Merge branch 'master' of github.com:cdr/code-server

Author: geiseri

.travis.yml

@@ -27,7 +27,6 @@ before_deploy:
 - git config --local user.name "$USER_NAME"
 - git config --local user.email "$USER_EMAIL"
 - git tag "$VERSION" "$TRAVIS_COMMIT"
-- if [[ “$TRAVIS_OS_NAME” == “osx” ]]; then yarn task package $VERSION; fi
 deploy:
   provider: releases
   file_glob: true

README.md

@@ -55,6 +55,7 @@ How to [secure your setup](/doc/security/ssl.md).
 ### Known Issues
 
 - Creating custom VS Code extensions and debugging them doesn't work.
+- To debug Golang using [ms-vscode-go extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode.Go), you need to add `--security-opt seccomp=unconfined` to your `docker run` arguments when launching code-server with Docker. See [#725](https://github.com/cdr/code-server/issues/725) for details.
 
 ### Future
 - **Stay up to date!** Get notified about new releases of code-server.

build/tasks.ts

@@ -21,6 +21,8 @@ const buildServerBinary = register("build:server:binary", async (runner) => {
 	logger.info("Building with environment", field("env", {
 		NODE_ENV: process.env.NODE_ENV,
 		VERSION: process.env.VERSION,
+		OSTYPE: process.env.OSTYPE,
+		TARGET: process.env.TARGET,
 	}));
 
 	await ensureInstalled();

doc/admin/install/aws.md

@@ -11,9 +11,9 @@ If you're just starting out, we recommend [installing code-server locally](../..
 ### Use the AWS wizard
 
 - Click **Launch Instance** from your [EC2 dashboard](https://console.aws.amazon.com/ec2/v2/home).
-- Select the Ubuntu Server 16.04 LTS (HVM), SSD Volume Type (`ami-0f9cf087c1f27d9b1)` at this time of writing)
+- Select the Ubuntu Server 18.04 LTS (HVM), SSD Volume Type
 - Select an appropriate instance size (we recommend t2.medium/large, depending on team size and number of repositories/languages enabled), then **Next: Configure Instance Details**
-- Select **Next: ...** until you get to the **Configure Security Group** page, then add the default **HTTP** rule (port range "80", source "0.0.0.0/0, ::/0")
+- Select **Next: ...** until you get to the **Configure Security Group** page, then add a **Custom TCP Rule** rule with port range set to `8443` and source set to "Anywhere"
   > Rules with source of 0.0.0.0/0 allow all IP addresses to access your instance. We recommend setting [security group rules](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html?icmpid=docs_ec2_console) to allow access from known IP addresses only.
 - Click **Launch**
 - You will be prompted to create a key pair
@@ -39,15 +39,15 @@ If you're just starting out, we recommend [installing code-server locally](../..
   ```
 - Replace {version} in the following command with the version found on the releases page and run it (or just copy the download URL from the releases page):
   ```
-  wget https://github.com/cdr/code-server/releases/download/{version}/code-server-{version}-linux-x64.tar.gz
+  wget https://github.com/cdr/code-server/releases/download/{version}/code-server{version}-linux-x64.tar.gz
   ```
 - Extract the downloaded tar.gz file with this command, for example:
   ```
-  tar -xvzf code-server-{version}-linux-x64.tar.gz
+  tar -xvzf code-server{version}-linux-x64.tar.gz
   ```
 - Navigate to extracted directory with this command:
   ```
-  cd code-server-{version}-linux-x64
+  cd code-server{version}-linux-x64
   ```
 - If you run into any permission errors, make the binary executable by running:
   ```
@@ -56,14 +56,11 @@ If you're just starting out, we recommend [installing code-server locally](../..
   > To ensure the connection between you and your server is encrypted view our guide on [securing your setup](../../security/ssl.md)
 - Finally, run
   ```
-  sudo ./code-server -p 80
+  ./code-server
   ```
-- When you visit the public IP for your AWS instance, you will be greeted   with this page. Code-server is using a self-signed SSL certificate for easy setup. To proceed to the IDE, click **"Advanced"**<img src ="../../assets/chrome_warning.png">
-- Then click **"proceed anyway"**<img src="../../assets/chrome_confirm.png">
+- Open your browser and visit `https://$public_ip:8443/` (where `$public_ip` is your AWS instance's public IP address). You will be greeted with a page similar to the following screenshot. Code-server is using a self-signed SSL certificate for easy setup. In Chrome/Chromium, click **"Advanced"** then click **"proceed anyway"**. In Firefox, click **Advanced**, then **Add Exception**, then finally **Confirm Security Exception**.<img src ="../../assets/chrome_warning.png">
 
   > For instructions on how to keep the server running after you end your SSH session please checkout [how to use systemd](https://www.linode.com/docs/quick-answers/linux/start-service-at-boot/) to start linux based services if they are killed
 
