docs: Update vscode-server procedure for Traefik file provider

- Remove host port publish (8443) from compose - Document Traefik file provider route requirement - Add example dynamic config for vscode.ai.home - Fix DNS guidance: CNAME to traefik.ai.home
2026-06-02 21:35:01 -04:00
parent 11d70c9531
commit 1b6c73d13b
1 changed files with 35 additions and 9 deletions
--- a/procedures/vscode-server-mk7-deploy.md
+++ b/procedures/vscode-server-mk7-deploy.md
@@ -20,10 +20,9 @@ This document describes the deployment of [Microsoft VS Code: Server](https://co
 | **Host** | MK7 (mark-vii.ai.home) |
 | **Swarm Mode** | `replicated` with placement constraint `node.hostname == mark-vii.ai.home` |
 | **Container IP** | Swarm overlay (10.0.1.x/24) via `traefik-public` network |
-| **Published Port** | `8443:3000` (Swarm ingress) |
 | **Internal Service Port** | `3000` |
-| **Traefik Endpoint** | `vscode.ai.home` → `192.168.7.7:8443` |
-| **DNS Record** | `A` record `vscode.ai.home` → `192.168.7.7` (Technitium) |
+| **Traefik Endpoint** | `vscode.ai.home` → `http://192.168.7.7:8443` |
+| **DNS Record** | `CNAME` `vscode.ai.home` → `traefik.ai.home` (Technitium) |
 | **Image** | `lscr.io/linuxserver/openvscode-server:latest` |
 | **Marketplace** | Microsoft (official) — Remote-SSH available natively |

@@ -71,8 +70,6 @@ services:
      # Generate a random hex token: openssl rand -hex 16
      - CONNECTION_TOKEN=<RANDOM_HEX_TOKEN>
      - DEFAULT_WORKSPACE=/config/workspace
-    ports:
-      - '8443:3000'
    volumes:
      - vscode_data:/config/workspace
      - type: bind
@@ -100,6 +97,37 @@ networks:
    external: true
 ```

+**Note:** Traefik on this cluster uses the **file provider** (not Docker provider). Swarm labels are informational only. You must also add a route file to Traefik's dynamic config directory.
+
+### 3a. Traefik Route File
+
+Create `/opt/iron-legion/docker-swarm/traefik/dynamic/vscode.yml` on the MK7 host:
+
+```yaml
+http:
+  routers:
+    vscode-http:
+      rule: "Host(`vscode.ai.home`)"
+      entryPoints:
+        - web
+      service: vscode
+    vscode-https:
+      rule: "Host(`vscode.ai.home`)"
+      entryPoints:
+        - websecure
+      service: vscode
+      tls: {}
+
+  services:
+    vscode:
+      loadBalancer:
+        servers:
+          - url: "http://192.168.7.7:8443"
+        passHostHeader: true
+```
+
+Traefik auto-reloads file provider configs on change.
+
 ### 3. Deploy via Swarm

 ```bash
@@ -118,10 +146,8 @@ sudo docker logs $(docker ps -q -f name=vscode)

 ## Access URLs

-| Mode | URL | Notes |
-|------|-----|-------|
-| Direct (HTTP) | `http://192.168.7.7:8443/?tkn=<TOKEN>` | Lan-only, no SSL |
-| Via Traefik (HTTPS) | `https://vscode.ai.home/?tkn=<TOKEN>` | Requires DNS + valid Traefik cert |
+| Direct (HTTP) | `http://192.168.7.7:8443/?tkn=<TOKEN>` | Lan-only, no SSL (if port published) |
+| Via Traefik (HTTPS) | `https://vscode.ai.home/?tkn=<TOKEN>` | Recommended — CNAME to traefik.ai.home |

 **Token location:** Set in compose `CONNECTION_TOKEN` env var.