Add UI around ports

[oguzgelal]

My apologies if there's already a way to do this, but it looks like there isn't.

For me there's really no use case to secure the proxied ports, but I do like code-server running behind authentication wall so I don't want to disable the whole thing. It'd be great if there was an option like code-server --disable-proxy-auth that would allow /proxy/<port> requests to go through.

[nhooyr]

Yea some UI around here to control which ports can be proxied and with or without auth would be really nice.

[avaidyam]

@nhooyr Has there been any progress on this? If not, where would the relevant code be so that I may take a peek?

[code-asher]

We haven't done anything here yet.

Authentication for the path proxy:

https://github.com/cdr/code-server/blob/32d882a50740e200eb1ba169d3a0bdcf2eeffc1e/src/node/routes/pathProxy.ts#L25

Authentication for the domain proxy:

https://github.com/cdr/code-server/blob/32d882a50740e200eb1ba169d3a0bdcf2eeffc1e/src/node/routes/domainProxy.ts#L42

A command line flag feels like an unfortunate way to implement this to me (definitely easy though) so in my mind we'd add to our /api endpoint (/api/proxy maybe) a way to list/add/remove/auth/deauth proxied ports and then write a very simple VS Code plugin that we ship as a built-in which lets you manage the proxy using that API endpoint.

[avaidyam]

@code-asher I agree with you! However, I think it's still better to have a stopgap --no-proxy-auth flag than to not support it at all. Or perhaps, --proxy vs. --proxy-without-auth.

[code-asher]

I'm on the fence; I would definitely rather not have to maintain a feature we only added as a stop-gap. 😄

I'm also quite wary of a feature that disables auth entirely for the proxy since that defeats having auth at all (you can proxy code-server itself, for example).

[code-asher]

We could have the flag take port numbers instead but personally I feel doing it properly from the get-go is the right answer. I'll go ahead and add this to the next milestone; if someone doesn't take it in the next week or so I'll put it on my todo list. It'd be great to have our own built-in plugin anyway for adding other features into VS Code that we've been wanting.

[code-asher]

Actually proxying to code-server wouldn't let you in, you'd just get the login page...not sure what I was thinking there. I do think it's sketchy though since you can access any port on the machine without authenticating which sounds like a security nightmare. 😆

[avaidyam]

@code-asher I'm running a multi-user VSCode setup (using code-server on Docker Swarm) sitting behind Traefik (a load balancer), so this is where I'm coming from. Right now I manually create a rule for say, p3000.mydomain.com to point to port 3000 on the instance (and mydomain.com points to port 8080 on the instance).

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no activity occurs in the next 5 days.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no activity occurs in the next 5 days.