Backup_Repos/code-server
1
0
Fork 0
mirror of https://github.com/cdr/code-server.git synced 2025-12-15 12:54:40 +01:00
Code Issues Projects Releases Wiki Activity
4016 commits 24 branches 216 tags 154 MiB
Commit graph

4016 commits

This branch
This branch
All branches
Author SHA1 Message Date
Nicholas Lu Chee Seng
4e1a4eb56d
Merge branch 'main' into claude/setup-coder-server-ec2-eks-01XcBBft9jrYmZi2dRMz7iJn 2025-11-16 01:42:52 +08:00
Claude
369f459203
Add AWS Client VPN support for secure private access to code-server 
This commit adds comprehensive VPN infrastructure to enable secure,
certificate-based access to code-server deployments. VPN provides an
additional security layer by requiring network-level authentication
before accessing internal resources.

Features:
- AWS Client VPN endpoint with certificate-based authentication
- Split tunnel support (route only VPC traffic through VPN)
- CloudWatch logging for all VPN connections
- Multi-platform client support (Windows, macOS, Linux, iOS, Android)
- Automatic certificate generation and ACM upload
- Client configuration export scripts
- Integration with both EC2 and EKS deployments

New Terraform Module:
- modules/vpn: Complete AWS Client VPN infrastructure
  - VPN endpoint with configurable authentication
  - Network associations for HA across multiple AZs
  - Authorization rules for VPC access
  - Security groups for VPN traffic
  - CloudWatch log groups and streams
  - Support for SAML/federated authentication

Scripts:
- scripts/generate-vpn-certificates.sh: Generate and upload VPN certificates
  - Creates CA, server, and client certificates
  - Automatically uploads to AWS Certificate Manager
  - Outputs certificate ARNs for Terraform configuration
- scripts/export-vpn-config.sh: Export client VPN configuration
  - Downloads VPN config from AWS
  - Embeds client certificates
  - Creates platform-ready .ovpn files

Deployment Updates:
- EC2 and EKS deployments now support optional VPN
- New variables for VPN configuration
- Updated outputs to include VPN endpoint information
- Example configurations with VPN settings

Documentation:
- VPN-SETUP-GUIDE.md: Comprehensive VPN setup guide
  - Certificate generation process
  - Terraform configuration
  - Client setup for all major platforms
  - Testing and troubleshooting
  - Advanced configuration options
  - Cost considerations and optimization

Configuration Options:
- Certificate-based or SAML/SSO authentication
- Split tunnel (recommended) or full tunnel
- UDP (faster) or TCP (more reliable) transport
- Configurable session timeout (8-24 hours)
- Custom DNS servers
- Client login banner
- Multiple authorization rules

Security Features:
- X.509 certificate authentication
- Private subnet associations
- Network-level access control
- Session logging and audit trail
- Support for multi-factor (VPN cert + OAuth2/SAML)

Cost: ~$216/month base + ~$0.40/user/day for active connections
 2025-11-15 17:40:23 +00:00
Claude
b8094ac6a0
Add comprehensive Terraform infrastructure for code-server deployment on AWS 
This commit adds complete Terraform infrastructure as code for deploying
code-server on both EC2 and EKS platforms with enterprise-grade security
and SAML/OIDC authentication.

Features:
- EC2 deployment with Auto Scaling Groups and Application Load Balancer
- EKS deployment with managed node groups and AWS Load Balancer Controller
- Private network setup with VPC, private subnets, and NAT gateways
- SAML/OIDC authentication using OAuth2 Proxy
- Security hardening:
  - KMS encryption for data at rest
  - TLS encryption in transit
  - IAM roles with least privilege
  - Security groups with minimal access
  - VPC Flow Logs
  - IMDSv2 enforcement
- Auto-scaling capabilities for both EC2 and EKS
- CloudWatch logging and monitoring
- Automated deployment scripts

Terraform Modules:
- modules/vpc: VPC with public/private subnets, NAT, and VPC endpoints
- modules/security: Security groups, IAM roles, and KMS keys
- modules/ec2: EC2 Auto Scaling deployment with ALB
- modules/eks: EKS cluster with managed node groups and addons

Deployments:
- deployments/ec2: EC2 deployment configuration
- deployments/eks: EKS deployment configuration with Kubernetes manifests

Documentation:
- README.md: Comprehensive deployment and operations guide
- QUICK-START.md: Quick reference for fast deployment
- SAML-SETUP-GUIDE.md: Step-by-step IdP configuration guide

