Coder OSS - code-server certificate issue
Hi all,
I've been stumped on this so I'm hoping maybe someone here has seen this before and has any ideas for how to approach solving this. The goal is to host code-server as a Coder workspace. When I try to open the code-server web view, I see the attached screen. It says "code-server is offline! x509: certificate signed by unknown authority." Here are some configuration details:
I'm running Coder OSS on RHEL 8 using Docker Compose. The docker-compose.yaml for the Coder service has the following changes:
I've set up code-server using the docker-code-server template. To get it to work, I made some modifications to the template's
The code-server container logs show the following error:
Some research into this specific error led me to discover that Go looks for trusted authorities in a directory that is machine specific. I've added the binary (*.crt) certs to that folder on the code-server container, but I'm still getting this error.
If anyone has any thoughts, I'd greatly appreciate it!
I've been stumped on this so I'm hoping maybe someone here has seen this before and has any ideas for how to approach solving this. The goal is to host code-server as a Coder workspace. When I try to open the code-server web view, I see the attached screen. It says "code-server is offline! x509: certificate signed by unknown authority." Here are some configuration details:
I'm running Coder OSS on RHEL 8 using Docker Compose. The docker-compose.yaml for the Coder service has the following changes:
coder.mydomain.tld.cer is a web server certificate chain signed by my domain controller CA. Accessing https://coder.mydomain.tld works on my devices (both via browser & cli) and the cert chain seems to be configured correctly. The docker host has had the domain CAs added to the trusted ca store.I've set up code-server using the docker-code-server template. To get it to work, I made some modifications to the template's
main.tf in order to run a script that fetches the certs and adds them to the container's trusted store before downloading the coder agent (this was required to allow curl to securely fetch the agent from the coder service).The code-server container logs show the following error:
Some research into this specific error led me to discover that Go looks for trusted authorities in a directory that is machine specific. I've added the binary (*.crt) certs to that folder on the code-server container, but I'm still getting this error.
If anyone has any thoughts, I'd greatly appreciate it!
