-
Notifications
You must be signed in to change notification settings - Fork 6k
Setting/passing password as cookie is not working anymore #1189
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comments
Our recommended way is to pass the password as a environment variable. Based on my own testing passwords should still work as intended, but I suggest doing it as a variable instead of intercepting it from the reverse-proxy. |
Using
The authentication cookie has changed. It's now "key" and it's a hash of the password. But like @sr229 mentioned you're safer with the environment variable since although for now the hash is static it could become dynamic in the future (by using a generated salt). |
Actually I see you're already using the environment variable, which makes sense since otherwise you wouldn't have a custom password at all. 😛 So you could update your cookie to use "key=password hash" but is there any reason you couldn't remove that line and log in normally through the browser? Also I'm not sure what you mean by implementing basic authentication in code-server. Isn't basic authentication something you can handle from the proxy? |
Thank you all. Setting the key with password hash cookie fixed the problem. No basic authentication is need since setting key cookie is working. I do authentication on proxy server and want to make sure no one on the LAN can access code-server without authentication. As a result, I set custom password on code-server and configured proxy server to pass the key cookie. |
Uh oh!
There was an error while loading. Please reload this page.
For security reason, I run code-server with a custom password. On the Apache server, I set the password cookie on the RequestHeader. It's working fine on the first and second official V2 releases but not anymore on the newer releases. It keeps redirecting to /login even though the password cookie is already there. Also, when it redirects, can code-server updated to redirect to ./login not /login? Proxy server might forward a directory to code-server, sending user back to /login is returning 404. Can the problems be fixed or implement basic authentication on code-server?
Set password cookie for requests
`RequestHeader set Cookie "password=password"
RequestHeader set X-Forwarded-Proto https
RequestHeader set X-Forwarded-Port 443
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /drupal/(.*) ws://ide.drupal:8080/$1 [P,L]
ProxyPass /drupal/ http://ide.drupal:8080/ nocanon
ProxyPassReverse /drupal/ http://ide.drupal:8080/`
Run code-server with custom password
PASSWORD='password' /opt/vscode/code-server --auth password --port 8080 /www
The text was updated successfully, but these errors were encountered: