mirror of
https://github.com/linuxserver/docker-code-server
synced 2025-06-04 03:36:39 +00:00
Compare commits
14 Commits
4.99.4-ls2
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
|
6bd0ebb31e | ||
|
|
9d95aadf89 | ||
|
8c14b46231 | ||
|
8c12be9378 | ||
|
|
a0a1ba58ee | ||
|
|
f58e3ebccc | ||
|
|
eeb8afd54d | ||
|
|
c0b66f3246 | ||
|
|
9f8ec8013e | ||
|
|
2a36656096 | ||
|
|
e92931416b | ||
|
6b64e1e967 | ||
|
|
a7294dfb09 | ||
|
|
a7e2b20ca2 |
0
.editorconfig
Executable file → Normal file
0
.editorconfig
Executable file → Normal file
0
.github/CONTRIBUTING.md
vendored
Executable file → Normal file
0
.github/CONTRIBUTING.md
vendored
Executable file → Normal file
0
.github/FUNDING.yml
vendored
Executable file → Normal file
0
.github/FUNDING.yml
vendored
Executable file → Normal file
0
.github/ISSUE_TEMPLATE/config.yml
vendored
Executable file → Normal file
0
.github/ISSUE_TEMPLATE/config.yml
vendored
Executable file → Normal file
0
.github/ISSUE_TEMPLATE/issue.bug.yml
vendored
Executable file → Normal file
0
.github/ISSUE_TEMPLATE/issue.bug.yml
vendored
Executable file → Normal file
0
.github/ISSUE_TEMPLATE/issue.feature.yml
vendored
Executable file → Normal file
0
.github/ISSUE_TEMPLATE/issue.feature.yml
vendored
Executable file → Normal file
0
.github/workflows/call_issue_pr_tracker.yml
vendored
Executable file → Normal file
0
.github/workflows/call_issue_pr_tracker.yml
vendored
Executable file → Normal file
0
.github/workflows/call_issues_cron.yml
vendored
Executable file → Normal file
0
.github/workflows/call_issues_cron.yml
vendored
Executable file → Normal file
0
.github/workflows/greetings.yml
vendored
Executable file → Normal file
0
.github/workflows/greetings.yml
vendored
Executable file → Normal file
0
.github/workflows/permissions.yml
vendored
Executable file → Normal file
0
.github/workflows/permissions.yml
vendored
Executable file → Normal file
23
README.md
23
README.md
@ -78,6 +78,23 @@ git config --global user.email "email address"
|
||||
|
||||
How to create the [hashed password](https://github.com/cdr/code-server/blob/master/docs/FAQ.md#can-i-store-my-password-hashed).
|
||||
|
||||
## Read-Only Operation
|
||||
|
||||
This image can be run with a read-only container filesystem. For details please [read the docs](https://docs.linuxserver.io/misc/read-only/).
|
||||
|
||||
### Caveats
|
||||
|
||||
* `/tmp` must be mounted to tmpfs
|
||||
* `sudo` will not be available
|
||||
|
||||
## Non-Root Operation
|
||||
|
||||
This image can be run with a non-root user. For details please [read the docs](https://docs.linuxserver.io/misc/non-root/).
|
||||
|
||||
### Caveats
|
||||
|
||||
* `sudo` will not be available
|
||||
|
||||
## Usage
|
||||
|
||||
To help you get started creating a container from this image you can either use docker-compose or the docker cli.
