These notes are a riff on a post by Chris Short. The biggest difference is that I will use the Tailscale TLS support rather than using external DNS access and a custom DNS record. This removes the need for a sensitive DNS API key. Chris's post is definitely worth a read first:
Welcome back. Here's the plan:
- Spin up an Ubuntu instance
- Add it to my Tailnet
- Install and run code-server
- Install, configure, and run Caddy
When we're done we should be able to go to a browser on any machine in the Tailnet and type
http://vscode (I'm assuming you've set the hostname of the new instance to "vscode") and be redirected to the full https URL which will help reassure the browser (even though HTTP over Tailscale is already secure.)
- An existing Tailscale account and a machine on it to use as the client
- A Tailscale Auth Key to use
- MagicDNS needs to be enabled on your Tailnet.
- The Tailscale HTTPS Beta feature also needs to be enabled on your Tailnet.
Here's the code:
I tested that code by using it as user-data for cloud-init, so you can go from zero to code-server over Tailscale mostly unattended.
So, spin up Ubuntu in your favorite place and either add that as the user-data or run it as root manually. When it's done you can fetch the default password with:
ssh vscode grep password: .config/code-server/config.yaml
You should be able to navigate to http://vscode (or whatever hostname you used) and get redirected to the TLS-ified URL to log in.
Check back later for more shenanigans where I'll do this inside LX branded zones on illumos!