New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
White screen after login #1362
Comments
This happens due to a self signed certificate. You need a real certificate to work with iPad OS. |
|
Trying pulling the latest docker image again. |
Already up to date |
What happens if you try to directly connect to code-server without apache? |
When I used it on my server-host without proxy, it perfectly worked. But now I need to use it with docker. So now I can’t connect directly without apache |
Use |
Login working, white screen not disappeared |
Are you using apache with HTTPS? |
Without EDIT: |
@lujo777 yea your apache rules are the only problem if you can switch to nginx i'm using these rules location / {
proxy_pass http://172.69.0.77:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
access_log off;
} i'm here because i had same problem with white screen i don't use apache so i can't directly help with your problem may someone else help you with apache rules. |
@theraw, I already used apache, but IP there is not docker ip. UPD: |
nginx its simple idk what distro you're on but just open default config (it may be on |
Whoa, it’s working! |
Thanks @theraw |
If anyone trying this with apache, here's my proxy config that took a while to make it work. I'm using a cloudflare cert to make this https
|
@theraw so were you able to get clipboard working correctly this way? I still see it complaining I’m accessing it insecurely so webviews/clipboard won’t work. As an aside to the devs, this has been a fucking nightmare just trying to get this to work so I can access a locally non-internet-exposed code-server securely. |
Setting up TLS properly can be a pain. Why don't you just use SSH forwarding? See https://github.com/cdr/code-server/blob/master/doc/guide.md |
@zkghost i did a cm and i deleted thinking i was wrong but no i'm right. Code-Server will detect your secured or insecured connection even when you're under a reverse proxy so i'm sharing my full setup configuration, this will require a sub-domain or domain docker run -it -p 127.0.0.1:8080:8080 \
-v "$PWD:/home/coder/project" \
-u "$(id -u):$(id -g)" \
codercom/code-server:latest
# or start it on screen
screen -d -m docker run -it -p 127.0.0.1:8080:8080 \
-v "$PWD:/home/coder/project" \
-u "$(id -u):$(id -g)" \
codercom/code-server:latest
screen -ls #to find if screen started a session or not 1 install letsencrypt on your HOST/proxy not code docker container mkdir /ssl; cd /ssl
git clone https://github.com/letsencrypt/letsencrypt
cd /ssl/letsencrypt; ./letsencrypt-auto --help
curl -s https://raw.githubusercontent.com/theraw/raws/master/static/dh2048.pem > /ssl/dh2048.pem
service nginx stop
/ssl/letsencrypt/letsencrypt-auto certonly --standalone -d example.com -d www.example.com
# If you have more sub-domains
/ssl/letsencrypt/letsencrypt-auto certonly --standalone -d example.com -d www.example.com -d sub1.example.com -d sub2.example.com -d sub3.example.com
# or you can go and install certbot it supports wildcard ssl.
#when done start nginx
service nginx start create your nginx config default nginx vhost path server {
# =====================================================================
listen 80;
server_name example.com www.example.com;
access_log off;
return 301 https://example.com$request_uri;
# =====================================================================
}
server {
# =====================================================================
listen 443 ssl http2;
server_name example.com www.example.com;
# =====================================================================
location / {
proxy_pass http://172.69.0.77:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
# =====================================================================
include /etc/nginx/config/ssl.conf;
# =====================================================================
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
# =====================================================================
access_log off;
}
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
#ssl_ciphers HIGH:!aNULL:!MD5;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_dhparam /ssl/dh2048.pem;
ssl_session_cache shared:SSL:5m;
ssl_session_timeout 5m;
but if you visit https://example.com and login there's no alert. |
I’m on an iPad so my plight is limited to these shenanigans 😅 maybe I should have gone with the surface pro X i am not sure. Would it be easy enough to fork this project and mod my fork so it always thinks auth is on? |
@theraw owe you a drink mate, thank you for taking the time. I’ll take a stab at this and update here if I have any luck. For the domain associated with that cert, do I need to own the domain? Or as long as my local intranet DNS server can resolve it to the right IP, it can be an arbitrary domain? Before I was getting issues with |
@zkghost to generate a ssl cert with letsencrypt you need 2 things
|
@theraw I thought I read yesterday you can do a DNS challenge instead of an HTTP challenge or something, where if the server DNS points to replies correctly it passes the challenge or something. Not sure if you’re familiar but is that the case? Maybe more importantly, because I’m just trying to access code-server running locally within my own network, do I just need to generate my own cert chain? And I should forget letsencrypt altogether? I tried using Edit: Also side question, what is that Double Edit: I’ve heard for iPad you need a valid cert, can’t make a self-signed work... so maybe the only way I can access it securely is through a public IP? JFC 💫 😵 All I want to do is work on code running on my laptop when I’m on the couch with my wife 😭 |
@zkghost maybe @nhooyr can help you to answer if code can work with self issued cert or not you can see here https://letsencrypt.org/docs/challenge-types/ all challenge types. as far as i know and as far as i've generated self ssl browsers will display it as insecure (showing the warning when you visit site) so i don't know what to say or help sorry |
no worries, thanks anyways mate. I’ll post here if I ever get a resolution that works 😅 |
I DID IT! Finally, JFC. For anyone in my footsteps: apparently trying to issue certs with a Also, Apple/iOS devices have more stringent requirements if you want to enable TLS. I followed this guide and was able to generate a cert without a CA that I could get running/allowed on my ipad. at least I got pi-hole setup while trying to solve this... and now I can code from the kitchen in peace. 🧑🍳 |
Awesome thank you! Will add that guide to the FAQ and test myself once my iPad arrives 🎉 For anyone in the future, the main thread for iPad certificate issues is #1566 |
@zkghost could you please share all the settings, specs and anything that might be helpful? I have tried with the steps shown in the link you shared with Any help would be appreciated, I have been trying to run this for two months now.. |
It worked for me too. The only thing I did different was to use the actual ip address (say 192.168.1.2) of the pc hosting code-server rather than .local or .home when editing line subjectAltName = DNS: |
This is a walkthrough of the set-up that works for me on the local lan. The cert is created with the actual IP of the code-server hosting computer (a static IP).
server {
} Save and close file.
Find the section labelled v3_ca and add two lines: Find this comment and add the following line: Save and close the template.cnf file.
answer this line as:
On iPad In Safari go to *Note
Hope this helps anyone looking into this issue. |
if you enable https (from cloudflare for example) not from the server itself... adding these solved it for me in the docker compose file, just add them as params
it's still running with CDN's https... an example docker-compose.yml version: "2.1" |
We’re making it easier to access your code-server instance securely from any device. We’ve eliminated the need for configuring TLS, domain registration, DNS, DoS protection, and authentication. To gain pre-release access, please consider joining our alpha program |
Has anyone solved it while using kubernetes/ingress-nginx? |
@manitaggarwal if you have a similar issue, feel free to open a new issue or discussion! |
code-server
version: Code-server:latest (from docker)Description
I have a trouble with docker-powered installation of code-server. After successful login there is white screen. Sorry for inconvenience, but I’m using Safari on iPadOS and I can’t provide browser console log. No output in terminal while these events. Also screenshot of apache config
Steps to Reproduce
The text was updated successfully, but these errors were encountered: