Skip to content

Instantly share code, notes, and snippets.

@HariSekhon

HariSekhon/coder.md

Last active June 7, 2024 12:00
Show Gist options
  • Save HariSekhon/40fc355ff77893d55d923e11e51b5975 to your computer and use it in GitHub Desktop.
Save HariSekhon/40fc355ff77893d55d923e11e51b5975 to your computer and use it in GitHub Desktop.
Download ZIP
coder.md from HariSekhon/Knowledge-Base repo: https://github.com/HariSekhon/Knowledge-Base
Raw
coder.md

Coder

https://coder.com/

Self-hosted enterprise Dev environments.

  • Open-core model
  • Enterprise is expensive to license - the price isn't on the website, you have to contact Sales which should give you a hint!

Disabling SSH

Enterprise edition is needed to disable SSH for data safety in an enterprise that does not want people copying data in or out of the environment.

Unfortunately since it's expensive to license, this is the workaround to block it if using the open source:

Block the /api/v2/deployment/ssh endpoint in the Kubernetes ingress.yaml via an annotation like this:

  annotations:
    nginx.ingress.kubernetes.io/configuration-snippet: |
      location ~* /api/v2/deployment/ssh {
        deny all
        return 403
      }

Beware Upgrade Issues

If you upgrade Coder you need to check that this URL hasn't changed such that SSH is silently unblocked.

The other alternative would be to patch the code and do something like a return statement at the top of the function that handles the SSH to make it a no-op, but that is likely harder to maintain (could do a derived Docker image and patch it in the Dockerfile).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment