Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

coder-app cannot connect to coder server when coder is deployed offline with docker-compose and self-signed SSL cert#16912

Unanswered
ParticleG asked this question inGeneral
Discussion options

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

If we use CODER_ACCESS_URL to specify a direct HTTPS access, the coder-apps would always be spinning and never shows up, if we use NginX to reverse proxy HTTPS request to coder-server's HTTP port, and set CODER_ACCESS_URL to thehttp address, then access thehttps URL, then appscan be accessed, but health check icon remains a question mark. As long as CODER_ACCESS_URL is a HTTPS URL, we couldn't access coder-apps, no mater we use reverse proxy or not.

Relevant Log Output

Expected Behavior
CODER_ACCESS_URL can be set to a HTTPS URL and all app and management services are available
Steps to Reproduce
Current partially working configs, with question mark on healthz-check
docker-compose.yaml:
service:coder:build:context:.dockerfile:Dockerfileports:      -"7080"      -“7443”environment:CODER_HTTP_ADDRESS:"0.0.0.0:7080"CODER_TLS_ADDRESS:"0.0.0.0:7443"CODER_TLS_ENABLE:"true"CODER_TLS_CERT_FILE:"/etc/ssl/certs/cmwcoder.pem"CODER_TLS_KEY_FILE:"/etc/ssl/private/cmwcoder.key"CODER_TLS_CLIENT_AUTH:"none"CODER_TLS_ALLOW_INSECURE_CIPHERS:"true"CODER_ACCESS_URL:"http://cmwcoder.h3c.com"CODER_WILDCARD_ACCESS_URL:"*.cmwcoder.h3c.com"CODER_BLOCK_DIRECT:"true"CODER_DERP_SERVER_STUN_ADDRESSES:"disable"CODER_PG_CONNECTION_URL:"postgresql://${POSTGRES_USER:-username}:${POSTGRES_PASSWORD:-password}@database/${POSTGRES_DB:-coder}?sslmode=disable"CODER_DISABLE_NETWORK_TELEMETRY:"true"CODER_UPDATE_CHECK:"false"# ...
NginX config:
server {  listen 80;  server_name 10.113.36.121 cmwcoder.h3c.com;  location / {    proxy_pass http://127.0.0.1:7080/;    proxy_http_version 1.1;    proxy_ssl_server_name on;    proxy_set_header Upgrade $http_upgrade;    proxy_set_header Connection upgrade;    proxy_set_header Host $host;    proxy_set_header X-Real-IP $remote_addr;    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;    proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;    add_header Strict-Transport-Security"max-age=15552000; includeSubDomains" always;  }# ...}server {  server_name 10.113.36.121 cmwcoder.h3c.com;  listen 443 ssl;  listen [::]:443 sslipv6only=on;  ssl_certificate cmwcoder.pem;  ssl_certificate_key cmwcoder.key;  location / {    proxy_pass https://127.0.0.1:7443/;    proxy_http_version 1.1;    proxy_ssl_server_name on;    proxy_set_header Upgrade $http_upgrade;    proxy_set_header Connection upgrade;    proxy_set_header Host $host;    proxy_set_header X-Real-IP $remote_addr;    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;    proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;    add_header Strict-Transport-Security"max-age=15552000; includeSubDomains" always;  }# ...}
Environment
  • Host OS: Ubuntu 22.04
  • Coder version: 2.19.0
Additional Context
No response
You must be logged in to vote
Replies:      1 comment
Comment options
Can anyone help? It seems the agent can't curl  theaccess_url because of the self signed certificate
You must be logged in to vote
                    0 replies
Sign up for freeto join this conversation on GitHub.    Already have an account?Sign in to comment
        Labels
        None yet
      1 participant
@ParticleG
        Converted from issue
        This discussion was converted from issue #16811 on March 13, 2025 16:55.
  



[8]ページ先頭


©2009-2025 Movatter.jp