-  > The `-p 80` flag is necessary in order to make the IDE accessible from the public IP of your instance (also available from the description in the instances page.
-
   ---
 > NOTE: If you get stuck or need help, [file an issue](https://github.com/cdr/code-server/issues/new?&title=Improve+self-hosted+quickstart+guide), [tweet (@coderhq)](https://twitter.com/coderhq) or [email](mailto:[email protected]?subject=Self-hosted%20quickstart%20guide).

doc/admin/install/digitalocean.md

@@ -22,15 +22,15 @@ If you're just starting out, we recommend [installing code-server locally](../..
   ```
 - Replace {version} in the following command with the version found on the releases page and run it (or just copy the download URL from the releases page):
   ```
-  wget https://github.com/cdr/code-server/releases/download/{version}/code-server-{version}-linux-x64.tar.gz
+  wget https://github.com/cdr/code-server/releases/download/{version}/code-server{version}-linux-x64.tar.gz
   ```
 - Extract the downloaded tar.gz file with this command, for example:
   ```
-  tar -xvzf code-server-{version}-linux-x64.tar.gz
+  tar -xvzf code-server{version}-linux-x64.tar.gz
   ```
 - Navigate to extracted directory with this command:
   ```
-  cd code-server-{version}-linux-x64
+  cd code-server{version}-linux-x64
   ```
 - If you run into any permission errors when attempting to run the binary:
   ```
@@ -39,11 +39,10 @@ If you're just starting out, we recommend [installing code-server locally](../..
   > To ensure the connection between you and your server is encrypted view our guide on [securing your setup](../../security/ssl.md)
 - Finally start the code-server
   ```
-  sudo ./code-server -p 80
+  ./code-server
   ```
     > For instructions on how to keep the server running after you end your SSH session please checkout [how to use systemd](https://www.linode.com/docs/quick-answers/linux/start-service-at-boot/) to start linux based services if they are killed
-- When you visit the public IP for your Digital Ocean instance, you will be greeted with this page. Code-server is using a self-signed SSL certificate for easy setup. To proceed to the IDE, click **"Advanced"**<img src ="../../assets/chrome_warning.png">
-- Then click **"proceed anyway"**<img src="../../assets/chrome_confirm.png">
+- Open your browser and visit `https://$public_ip:8443/` (where `$public_ip` is your Digital Ocean instance's public IP address). You will be greeted with a page similar to the following screenshot. Code-server is using a self-signed SSL certificate for easy setup. In Chrome/Chromium, click **"Advanced"** then click **"proceed anyway"**. In Firefox, click **Advanced**, then **Add Exception**, then finally **Confirm Security Exception**.<img src ="../../assets/chrome_warning.png">
 
 ---
 > NOTE: If you get stuck or need help, [file an issue](https://github.com/cdr/code-server/issues/new?&title=Improve+self-hosted+quickstart+guide), [tweet (@coderhq)](https://twitter.com/coderhq) or [email](mailto:[email protected]?subject=Self-hosted%20quickstart%20guide).

doc/admin/install/google_cloud.md

@@ -12,8 +12,9 @@ If you're just starting out, we recommend [installing code-server locally](../..
 - [Open your Google Cloud console](https://console.cloud.google.com/compute/instances) to create a new VM instance and click **Create Instance**
 - Choose an appropriate machine type (we recommend 2 vCPU and 7.5 GB RAM, more depending on team size and number of repositories/languages enabled)
 - Choose Ubuntu 16.04 LTS as your boot disk
-- Check the boxes for **Allow HTTP traffic** and **Allow HTTPS traffic** in the **Firewall** section
+- Expand the "Management, security, disks, networking, sole tenancy" section, go to the "Networking" tab, then under network tags add "code-server"
 - Create your VM, and **take note** of its public IP address.
+- Visit "VPC network" in the console and go to "Firewall rules". Create a new firewall rule called "http-8443". Under "Target tags" add "code-server", and under "Protocols and ports" tick "Specified protocols and ports" and "tcp". Beside "tcp", add "8443", then create the rule.
 - Copy the link to download the latest Linux binary from our [releases page](https://github.com/cdr/code-server/releases)
 
 ---
@@ -32,40 +33,34 @@ https://github.com/cdr/code-server/releases/latest
 
 - Replace {version} in the following command with the version found on the releases page and run it (or just copy the download URL from the releases page):
 ```
-wget https://github.com/cdr/code-server/releases/download/{version}/code-server-{version}-linux-x64.tar.gz
+wget https://github.com/cdr/code-server/releases/download/{version}/code-server{version}-linux-x64.tar.gz
 ```
 
 - Extract the downloaded tar.gz file with this command, for example:
 ```
-tar -xvzf code-server-{version}-linux-x64.tar.gz
+tar -xvzf code-server{version}-linux-x64.tar.gz
 ```
 
 - Navigate to extracted directory with this command:
 ```
-cd code-server-{version}-linux-x64
+cd code-server{version}-linux-x64
 ```
 
 - Make the binary executable if you run into any errors regarding permission:
 ```
 chmod +x code-server
 ```
 
-> To ensure the connection between you and your server is encrypted view our guide on [securing your setup](../security/ssl.md)
+> To ensure the connection between you and your server is encrypted view our guide on [securing your setup](../../security/ssl.md)
 
 - Start the code-server
-```
-sudo ./code-server -p 80
-```
+  ```
+  ./code-server
+  ```
+- Open your browser and visit `https://$public_ip:8443/` (where `$public_ip` is your Compute Engine instance's public IP address). You will be greeted with a page similar to the following screenshot. Code-server is using a self-signed SSL certificate for easy setup. In Chrome/Chromium, click **"Advanced"** then click **"proceed anyway"**. In Firefox, click **Advanced**, then **Add Exception**, then finally **Confirm Security Exception**.<img src ="../../assets/chrome_warning.png">
 
 > For instructions on how to keep the server running after you end your SSH session please checkout [how to use systemd](https://www.linode.com/docs/quick-answers/linux/start-service-at-boot/) to start linux based services if they are killed
 
-- Access code-server from the public IP of your Google Cloud instance we noted earlier in your browser.
-> example: 32.32.32.234
-
-- You will be greeted with this page. Code-server is using a self-signed SSL certificate for easy setup. To proceed to the IDE, click **"Advanced"**<img src ="../../assets/chrome_warning.png">
-
-- Then click **"proceed anyway"**<img src="../../assets/chrome_confirm.png">
-
 ---
 
 > NOTE: If you get stuck or need help, [file an issue](https://github.com/cdr/code-server/issues/new?&title=Improve+self-hosted+quickstart+guide), [tweet (@coderhq)](https://twitter.com/coderhq) or [email](mailto:[email protected]?subject=Self-hosted%20quickstart%20guide).

doc/assets/chrome_confirm.png

@@ -0,0 +1,15 @@
+# Fail2Ban filter for code-server
+#
+#
+
+[Definition]
+
+
+failregex = ^INFO\s+Failed login attempt\s+{\"password\":\"(\\.|[^"])*\",\"remote_address\":\"<HOST>\"
+
+ignoreregex =
+
+datepattern = "timestamp":{EPOCH}}$
+
+# Author: Dean Sheather
+

doc/security/code-server.fail2ban.conf

@@ -0,0 +1,42 @@
+# Protecting code-server from bruteforce attempts
+
+code-server outputs all failed login attempts, along with the IP address,
+provided password, user agent and timestamp by default. When using a reverse
+proxy such as Nginx or Apache, the remote address may appear to be `127.0.0.1`
+or a similar address unless the `--trust-proxy` argument is provided to
+code-server.
+
+When used with the `--trust-proxy` argument, code-server will use the last IP in
+`X-Forwarded-For` (if provided) instead of the remote socket address. Ensure
+that you are setting this value in your reverse proxy:
+
+Nginx:
+```
+location / {
+	...
+	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+	...
+}
+```
+
+Apache:
+```
+<VirtualEnv>
+	...
+	SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
+	...
+</VirtualEnv>
+```
+
+It is extremely important that if you enable `--trust-proxy` you ensure your
+code-server instance is not accessible from the internet (block it in your
+firewall).
+
+## Fail2Ban
+
+Fail2Ban allows for automatically banning and logging repeated failed
+authentication attempts for many applications through regex filters. A working
+filter for code-server can be found in `./code-server.fail2ban.conf`. Once this
+is installed and configured correctly, repeated failed login attempts should
+automatically be banned from connecting to your server.
+

doc/security/fail2ban.md

@@ -25,8 +25,7 @@ It takes just a few minutes to get your own self-hosted server running. If you'v
 > NOTE: Be careful with your password as sharing it will grant those users access to your server's file system
 
 ### Things To Know
-- When you visit the IP for your code-server, you will be greeted   with this page. Code-server is using a self-signed SSL certificate for easy setup. To proceed to the IDE, click **"Advanced"**<img src ="../assets/chrome_warning.png">
-- Then click **"proceed anyway"**<img src="../assets/chrome_confirm.png">
+- When you visit the IP for your code-server instance, you will be greeted with a page similar to the following screenshot. Code-server is using a self-signed SSL certificate for easy setup. In Chrome/Chromium, click **"Advanced"** then click **"proceed anyway"**. In Firefox, click **Advanced**, then **Add Exception**, then finally **Confirm Security Exception**.<img src ="../assets/chrome_warning.png">
 
 ## Usage
 <pre class="pre-wrap"><code>code-server<span class="virtual-br"></span> --help</code></pre>
@@ -39,21 +38,24 @@ Usage: code-server [options]
 Run VS Code on a remote server.
 