|
||||
@ -103,6 +120,7 @@ services:
|
||||
- SUDO_PASSWORD_HASH= #optional
|
||||
- PROXY_DOMAIN=code-server.my.domain #optional
|
||||
- DEFAULT_WORKSPACE=/config/workspace #optional
|
||||
- PWA_APPNAME=code-server #optional
|
||||
volumes:
|
||||
- /path/to/code-server/config:/config
|
||||
ports:
|
||||
@ -124,6 +142,7 @@ docker run -d \
|
||||
-e SUDO_PASSWORD_HASH= `#optional` \
|
||||
-e PROXY_DOMAIN=code-server.my.domain `#optional` \
|
||||
-e DEFAULT_WORKSPACE=/config/workspace `#optional` \
|
||||
-e PWA_APPNAME=code-server `#optional` \
|
||||
-p 8443:8443 \
|
||||
-v /path/to/code-server/config:/config \
|
||||
--restart unless-stopped \
|
||||
@ -146,7 +165,10 @@ Containers are configured using parameters passed at runtime (such as those abov
|
||||
| `-e SUDO_PASSWORD_HASH=` | Optionally set sudo password via hash (takes priority over `SUDO_PASSWORD` var). Format is `$type$salt$hashed`. |
|
||||
| `-e PROXY_DOMAIN=code-server.my.domain` | If this optional variable is set, this domain will be proxied for subdomain proxying. See [Documentation](https://github.com/coder/code-server/blob/main/docs/guide.md#using-a-subdomain) |
|
||||
| `-e DEFAULT_WORKSPACE=/config/workspace` | If this optional variable is set, code-server will open this directory by default |
|
||||
| `-e PWA_APPNAME=code-server` | If this optional variable is set, the PWA app will the specified name. |
|
||||
| `-v /config` | Contains all relevant configuration files. |
|
||||
| `--read-only=true` | Run container with a read-only filesystem. Please [read the docs](https://docs.linuxserver.io/misc/read-only/). |
|
||||
| `--user=1000:1000` | Run container with a non-root user. Please [read the docs](https://docs.linuxserver.io/misc/non-root/). |
|
||||
|
||||
## Environment variables from files (Docker secrets)
|
||||
|
||||
@ -310,6 +332,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
|
||||
|
||||
## Versions
|
||||
|
||||
* **03.06.25:** - Allow setting PWA name using env var `PWA_APPNAME`.
|
||||
* **13.10.24:** - Only chown config folder when change to ownership or new install is detected.
|
||||
* **09.10.24:** - Manage permissions in /config/.ssh according to file type
|
||||
* **19.08.24:** - Rebase to Ubuntu Noble.
|
||||
|
||||
@ -1,6 +1,5 @@
|
||||
NAME VERSION TYPE
|
||||
@babel/runtime 7.27.0 npm
|
||||
@c4312/eventsource-umd 3.0.5 npm
|
||||
@coder/logger 3.0.1 npm
|
||||
@mapbox/node-pre-gyp 1.0.11 npm
|
||||
@microsoft/1ds-core-js 3.2.13 npm
|
||||
@ -23,16 +22,17 @@ NAME VERSION TYPE
|
||||
@vscode/vscode-languagedetection 1.0.21 npm
|
||||
@vscode/windows-process-tree 0.6.0 npm
|
||||
@vscode/windows-registry 1.1.0 npm
|
||||
@xterm/addon-clipboard 0.2.0-beta.82 npm
|
||||
@xterm/addon-image 0.9.0-beta.99 npm
|
||||
@xterm/addon-ligatures 0.10.0-beta.99 npm
|
||||
@xterm/addon-progress 0.2.0-beta.5 npm
|
||||
@xterm/addon-search 0.16.0-beta.99 npm
|
||||
@xterm/addon-serialize 0.14.0-beta.99 npm
|
||||
@xterm/addon-unicode11 0.9.0-beta.99 npm
|
||||
@xterm/addon-webgl 0.19.0-beta.99 npm
|
||||
@xterm/headless 5.6.0-beta.99 npm
|
||||
@xterm/xterm 5.6.0-beta.99 npm
|
||||
@xterm/addon-clipboard 0.2.0-beta.84 npm
|
||||
@xterm/addon-image 0.9.0-beta.101 npm
|
||||
@xterm/addon-ligatures 0.10.0-beta.101 npm
|
||||
