Vultr DocsLatest Docs

Install Code-Server on Ubuntu 18.04 LTS

Code-ServerNGINXUbuntu
Updated on December 2, 2020
Install Code-Server on Ubuntu 18.04 LTS header image

Introduction

Code-server is an open-source server application that serves Visual Studio Code on a remote server, accessible through a browser. Code-server allows developers to access their development environment from anywhere, as well as to have a consistent development environment across different devices. It allows leveraging powerful cloud servers to speed-up compilations and tests, and to save battery when on the go.

This tutorial will guide you through the process of installing code-server on an Ubuntu 18.04 LTS VPS, and securing the installation with SSL and fail2ban.

Prerequisites

The following are required to successfully follow along the tutorial:

  • A Vultr Cloud Compute instance (Min. Recommended: 4 GB RAM, 2 CPUs)
  • A valid domain name pointing to the instance (Required for setting up SSL)
  • SSH access to the instance as root

Install Code-Server

Download the latest release of code-server from the official repository.

cd /home
wget https://github.com/cdr/code-server/releases/download/2.1688-vsc1.39.2/code-server2.1688-vsc1.39.2-linux-x86_64.tar.gz

Untar the downloaded archive and rename the extracted folder.

tar -xvzf code-server2.1688-vsc1.39.2-linux-x86_64.tar.gz && rm code-server2.1688-vsc1.39.2-linux-x86_64.tar.gz
mv code-server2.1688-vsc1.39.2-linux-x86_64 code-server

Make the code-server binary executable.

cd code-server
chmod +x code-server

Run code-server.

./code-server --port 8000

Navigate to http://<YOUR-SERVER-IP>:8000 in a browser window. You will be prompted for a password. Use the password displayed in the SSH terminal. The Visual Studio Code interface will open up. To stop the server, press Ctrl + C in the SSH terminal.

Run Code-Server on Startup

To run code-server on system startup, you can install it as a service. We will be using Linux's systemd service manager to create a service for code-server.

Create a new unit file for the code-server service.

nano /lib/systemd/system/code-server.service

Paste the following snippet into the file, replacing <password> with a strong password of your choice. This will be the password you will use to login to code-server.

[Unit]
Description=Code Server Service
After=network.target

[Service]
Type=simple
Restart=on-failure
RestartSec=10
WorkingDirectory=/home/code-server
Environment="PASSWORD=<password>"
ExecStart=/home/code-server/code-server --port 8000
StandardOutput=file:/var/log/code-server-output.log
StandardError=file:/var/log/code-server-error.log

[Install]
WantedBy=multi-user.target

Enable and start the newly created service.

systemctl enable code-server
systemctl start code-server

Navigate to http://<YOUR-SERVER-IP>:8000 in a browser window. Use the password you chose earlier to login to code-server. The Visual Studio Code interface will open up upon successful authentication

Setup an Nginx Reverse Proxy

To access your installation over a domain name and to add an SSL certificate for security, it is recommended to setup a reverse proxy. We will be using the Nginx web server as a reverse proxy to access the code-server installation.

Download and install Nginx.

apt-get update
apt-get install nginx

Disable the default Nginx site configuration file.

rm /etc/nginx/sites-enabled/default

Create a new Nginx site configuration file for code-server.

nano /etc/nginx/sites-available/code-server

Paste the following snippet into the file, replacing example.com with your own domain name.

server {
  listen 80;
  listen [::]:80;
  server_name example.com www.example.com;
  location / {
      proxy_pass http://localhost:8000/;
      proxy_set_header Host $host;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection upgrade;
      proxy_set_header Accept-Encoding gzip;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
}

Enable the configuration and restart the Nginx web server.

ln -s /etc/nginx/sites-available/code-server /etc/nginx/sites-enabled/
systemctl restart nginx

Allow SSH and Nginx connections through the firewall, and enable the firewall. This will ensure that the code-server installation is only accessible through the Nginx reverse proxy.

ufw allow ssh
ufw allow 'Nginx Full'
ufw enable

Navigate to your domain name to test the installation.

Install an SSL Certificate

For enhanced security when using the code-server installation over the internet, the developers of code-server recommended installing an SSL certificate. The Certbot application automates the process of obtaining and installing a free Let's Encrypt SSL certificate.

Download and install Certbot.

apt-get install python-certbot-nginx

Execute the following command to launch Certbot's command-line installer, replacing example.com with your own domain name.

certbot --nginx -d example.com -d www.example.com

Proceed through the interactive installer. When asked whether or not to redirect HTTP traffic to HTTPS, choose to redirect.

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/code-server
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/code-server

Install fail2ban

The developers of code-server suggest setting up fail2ban to monitor code-server's log for protection against brute-force attacks. Fail2ban is an application that parses logs to detect and mitigate automated attacks on a server. When a predefined number of unsuccessful login attempts are detected, fail2ban will alter the server's iptables to block the attacker for a predefined amount of time.

Install setuptools. This is required to install fail2ban.

apt-get install python3-setuptools -y

Download and install fail2ban.

git clone https://github.com/fail2ban/fail2ban.git
cd fail2ban
sudo python3 setup.py install
cp build/fail2ban.service /lib/systemd/system/fail2ban.service
cd .. && rm -rf fail2ban

Copy the default configuration file jails.conf to jails.local and open the copied file in a text editor.

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
nano /etc/fail2ban/jail.local

Paste the following snippet at the bottom of the file. You can change the maxretry, findtime, and bantime parameters.

[code-server]
enabled   = true
logpath   = /var/log/code-server-output.log
# maxretry: The amount of unsuccessful login attempts after which a ban is issued.
maxretry  = 5
# findtime: The amount of time within which the login attempts must occur.
findtime  = 10m
# bantime: The amount of time for which an IP is banned from accessing the server.
bantime   = 10m

Create a new filter configuration file to define the filter pattern to find unsuccessful login attempts in the code-server log.

nano /etc/fail2ban/filter.d/code-server.conf

Paste the following snippet into the file.

[Definition]
failregex = Failed login attempt {\"xForwardedFor\":\"<HOST>\".*
ignoreregex =
datepattern = "timestamp":{EPOCH}}$

Restart the rsyslog service and enable and start the fail2ban service.

systemctl restart rsyslog.service
systemctl enable fail2ban.service
systemctl start fail2ban.service

Conclusion

At this point we have successfully setup a code-server installation serving Visual Studio Code on a Vultr Cloud Compute instance, secured with SSL and fail2ban. Navigate to https://example.com in a browser window to begin setting up your development environment.