Authenticated Web VSCode Server
Authenticated web vscode server with Pritunl Zero and VS Code Server
#!/bin/bash
# persistent paths: /var/lib/mongo /var/lib/vscode
set -e
ROOT_DOMAIN="pritunl.demo"
ZERO_DOMAIN="zero.pritunl.demo"
VSCODE_DOMAIN="vscode.pritunl.demo"
get_node_id() {
if [ $# -eq 0 ]; then
echo "Error: File path is required" >&2
echo "Usage: get_node_id <node_id_file_path>" >&2
return 1
fi
local node_id_file="$1"
local node_id
sudo mkdir -p "$(dirname "$node_id_file")"
if [ -f "$node_id_file" ]; then
node_id=$(cat "$node_id_file")
else
node_id=$(echo -n $(printf "%08x" $(date +%s))$(hexdump -n 8 -e '4/4 "%08x" 1 "\n"' /dev/urandom))
echo "$node_id" | sudo tee "$node_id_file" > /dev/null
sudo chmod 444 "$node_id_file"
fi
echo "$node_id"
}
sudo dnf -y update
sudo dnf -y install dnf-automatic
sudo sed -i 's/^upgrade_type =.*/upgrade_type = default/g' /etc/dnf/automatic.conf
sudo sed -i 's/^download_updates =.*/download_updates = yes/g' /etc/dnf/automatic.conf
sudo sed -i 's/^apply_updates =.*/apply_updates = yes/g' /etc/dnf/automatic.conf
sudo systemctl enable --now dnf-automatic.timer
sudo systemctl disable --now firewalld.service
sudo tee /etc/yum.repos.d/pritunl.repo << EOF
[pritunl]
name=Pritunl Repository
baseurl=https://repo.pritunl.com/stable/yum/oraclelinux/9/
gpgcheck=1
enabled=1
gpgkey=https://raw.githubusercontent.com/pritunl/pgp/master/pritunl_repo_pub.asc
EOF
sudo tee /etc/yum.repos.d/mongodb-org.repo << EOF
[mongodb-org]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/9/mongodb-org/8.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://pgp.mongodb.com/server-8.0.asc
EOF
sudo tee /etc/yum.repos.d/code.repo << EOF
[code]
name=Visual Studio Code
baseurl=https://packages.microsoft.com/yumrepos/vscode
enabled=1
gpgcheck=1
gpgkey=https://packages.microsoft.com/keys/microsoft.asc
EOF
sudo dnf -y install pritunl-zero mongodb-org code
sudo systemctl enable --now mongod
NODE_ID=$(get_node_id "/var/lib/mongo/node_id")
sudo tee /etc/pritunl-zero.json << EOF
{
"mongo_uri": "mongodb://localhost:27017/pritunl-zero",
"node_id": "$NODE_ID"
}
EOF
sudo chmod 600 /etc/pritunl-zero.json
sudo useradd -r -s /sbin/nologin vscode
sudo mkdir -p /home/vscode
sudo chown vscode:vscode /home/vscode
sudo chmod 700 /home/vscode
sudo mkdir -p /var/lib/vscode
sudo chown vscode:vscode /var/lib/vscode
sudo chmod 700 /var/lib/vscode
sudo mkdir -p /var/lib/vscode/.vscode
sudo chown vscode:vscode /var/lib/vscode/.vscode
sudo chmod 700 /var/lib/vscode/.vscode
sudo mkdir -p /var/lib/vscode/data
sudo chown vscode:vscode /var/lib/vscode/data
sudo ln -snf /var/lib/vscode/data /home/vscode/data
sudo chown vscode:vscode /home/vscode/data
sudo mkdir /var/lib/vscode/.vscode/data
sudo chown vscode:vscode /var/lib/vscode/.vscode/data
sudo chmod 700 /var/lib/vscode/.vscode/data
sudo mkdir /var/lib/vscode/.vscode/data/Machine
sudo chown vscode:vscode /var/lib/vscode/.vscode/data/Machine
sudo chmod 700 /var/lib/vscode/.vscode/data/Machine
sudo tee /var/lib/vscode/.vscode/data/Machine/settings.json << 'EOF'
{
"editor.fontSize": 14,
"files.autoSave": "afterDelay",
"files.autoSaveDelay": 200,
}
EOF
sudo chown vscode:vscode /var/lib/vscode/.vscode/data/Machine/settings.json
sudo chmod 644 /var/lib/vscode/.vscode/data/Machine/settings.json
sudo tee /etc/systemd/system/vscode.service << EOF
[Unit]
Description=VS Code web server
[Service]
Type=exec
User=vscode
Group=vscode
WorkingDirectory=/home/vscode
Restart=on-failure
RestartSec=5s
ExecStart=/usr/bin/code serve-web --host 0.0.0.0 --port 8000 --server-data-dir=/var/lib/vscode/.vscode --without-connection-token --accept-server-license-terms
TimeoutStopSec=5s
LimitNOFILE=500000
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
ProtectHostname=true
ProtectKernelTunables=true
[Install]
WantedBy=multi-user.target
EOF
sudo systemctl daemon-reload
sudo systemctl enable --now pritunl-zero
sudo systemctl enable --now vscode
sudo pritunl-zero upsert service --name=vscode --type=http --role=vscode --domain="$VSCODE_DOMAIN" --server="http://127.0.0.1:8000" --share-session=true --websockets=true --logout-path="/logout"
sudo pritunl-zero upsert certificate --name=pritunl-cert --type=lets_encrypt --acme-domain=$ZERO_DOMAIN --acme-domain=$VSCODE_DOMAIN --acme-type=http
sudo pritunl-zero upsert node --name=self --management=true --proxy=true --management-domain=$ZERO_DOMAIN --webauthn-domain=$ROOT_DOMAIN --add-certificate=pritunl-cert --add-service=vscode
sudo pritunl-zero upsert policy --name=pritunl-zero --role=vscode --add-service=vscode
sudo pritunl-zero upsert user --name=pritunl --role=vscode
sudo pritunl-zero default-passwordDNS CNAME Verification
VS Code Web
Last updated