|
| 1 | +--- |
| 2 | +title: "Configure TLS on Coder for Docker" |
| 3 | +description: Learn how to configure TLS on Coder for Docker |
| 4 | +--- |
| 5 | + |
| 6 | +This guide walks you through configuring TLS on your Coder for Docker deployment |
| 7 | +using a reverse proxy. |
| 8 | + |
| 9 | +## Requirements |
| 10 | + |
| 11 | +- A machine with [Docker Engine](https://docs.docker.com/engine/install/) and |
| 12 | + [Docker Compose](https://docs.docker.com/compose/) installed |
| 13 | +- A domain name |
| 14 | +- An SSL/TLS certificate |
| 15 | + |
| 16 | +## (Optional) Step 1: Validate the LetsEncrypt DNS |
| 17 | + |
| 18 | +> If you already have an TLS certificate, you can skip this step. |
| 19 | +
|
| 20 | +This step shows you how to get a free TLS certificate for your domain. Your |
| 21 | +domain must be set up with a |
| 22 | +[supported DNS provider](https://certbot.eff.org/hosting_providers). |
| 23 | + |
| 24 | +1. Create a `docker-compose.yaml` file with the code below (make sure that you |
| 25 | + replace the `URL`, `DNSPLUGIN`, and `EMAIL` variables with the appropriate |
| 26 | + values): |
| 27 | + |
| 28 | +```yaml |
| 29 | +version: "3" |
| 30 | +services: |
| 31 | + letsencrypt: |
| 32 | + image: linuxserver/letsencrypt |
| 33 | + container_name: letsencrypt |
| 34 | + environment: |
| 35 | + - PUID=1000 |
| 36 | + - PGID=1000 |
| 37 | + - URL=<your-domain.com> |
| 38 | + - SUBDOMAINS=wildcard |
| 39 | + - VALIDATION=dns |
| 40 | + - DNSPLUGIN="<dns-provider>" |
| 41 | + - EMAIL=eric@coder.com |
| 42 | + - DHLEVEL=4096 |
| 43 | + volumes: |
| 44 | + - "~/letsencrypt:/config" |
| 45 | + restart: unless-stopped |
| 46 | +``` |
| 47 | +
|
| 48 | +Leave the `volumes` section of the code snippet as-is. Docker will automatically |
| 49 | +create the `~/letsencrypt` folder and populate it with the contents of the |
| 50 | +container. In this case, the contents will be `.ini` files for your DNS |
| 51 | +provider. |
| 52 | + |
| 53 | +1. Run `docker-compose up -d`, and navigate to `~/letsencrypt/dns-conf`. |
| 54 | + |
| 55 | +1. Update your DNS provider's `.ini` file with the requested values. |
| 56 | + |
| 57 | +1. Restart the container by running `docker-compose restart letsencrypt`. |
| 58 | + |
| 59 | +You should now see your TLS certificate file in |
| 60 | +`~/letsencrypt/etc/letsencrypt/live/example.com` |
| 61 | + |
| 62 | +## Step 2: Configure the Nginx reverse proxy and the Coder container |
| 63 | + |
| 64 | +To properly start the NGINX reverse proxy, you'll need an `nginx.conf` file |
| 65 | +present on the host machine. |
| 66 | + |
| 67 | +1. Create a `docker-compose.yaml` file if you have not yet done so. |
| 68 | + |
| 69 | +1. Create an `nginx` folder in the same directory as your `docker-compose.yaml` |
| 70 | + file. |
| 71 | + |
| 72 | +1. Create an `nginx.conf` file inside of the `nginx` directory that includes the |
| 73 | + following code (make sure that you replace each `<your-domain.com>` string |
| 74 | + with your domain): |
| 75 | + |
| 76 | + > If you skipped **Step 1**, replace the `ssl_certificate` & |
| 77 | + > `ssl_certificate_key` paths with the path to your certificate files. |
| 78 | + |
| 79 | +```console |
| 80 | +worker_processes 1; |
| 81 | +
|
| 82 | +events { |
| 83 | + worker_connections 1024; |
| 84 | +} |
| 85 | +
|
| 86 | +http { |
| 87 | + default_type application/octet-stream; |
| 88 | + map $http_upgrade $connection_upgrade { |
| 89 | + default upgrade; |
| 90 | + '' close; |
| 91 | + } |
| 92 | +
|
| 93 | + server { |
| 94 | + listen 80; |
| 95 | + listen [::]:80; |
| 96 | + server_name <your-domain.com>; |
| 97 | +
|
| 98 | + error_page 500 502 503 504 /50x.html; |
| 99 | + location = /50x.html { |
| 100 | + root /usr/share/nginx/html; |
| 101 | + } |
| 102 | +
|
| 103 | + location / { |
| 104 | + proxy_pass http://coder:7080; |
| 105 | + proxy_http_version 1.1; |
| 106 | + proxy_set_header Upgrade $http_upgrade; |
| 107 | + proxy_set_header Connection "Upgrade"; |
| 108 | + proxy_set_header Host $host; |
| 109 | + proxy_set_header X-Real-IP $remote_addr; |
| 110 | + } |
| 111 | + } |
| 112 | +
|
| 113 | + server { |
| 114 | + listen 443 ssl; |
| 115 | + server_name <your-domain.com>; |
| 116 | + ssl_certificate /letsencrypt/etc/letsencrypt/live/<your-domain.com>/cert.pem; |
| 117 | + ssl_certificate_key /letsencrypt/etc/letsencrypt/live/<your-domain.com>/privkey.pem; |
| 118 | + ssl_session_cache shared:SSL:1m; |
| 119 | + ssl_session_timeout 5m; |
| 120 | + ssl_ciphers HIGH:!aNULL:!MD5; |
| 121 | + ssl_prefer_server_ciphers on; |
| 122 | + location / { |
| 123 | + proxy_pass http://coder:7080; |
| 124 | + proxy_http_version 1.1; |
| 125 | + proxy_set_header Upgrade $http_upgrade; |
| 126 | + proxy_set_header Connection "Upgrade"; |
| 127 | + proxy_set_header Host $host; |
| 128 | + proxy_set_header X-Real-IP $remote_addr; |
| 129 | + } |
| 130 | + } |
| 131 | +
|
| 132 | + sendfile on; |
| 133 | + keepalive_timeout 65; |
| 134 | + proxy_connect_timeout 90; |
| 135 | + proxy_send_timeout 90; |
| 136 | + proxy_read_timeout 90; |
| 137 | +} |
| 138 | +``` |
| 139 | + |
| 140 | +1. Add the following code to your `docker-compose.yaml` file: |
| 141 | + |
| 142 | +```yaml |
| 143 | +nginx: |
| 144 | + container_name: nginx |
| 145 | + hostname: reverse |
| 146 | + image: nginx |
| 147 | + ports: |
| 148 | + - 80:80 |
| 149 | + - 443:443 |
| 150 | + volumes: |
| 151 | + - "nginx:/etc/nginx" |
| 152 | + - "~/letsencrypt:/letsencrypt/" |
| 153 | +coder: |
| 154 | + hostname: coder |
| 155 | + image: codercom/coder:1.25.1 |
| 156 | + container_name: coder |
| 157 | + volumes: |
| 158 | + - /var/run/docker.sock:/var/run/docker.sock |
| 159 | + - ~/.coder:/var/run/coder |
| 160 | + ports: |
| 161 | + - 7080:7080 |
| 162 | + environment: |
| 163 | + - DEVURL_HOST="*.<your-domain.com>" |
| 164 | +``` |
| 165 | + |
| 166 | +> The `~/letsecnrypt:/letsencrypt/` volume definition is required only if you |
| 167 | +> followed **Step 1**. |
| 168 | + |
| 169 | +## Step 3: Configure and access Coder |
| 170 | + |
| 171 | +Now that NGINX and the Coder containers are configured, run your Docker Compose |
| 172 | +file: |
| 173 | + |
| 174 | +```console |
| 175 | +docker-compose up -d |
| 176 | +``` |
| 177 | + |
| 178 | +Finally, in the Coder UI, navigate to **Manage** > **Admin** > |
| 179 | +**Infrastructure**. and provide your domain name in the **Access URL** field. |
| 180 | + |
| 181 | +You should now be able to access Coder via your secure domain. |
0 commit comments