code-server

Code-server is an open-source tool that allows you to run VSCode, a popular integrated development environment (IDE), on a remote server through the browser. This setup essentially turns VSCode into a cloud-based IDE, providing flexibility and accessibility advantages.

Code-server is popular among developers who want the full power of VSCode, but need to work in a cloud-based environment. This is ideal if you work on multiple machines, need to access your development environment remotely, or have limited local resources.

Code-server requires password authentication by default. By securing code-server behind Pomerium, you can remove code-server’s password requirement and configure Pomerium to add authentication and authorization to an online instance of VSCode.

This guide shows you how to secure code-server with Pomerium. Here are the steps you’ll follow:

1. Install code-server and run it in a Docker container

2. Access your code-server project in the browser listening on `localhost`

3. Configure Pomerium to secure access to your code-server instance

By the end, you will have a minimal, real-world code-server instance that allows developer teams to write code using VSCode in the browser.

Before you start

This guide uses Docker to run Pomerium Zero and Code-Server services in containers.

To complete this guide, you need:

• A Pomerium Zero account

• Docker and Docker Compose

Configure Pomerium Zero

Create a policy

In Pomerium Zero:

1. Go to Policies

2. Select New Policy

3. Give it a Name and an (optional) Description

4. Add an Allow Block and select an AND operator

5. Keep the Domain criteria and replace Value with the domain portion of your email address (the part after “@”)

Save your policy.

Create a route

In Pomerium Zero:

1. Select Routes

2. Add a New Route

3. Give it a Name (like Codeserver)

4. In From:, add the external URL to our Codeserver route

5. In To:, add the internal URL

6. In the Policies field, select the "Secure codeserver" policy

7. Select the Timeouts tab and enable Allow Websockets

Add Docker Compose Services

First, make sure your docker-compose.yaml file contains the images to run Pomerium Zero and code-server:

pomerium:
  image: pomerium/pomerium:v0.27.0
  ports:
    - 443:443
  restart: always
  environment:
    POMERIUM_ZERO_TOKEN: [CLUSTER_TOKEN]
    XDG_CACHE_HOME: /var/cache
  volumes:
    - pomerium-cache:/var/cache
  networks:
    main:
      aliases:
        - authenticate.[CLUSTER_SUBDOMAIN].pomerium.app
codeserver:
  image: codercom/code-server:latest
  networks:
    main: {}
  ports:
    - 8080:8080
  command: --auth none --disable-telemetry /home/coder/project
  volumes:
    - ./code-server:/home/coder/project
    - ./code-server-config/.config:/home/coder/.config

• In line 7, replace CLUSTER_TOKEN with your own.

• In line 14, replace CLUSTER_SUBDOMAIN with your own. For example, if your starter domain is loquacious-cyborg-2214.pomerium.app, the URL would be authenticate.loquacious-cyborg-2214.pomerium.app.

Access Code-server

Run docker compose up and go to your external URL:

docker compose up

After authenticating against our hosted Identity Provider, Pomerium will redirect you to your code-server instance.

Build a project in code-server

Now that you can access VSCode in your browser, test out code-server by creating a project.

You'll notice the changes you make in your browser are persisted in your local code-server directory.

Great job! You secured code-server behind Pomerium.