This page focuses on production-ready configuration for code-server on Linux hosts.
Primary goals are secure browser access, workspace persistence, extension governance, and safe upgrades.
code-server uses ~/.config/code-server/config.yaml for main runtime settings.
Example:
bind-addr: 127.0.0.1:8080
auth: password
password: "replace-with-long-random-password"
cert: false
# Optional defaults:
# user-data-dir: /srv/code-server/user-data
# extensions-dir: /srv/code-server/extensions
# disable-telemetry: true
Notes:
bind-addr on localhost and terminate TLS in a reverse proxy.auth: password at minimum, or disable built-in auth only when protected by trusted SSO.user-data-dir and extensions-dir to dedicated volumes.Nginx example for HTTPS + WebSocket support:
server {
listen 443 ssl http2;
server_name code.example.com;
ssl_certificate /etc/letsencrypt/live/code.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/code.example.com/privkey.pem;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Authelia, Authentik, etc.) for team deployments.Back up these paths:
~/.config/code-server/ (service config)~/.local/share/code-server/ (extensions/user data) or custom configured dirsMinimum recovery test:
Feel free to contact us. Find all contact information on our contact page.