diff --git a/docs/admin/networking/high-availability.md b/docs/admin/networking/high-availability.md index 7dee70a2930fc..b1434b22b2311 100644 --- a/docs/admin/networking/high-availability.md +++ b/docs/admin/networking/high-availability.md @@ -32,7 +32,7 @@ connect to the same Postgres endpoint. HA brings one configuration variable to set in each Coderd node: `CODER_DERP_SERVER_RELAY_URL`. The HA nodes use these URLs to communicate with each other. Inter-node communication is only required while using the embedded -relay (default). If you're using [custom relays](./index.md#custom-relays), +relay (default). If you're using [custom relays](./more-networking/index.md#custom-relays), Coder ignores `CODER_DERP_SERVER_RELAY_URL` since Postgres is the sole rendezvous for the Coder nodes. diff --git a/docs/admin/networking/index.md b/docs/admin/networking/index.md index e85c196daa619..60e9210011893 100644 --- a/docs/admin/networking/index.md +++ b/docs/admin/networking/index.md @@ -1,80 +1,66 @@ # Networking -Coder's network topology has three types of nodes: workspaces, coder servers, -and users. +The pages in this section outline Coder's networking stack and how aspects +connect to or interact with each other. -The coder server must have an inbound address reachable by users and workspaces, +This page is a high-level reference of Coder's network topology, requirements, +and connection types. + +![Basic user to Coder diagram](../../images/admin/networking/network-stack/network-user-workspace.png) + +For more in-depth information, visit our docs on [connections and geo-distribution](./more-networking/index.md) or [the underlying networking stack and Coder agent](./more-networking/underlying-stack.md), or use the [troubleshooting doc](./troubleshooting.md) for ways to resolve common issues. + +## Coder server, workspaces, users + +Coder's network topology has three general types of nodes or ways of interacting +with Coder: + +- Coder servers +- Workspaces +- Users + +The Coder server must have an inbound address reachable by users and workspaces, but otherwise, all topologies _just work_ with Coder. When possible, we establish direct connections between users and workspaces. Direct connections are as fast as connecting to the workspace outside of Coder. -When NAT traversal fails, connections are relayed through the coder server. All +When NAT traversal fails, connections are relayed through the Coder server. All user-workspace connections are end-to-end encrypted. -[Tailscale's open source](https://tailscale.com) backs our websocket/HTTPS -networking logic. +Coder establishes network connections with an embedded version of [Tailscale](https://tailscale.com)'s open source data plane. ## Requirements +Coder’s networking is designed to support a wide range of infrastructure targets. +Because of that, there are very few requirements for running Coder in your network: + +- The central server (coderd) needs port 443 to be open for HTTPS and websocket traffic +- Workspaces, clients (developer laptops), and provisioners only need to reach the Coder server and establish a websocket connection. No ports need to be open. + In order for clients and workspaces to be able to connect: +- All clients and agents must be able to establish a connection to the Coder + server (`CODER_ACCESS_URL`) over HTTP/HTTPS. +- Any reverse proxy or ingress between the Coder control plane and + clients/agents must support WebSockets. + > [!NOTE] > We strongly recommend that clients connect to Coder and their > workspaces over a good quality, broadband network connection. The following > are minimum requirements: > -> - better than 400ms round-trip latency to the Coder server and to their +> - Better than 400ms round-trip latency to the Coder server and to their > workspace -> - better than 0.5% random packet loss - -- All clients and agents must be able to establish a connection to the Coder - server (`CODER_ACCESS_URL`) over HTTP/HTTPS. -- Any reverse proxy or ingress between the Coder control plane and - clients/agents must support WebSockets. +> - Better than 0.5% random packet loss -In order for clients to be able to establish direct connections: +## Coder server -> [!NOTE] -> Direct connections via the web browser are not supported. To improve -> latency for browser-based applications running inside Coder workspaces in -> regions far from the Coder control plane, consider deploying one or more -> [workspace proxies](./workspace-proxies.md). - -- The client is connecting using the CLI (e.g. `coder ssh` or - `coder port-forward`). Note that the - [VSCode extension](https://marketplace.visualstudio.com/items?itemName=coder.coder-remote) - and [JetBrains Plugin](https://plugins.jetbrains.com/plugin/19620-coder/), and - [`ssh coder.