Scripts:
- scripts/deploy-ec2.sh: Automated EC2 deployment
- scripts/deploy-eks.sh: Automated EKS deployment
- scripts/destroy-ec2.sh: EC2 cleanup
- scripts/destroy-eks.sh: EKS cleanup
 2025-11-15 17:29:42 +00:00
dependabot[bot]
897b5f13bc
chore: bump playwright and @playwright/test in /test (#7534) 2025-10-28 16:14:42 -08:00
SuitDeer
282f74d9f5
Update Node.js version in Android docs from 18 to 22 (#7542) 2025-10-28 16:14:17 -08:00
dependabot[bot]
7a2a5eb055
chore: bump eslint from 9.32.0 to 9.36.0 (#7513) 2025-10-28 16:13:34 -08:00
dependabot[bot]
af397f71e2
chore: bump globals from 16.1.0 to 16.4.0 (#7511) 2025-10-28 16:13:15 -08:00
dependabot[bot]
9d89b17fd7
chore: bump express and @types/express (#7510) 2025-10-28 16:12:45 -08:00
dependabot[bot]
35e7b09a85
chore: bump actions/checkout from 4 to 5 (#7508) 2025-10-28 16:12:00 -08:00
dependabot[bot]
7beb05d04f
chore: bump aquasecurity/trivy-action from 0.32.0 to 0.33.1 (#7507) 2025-10-28 16:11:42 -08:00
dependabot[bot]
add51d5c5b
chore: bump actions/download-artifact from 4 to 5 (#7506) 2025-10-28 16:11:23 -08:00
Andrew Baldwin
db8a41bce1
Add idle timeout (#7539) 2025-10-28 16:10:56 -08:00
Olivier Benz
811ec6c1d6
Update Code to 1.105.1 (#7531) 2025-10-17 14:32:32 -08:00
Olivier Benz
30321abfcd
Update Code to 1.105.0 (#7523) 2025-10-14 13:26:57 -08:00
Olivier Benz
cd40509fbb
Update Code to 1.104.3 (#7515) 2025-10-03 10:48:01 -08:00
Asher
9fd98d58e7
Release v4.104.1 and v4.104.2 2025-10-01 14:15:07 -08:00
Olivier Benz
b0992ddb3e
Update Code to 1.104.2 (#7503) 2025-09-26 10:36:08 -08:00
Olivier Benz
af19dedfa9
Update Code to 1.104.1 (#7495) 2025-09-19 10:01:30 -08:00
Asher
d1066af558
Release v4.104.0 2025-09-15 14:36:47 -08:00
Olivier Benz
ba774d989b
Update Code to 1.104.0 (#7488) 2025-09-12 12:41:54 -08:00
Jinvien
1a7b770f5b
Fix installing extensions from the Open VSX marketplace (#7479) 
Open VSX uses a non-standard format for the `/latest` URL which must be added to the gallery config.
 2025-09-11 14:26:49 -08:00
Anthony
626145cf66
Allow custom annotation to deployment (#7481) 2025-09-11 14:24:57 -08:00
Asher
b59a4f7366
Release v4.103.1 and v4.103.2 2025-08-28 11:55:58 -08:00
Olexandr88
54b33a75e0
Add Discord link to readme (#7465) 2025-08-25 10:32:11 -08:00
Olivier Benz
3c5deac16d
Update Code to 1.103.2 (#7463) 2025-08-25 09:32:20 -08:00
Olivier Benz
fbaadbcfbc
Update Code to 1.103.1 (#7459) 2025-08-15 12:31:17 -08:00
Asher
2bbb6e8cca
Release v4.103.0 2025-08-12 14:31:17 -08:00
Olivier Benz
f1236d80b9
Update Code to 1.103.0 (#7458) 2025-08-08 17:10:23 -08:00
dependabot[bot]
b27d982c67
chore: bump prettier from 3.4.2 to 3.6.2 (#7407) 2025-08-04 12:46:32 -08:00
Asher
3f23840756 Remove import from express-serve-static-core 
Mostly because express-serve-static-core is an implicit dependency.  We
could make it explicit, but the type we imported from it is just an
alias for qs.ParsedQs anyway.
 2025-08-04 12:26:46 -08:00
Asher
e54467fb85 Run npm audit fix 2025-08-04 12:26:46 -08:00
Asher
8f738d29f2 Remove unused supertest dependency 2025-08-04 12:26:46 -08:00
Asher
5c0ff5013f Remove direct safe-buffer dependency 
We do not use it directly.
 2025-08-04 12:26:46 -08:00
dependabot[bot]
8a378df6e5
chore: bump eslint-import-resolver-typescript from 3.8.3 to 4.4.4 (#7404) 2025-08-04 11:37:04 -08:00
dependabot[bot]
a7e77ce4af
chore: bump dawidd6/action-download-artifact from 10 to 11 (#7409) 
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact) from 10 to 11.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases)
- [Commits](https://github.com/dawidd6/action-download-artifact/compare/v10...v11)

