diff --git a/procedures/vscode-server-mk7-deploy.md b/procedures/vscode-server-mk7-deploy.md index 7cdcfe0..6769d53 100644 --- a/procedures/vscode-server-mk7-deploy.md +++ b/procedures/vscode-server-mk7-deploy.md @@ -20,10 +20,9 @@ This document describes the deployment of [Microsoft VS Code: Server](https://co | **Host** | MK7 (mark-vii.ai.home) | | **Swarm Mode** | `replicated` with placement constraint `node.hostname == mark-vii.ai.home` | | **Container IP** | Swarm overlay (10.0.1.x/24) via `traefik-public` network | -| **Published Port** | `8443:3000` (Swarm ingress) | | **Internal Service Port** | `3000` | -| **Traefik Endpoint** | `vscode.ai.home` → `192.168.7.7:8443` | -| **DNS Record** | `A` record `vscode.ai.home` → `192.168.7.7` (Technitium) | +| **Traefik Endpoint** | `vscode.ai.home` → `http://192.168.7.7:8443` | +| **DNS Record** | `CNAME` `vscode.ai.home` → `traefik.ai.home` (Technitium) | | **Image** | `lscr.io/linuxserver/openvscode-server:latest` | | **Marketplace** | Microsoft (official) — Remote-SSH available natively | @@ -71,8 +70,6 @@ services: # Generate a random hex token: openssl rand -hex 16 - CONNECTION_TOKEN= - DEFAULT_WORKSPACE=/config/workspace - ports: - - '8443:3000' volumes: - vscode_data:/config/workspace - type: bind @@ -100,6 +97,37 @@ networks: external: true ``` +**Note:** Traefik on this cluster uses the **file provider** (not Docker provider). Swarm labels are informational only. You must also add a route file to Traefik's dynamic config directory. + +### 3a. Traefik Route File + +Create `/opt/iron-legion/docker-swarm/traefik/dynamic/vscode.yml` on the MK7 host: + +```yaml +http: + routers: + vscode-http: + rule: "Host(`vscode.ai.home`)" + entryPoints: + - web + service: vscode + vscode-https: + rule: "Host(`vscode.ai.home`)" + entryPoints: + - websecure + service: vscode + tls: {} + + services: + vscode: + loadBalancer: + servers: + - url: "http://192.168.7.7:8443" + passHostHeader: true +``` + +Traefik auto-reloads file provider configs on change. + ### 3. Deploy via Swarm ```bash @@ -118,10 +146,8 @@ sudo docker logs $(docker ps -q -f name=vscode) ## Access URLs -| Mode | URL | Notes | -|------|-----|-------| -| Direct (HTTP) | `http://192.168.7.7:8443/?tkn=` | Lan-only, no SSL | -| Via Traefik (HTTPS) | `https://vscode.ai.home/?tkn=` | Requires DNS + valid Traefik cert | +| Direct (HTTP) | `http://192.168.7.7:8443/?tkn=` | Lan-only, no SSL (if port published) | +| Via Traefik (HTTPS) | `https://vscode.ai.home/?tkn=` | Recommended — CNAME to traefik.ai.home | **Token location:** Set in compose `CONNECTION_TOKEN` env var.