`](../../reference/cli/config-ssh.md) all utilize the - CLI to establish a workspace connection. -- Either the client or workspace agent are able to discover a reachable - `ip:port` of their counterpart. If the agent and client are able to - communicate with each other using their locally assigned IP addresses, then a - direct connection can be established immediately. Otherwise, the client and - agent will contact - [the configured STUN servers](../../reference/cli/server.md#--derp-server-stun-addresses) - to try and determine which `ip:port` can be used to communicate with their - counterpart. See [STUN and NAT](./stun.md) for more details on how this - process works. -- All outbound UDP traffic must be allowed for both the client and the agent on - **all ports** to each others' respective networks. - - To establish a direct connection, both agent and client use STUN. This - involves sending UDP packets outbound on `udp/3478` to the configured - [STUN server](../../reference/cli/server.md#--derp-server-stun-addresses). - If either the agent or the client are unable to send and receive UDP packets - to a STUN server, then direct connections will not be possible. - - Both agents and clients will then establish a - [WireGuard](https://www.wireguard.com/)️ tunnel and send UDP traffic on - ephemeral (high) ports. If a firewall between the client and the agent - blocks this UDP traffic, direct connections will not be possible. - -## coder server - -Workspaces connect to the coder server via the server's external address, set +Workspaces connect to the Coder server via the server's external address, set via [`ACCESS_URL`](../../admin/setup/index.md#access-url). There must not be a -NAT between workspaces and coder server. +NAT between workspaces and the Coder server. -Users connect to the coder server's dashboard and API through its `ACCESS_URL` -as well. There must not be a NAT between users and the coder server. +Users connect to the Coder server's dashboard and API through its `ACCESS_URL` +as well. There must not be a NAT between users and the Coder server. Template admins can overwrite the site-wide access URL at the template level by leveraging the `url` argument when @@ -91,113 +77,17 @@ and the Coder server. ## Web Apps -The coder servers relays dashboard-initiated connections between the user and -the workspace. Web terminal <-> workspace connections are an exception and may -be direct. +The Coder server relays dashboard-initiated connections between the user and +the workspace. +Connections between the web terminal and workspace are an exception and may be +direct. In general, [port forwarded](./port-forwarding.md) web apps are faster than dashboard-accessed web apps. -## 🌎 Geo-distribution - -### Direct connections - -Direct connections are a straight line between the user and workspace, so there -is no special geo-distribution configuration. To speed up direct connections, -move the user and workspace closer together. - -Establishing a direct connection can be an involved process because both the -client and workspace agent will likely be behind at least one level of NAT, -meaning that we need to use STUN to learn the IP address and port under which -the client and agent can both contact each other. See [STUN and NAT](./stun.md) -for more information on how this process works. - -If a direct connection is not available (e.g. client or server is behind NAT), -Coder will use a relayed connection. By default, -[Coder uses Google's public STUN server](../../reference/cli/server.md#--derp-server-stun-addresses), -but this can be disabled or changed for -[offline deployments](../../install/offline.md). - -### Relayed connections - -By default, your Coder server also runs a built-in DERP relay which can be used -for both public and [offline deployments](../../install/offline.md). - -However, our Wireguard integration through Tailscale has graciously allowed us -to use -[their global DERP relays](https://tailscale.com/kb/1118/custom-derp-servers/#what-are-derp-servers). -You