☀️

Hi Folks.

一、安装

命令安装(需要vpn)

# 添加官方仓库,安装code-sever,创建systemd服务
curl -fsSL https://code-server.dev/install.sh | sh

验证

code-server --version


# 查看服务状态
systemctl status code-server@$USER

二、配置文件路径

默认路径:~/.config/code-server/config.yaml 

bind-addr: 0.0.0.0:xxx   # 外部可访问
password: xxxx

修改后重启: 

sudo systemctl restart code-server@$USER

三、创建简易服务脚本

不建议开机自启动,长时间会导致服务器卡断 

# 开启自启动
sudo systemctl enable --now code-server@$USER

建议创建一个简易脚本,随用随启 

#!/bin/bash


USER="chunxiao"


# 定义服务名称(固定为 code-server@alice)
SERVICE="code-server@$USER"


# 检查参数是否正确
if [ $# -ne 1 ]; then
    echo "用法: $0 [start|stop|status]"
    echo "示例:"
    echo "  $0 start   - 启动 code-server@$USER 服务"
    echo "  $0 stop    - 停止 code-server@$USER 服务"
    echo "  $0 status  - 查看 code-server@$USER 服务状态"
    echo "  $0 restart - 重启 code-server@$USER 服务状态"
    echo "  $0 log     - 查看 code-server@$USER 日志"
    exit 1
fi


# 根据输入参数执行对应操作
case "$1" in
     start)
        echo "启动 $SERVICE 服务..."
        sudo systemctl start "$SERVICE"
        ;;
    restart)
        echo "重启 $SERVICE 服务..."
        sudo systemctl restart "$SERVICE"
        ;;
    stop)
        echo "停止 $SERVICE 服务..."
        sudo systemctl stop "$SERVICE"
        ;;
    status)
        echo "查看 $SERVICE 服务状态:"
		sudo systemctl status "$SERVICE" --no-pager
        ;;
    log)
        echo "查看 $SERVICE 日志:"
		journalctl -u $SERVICE.service -n 50 --no-pager
        ;;
    *)
        echo "错误:未知命令 '$1'"
        echo "用法: $0 [start|stop|status]"
        exit 1
        ;;
esac

四、开启HTTPS

注意:不开启HTTPS会导致code-server一些服务无法使用,例如markdown预览。

创建证书配置文件(解决 SAN 问题)

创建临时文件:cert.conf 

[req]
default_bits = 2048
prompt = no
default_md = sha256
x509extensions = v3ca
distinguished_name = dn


[dn]
C = CN
ST = YourProvince
L = YourCity
O = YourOrganization
OU = YourDepartment
CN = xxx.xxx.xxx.xxx  # 你的访问IP


[v3_ca]
subjectAltName = IP:xxx.xxx.xxx.xxx  # 添加IP作为SAN
keyUsage = digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
basicConstraints = CA:TRUE

生成证书和私钥

mkdir -p ~/.config/code-server/certs


# 生成证书(有效期10年,可按需修改)
openssl req -new -newkey rsa:2048 -nodes \\
  -keyout ~/.config/code-server/certs/code-server.key \\
  -out ~/.config/code-server/certs/code-server.csr \\
  -config cert.conf


openssl x509 -req -days 3650 \\
  -in ~/.config/code-server/certs/code-server.csr \\
  -signkey ~/.config/code-server/certs/code-server.key \\
  -out ~/.config/code-server/certs/code-server.crt \\
  -extensions v3_ca -extfile cert.conf


# 清理临时文件
rm cert.conf ~/.config/code-server/certs/code-server.csr

修改配置文件

在 systemd 启动环境中,~ 不会自动展开为 /home/用户名,用绝对路径 
bind-addr: 0.0.0.0:xxx
cert: /home/xxx/.config/code-server/certs/code-server.crt
cert-key: /home/xxx/.config/code-server/certs/code-server.key

重启服务

sudo systemctl restart code-server@$USER

导入证书到 Chrome 信任

下载code-server.crt文件,浏览器导入到受信任的根证书颁发机构,重启。