Use Apache as a Reverse Proxy

Requirements

1. Start a Coder deployment and be sure to set the following configuration values:

   CODER_HTTP_ADDRESS=127.0.0.1:3000 CODER_ACCESS_URL=https://coder.example.com CODER_WILDCARD_ACCESS_URL=*coder.example.com 

   Throughout the guide, be sure to replace coder.example.com with the domain you intend to use with Coder.

2. Configure your DNS provider to point your coder.example.com and *.coder.example.com to your server's public IP address.

   For example, to use coder.example.com as your subdomain, configure coder.example.com and *.coder.example.com to point to your server's public ip. This can be done by adding A records in your DNS provider's dashboard.

3. Install Apache (assuming you're on Debian/Ubuntu):

   sudo apt install apache2 

4. Enable the following Apache modules:

   sudo a2enmod proxy sudo a2enmod proxy_http sudo a2enmod ssl sudo a2enmod rewrite 

5. Stop Apache service and disable default site:

   sudo a2dissite 000-default.conf sudo systemctl stop apache2 

Install and configure LetsEncrypt Certbot

1. Install LetsEncrypt Certbot: Refer to the CertBot documentation. Be sure to pick the wildcard tab and select your DNS provider for instructions to install the necessary DNS plugin.

Create DNS provider credentials

This example assumes you're using CloudFlare as your DNS provider. For other providers, refer to the CertBot documentation.

1. Create an API token for the DNS provider you're using: e.g. CloudFlare with the following permissions:

   • Zone - DNS - Edit

2. Create a file in .secrets/certbot/cloudflare.ini with the following content:

   dns_cloudflare_api_token = YOUR_API_TOKEN 

   mkdir -p ~/.secrets/certbot touch ~/.secrets/certbot/cloudflare.ini nano ~/.secrets/certbot/cloudflare.ini 

3. Set the correct permissions:

   sudo chmod 600 ~/.secrets/certbot/cloudflare.ini 

Create the certificate

1. Create the wildcard certificate:

   sudo certbot certonly --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini -d coder.example.com -d *.coder.example.com 

Configure Apache

This example assumes Coder is running locally on 127.0.0.1:3000 and that you're using coder.example.com as your subdomain.

1. Create Apache configuration for Coder:

   sudo nano /etc/apache2/sites-available/coder.conf 

2. Add the following content:

   # Redirect HTTP to HTTPS<VirtualHost *:80>ServerName coder.example.com ServerAlias *.coder.example.com Redirect permanent / https://coder.example.com/ </VirtualHost><VirtualHost *:443>ServerName coder.example.com ServerAlias *.coder.example.com ErrorLog${APACHE_LOG_DIR}/error.log CustomLog${APACHE_LOG_DIR}/access.log combined ProxyPass / http://127.0.0.1:3000/ upgrade=any # required for websockets ProxyPassReverse / http://127.0.0.1:3000/ ProxyRequestsOffProxyPreserveHostOnRewriteEngineOn# Websockets are required for workspace connectivityRewriteCond%{HTTP:Connection} Upgrade [NC]RewriteCond%{HTTP:Upgrade} websocket [NC]RewriteRule /(.*) ws://127.0.0.1:3000/$1 [P,L]SSLCertificateFile /etc/letsencrypt/live/coder.example.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/coder.example.com/privkey.pem </VirtualHost>

   Don't forget to change: coder.example.com by your (sub)domain

3. Enable the site:

   sudo a2ensite coder.conf 

4. Restart Apache:

   sudo systemctl restart apache2 

Refresh certificates automatically

1. Create a new file in /etc/cron.weekly:

   sudo touch /etc/cron.weekly/certbot 

2. Make it executable:

   sudo chmod +x /etc/cron.weekly/certbot 

3. And add this code:

   #!/bin/sh sudo certbot renew -q 

And that's it, you should now be able to access Coder at your sub(domain) e.g. https://coder.example.com.