can launch `coder server` with Tailscale's DERPs like so: - -```bash -coder server --derp-config-url https://controlplane.tailscale.com/derpmap/default -``` - -#### Custom Relays - -If you want lower latency than what Tailscale offers or want additional DERP -relays for offline deployments, you may run custom DERP servers. Refer to -[Tailscale's documentation](https://tailscale.com/kb/1118/custom-derp-servers/#why-run-your-own-derp-server) -to learn how to set them up. - -After you have custom DERP servers, you can launch Coder with them like so: - -```json -# derpmap.json -{ - "Regions": { - "1": { - "RegionID": 1, - "RegionCode": "myderp", - "RegionName": "My DERP", - "Nodes": [ - { - "Name": "1", - "RegionID": 1, - "HostName": "your-hostname.com" - } - ] - } - } -} -``` - -```bash -coder server --derp-config-path derpmap.json -``` - -### Dashboard connections - -The dashboard (and web apps opened through the dashboard) are served from the -coder server, so they can only be geo-distributed with High Availability mode in -our Premium Edition. [Reach out to Sales](https://coder.com/contact) to learn -more. - -## Browser-only connections - -> [!NOTE] -> Browser-only connections is an Enterprise and Premium feature. -> [Learn more](https://coder.com/pricing#compare-plans). - -Some Coder deployments require that all access is through the browser to comply -with security policies. In these cases, pass the `--browser-only` flag to -`coder server` or set `CODER_BROWSER_ONLY=true`. - -With browser-only connections, developers can only connect to their workspaces -via the web terminal and -[web IDEs](../../user-guides/workspace-access/web-ides.md). - -### Workspace Proxies - -> [!NOTE] -> Workspace proxies are an Enterprise and Premium feature. -> [Learn more](https://coder.com/pricing#compare-plans). - -Workspace proxies are a Coder Enterprise feature that allows you to provide -low-latency browser experiences for geo-distributed teams. - -To learn more, see [Workspace Proxies](./workspace-proxies.md). - ## Up next -- Learn about [Port Forwarding](./port-forwarding.md) - Troubleshoot [Networking Issues](./troubleshooting.md) +- [More about Coder networking](./more-networking/index.md) +- [Underlying networking stack](./more-networking/underlying-stack.md) +- Learn about [Port Forwarding](./port-forwarding.md) diff --git a/docs/admin/networking/more-networking/index.md b/docs/admin/networking/more-networking/index.md new file mode 100644 index 0000000000000..986e438c2a0b0 --- /dev/null +++ b/docs/admin/networking/more-networking/index.md @@ -0,0 +1,170 @@ +# Connections and geo-distribution + +## SSH and browser connections + +Coder workspaces have SSH support which allows the use of desktop editors such +as VS Code remote connections and JetBrains Gateway. + +![Diagram of SSH and browser connections](../../../images/admin/networking/network-stack/network-diagram-ssh-browser.png) + +SSH connections require that you open port 443 on the server. + +Coder does not require workspaces to have port 22 open, an OpenSSH server running, +nor SSH keys. +Instead, Coder mimics SSH over an HTTPS tunnel and uses the user’s session token +through the CLI to authenticate. +This is more secure and portable than SSH relays, bastion hosts, and other methods +because it ensures that only the proper user session can establish SSH connections. + +Administrators can disable this by enabling [browser-only mode](#browser-only-connections), +allowing only connections to workspaces through the browser like code-server, +web terminal, web RDP, and others. + +### Browser-only connections + +> [!NOTE] +> Browser-only connections is an Enterprise and Premium feature. +> [Learn more](https://coder.com/pricing#compare-plans). + +Some Coder deployments require that all access is through the browser to comply +with security policies. In these cases, pass the `--browser-only` flag to +`coder server` or set `CODER_BROWSER_ONLY=true`. + +With browser-only connections, developers can only connect to their workspaces +via the web terminal and +[web IDEs](../../../user-guides/workspace-access/web-ides.md). + +## 🌎 Geo-distribution + +Workspace proxies and provisioners can be deployed for low-latency access to +workspaces for distributed teams. + +By default, Coder will attempt to create direct peer-to-peer connections between +the client (developer laptop) and workspace. +If