@xterm/addon-progress 0.2.0-beta.7 npm
|
||||
@xterm/addon-search 0.16.0-beta.101 npm
|
||||
@xterm/addon-serialize 0.14.0-beta.101 npm
|
||||
@xterm/addon-unicode11 0.9.0-beta.101 npm
|
||||
@xterm/addon-webgl 0.19.0-beta.101 npm
|
||||
@xterm/headless 5.6.0-beta.101 npm
|
||||
@xterm/xterm 5.6.0-beta.101 npm
|
||||
OpenConsole.exe 1.22.250204002 binary (+1 duplicate)
|
||||
abbrev 1.1.1 npm
|
||||
accepts 2.0.0 npm
|
||||
adduser 3.137ubuntu1 deb
|
||||
@ -76,14 +76,15 @@ charenc 0.0.2 npm
|
||||
chownr 1.1.4 npm
|
||||
chownr 2.0.0 npm
|
||||
clojure 1.0.0 npm
|
||||
code-server 1.99.3 npm
|
||||
code-server 4.99.4 npm
|
||||
code-server 1.100.3 npm
|
||||
code-server 4.100.3 npm
|
||||
coffeescript 1.0.0 npm
|
||||
color-support 1.1.3 npm
|
||||
compressible 2.0.18 npm
|
||||
compression 1.8.0 npm
|
||||
concat-map 0.0.1 npm
|
||||
configuration-editing 1.0.0 npm
|
||||
conpty.dll 1.22.250204002 binary (+1 duplicate)
|
||||
console-control-strings 1.1.0 npm
|
||||
content-disposition 1.0.0 npm
|
||||
content-type 1.0.5 npm
|
||||
@ -145,7 +146,6 @@ estraverse 5.3.0 npm
|
||||
esutils 2.0.3 npm
|
||||
etag 1.8.1 npm
|
||||
eventemitter3 4.0.7 npm
|
||||
eventsource-parser 3.0.0 npm
|
||||
expand-template 2.0.3 npm
|
||||
express 5.0.1 npm
|
||||
extension-editing 1.0.0 npm
|
||||
@ -237,7 +237,7 @@ java 1.0.0 npm
|
||||
javascript 1.0.0 npm
|
||||
jq 1.7.1-3build1 deb
|
||||
js-base64 3.7.7 npm
|
||||
js-debug 1.97.1 npm
|
||||
js-debug 1.100.1 npm
|
||||
js-debug-companion 1.1.3 npm
|
||||
js-yaml 4.1.0 npm
|
||||
jsbn 1.1.0 npm (+1 duplicate)
|
||||
@ -329,7 +329,7 @@ libsemanage-common 3.5-1build5 deb
|
||||
libsemanage2 3.5-1build5 deb
|
||||
libsepol2 3.5-2build1 deb
|
||||
libsmartcols1 2.39.3-9ubuntu6.2 deb
|
||||
libsqlite3-0 3.45.1-1ubuntu2.1 deb
|
||||
libsqlite3-0 3.45.1-1ubuntu2.3 deb
|
||||
libss2 1.47.0-2.4~exp1ubuntu4.1 deb
|
||||
libssh-4 0.10.6-2build2 deb
|
||||
libssl3t64 3.0.13-0ubuntu3.5 deb
|
||||
@ -395,11 +395,11 @@ ncurses-base 6.4+20240113-1ubuntu2 deb
|
||||
ncurses-bin 6.4+20240113-1ubuntu2 deb
|
||||
negotiator 0.6.4 npm
|
||||
negotiator 1.0.0 npm
|
||||
net-tools 2.10-0.1ubuntu4 deb
|
||||
net-tools 2.10-0.1ubuntu4.4 deb
|
||||
netbase 6.4 deb
|
||||
netcat-openbsd 1.226-1ubuntu2 deb
|
||||
netmask 2.0.2 npm
|
||||
node 20.18.3 binary
|
||||
node 20.19.0 binary
|
||||
node-abi 3.8.0 npm
|
||||
node-addon-api 7.1.0 npm
|
||||
node-addon-api 7.1.1 npm
|
||||
@ -440,6 +440,7 @@ powershell 1.0.0 npm
|
||||
prebuild-install 7.1.2 npm
|
||||
procps 2:4.0.4-4ubuntu3.2 deb
|
||||
promise-stream-reader 1.0.1 npm
|
||||
prompt 1.0.0 npm
|
||||
proxy-addr 2.0.7 npm
|
||||
proxy-agent 6.5.0 npm
|
||||
proxy-from-env 1.1.0 npm (+1 duplicate)
|
||||
@ -509,7 +510,7 @@ systemd-standalone-sysusers 255.4-1ubuntu8.6 deb
|
||||
sysvinit-utils 3.08-6ubuntu3 deb
|
||||
tar 1.35+dfsg-3build1 deb
|
||||
tar 6.2.1 npm
|
||||
tar-fs 2.1.1 npm
|
||||
tar-fs 2.1.2 npm
|
||||
tar-stream 2.2.0 npm
|
||||
tas-client-umd 0.2.0 npm
|
||||
terminal-suggest 1.0.1 npm
|
||||
@ -533,7 +534,7 @@ tunnel-agent 0.6.0 npm
|
||||
tunnel-forwarding 1.0.0 npm
|
||||
type-is 2.0.0 npm
|
||||
typescript 1.0.0 npm
|
||||
typescript 5.8.2 npm
|
||||
typescript 5.8.3 npm
|
||||
typescript-language-features 1.0.0 npm
|
||||
