Iron-Legion/documentation
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: Update vscode-server procedure for Traefik file provider

Browse Source 
- Remove host port publish (8443) from compose
- Document Traefik file provider route requirement
- Add example dynamic config for vscode.ai.home
- Fix DNS guidance: CNAME to traefik.ai.home
This commit is contained in:
F.R.I.D.A.Y.
2026-06-02 21:35:01 -04:00
parent 11d70c9531
commit 1b6c73d13b
1 changed files with 35 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
procedures/vscode-server-mk7-deploy.md
View File

@@ -20,10 +20,9 @@ This document describes the deployment of [Microsoft VS Code: Server](https://co
| **Host** | MK7 (mark-vii.ai.home) | | **Host** | MK7 (mark-vii.ai.home) |
| **Swarm Mode** | `replicated` with placement constraint `node.hostname == mark-vii.ai.home` | | **Swarm Mode** | `replicated` with placement constraint `node.hostname == mark-vii.ai.home` |
| **Container IP** | Swarm overlay (10.0.1.x/24) via `traefik-public` network | | **Container IP** | Swarm overlay (10.0.1.x/24) via `traefik-public` network |
| **Published Port** | `8443:3000` (Swarm ingress) |
| **Internal Service Port** | `3000` | | **Internal Service Port** | `3000` |
| **Traefik Endpoint** | `vscode.ai.home``192.168.7.7:8443` | | **Traefik Endpoint** | `vscode.ai.home``http://192.168.7.7:8443` |
| **DNS Record** | `A` record `vscode.ai.home``192.168.7.7` (Technitium) | | **DNS Record** | `CNAME` `vscode.ai.home``traefik.ai.home` (Technitium) |
| **Image** | `lscr.io/linuxserver/openvscode-server:latest` | | **Image** | `lscr.io/linuxserver/openvscode-server:latest` |
| **Marketplace** | Microsoft (official) — Remote-SSH available natively | | **Marketplace** | Microsoft (official) — Remote-SSH available natively |
@@ -71,8 +70,6 @@ services:
# Generate a random hex token: openssl rand -hex 16 # Generate a random hex token: openssl rand -hex 16
- CONNECTION_TOKEN=<RANDOM_HEX_TOKEN> - CONNECTION_TOKEN=<RANDOM_HEX_TOKEN>
- DEFAULT_WORKSPACE=/config/workspace - DEFAULT_WORKSPACE=/config/workspace
ports:
- '8443:3000'
volumes: volumes:
- vscode_data:/config/workspace - vscode_data:/config/workspace
- type: bind - type: bind
@@ -100,6 +97,37 @@ networks:
external: true external: true
``` ```
**Note:** Traefik on this cluster uses the **file provider** (not Docker provider). Swarm labels are informational only. You must also add a route file to Traefik's dynamic config directory.
### 3a. Traefik Route File
Create `/opt/iron-legion/docker-swarm/traefik/dynamic/vscode.yml` on the MK7 host:
```yaml
http:
routers:
vscode-http:
rule: "Host(`vscode.ai.home`)"
entryPoints:
- web
service: vscode
vscode-https:
rule: "Host(`vscode.ai.home`)"
entryPoints:
- websecure
service: vscode
tls: {}
services:
vscode:
loadBalancer:
servers:
- url: "http://192.168.7.7:8443"
passHostHeader: true
```
Traefik auto-reloads file provider configs on change.
### 3. Deploy via Swarm ### 3. Deploy via Swarm
```bash ```bash
@@ -118,10 +146,8 @@ sudo docker logs $(docker ps -q -f name=vscode)
## Access URLs ## Access URLs
| Mode | URL | Notes | | Direct (HTTP) | `http://192.168.7.7:8443/?tkn=<TOKEN>` | Lan-only, no SSL (if port published) |
|------|-----|-------| | Via Traefik (HTTPS) | `https://vscode.ai.home/?tkn=<TOKEN>` | Recommended — CNAME to traefik.ai.home |
| Direct (HTTP) | `http://192.168.7.7:8443/?tkn=<TOKEN>` | Lan-only, no SSL |
| Via Traefik (HTTPS) | `https://vscode.ai.home/?tkn=<TOKEN>` | Requires DNS + valid Traefik cert |
**Token location:** Set in compose `CONNECTION_TOKEN` env var. **Token location:** Set in compose `CONNECTION_TOKEN` env var.