this doesn’t work, the end result will be transparent to the end user because +Coder will fall back to connections relayed to the control plane. + +Since Coder supports deploying resources in multiple regions, developers will want a fast connection to those workspaces. Workspace proxies are designed to relay traffic to workspaces without having to route traffic to the central Coder server. Both web traffic and SSH traffic is relayed through workspace proxies. + +### Workspace Proxies + +[Workspace Proxies](../workspace-proxies.md) are a +[Premium](https://coder.com/pricing#compare-plans) feature that allows you to +provide low-latency browser experiences for geo-distributed teams. + +### Direct connections + +Direct connections reduce latency and improve upload and download speeds for developers. +However, there are many scenarios where direct connections cannot be established, +such as when the Coder [administrators disable direct connections](../../../reference/cli/server.md#--block-direct-connections). + +![Diagram of a direct connection](../../../images/admin/networking/network-stack/network-diagram-direct-connection.png) + +Consult the [direct connections section](../troubleshooting.md#common-problems-with-direct-connections) +of the troubleshooting guide for more information. +The troubleshooting guide also explains how to identify if a connection is direct +or not via the `coder ping` command. + +Ideally, to speed up direct connections, move the user and workspace closer together. + +Establishing a direct connection can be an involved process because both the +client and workspace agent will likely be behind at least one level of NAT, +meaning that we need to use STUN to learn the IP address and port under which +the client and agent can both contact each other. See [STUN and NAT](../stun.md) +for more information on how this process works. + +If a direct connection is not available (e.g. client or server is behind NAT), +Coder will use a relayed connection. By default, +[Coder uses Google's public STUN server](../../../reference/cli/server.md#--derp-server-stun-addresses), +but this can be disabled or changed for +[offline deployments](../../../install/offline.md). + +In order for clients to be able to establish direct connections: + +> **Note:** Direct connections via the web browser are not supported. To improve +> latency for browser-based applications running inside Coder workspaces in +> regions far from the Coder control plane, consider deploying one or more +> [workspace proxies](../workspace-proxies.md). + +- The client is connecting using the CLI (e.g. `coder ssh` or + `coder port-forward`). Note that the + [VSCode extension](https://marketplace.visualstudio.com/items?itemName=coder.coder-remote) + and [JetBrains Plugin](https://plugins.jetbrains.com/plugin/19620-coder/), and + [`ssh coder.`](../../../reference/cli/config-ssh.md) all utilize the + CLI to establish a workspace connection. +- Either the client or workspace agent are able to discover a reachable + `ip:port` of their counterpart. If the agent and client are able to + communicate with each other using their locally assigned IP addresses, then a + direct connection can be established immediately. Otherwise, the client and + agent will contact + [the configured STUN servers](../../../reference/cli/server.md#--derp-server-stun-addresses) + to try and determine which `ip:port` can be used to communicate with their + counterpart. See [STUN and NAT](../stun.md) for more details on how this + process works. +- All outbound UDP traffic must be allowed for both the client and the agent on + **all ports** to each others' respective networks. + - To establish a direct connection, both agent and client use STUN. This + involves sending UDP packets outbound on `udp/3478` to the configured + [STUN server](../../../reference/cli/server.md#--derp-server-stun-addresses). + If either the agent or the client are unable to send and receive UDP packets + to a STUN server, then direct connections will not be possible. + - Both agents and clients will then establish a + [WireGuard](https://www.wireguard.com/)️ tunnel and send UDP traffic on + ephemeral (high) ports. If a firewall between the client and the agent + blocks this UDP traffic, direct connections will not be possible. + +### Relayed connections + +By default, your Coder server also runs a built-in DERP relay which can