CodeMirror/alnoda-workspaces
1
0
Fork 0
mirror of https://github.com/bluxmit/alnoda-workspaces.git synced 2024-06-02 12:14:30 +12:00
Code Issues Projects Releases Wiki Activity
alnoda-workspaces/workspaces/ubuntu-workspace/doc/remote-wid.md

2.5 KiB
Raw Blame History

Ubuntu-workspace on remote server

This is the docker-compose that can be used to spin-up Ubuntu-workspace on the remote server together with the reverse proxy, that adds authentication.

version: "3.3"
services:
  traefik:
    image: "traefik:v2.4"
    container_name: "traefik"
    command:
      - "--providers.docker"
      - "--entrypoints.terminal.address=:8026"
    ports:
      - 8026:8026
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
  workspace:
    image: alnoda/ubuntu-workspace
    labels:
      # To create user:password pair, execute in any workspace echo $(htpasswd -nB <userName>) | sed -e s/\\$/\\$\\$/g
      - "traefik.http.middlewares.basic-auth.basicauth.users=admin:$$2y$$05$$eub6CV.CwUYCCQjNBvSf5uZnzdRmVwGZ/ncxecb9O7WxCR8aLuM3K"
      - "traefik.enable=true"
      # terminal
      - "traefik.http.services.terminal.loadbalancer.server.port=8026"
      - "traefik.http.routers.terminal.service=terminal"
      - "traefik.http.routers.terminal.rule=PathPrefix(`/`)"
      - "traefik.http.routers.terminal.entrypoints=terminal"
      - "traefik.http.routers.terminal.middlewares=basic-auth"

This configuration launches workspace with the default authentication user:pass is admin:admin. You might want to generate new credentials.

The password for the traefik basic auth must be encrypted with the htpasswd. For connvenience, it is installed in every workspace-in-docker, and the easiest way is to generate the password is to launch workspace locally first, use its terminal to create a password, and then start workspace on remote server.

To encrypt password open terminal of the local workspace and execute

echo $(htpasswd -nB <userName>) | sed -e s/\\$/\\$\\$/g

substitute <userName> with the new user name, and prowide password on prompt. After this htpasswd will output encrypted password.

Don't forget to change this line in the docker-compose file with the new user:encpypted_pass

- "traefik.http.middlewares.basic-auth.basicauth.users=admin:$$2y$$05$$eub6CV.CwUYCCQjNBvSf5uZnzdRmVwGZ/ncxecb9O7WxCR8aLuM3K"

Create file remote-workspace-auth.yaml on the remote server, paste yaml from above (preferrably with new auth) and start workspace

docker-compose -f remote-workspace-auth.yaml up -d

NOTE: this set up adds authentication, but it is not secure, password and communication are unencrypted. Consider using workspace utility that generates configuration for more secure workspace deployment to the cloud server.