code-server: [Bug]: Unable to forward remotehost:port
Is there an existing issue for this?
- I have searched the existing issues
OS/Web Information
- Web Browser: Safari
- Local OS: MacOS
- Remote OS: Linux
- Remote Architecture: amd64
code-server --version: 4.8.0
Steps to Reproduce
- Spawn a service in a neighbour container
- Under ports, paste container-ip:host
- It tells remotehost:port is forwarded, but it is unable to do
When I open the forwarded URL proxy, it says
connect ECONNREFUSED 0.0.0.0:8080
Expected
The service running at remotehost:port should be forwarded via web proxy
Actual
Only locally running ports are being forwarded and remorehost:port is not being forwarded unlike VS Code Desktop. It is not even respecting the host part and just attempting to forward a locally running port.
Logs
No response
Screenshot/Video
No response
Does this issue happen in VS Code or GitHub Codespaces?
- I cannot reproduce this in VS Code.
- I cannot reproduce this in GitHub Codespaces.
Are you accessing code-server over HTTPS?
- I am using HTTPS.
Notes
No response
About this issue
- Original URL
- State: open
- Created 2 years ago
- Comments: 26 (18 by maintainers)
Great points and thank you for the links!!
I prefer the query parameter as well but I am concerned that the application itself might use query parameters and have one called
ipor maybe it is an app with multiple pages and navigating to a page drops theipquery parameter.If we embed it into the path on the other hand the application would not be able to mess it up.
We could make it a requirement that applications running behind code-server’s proxy specially treat the
ipquery variable if it exists but I could see that not going too well. XD@code-asher @jsjoeio Please make sure that proxying is restricted to the following ranges:
IPv4
10.0.0.0/8^1172.16.0.0/12^1192.168.0.0/16^1plus
127.0.0.1^2/localhost.IPv6
fc00::/7^3plus
::1^4/localhost.Proxying to arbitrary IPs must be prevented.
👉 Otherwise, this opens up an incredible number of (undesirable) use cases.
Only if format
/proxy/{{ip}}/{{port}}/[path/to/page]is settled on.If format
/proxy/{{port}}/[path/to/page]?ip=192.0.2.2^1 is settled on and query string parameteripis unset I expect to default tolocalhost.I don’t think so… If the IP is reachable, code-server should forward it. I don’t know how protocols like MySQL or MongoDB work in HTTPS… There should be some way!
I am facing relatively same problem. If I run a Node App on port 3000 via Code-Server container and NGinx Proxy module, it’s not accessible via url/proxy/3000 port. How to get rid of proxy/ and allow it like URL:3000 ?
I like the idea of a whitelist that you can extend or override through the config.yaml or command-line flags although it does seem pretty easy to bypass. You could spin up or write your own proxy, access it through code-server’s proxy, then access whatever you want anyway.
@benz0li I like how you think. So we will leave
VSCODE_PROXY_URIalone. If for some reason applications/extensions do start needing to specify a non-localhost IP we can revisit. The algorithm you laid out for differentiating looks great to me as well.@sibidharan Ahh I skipped over the part about non-HTTP protocols, thanks for pointing that out! Your solution makes sense to me.
But that means we need to encode the IP into the proxy URL somehow.
/proxy/3000?ip=[ip]or/proxy/[ip]/3000for example.Actually we should just always leave the IP alone I think and when it is missing then we default to localhost.
I believe we have the proxy hardcoded to localhost right now so we will need to fix that.