be used +for both public and [offline deployments](../../../install/offline.md). + +![Diagram of a relayed connection](../../../images/admin/networking/network-stack/network-diagram-relayed-connection.png) + +However, our Wireguard integration through Tailscale has graciously allowed us +to use +[their global DERP relays](https://tailscale.com/kb/1118/custom-derp-servers/#what-are-derp-servers). +You can launch `coder server` with Tailscale's DERPs like so: + +```bash +coder server --derp-config-url https://controlplane.tailscale.com/derpmap/default +``` + +#### Custom Relays + +If you want lower latency than what Tailscale offers or want additional DERP +relays for offline deployments, you may run custom DERP servers. Refer to +[Tailscale's documentation](https://tailscale.com/kb/1118/custom-derp-servers/#why-run-your-own-derp-server) +to learn how to set them up. + +After you have custom DERP servers, you can launch Coder with them like so: + +```json +# derpmap.json +{ + "Regions": { + "1": { + "RegionID": 1, + "RegionCode": "myderp", + "RegionName": "My DERP", + "Nodes": [ + { + "Name": "1", + "RegionID": 1, + "HostName": "your-hostname.com" + } + ] + } + } +} +``` + +```bash +coder server --derp-config-path derpmap.json +``` + +### Dashboard connections + +The dashboard (and web apps opened through the dashboard) are served from the +Coder server, so they can only be geo-distributed with High Availability mode in +our Premium Edition. [Reach out to Sales](https://coder.com/contact) to learn +more. diff --git a/docs/admin/networking/more-networking/underlying-stack.md b/docs/admin/networking/more-networking/underlying-stack.md new file mode 100644 index 0000000000000..21ec141f8f9c2 --- /dev/null +++ b/docs/admin/networking/more-networking/underlying-stack.md @@ -0,0 +1,63 @@ +# Underlying networking stack + +The underlying networking stack includes [Wireguard](https://www.wireguard.com/) (implemented through [Tailscale](https://tailscale.com)), DERP, and STUN. +Additionally, a Coder agent runs within workspaces to establish connections to the Coder server. + +## Wireguard through Tailscale + +Establishes Wireguard tunnels between the client, server, and provisioners. + +This includes the following protocols: + +- DERP: + - Built-in "relays” that help route connections from the client to the workspace through the central Coder server or workspace proxies. + + Each server and workspace proxy has a DERP server included. We do not really recommend self-hosting DERP outside of what is bundled in Coder, but it is possible. We have docs on how to use Tailscale’s public DERP servers, but this is off by default. +- STUN: + - Helps establish direct peer-2-peer connections. + + No user traffic is routed through it. + By default, the Coder server will attempt to use Google’s STUN servers. + +This implementation of Wireguard ensures portable networking that “just works” without lots of configuration. +Administrators only need to open one HTTPS port on the server instead of needing to set up different relays for HTTPS, SSH, UDP, Generic TCP, and others. +It works for global deployments or single deployments with a mesh network architecture, and users can establish direct peer-to-peer connections when enabled. + +### Wireguard / Tailscale FAQ + +- Does Coder reach out to Tailscale’s servers? + - No + +- Does this networking work offline? + - Yes + +- Does this networking work with ? + - Yes + +- Does this networking work with ? + - Yes + +- Does this networking work with ? + - Yes + +- Can direct connections be disabled? + - Yes + +- Can SSH be disabled or browser only be enforced? + - Yes + +- Can I use something besides Tailscale for connections? + - Technically, yes. But this is not well documented. + + The agent uses Tailscale to stream logs, but users can technically connect to your workspaces via port 22 and SSH keys and not use Coder’s authentication. We are exploring ways to allow a “hybrid” approach where Tailscale is used for internal log streaming but users must connect via generic SSH, Teleport, or similar. + +- Are direct connections faster than relayed? + - Yes + +## Coder agent + +Coder agent runs within workspaces to establish a connection to the Coder server so that users can connect to their workspace and access things within the workspace such as the terminal and ports running on the workspace. +This connection between the