrelated question if you don't mind:
The docs recommend mounting your host's Docker socket if you are going to be developing within "local" Docker containers. This works perfectly fine of course, but it clutters my top level containers with workspaces, and something feels off about giving a container direct access to the host like that.
What is the best way to put all workspace containers into a container of their own, and would this be a bad idea? Maybe just Docker in Docker will do the trick?
(This doesn't actually matter for the purposes of my home server, but I'm trying to learn best practices as I go.)
32 replies
CCoder.com
•Created by Caspertje on 8/30/2024 in #help
Dev container workflow & security concerns with tunnel.
Thanks for these answers! I spent the last few days setting up a home server based around Coder and CloudFlare Tunnel/Access. Do you think there would in any interest in a short write-up on how to set this up, or is it too niche considering Coder's own tunnel?
32 replies
CCoder.com
•Created by Caspertje on 8/30/2024 in #help
Dev container workflow & security concerns with tunnel.
Thanks for the replies!
1.
Correct me if I'm wrong, but this menu shouldn't be available in VSCode Web, since it does not support the dev container extension (which is the reason I personally want to use Coder).
Additionally, even if it did, the Coder dev container template requires a repository to be bootstrapped before instantiation, so you would need an additional workspace just to set up the dev container files.
The current workflow I am imagining would be to set up a repository with VSCode desktop or the dev container CLI before opening it in Coder to create my actual workspace. Not a deal breaker by any means, but it's just a few extra steps to get started.
2.
I see, makes sense.
From what I understand, the moment you open the Coder URL, you are "in contact" with my local instance through the tunnel, right? Maybe I am just overly paranoid, but this seems less secure than CloudFlare Tunnel's model of requiring authentication through CloudFlare Access before a single request is even passed on to the actual server.
Again, not really a dealbreaker since I can use CloudFlare Tunnel instead, but I am severly out of by depth here 😅 .
32 replies