0%

code-server 云服务器配置指南

摘要

本文记录了作者在京东云服务器上布置code-server的全过程,包括部署安装,布置nginx反代,配置域名,使用ssl加密以及CDN加速等。

部署安装

因为我是在京东云Ubuntu 18.04上安装的,所以根据官方文档,直接下载了release,解压改名一步到位。

1
2
tar -xvzf code-server-3.7.2-linux-amd64.tar.gz #解压
mv code-server-3.7.2-linux-amd64.tar.gz code-server #改名

然后查询一下参数表:

1
./code-server --help

返回结果如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
Usage: code-server [options] [path]

Options
--auth The type of authentication to use. [password, none]
--password The password for password authentication (can only be passed in via $PASSWORD or the config file).
--cert Path to certificate. Generated if no path is provided.
--cert-key Path to certificate key when using non-generated cert.
--disable-telemetry Disable telemetry.
-h --help Show this output.
--open Open in browser on startup. Does not work remotely.
--bind-addr Address to bind to in host:port. You can also use $PORT to override the port.
--config Path to yaml config file. Every flag maps directly to a key in the config file.
--socket Path to a socket (bind-addr will be ignored).
-v --version Display version information.
--user-data-dir Path to the user data directory.
--extensions-dir Path to the extensions directory.
--list-extensions List installed VS Code extensions.
--force Avoid prompts when installing VS Code extensions.
--install-extension Install or update a VS Code extension by id or vsix. The identifier of an extension is `${publisher}.${name}`.
To install a specific version provide `@${version}`. For example: 'vscode.csharp@1.2.3'.
--enable-proposed-api Enable proposed API features for extensions. Can receive one or more extension IDs to enable individually.
--uninstall-extension Uninstall a VS Code extension by id.
--show-versions Show VS Code extension versions.
--proxy-domain Domain used for proxying ports.
-n --new-window Force to open a new window.
-r --reuse-window Force to open a file or folder in an already opened window.
-vvv --verbose Enable verbose logging.

部署安装的大致步骤大概就是这样。
其中~/.config/code-server/congfig.yaml文件包含开放端口、密码等,配置如下:

1
2
3
4
bind-addr: $HOST:$PORT
auth: password
password: $PASSWORD
cert: false

$HOST是开放地址:0.0.0.0为全网可访问,127.0.0.1仅本机可访问。
$PORT是开放端口。
$PASSWORD为登录密码。

当然也可以不用更改config.yaml文件,而是通过参数表执行命令,写一个start.sh脚本来运行code-server:

1
2
3
4
export PASSWORD="$PASWORD"
#nohup ./code-server --port 9999 --host 0.0.0.0 --auth password > test.log 2>&1 &
nohup ./code-server --auth password > test.log 2>&1 &
echo $! > save_pid.txt

同理,关闭脚本shut.sh如下:

1
kill -9 $(cat save_pid.txt)

nginx反代

直接配置conf文件即可,我的配置如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
upstream codeserverdev {
# 因为code-server部署安装的时候我设置的仅本机访问,即127.0.0.1:9999
server 127.0.0.1:9999;
}

server {
listen 80;
server_name codeserver.peonycsa.com;
return 301 https://$host$request_uri;
}

server {
listen 443 ssl;
gzip on;
server_name codeserver.peonycsa.com;

# 腾讯云的免费证书
ssl_certificate /etc/nginx/cert/1_codeserver.peonycsa.com_bundle.crt;
ssl_certificate_key /etc/nginx/cert/2_codeserver.peonycsa.com.key;

ssl_session_timeout 5m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;

access_log /var/log/nginx/codeserverdev_access.log combined;
error_log /var/log/nginx/codeserverdev_error.log;

location / {
proxy_redirect off;
proxy_pass http://codeserverdev;

proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;

client_max_body_size 100m;
client_body_buffer_size 128k;

proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
}

而我的~/.config/code-server/congfig.yaml文件配置如下:

1
2
3
4
bind-addr: 127.0.0.1:9999
auth: password
password: $PASSWORD
cert: false

域名与加密

上一步其实把自域名和ssl证书在服务器上配置好了,剩下的就是在云端解析的问题了。

将域名添加DNS解析A记录,ip地址填写部署机器的公网ip即可。

域名解析

如上图,第一个红框中为子域名,第二个红框中为云服务器公网ip地址。

至于为什么我的解析是关闭的,是因为域名解析A记录与CDN加速A记录冲突,所以关闭的。

ssl证书用的是腾讯云提供的免费证书,直接在申请证书处下载,上传到服务器即可。

证书

CDN加速

我一样用的腾讯云免费送的100G的CDN加速,进入控制台,到内容分发网络配置-域名管理处添加需要加速的域名即可。

CDN加速

如上图,配置好后将CDN加速域名添加到DNS解析处。
如果该域名存在A记录,则需要将A记录暂停或删除,然后才能添加CNAME记录。

CNAME解析

第一个红框中填写子域名,如果是主域名则为空或者直接填写@,选择CNAME记录,第二个红框中填写CDN加速域名。