Code-server: [v2.1638-vsc1.39.2] Unable to start latest CS with HTTPS

Created on 25 Oct 2019  路  10Comments  路  Source: cdr/code-server


  • code-server version: 2.1638-vsc1.39.2
  • OS Version: Debian Buster Container (php-apache), running on a RHEL7 docker swarm

Description

Release notes state...

If you aren't doing SSL termination elsewhere you can directly give code-server a certificate with code-server --cert followed by the path to your certificate. Additionally, you can use certificate keys with --cert-key followed by the path to your key. If you pass --cert without any path code-server will generate a self-signed certificate.

code-server --help says...

--cert Path to certificate. If the path is omitted,
both this and --cert-key will be generated.

Neither of which has changed from the previous beta release 2.1523-vsc1.38.1

So I run with the same arguments that was working before...

PASSWORD=xxxx code-server .  --port 8443 --auth password --cert '' --disable-telemetry

But it fails to set up a HTTPS with self-signed certificate

info  Server listening on http://localhost:8443
info    - Using custom password for authentication
info    - Not serving HTTPS

Which brings us back to a point I made before in https://github.com/cdr/code-server/issues/1052 , now closed.
How can you specify no path for --cert option without that option being the last option in the command line?

Assuming that is the problem, I made the --cert option the last option with nothing following...

PASSWORD=xxxxx code-server .  --port 8443 --auth password --disable-telemetry --cert

produces the same result

ASIDE: I have noted before that I no longer not need to specify --auth password as it is again the default, as it was for CS v1

bug
Source
picture antofthy

Most helpful comment

@antofthy You should be able to do either --cert (path omitted) or --cert '' (empty path).
The handling of arguments are done by vscode's argument parser

$> ./code-server --cert --port 1111
info  Server listening on https://localhost:1111
info    - Password is b6d827dd8816cea54a9169a9
info      - To use your own password, set the PASSWORD environment variable
info      - To disable use `--auth none`
info    - Using generated certificate and key for HTTPS

$> ./code-server --cert "" --port 2222
info  Server listening on https://localhost:2222
info    - Password is 1608e07b2adac35565001d46
info      - To use your own password, set the PASSWORD environment variable
info      - To disable use `--auth none`
info    - Using generated certificate and key for HTTPS
picture featherbear on 28 Oct 2019
👍2 🎉1

All 10 comments

This behaviour is caused by this condition on vscode/src/vs/platform/environment/node/argv.ts#L184

String properties require an argument, so the condition fails and the key is not added.

Perhaps we could modify the process.argv in [node/cli.ts#L86] and prefix a dummy character so that the argument will be parsed - but that's probably error prone

featherbear picture featherbear on 25 Oct 2019

PR merged into October 2019 milestone

featherbear picture featherbear on 25 Oct 2019

Yeah it broke when we updated to VS Code 1.39.2. I ended up just manually checking the arguments for the existence of --cert. https://github.com/cdr/code-server/issues/1101

Will have a new release out before the end of today.

code-asher picture code-asher on 25 Oct 2019

Although the "proper" solution would probably be to add a new type that can be either boolean or string and parse it accordingly.

code-asher picture code-asher on 25 Oct 2019

Might run in to lexical parsing issues though

featherbear picture featherbear on 25 Oct 2019

I did some testing and I think the only issue we have is if something like this is done:

code-server -- --cert

Where we're trying to open a directory called --cert. So we should probably only check up to a --.

I was also concerned about something like:
`` code-server --base-path "--cert" ```` Where the base path is literally--cert` but it seems the parser in this case still parses these as two options so it seems we're OK here.

There might be other scenarios I'm missing; do you have any thoughts?

code-asher picture code-asher on 25 Oct 2019

I did some testing and I think the only issue we have is if something like this is done:

code-server -- --cert

Where we're trying to open a directory called --cert. So we should probably only check up to a --.

I was also concerned about something like:

code-server --base-path "--cert"

Where the base path is literally --cert but it seems the parser in this case still parses these as two options so it seems we're OK here.

There might be other scenarios I'm missing; do you have any thoughts?

Yup, as long as it's enclosed it won't be matched.

But yeah, I think it's better to address the parsing than to monkey patch a fix

I think b8e6369fbeb6764bb3a00dd1245e7b5be748d22e introduces some unwanted rigidity into the software (_Checking on command line args_). Perhaps it should be extensible to allow all of the option flags to be set via environment variables

PR has been merged into vscode https://github.com/microsoft/vscode/commit/f2c1232c6f509aed2bdeb8b79e98cd3550ba31f1 and I believe that will break your check.
Any explicitly defined argument (cert) will now be passed into the returned arguments.

featherbear picture featherbear on 25 Oct 2019

Ahhh I see what you're saying. Thanks for the heads up on that PR!!

So we could just revert the aforementioned monkey-patch and then patch in the fix from https://github.com/microsoft/vscode/commit/f2c1232c6f509aed2bdeb8b79e98cd3550ba31f1 until it makes its way into code-server properly.

code-asher picture code-asher on 25 Oct 2019

So after all this...

How to you specify --cert with no argument? Especially if other options follow?

Give it a blank argument as I have done in the past? Or just a bad filename?
Or its a filename without a full path (starting with '/')?
Or does it know that if the next argument starts with a '--' is it an option and their is no argument?

It isn't just that it failed, it is also documenting how to specify no argument!

In my thinking adding an option of -cert-self-signed would make it clear,
without inconsistencies, or problems in trying to document it.

Tesing new release....
--cert '' is working as it did before in code-server2.1650-vsc1.39.2

antofthy picture antofthy on 28 Oct 2019

@antofthy You should be able to do either --cert (path omitted) or --cert '' (empty path).
The handling of arguments are done by vscode's argument parser

$> ./code-server --cert --port 1111
info  Server listening on https://localhost:1111
info    - Password is b6d827dd8816cea54a9169a9
info      - To use your own password, set the PASSWORD environment variable
info      - To disable use `--auth none`
info    - Using generated certificate and key for HTTPS

$> ./code-server --cert "" --port 2222
info  Server listening on https://localhost:2222
info    - Password is 1608e07b2adac35565001d46
info      - To use your own password, set the PASSWORD environment variable
info      - To disable use `--auth none`
info    - Using generated certificate and key for HTTPS
featherbear picture featherbear on 28 Oct 2019
👍2 🎉1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

nol166 picture nol166  路  3Comments
broady picture broady  路  3Comments
grant picture grant  路  3Comments
korzq picture korzq  路  3Comments
tecosaur picture tecosaur  路  3Comments