tzdata 2025b-0ubuntu0.24.04 deb
|
||||
ubuntu-keyring 2023.11.28.1 deb
|
||||
|
||||
@ -36,6 +36,14 @@ opt_param_env_vars:
|
||||
- {env_var: "SUDO_PASSWORD_HASH", env_value: "", desc: "Optionally set sudo password via hash (takes priority over `SUDO_PASSWORD` var). Format is `$type$salt$hashed`."}
|
||||
- {env_var: "PROXY_DOMAIN", env_value: "code-server.my.domain", desc: "If this optional variable is set, this domain will be proxied for subdomain proxying. See [Documentation](https://github.com/coder/code-server/blob/main/docs/guide.md#using-a-subdomain)"}
|
||||
- {env_var: "DEFAULT_WORKSPACE", env_value: "/config/workspace", desc: "If this optional variable is set, code-server will open this directory by default"}
|
||||
- {env_var: "PWA_APPNAME", env_value: "code-server", desc: "If this optional variable is set, the PWA app will the specified name."}
|
||||
readonly_supported: true
|
||||
readonly_message: |
|
||||
* `/tmp` must be mounted to tmpfs
|
||||
* `sudo` will not be available
|
||||
nonroot_supported: true
|
||||
nonroot_message: |
|
||||
* `sudo` will not be available
|
||||
# application setup block
|
||||
app_setup_block_enabled: true
|
||||
app_setup_block: |
|
||||
@ -73,12 +81,14 @@ init_diagram: |
|
||||
init-crontab-config -> init-config-end
|
||||
init-config -> init-crontab-config
|
||||
init-mods-end -> init-custom-files
|
||||
init-adduser -> init-device-perms
|
||||
base -> init-envfile
|
||||
base -> init-migrations
|
||||
init-config-end -> init-mods
|
||||
init-mods-package-install -> init-mods-end
|
||||
init-mods -> init-mods-package-install
|
||||
init-adduser -> init-os-end
|
||||
init-device-perms -> init-os-end
|
||||
init-envfile -> init-os-end
|
||||
init-custom-files -> init-services
|
||||
init-services -> svc-code-server
|
||||
@ -92,6 +102,7 @@ init_diagram: |
|
||||
"code-server:latest" <- Base Images
|
||||
# changelog
|
||||
changelogs:
|
||||
- {date: "03.06.25:", desc: "Allow setting PWA name using env var `PWA_APPNAME`."}
|
||||
- {date: "13.10.24:", desc: "Only chown config folder when change to ownership or new install is detected."}
|
||||
- {date: "09.10.24:", desc: "Manage permissions in /config/.ssh according to file type"}
|
||||
- {date: "19.08.24:", desc: "Rebase to Ubuntu Noble."}
|
||||
|
||||
@ -3,18 +3,20 @@
|
||||
|
||||
mkdir -p /config/{extensions,data,workspace,.ssh}
|
||||
|
||||
if [[ -n "${SUDO_PASSWORD}" ]] || [[ -n "${SUDO_PASSWORD_HASH}" ]]; then
|
||||
echo "setting up sudo access"
|
||||
if ! grep -q 'abc' /etc/sudoers; then
|
||||
echo "adding abc to sudoers"
|
||||
echo "abc ALL=(ALL:ALL) ALL" >> /etc/sudoers
|
||||
fi
|
||||
if [[ -n "${SUDO_PASSWORD_HASH}" ]]; then
|
||||
echo "setting sudo password using sudo password hash"
|
||||
sed -i "s|^abc:\!:|abc:${SUDO_PASSWORD_HASH}:|" /etc/shadow
|
||||
else
|
||||
echo "setting sudo password using SUDO_PASSWORD env var"
|
||||
echo -e "${SUDO_PASSWORD}\n${SUDO_PASSWORD}" | passwd abc
|
||||
if [[ -z ${LSIO_NON_ROOT_USER} ]] && [[ -z ${LSIO_READ_ONLY_FS} ]]; then
|
||||
if [[ -n "${SUDO_PASSWORD}" ]] || [[ -n "${SUDO_PASSWORD_HASH}" ]]; then
|
||||
echo "setting up sudo access"
|
||||
if ! grep -q 'abc' /etc/sudoers; then
|
||||
echo "adding abc to sudoers"
|
||||
echo "abc ALL=(ALL:ALL) ALL" >> /etc/sudoers
