wip

Author: nhooyr

Diff for: doc/FAQ.md

@@ -1,8 +1,29 @@
+<!-- START doctoc generated TOC please keep comment here to allow auto update -->
+<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
 # FAQ
 
+- [Questions?](#questions)
+- [What's the deal with extensions?](#whats-the-deal-with-extensions)
+- [How is this different from VS Code Online?](#how-is-this-different-from-vs-code-online)
+- [How should I expose code-server to the internet?](#how-should-i-expose-code-server-to-the-internet)
+- [How do I securely access web services?](#how-do-i-securely-access-web-services)
+  - [Sub-domains](#sub-domains)
+  - [Sub-paths](#sub-paths)
+- [x86 releases?](#x86-releases)
+- [Multi Tenancy](#multi-tenancy)
+- [Docker in code-server docker container?](#docker-in-code-server-docker-container)
+- [Collaboration](#collaboration)
+- [How can I disable telemetry?](#how-can-i-disable-telemetry)
+- [How does code-server decide what workspace or folder to open?](#how-does-code-server-decide-what-workspace-or-folder-to-open)
+- [GPG and SSH forwarding](#gpg-and-ssh-forwarding)
+- [Enterprise](#enterprise)
+
+<!-- END doctoc generated TOC please keep comment here to allow auto update -->
+
 ## Questions?
 
-Please file all questions and support requests at https://www.reddit.com/r/codeserver/
+Please file all questions and support requests at https://www.reddit.com/r/codeserver/.
+
 The issue tracker is only for bugs.
 
 ## What's the deal with extensions?
@@ -34,6 +55,8 @@ code-server is open source and can be freely run on any machine.
 
 ## How should I expose code-server to the internet?
 
+### sshcode
+
 By far the most secure method of using code-server is via
 [sshcode](https://github.com/codercom/sshcode) as it runs code-server and then forwards
 its port over SSH and requires no setup on your part other than having a working SSH server.
@@ -44,21 +67,25 @@ and securely sign commits without duplicating your keys onto the the remote mach
 1. https://developer.github.com/v3/guides/using-ssh-agent-forwarding/
 1. https://wiki.gnupg.org/AgentForwarding
 
-If you cannot use sshcode, then you will need to ensure there is some sort of authorization in
-front of code-server and that you are using HTTPS to secure all connections.
+### Direct
+
+If you cannot use sshcode, then you will need to expose code-server directly
+to the internet and ensure there is some sort of authorization and that you
+are using HTTPS to secure all connections.
 
-By default when listening externally, code-server enables password authentication using a
-randomly generated password so you can use that. You can set the `PASSWORD` environment variable
-to use your own instead. If you want to handle authentication yourself, use `--auth none`
-to disable password authentication.
+By default, code-server enables password authentication using a
+randomly generated password so you can use that. You can set the `PASSWORD`
+environment variable to use your own instead. If you want to handle
+authentication yourself, use `--auth none` to disable password authentication.
 
 **note**: code-server will rate limit password authentication attempts at 2 a minute and 12 an hour.
 
 If you want to use external authentication you should handle this with a reverse
 proxy using something like [oauth2_proxy](https://github.com/pusher/oauth2_proxy).
 
-For HTTPS, you can use a self signed certificate by passing in just `--cert` or pass in an existing
-certificate by providing the path to `--cert` and the path to its key with `--cert-key`.
+For HTTPS, you can use a self signed certificate by passing in just `--cert` or
+pass in an existing certificate by providing the path to `--cert` and the path to
+its key with `--cert-key`.
 
 If `code-server` has been passed a certificate it will also respond to HTTPS
 requests and will redirect all HTTP requests to HTTPS. Otherwise it will respond
@@ -101,10 +128,6 @@ Just browse to `/proxy/<port>/`.
 node has dropped support for x86 and so we decided to as well. See
 [nodejs/build/issues/885](https://github.com/nodejs/build/issues/885).
 
-## Alpine builds?
-
-Just install `libc-dev` and code-server should work.
-
 ## Multi Tenancy
 
 If you want to run multiple code-server's on shared infrastructure, we recommend using virtual
@@ -127,8 +150,9 @@ to make volume mounts in any other directory work.
 
 ## Collaboration
 
-At the moment we have no plans for multi user collaboration on code-server but we understand there is strong
-demand and will work on it when the time is right.
+We understand the high demand but tgihe team is swamped right now.
+
+You can follow progress at [#33](https://github.com/cdr/code-server/issues/33).
 
