Add security section to readme

See #1062.
This commit is contained in:
Asher 2019-10-23 11:49:05 -05:00
parent 7f07b8f66c
commit ff99a1d768
No known key found for this signature in database
GPG key ID: D63C1EF81242354A
3 changed files with 28 additions and 10 deletions

View file

@ -61,7 +61,7 @@ deploy:
- provider: script - provider: script
skip_cleanup: true skip_cleanup: true
script: docker build -f ./scripts/ci.dockerfile --build-arg -t codercom/code-server:"$TAG" -t codercom/code-server:v2 . && docker push codercom/code-server:"$TAG" && docker push codercom/code-server:v2 script: docker build -f ./scripts/ci.dockerfile -t codercom/code-server:"$TAG" -t codercom/code-server:v2 . && docker push codercom/code-server:"$TAG" && docker push codercom/code-server:v2
on: on:
repo: cdr/code-server repo: cdr/code-server
branch: master branch: master

View file

@ -56,6 +56,33 @@ arguments when launching code-server with Docker. See
- For self-hosting and other information see [doc/quickstart.md](doc/quickstart.md). - For self-hosting and other information see [doc/quickstart.md](doc/quickstart.md).
- For hosting on cloud platforms see [doc/deploy.md](doc/deploy.md). - For hosting on cloud platforms see [doc/deploy.md](doc/deploy.md).
## Security
### Authentication
To enable built-in password authentication use `code-server --auth password`. By
default it will use a randomly generated password but you can set the
`$PASSWORD` environment variable to use your own.
Do not expose `code-server` to the open internet without some form of
authentication.
### Encrypting traffic with HTTPS
If you aren't doing SSL termination elsewhere you can directly give
`code-server` a certificate with `code-server --cert` followed by the path to
your certificate. Additionally, you can use certificate keys with `--cert-key`
followed by the path to your key. If you pass `--cert` without any path
`code-server` will generate a self-signed certificate.
If `code-server` has been passed a certificate it will also respond to HTTPS
requests and will redirect all HTTP requests to HTTPS. Otherwise it will respond
only to HTTP requests.
You can use [Let's Encrypt](https://letsencrypt.org/) to get an SSL certificate
for free.
Do not expose `code-server` to the open internet without SSL, whether built-in
or through a proxy.
### Build ### Build
See See

View file

@ -7,15 +7,6 @@
## Usage ## Usage
Run `code-server --help` to view available options. Run `code-server --help` to view available options.
### Encrypting traffic with HTTPS
To encrypt the traffic between the browser and server use `code-server --cert`
followed by the path to your certificate. Additionally, you can use certificate
keys with `--cert-key` followed by the path to your key. If you pass `--cert`
without any path code-server will generate a self-signed certificate.
You can use [Let's Encrypt](https://letsencrypt.org/) to get an SSL certificate
for free.
### Nginx Reverse Proxy ### Nginx Reverse Proxy
The trailing slashes are important. The trailing slashes are important.