user and the workspace always requires an authenticated Coder session. + +As long as the agent can reach port 443 on the Coder server, a connection can be established between the agent and the coderd process. +The agent typically uses a token to authenticate with coderd. diff --git a/docs/images/admin/networking/network-stack/network-diagram-direct-connection.png b/docs/images/admin/networking/network-stack/network-diagram-direct-connection.png new file mode 100644 index 0000000000000..e353ff305f40d Binary files /dev/null and b/docs/images/admin/networking/network-stack/network-diagram-direct-connection.png differ diff --git a/docs/images/admin/networking/network-stack/network-diagram-relayed-connection.png b/docs/images/admin/networking/network-stack/network-diagram-relayed-connection.png new file mode 100644 index 0000000000000..d3f62ff8e139e Binary files /dev/null and b/docs/images/admin/networking/network-stack/network-diagram-relayed-connection.png differ diff --git a/docs/images/admin/networking/network-stack/network-diagram-ssh-browser.png b/docs/images/admin/networking/network-stack/network-diagram-ssh-browser.png new file mode 100644 index 0000000000000..9bc5eb089cfbd Binary files /dev/null and b/docs/images/admin/networking/network-stack/network-diagram-ssh-browser.png differ diff --git a/docs/images/admin/networking/network-stack/network-user-workspace.png b/docs/images/admin/networking/network-stack/network-user-workspace.png new file mode 100644 index 0000000000000..d148c6f6486f1 Binary files /dev/null and b/docs/images/admin/networking/network-stack/network-user-workspace.png differ diff --git a/docs/install/offline.md b/docs/install/offline.md index d836a5e8e3728..17563e7c979b0 100644 --- a/docs/install/offline.md +++ b/docs/install/offline.md @@ -6,15 +6,15 @@ environments. However, some changes to your configuration are necessary. This is a general comparison. Keep reading for a full tutorial running Coder offline with Kubernetes or Docker. -| | Public deployments | Offline deployments | -|--------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| Terraform binary | By default, Coder downloads Terraform binary from [releases.hashicorp.com](https://releases.hashicorp.com) | Terraform binary must be included in `PATH` for the VM or container image. [Supported versions](https://github.com/coder/coder/blob/main/provisioner/terraform/install.go#L23-L24) | -| Terraform registry | Coder templates will attempt to download providers from [registry.terraform.io](https://registry.terraform.io) or [custom source addresses](https://developer.hashicorp.com/terraform/language/providers/requirements#source-addresses) specified in each template | [Custom source addresses](https://developer.hashicorp.com/terraform/language/providers/requirements#source-addresses) can be specified in each Coder template, or a custom registry/mirror can be used. More details below | -| STUN | By default, Coder uses Google's public STUN server for direct workspace connections | STUN can be safely [disabled](../reference/cli/server.md#--derp-server-stun-addresses) users can still connect via [relayed connections](../admin/networking/index.md#-geo-distribution). Alternatively, you can set a [custom DERP server](../reference/cli/server.md#--derp-server-stun-addresses) | -| DERP | By default, Coder's built-in DERP relay can be used, or [Tailscale's public relays](../admin/networking/index.md#relayed-connections). | By default, Coder's built-in DERP relay can be used, or [custom relays](../admin/networking/index.md#custom-relays). | -| PostgreSQL | If no [PostgreSQL connection URL](../reference/cli/server.md#--postgres-url) is specified, Coder will download Postgres from [repo1.maven.org](https://repo1.maven.org) | An external database is required, you must specify a [PostgreSQL connection URL](../reference/cli/server.md#--postgres-url) | -| Telemetry | Telemetry is on by default, and [can be disabled](../reference/cli/server.md#--telemetry) | Telemetry [can be disabled](../reference/cli/server.md#--telemetry) | -| Update check | By default, Coder checks for updates from [GitHub releases](https://github.com/coder/coder/releases) | Update checks [can be disabled](../reference/cli/server.md#--update-check) | +| | Public deployments | Offline deployments | +|--------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Terraform binary | By default, Coder