 Options:
-  -V, --version               output the version number
+  -V, --version                         output the version number
   --cert <value>
   --cert-key <value>
-  -e, --extensions-dir <dir>  Set the root path for extensions.
-  -d --user-data-dir <dir>    Specifies the directory that user data is kept in, useful when running as root.
-  --data-dir <value>          DEPRECATED: Use '--user-data-dir' instead. Customize where user-data is stored.
-  -h, --host <value>          Customize the hostname. (default: "0.0.0.0")
-  -o, --open                  Open in the browser on startup.
-  -p, --port <number>         Port to bind on. (default: 8443)
-  -N, --no-auth               Start without requiring authentication.
-  -H, --allow-http            Allow http connections.
-  -P, --password <value>      Specify a password for authentication.
-  --disable-telemetry         Disables ALL telemetry.
-  --help                      output usage information
-  ```
+  -e, --extensions-dir <dir>            Override the main default path for user extensions.
+  --extra-extensions-dir [dir]          Path to an extra user extension directory (repeatable). (default: [])
+  --extra-builtin-extensions-dir [dir]  Path to an extra built-in extension directory (repeatable). (default: [])
+  -d, --user-data-dir <dir>             Specifies the directory that user data is kept in, useful when running as root.
+  -h, --host <value>                    Customize the hostname. (default: "0.0.0.0")
+  -o, --open                            Open in the browser on startup.
+  -p, --port <number>                   Port to bind on. (default: 8443)
+  -N, --no-auth                         Start without requiring authentication.
+  -H, --allow-http                      Allow http connections.
+  --disable-telemetry                   Disables ALL telemetry.
+  --socket <value>                      Listen on a UNIX socket. Host and port will be ignored when set.
+  --trust-proxy                         Trust the X-Forwarded-For header, useful when using a reverse proxy.
+  --install-extension <value>           Install an extension by its ID.
+  -h, --help                            output usage information
+```
 
   ### Data Directory
   Use `code-server -d (path/to/directory)` or `code-server --user-data-dir=(path/to/directory)`, excluding the parentheses to specify the root folder that VS Code will start in.
@@ -80,23 +82,23 @@ Options:
 > To ensure the connection between you and your server is encrypted view our guide on [securing your setup](../security/ssl.md)
 
   ### Nginx Reverse Proxy
-  Nginx is for reverse proxy. Below is a virtual host example that works with code-server. Please also pass --allow-http. You can also use certbot by EFF to get a ssl certificates for free.
+  Below is a virtual host example that works with code-server. Please also pass `--allow-http` and `--trust-proxy` to code-server to allow the proxy to connect. You can also use Let's Encrypt to get a SSL certificates for free.
   ```
   server {
     listen 80;
     listen [::]:80;
     server_name code.example.com code.example.org;
-      location / {
-         proxy_pass http://localhost:8443/;
-         proxy_set_header Upgrade $http_upgrade;
-         proxy_set_header Connection upgrade;
-         proxy_set_header Accept-Encoding gzip;
-      }
-   }
+    location / {
+       proxy_pass http://localhost:8443/;
+       proxy_set_header Upgrade $http_upgrade;
+       proxy_set_header Connection upgrade;
+       proxy_set_header Accept-Encoding gzip;
+    }
+  }
   ```
-  
+
   ### Apache Reverse Proxy
-  Example of https virtualhost configuration for Apache as a reverse proxy. Please also pass --allow-http on code-server startup to allow the proxy to connect.
+  Example of a HTTPS virtualhost configuration for Apache as a reverse proxy. Please also pass `--allow-http` and `--trust-proxy` to code-server to allow the proxy to connect. You can also use Let's Encrypt to get a SSL certificates for free.
   ```
   <VirtualHost *:80>
     ServerName code.example.com
@@ -106,7 +108,7 @@ Options:
     RewriteRule /(.*)           ws://localhost:8443/$1 [P,L]
     RewriteCond %{HTTP:Upgrade} !=websocket [NC]
     RewriteRule /(.*)           http://localhost:8443/$1 [P,L]
-    
+
     ProxyRequests off
 
     RequestHeader set X-Forwarded-Proto https
@@ -118,6 +120,6 @@ Options:
   </VirtualHost>
   ```
   *Important:* For more details about Apache reverse proxy configuration checkout the [documentation](https://httpd.apache.org/docs/current/mod/mod_proxy.html) - especially the [Securing your Server](https://httpd.apache.org/docs/current/mod/mod_proxy.html#access) section
-  
+
   ### Help
   Use `code-server --help` to view the usage for the CLI. This is also shown at the beginning of this section.