 ## How can I disable telemetry?
 

Diff for: doc/setup.md

@@ -0,0 +1,144 @@
+<!-- START doctoc generated TOC please keep comment here to allow auto update -->
+<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
+# Setup Guide
+
+- [Machine](#machine)
+  - [Requirements](#requirements)
+- [Install](#install)
+- [Authentication](#authentication)
+
+<!-- END doctoc generated TOC please keep comment here to allow auto update -->
+
+This guide will explain how to setup and use code-server. To reiterate, code-server
+lets you run VS Code on a remote server and then access it via a browser.
+
+See the [README](../README.md) for a general overview and the [FAQ](./FAQ.md) for further docs.
+
+## Machine
+
+First, you need a machine to run code-server on. You can use a physical
+machine you have lying around or use a VM on GCP/AWS.
+
+### Requirements
+
+- 64-bit OS
+- At least 1 GB of RAM.
+- At least 2 cores
+- For Linux: GLIBC >= v2.17 and GLIBCXX >= 3.4.15
+
+You can use whatever linux distribution floats your boat.
+
+## Install
+
+You can manually install by downloading from our
+[releases page](https://github.com/cdr/code-server/releases) but the below options are more convenient.
+
+### Linux
+
+```bash
+curl --silent https://raw.githubusercontent.com/cdr/code-server/issue-1396/install_helper.sh | bash
+```
+
+The above script will download the latest release of code-server into
+`~/.local/share/code-server/<version>`. It will symlink the installed release into
+`~/.local/bin/code-server` so you'll need to make sure you have `~/.local/bin` in `$PATH`.
+
+### Mac
+
+**We are working on this in [#1542](https://github.com/cdr/code-server/issues/1542).**
+
+```bash
+brew install code-server
+```
+
+## Operation
+
+There are several approaches to operating and exposing code-server.
+
+Since you can gain access to a terminal from within code-server, never, ever
+expose it directly to the internet without some form of authentication and encryption.
+
+By default, code-server will always enable password authentication which will
+require you to copy the password from the code-server output to access it. You
+can set a custom password with $PASSWORD.
+
+With all that said, let's go through some secure setups.
+
+**note**: You can list the full set of code-server options with `code-server --help`
+
+### SSH
+
+A very secure and convenient approach is with [sshcode](https://github.com/codercom/sshcode) ([FAQ](https://github.com/cdr/code-server/blob/setup/doc/FAQ.md#sshcode))
+to start code-server on any Linux machine over SSH. We highly recommend this unless you
+need to access code-server from a machine without ssh such as an iPad.
+
+### Self Signed
+
+This example shows how to run code-server with a self signed certificate.
+You'll get a warning when accessing but if you click through you should be good.
+
+```bash
+./code-server --host 0.0.0.0 --cert --port 8080
+```
+
+Now, visit `https://<your-server-ip>:8080` to access code-server.
+
+**note:** Self signed certificates do not work with iPad and will cause a blank page so check out the Domain section below
+
+#### mkcert
+
+You can use [mkcert](https://github.com/FiloSottile/mkcert) if you want a self signed
+certificate automatically trusted by your operating system:
+
+You'd run `mkcert` locally to generate the certificate:
+
+```
+mkcert <server-ip>
+```
+
+And then transfer the certificate and key file to your server and run:
+
+```bash
+./code-server --host 0.0.0.0 --cert=<server-ip>.pem --cert-key=<server-ip>-key.pem --port 8080
+```
+
+### Domain
+
+Let's say you don't want to use a self signed certificate like in the basic example. In order to
+get a non self signed certificate, you'll need a domain name.
+
+The easiest way is to put cloudflare in front of code-server and have it
+
+1. You can put cloudflare in front of code-server and have it act as a proxy for all requests
+    - It will fetch the TLS certificate for you so you don't have to manage anything
+    - We highly recommend this approach as it requires very little effort on your part, just sign
+      up for cloudflare and follow their instructions
+1. You can put nginx or another proxy in front and use their letsencrypt integrations
+1. You could generate a single one off letsencrypt
+
+### Persistence?
+
+So the above examples only demonstrate how to execute `code-server` from a terminal but you really
+want to use your operating system's init system to manage code-server. i.e systemd for Linux, launchd
+for macOS etc.
+
+Here's an example systemd unit file:
+
+```
+[Unit]
+Description=code-server
+After=network.target
+
+[Service]
+ExecStart=/usr/local/bin/code-server
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+```
+
+Depends on your platform/distribution.
+
+## How do I securely access web services?
+
+See the [FAQ](https://github.com/cdr/code-server/blob/master/doc/FAQ.md#how-do-i-securely-access-web-services).