Created
December 4, 2021 17:33
-
-
Save amazingandyyy/41f7d0d837d1d40afd9f9b1d1f87d4ff to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # install code-server service system-wide | |
| export HOME=/root | |
| curl -fsSL https://code-server.dev/install.sh | sh | |
| # add our helper server to redirect to the proper URL for --link | |
| git clone https://github.com/bpmct/coder-cloud-redirect-server | |
| cd coder-cloud-redirect-server | |
| cp coder-cloud-redirect.service /etc/systemd/system/ | |
| cp coder-cloud-redirect.py /usr/bin/ | |
| # create a code-server user | |
| adduser --disabled-password --gecos "" coder | |
| echo "coder ALL=(ALL:ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/coder | |
| usermod -aG sudo coder | |
| # copy ssh keys from root | |
| cp -r /root/.ssh /home/coder/.ssh | |
| chown -R coder:coder /home/coder/.ssh | |
| # config code-server | |
| mkdir -p /home/coder/.config/code-server | |
| touch /home/coder/.config/code-server/config.yaml | |
| tee -a /home/coder/.config/code-server/config.yaml << END | |
| link: false | |
| bind-addr: 127.0.0.1:8080 | |
| auth: password | |
| password: $CODE_PASSWORD | |
| cert: false | |
| END | |
| chown -R coder:coder /home/coder/.config | |
| # config nginx | |
| sudo apt update | |
| sudo apt install nginx | |
| tee -a /etc/nginx/conf.d/default.conf << END | |
| upstream server { | |
| server 127.0.0.1:8080; | |
| } | |
| server { | |
| listen 443 ssl default_server; | |
| listen [::]:443 ssl default_server; | |
| server_name localhost; | |
| ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt; | |
| ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key; | |
| location / { | |
| proxy_pass http://server; | |
| proxy_set_header Upgrade $http_upgrade; | |
| proxy_set_header Connection "Upgrade"; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $proxy_protocol_addr; | |
| proxy_set_header X-Forwarded-For $proxy_protocol_addr; | |
| # Very important, controls proxied websocket connection timeout | |
| proxy_read_timeout 600s; | |
| } | |
| } | |
| END | |
| # setup certs | |
| MY_PUBLIC_IP=`curl http://checkip.amazonaws.com` | |
| sudo mkdir /etc/ssl/private | |
| sudo chmod 700 /etc/ssl/private | |
| sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=$MY_PUBLIC_IP" -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt | |
| code-server & | |
| sudo systemctl start nginx |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment