Make url and port viewer configurable #1271
Conversation
|
From the viewpoint of security, I am against making host configurable, which would unintentionally allow remote access to local pdf and other files. That would require us to implement access control of the server. I want to avoid that. We should force users to use a reverse proxy with access control, e.g., ssh port forwarding. I think making port configurable is not a problem. |
I agree. Actually I am using HTTP basic authentication for the whole code-server. A warning could be added to warn user about potential risks. I think only advanced users who are aware of this risk as well as how to prevent it will bother modifying this configuration. So this is not a severe issue. |
|
Would it be sufficient to have port configurable? |
|
No. Even if I use nginx to reverse proxy it, it is still not possible to launch viewer from ide since the url is still localhost. |
|
I am strongly against making host configurable. Users often copy and paste their settings from blog entries and stackoverflow without thinking about security risks. Assuming "only advanced users" is too optimistic. Using nginx is not an appropriate solution. Please use ssh port forwarding. Then, it would be sufficient to have port configurable. |
|
Is it possible to add cookies check or some authentication to the preview server? I think this can be enabled with a custom url. |
|
The discussion seems to have gone beyond the original scope of the PR. For now, it will only merge the port configuration feature and will leave any further improvements on supporting |
We do not make url configurable because of security issues.
|
I want to provide code-server in jupyter docker with jupyterhub, so the PDF viewer still needed. |
Use the following configuration variables
This is related to #1265.