Debug user <--> workspace connection
As far as I've understood it, all communication between the user and his Workspace goes via tailscale tunnels - and if possible directly without the coder server in the middle.
In my PoC though I observed, that in almost all cases this tailscale connection is tunneled over the coder server's HTTPS which adds another layer (latency, overhead) and - more problematic - puts the coder server availability into the path of workspace availability which means disruptions every time coder is updated/reconfigured.
Is there a document what I need to provide infrastructure-wise to enable direct WS-access?
My test-scenario is three bare-metal machines, all air-gapped. The first runs coder as server in a docker container with port 443 forwarded to the container, the second runs docker+sysbox for WS-deployment and the third is the user's terminal with the coder-cli. I've also played around with providing a coturn instance (because the default stun server won't be reachable) but I don't really know how to set this up.
In my PoC though I observed, that in almost all cases this tailscale connection is tunneled over the coder server's HTTPS which adds another layer (latency, overhead) and - more problematic - puts the coder server availability into the path of workspace availability which means disruptions every time coder is updated/reconfigured.
Is there a document what I need to provide infrastructure-wise to enable direct WS-access?
My test-scenario is three bare-metal machines, all air-gapped. The first runs coder as server in a docker container with port 443 forwarded to the container, the second runs docker+sysbox for WS-deployment and the third is the user's terminal with the coder-cli. I've also played around with providing a coturn instance (because the default stun server won't be reachable) but I don't really know how to set this up.