|
||||
fi
|
||||
if [[ -n "${SUDO_PASSWORD_HASH}" ]]; then
|
||||
echo "setting sudo password using sudo password hash"
|
||||
sed -i "s|^abc:\!:|abc:${SUDO_PASSWORD_HASH}:|" /etc/shadow
|
||||
else
|
||||
echo "setting sudo password using SUDO_PASSWORD env var"
|
||||
echo -e "${SUDO_PASSWORD}\n${SUDO_PASSWORD}" | passwd abc
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
@ -26,17 +28,19 @@ if [[ ! -f /config/.profile ]]; then
|
||||
cp /root/.profile /config/.profile
|
||||
fi
|
||||
|
||||
# fix permissions (ignore contents of workspace)
|
||||
PUID=${PUID:-911}
|
||||
if [[ ! "$(stat -c %u /config/.profile)" == "${PUID}" ]]; then
|
||||
echo "Change in ownership or new install detected, please be patient while we chown existing files"
|
||||
echo "This could take some time"
|
||||
find /config -path "/config/workspace" -prune -o -exec lsiown abc:abc {} +
|
||||
lsiown abc:abc /config/workspace
|
||||
fi
|
||||
chmod 700 /config/.ssh
|
||||
if [[ -n "$(ls -A /config/.ssh)" ]]; then
|
||||
find /config/.ssh/ -type d -exec chmod 700 '{}' \;
|
||||
find /config/.ssh/ -type f -exec chmod 600 '{}' \;
|
||||
find /config/.ssh/ -type f -iname '*.pub' -exec chmod 644 '{}' \;
|
||||
if [[ -z ${LSIO_NON_ROOT_USER} ]]; then
|
||||
# fix permissions (ignore contents of workspace)
|
||||
PUID=${PUID:-911}
|
||||
if [[ ! "$(stat -c %u /config/.profile)" == "${PUID}" ]]; then
|
||||
echo "Change in ownership or new install detected, please be patient while we chown existing files"
|
||||
echo "This could take some time"
|
||||
find /config -path "/config/workspace" -prune -o -exec lsiown abc:abc {} +
|
||||
lsiown abc:abc /config/workspace
|
||||
fi
|
||||
chmod 700 /config/.ssh
|
||||
if [[ -n "$(ls -A /config/.ssh)" ]]; then
|
||||
find /config/.ssh/ -type d -exec chmod 700 '{}' \;
|
||||
find /config/.ssh/ -type f -exec chmod 600 '{}' \;
|
||||
find /config/.ssh/ -type f -iname '*.pub' -exec chmod 644 '{}' \;
|
||||
fi
|
||||
fi
|
||||
|
||||
@ -14,14 +14,33 @@ else
|
||||
PROXY_DOMAIN_ARG="--proxy-domain=${PROXY_DOMAIN}"
|
||||
fi
|
||||
|
||||
exec \
|
||||
s6-notifyoncheck -d -n 300 -w 1000 -c "nc -z 127.0.0.1 8443" \
|
||||
s6-setuidgid abc \
|
||||
if [[ -z ${PWA_APPNAME} ]]; then
|
||||
PWA_APPNAME="code-server"
|
||||
fi
|
||||
|
||||
if [[ -z ${LSIO_NON_ROOT_USER} ]]; then
|
||||
exec \
|
||||
s6-notifyoncheck -d -n 300 -w 1000 -c "nc -z 127.0.0.1 8443" \
|
||||
s6-setuidgid abc \
|
||||
/app/code-server/bin/code-server \
|
||||
--bind-addr 0.0.0.0:8443 \
|
||||
--user-data-dir /config/data \
|
||||
--extensions-dir /config/extensions \
|
||||
--disable-telemetry \
|
||||
--auth "${AUTH}" \
|
||||
--app-name "${PWA_APPNAME}" \
|
||||
"${PROXY_DOMAIN_ARG}" \
|
||||
"${DEFAULT_WORKSPACE:-/config/workspace}"
|
||||
else
|
||||
exec \
|
||||
s6-notifyoncheck -d -n 300 -w 1000 -c "nc -z 127.0.0.1 8443" \
|
||||
/app/code-server/bin/code-server \
|
||||
--bind-addr 0.0.0.0:8443 \
|
||||
--user-data-dir /config/data \
|
||||
--extensions-dir /config/extensions \
|
||||
--disable-telemetry \
|
||||
--auth "${AUTH}" \
|
||||
--app-name "${PWA_APPNAME}" \
|
||||
"${PROXY_DOMAIN_ARG}" \
|
||||
"${DEFAULT_WORKSPACE:-/config/workspace}"
|
||||
fi
|
||||
|
||||
Loading…
Reference in New Issue
Block a user