downloads Terraform binary from [releases.hashicorp.com](https://releases.hashicorp.com) | Terraform binary must be included in `PATH` for the VM or container image. [Supported versions](https://github.com/coder/coder/blob/main/provisioner/terraform/install.go#L23-L24) | +| Terraform registry | Coder templates will attempt to download providers from [registry.terraform.io](https://registry.terraform.io) or [custom source addresses](https://developer.hashicorp.com/terraform/language/providers/requirements#source-addresses) specified in each template | [Custom source addresses](https://developer.hashicorp.com/terraform/language/providers/requirements#source-addresses) can be specified in each Coder template, or a custom registry/mirror can be used. More details below | +| STUN | By default, Coder uses Google's public STUN server for direct workspace connections | STUN can be safely [disabled](../reference/cli/server.md#--derp-server-stun-addresses) users can still connect via [relayed connections](../admin/networking/more-networking/index.md#relayed-connections). Alternatively, you can set a [custom DERP server](../reference/cli/server.md#--derp-server-stun-addresses) | +| DERP | By default, Coder's built-in DERP relay can be used, or [Tailscale's public relays](../admin/networking/more-networking/index.md#relayed-connections). | By default, Coder's built-in DERP relay can be used, or [custom relays](../admin/networking/more-networking/index.md#custom-relays). | +| PostgreSQL | If no [PostgreSQL connection URL](../reference/cli/server.md#--postgres-url) is specified, Coder will download Postgres from [repo1.maven.org](https://repo1.maven.org) | An external database is required, you must specify a [PostgreSQL connection URL](../reference/cli/server.md#--postgres-url) | +| Telemetry | Telemetry is on by default, and [can be disabled](../reference/cli/server.md#--telemetry) | Telemetry [can be disabled](../reference/cli/server.md#--telemetry) | +| Update check | By default, Coder checks for updates from [GitHub releases](https://github.com/coder/coder/releases) | Update checks [can be disabled](../reference/cli/server.md#--update-check) | ## Offline container images diff --git a/docs/manifest.json b/docs/manifest.json index 7352b8afd61fa..a1f405baaf675 100644 --- a/docs/manifest.json +++ b/docs/manifest.json @@ -565,6 +565,23 @@ "title": "Troubleshooting", "description": "Troubleshoot networking issues in Coder", "path": "./admin/networking/troubleshooting.md" + }, + { + "title": "More", + "description": "More about networking", + "path": "./admin/networking/more-networking/index.md", + "children": [ + { + "title": "Connections and geo-distribution", + "description": "Learn more about the Coder connections and geo-distribution", + "path": "./admin/networking/more-networking/index.md" + }, + { + "title": "Underlying networking stack", + "description": "Learn more about the underlying networking stack and Coder agent", + "path": "./admin/networking/more-networking/underlying-stack.md" + } + ] } ] }, diff --git a/docs/tutorials/faqs.md b/docs/tutorials/faqs.md index 1c2f5b1fb854e..5e17a539b8763 100644 --- a/docs/tutorials/faqs.md +++ b/docs/tutorials/faqs.md @@ -73,7 +73,7 @@ The primary developer use case is a local IDE connecting over SSH to a Coder workspace. Coder's networking stack has intelligence to attempt a peer-to-peer or -[Direct connection](../admin/networking/index.md#direct-connections) between the +[Direct connection](../admin/networking/more-networking/index.md#direct-connections) between the local IDE and the workspace. However, this requires some additional protocols like UDP and being able to reach a STUN server to echo the IP addresses of the local IDE machine and workspace, for sharing using a Wireguard Coordination diff --git a/docs/user-guides/workspace-access/vscode.md b/docs/user-guides/workspace-access/vscode.md index cd67c2a775bbd..43b554503d5a4 100644 --- a/docs/user-guides/workspace-access/vscode.md +++ b/docs/user-guides/workspace-access/vscode.md @@ -17,7 +17,7 @@ extension, authenticates with Coder, and connects to the workspace. > [!NOTE] > The `VS Code Desktop` button can be hidden by enabling -> [Browser-only connections](../../admin/networking/index.md#browser-only-connections). +> [Browser-only connections](../../admin/networking/more-networking/index.md#browser-only-connections). ### Manual Installation