---
updated-dependencies:
- dependency-name: dawidd6/action-download-artifact
  dependency-version: '11'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-04 11:35:59 -08:00
dependabot[bot]
794def9a77
chore: bump on-headers and compression (#7427) 
Bumps [on-headers](https://github.com/jshttp/on-headers) to 1.1.0 and updates ancestor dependency [compression](https://github.com/expressjs/compression). These dependencies need to be updated together.


Updates `on-headers` from 1.0.2 to 1.1.0
- [Release notes](https://github.com/jshttp/on-headers/releases)
- [Changelog](https://github.com/jshttp/on-headers/blob/master/HISTORY.md)
- [Commits](https://github.com/jshttp/on-headers/compare/v1.0.2...v1.1.0)

Updates `compression` from 1.8.0 to 1.8.1
- [Release notes](https://github.com/expressjs/compression/releases)
- [Changelog](https://github.com/expressjs/compression/blob/master/HISTORY.md)
- [Commits](https://github.com/expressjs/compression/compare/1.8.0...v1.8.1)

---
updated-dependencies:
- dependency-name: on-headers
  dependency-version: 1.1.0
  dependency-type: indirect
- dependency-name: compression
  dependency-version: 1.8.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-04 11:33:51 -08:00
Asher
b5a2ce2522
Use error handler in session server (#7455) 2025-08-04 11:05:48 -08:00
dependabot[bot]
bc15fa461c
chore: bump form-data in /test (#7430) 
---
updated-dependencies:
- dependency-name: form-data
  dependency-version: 4.0.4
  dependency-type: indirect
- dependency-name: form-data
  dependency-version: 4.0.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-04 10:31:50 -08:00
dependabot[bot]
1805daed07
chore: bump aquasecurity/trivy-action from 0.31.0 to 0.32.0 (#7450) 
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.31.0 to 0.32.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](76071ef0d7...dc5a429b52)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.32.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-04 10:31:21 -08:00
Olivier Benz
6f3d0a7e5a
Update Code to 1.102.3 (#7444) 2025-07-30 11:28:34 -08:00
Asher
b1ad6ffcb9
Release v4.102.2 2025-07-24 14:08:12 -08:00
Olivier Benz
9f6d18ea26
Update Code to 1.102.2 (#7436) 2025-07-24 12:07:27 -08:00
Sheldon Tsen
fe7db4900a
Update values.yaml to better support dind (#7431) 2025-07-22 09:17:44 -08:00
Asher
84728f0b21
Release v4.102.1 2025-07-17 13:25:16 -08:00
Asher
aaf2d91a21
Deleted unused and outdated afdesign file 2025-07-17 13:25:15 -08:00
Olivier Benz
47e9d43922
Update Code to 1.102.1 (#7424) 2025-07-17 10:55:37 -08:00
Asher
f26309a23c
Release v4.102.0 2025-07-16 18:56:42 -08:00
Asher
0f9a0e8fb3
Revert escaping for i18n strings 
Looks like the library already escapes, so we were getting double
escaping.
 2025-07-16 18:10:11 -08:00
Asher
4029c1ec8f
Use Debian archives 
Looks like buster has reached the end of its life, but updating to
bullseye would increase the glibc version.
 2025-07-15 15:03:43 -08:00
dependabot[bot]
bbe1b7fecb
chore: bump i18next from 23.16.4 to 25.3.0 (#7406) 
Bumps [i18next](https://github.com/i18next/i18next) from 23.16.4 to 25.3.0.
- [Release notes](https://github.com/i18next/i18next/releases)
- [Changelog](https://github.com/i18next/i18next/blob/master/CHANGELOG.md)
- [Commits](https://github.com/i18next/i18next/compare/v23.16.4...v25.3.0)

---
updated-dependencies:
- dependency-name: i18next
  dependency-version: 25.3.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-15 12:40:04 -08:00