How to configure VS Code with Apache2 to Prevent Unwanted Access

In order to do this you will need a two things

  • A Google Cloud Instance with code-server installed
  • A custom domain (if you don’t have access to one allready check for any 1 year free deals, providers such as offer this on all domains)

Apache2 Install

Open up your terminal via SSH and type these commands in order to install Apache2.

sudo apt update
sudo apt-get install apache2

Once finished installing type your machines static external IP we set in the previous tutorial into your web browser of choice and should be greated by the Apache2 default loading page letting you know you have successfuly installed Apache2.

Apache2 Reverse Proxy and Subdomain Creation

Now we are going to edit the Apache2 configuration files. Our goal here is to protect the code-server by using a reverse proxy. A reverse proxy server is a type of proxy server that will sit behind the firewall in a private network and directs client requests to the appropriate backend server.

Combined with HTTPS this will allow us to securely connect to our VS Code server without worrying about potential intruders taking over the machine.

We are also going to create the subdomain. This will free up our primary domain for our website which we will create in a later tutorial.

Navigate to the sites-available folder by typing this command.

cd /etc/apache2/site-available

Here there is the file 000-defualt.conf, this is the defualt virtual host file for apache2. These files are what Apache2 uses to direct web requests to different websites you are hosting. We will be using the command below to create our own conf file for VS Code.

Replace with the domain you have aquired.

sudo nano

This will open up a blank text editor where you can paste this configuration with a few edits. You must replace the ‘yourinternalIP’ with yours, this can be seen in the Google Cloud Compute Engine console. You must also replace with your own custom domain.

 <VirtualHost *:80>
   RewriteEngine On
   RewriteCond %{HTTP:Upgrade} =websocket [NC]
   RewriteRule /(.*)           ws://yourinternalIP:8080/$1 [P,L]
   RewriteCond %{HTTP:Upgrade} !=websocket [NC]
   RewriteRule /(.*)           http://yourinternalIP:8080/$1 [P,L]
   ProxyRequests off
   RequestHeader set X-Forwarded-Proto https
   RequestHeader set X-Forwarded-Port 443
   ProxyPass / http://yourinternalIP:8080/ nocanon
   ProxyPassReverse / http://yourinternalIP:8080/

   Redirect permanent /

   RewriteCond %{HTTP_HOST} ^www\.code.sitesimplicity\$
   RewriteRule ^/?$ "https\:\/\/code.sitesimplicity\\/" [R=301,L]

RewriteCond %{SERVER_NAME}
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

Type CTRL X and then Y to save the configuration

To enable this configuration type:

sudo a2ensite
sudo systemctl reload apache2

Now we have configured finished configuring Apache2 we will be creating our A Name Record with our domain hosting provider in order to link our VM’s static IP address to the custom domain.

Leave a comment

Your email address will not be published. Required fields are marked *