Closed PhilipJonasFranz closed 11 months ago
Installation process on Ubuntu 20.04 LTS Server with OpenSSL version 1.1.1g works and service runs normally.
Hmm... I don't know if we've discussed support newer versions of OpenSSL. Thoughts? @code-asher
Maybe we just need to update pem
?
Not sure if it's supported by pem
yet. See this: https://github.com/Dexus/pem/issues/316
Oh huh weird. I was looking at this commit which says it is in 1.14.5:
https://github.com/Dexus/pem/commit/7ec825744b9cf1a9cab37983302fa6d7da8a9b22
But GitHub releases only has up to 1.14.4 and NPM has 1.14.6 but not 1.14.5 even though the package.json in the repo says 1.14.5 so I am not sure what is going on haha
Oh wow! Nice find! Lol that is strange. I'll comment on that issue
Any clue on when this will be fixed? Doesn't seem like there is much progress on pem
side.
The workaround I'm currently using is manually generating valid keys with mkcert
, and passing those in code-server config.yaml .
It works very well and it's probably the easiest thing to do until this gets fixed
Any ideia to fix it? I am using oracle VPS, if anyone knows a way to resolve it I will be very grateful
@GuilhermeSCLima did you see the workaround here?
Oh, I tried that but I didn't understood, it's my first time using code-server, and the first time I try to work on an instance vps for web, if you know any tutorial that I can use I will appreciate 😊. Sorry for the dumb question.
Ah got it! No worries. I am a noob when it comes to working with openssl, etc too. I've added this as high priority so hoping we can get to it soon!
Any clue on when this will be fixed? Doesn't seem like there is much progress on
pem
side.The workaround I'm currently using is manually generating valid keys with
mkcert
, and passing those in code-server config.yaml . It works very well and it's probably the easiest thing to do until this gets fixed
Hi @Newtoniano could you please explain how I can do this in simple steps? I apologize but I'm fairly new to this any assistance is greatly appreciated.
Any clue on when this will be fixed? Doesn't seem like there is much progress on
pem
side. The workaround I'm currently using is manually generating valid keys withmkcert
, and passing those in code-server config.yaml . It works very well and it's probably the easiest thing to do until this gets fixedHi @Newtoniano could you please explain how I can do this in simple steps? I apologize but I'm fairly new to this any assistance is greatly appreciated.
Sure @DNAMcKnight , I'm not a super expert myself but after many attempts I managed to get it to work for me.
mkcert
's install instructions and install it on the machine that's supposed to run code-server. Choose the method you prefer from the instructions, in my case on linux I first installed certutil with my package manager and then used the instructions for the precompiled binaries (didn't really want to install another package manager like homebrew just for mkcert).mkcert -install
mkcert your_machine_ip 127.0.0.1
. You can type more addresses after that, any domain names you might want to use to reach the machine from your local network, if you need for example to access code-server from other devices. If what I suggested doesn't work, just experiment withmkcert
inside that folder and insert any IP's and hostnames afterwards with spaces between each other, until you generate some certificates that work for your use case.nano ~/.config/code-server/config.yaml
(or whatever the path to the code-server file is on your machine) and add the following two lines (customized for your specific case)cert: path_to_your_cert_folder/cert_name.pem
and cert-key: path_to_your_cert_folder/cert_name-key.pem
. Save and close.My configuration is slightly different from this, so what I told you might not work for you because that's not exactly how mine is set up and I can't really check if everything I said is 100% correct right now (probably not, this stuff is complicated if you haven't much experience with it), so you'd have to experiment a little bit especially with what addresses you pass exactly to mkcert when generating the certificates. But you should be able to get it to work, in general this is the correct workflow. Tagging @GuilhermeSCLima in case he is still stuck on this step.
Thank you for the response I'll give it a try and see how it goes. Appreciate the time you took to write all that!
So its now December and this is still a bug in the latest release (currently release v4.9.0), any news on when this might get fixed?, i see from here it was marked as a high priority.
@binhex I think this is upstream and not something we will be able to fix unfortunately. See the "Known Issues" section in the latest release notes: https://github.com/coder/code-server/releases/tag/v4.9.0
I had the same problem, but I managed to solve it by passing the certificate when starting the code-server
code-server . --cert certificate.crt --cert-key certificate.key
Maybe use the --traditional
flag for openssl 3 to get the "RSA" header of earlier versions:
$ openssl genrsa 1024 | grep BEGIN
-----BEGIN PRIVATE KEY-----
$ openssl genrsa --traditional 1024 | grep BEGIN
-----BEGIN RSA PRIVATE KEY-----
I'm seeing this with fresh installs on Debian 12.x (Bookworm) (4.15.0)
openssl version
OpenSSL 3.0.9 30 May 2023 (Library: OpenSSL 3.0.9 30 May 2023)
Looks like pem@1.14.8 is available so might be we just need to update.
I managed to workaround this without using mkcert. I made a wrapper for openssl that adds the --traditional
flag when necessary, such that code-server is able to parse the output.
To use it, you first have to obtain the absolute path of the installed openssl:
which openssl
In my case it's installed at /home/victor141516/.linuxbrew/bin/openssl
You have to write that path into the wrapper:
#!/bin/sh
OPENSSL_BIN_PATH=/home/victor141516/.linuxbrew/bin/openssl # change this line for your path
if [ $1 = "genrsa" ]; then
shift
exec $OPENSSL_BIN_PATH genrsa --traditional "$@"
else
exec $OPENSSL_BIN_PATH "$@"
fi
Then:
openssl
chmod +x ./openssl
export PATH="$(pwd):$PATH"
If you now run code-server
, it should use the wrapper, generate the certificate correctly, and save it properly, so the next time you run code-server
you shouldn't need to use the wrapper.
Please mark this issue as closed. Latest release fixed the issue.
Is there an existing issue for this?
OS/Web Information
code-server --version
: 4.3.0Steps to Reproduce
Expected
code-server should start up normally.
Actual
code-server fails to start-up with error message in logs as seen below.
Logs
May 05 11:25:56 ubuntu code-server[17012]: [2022-05-05T11:25:56.314Z] error RSA PRIVATE KEY not found from openssl output: May 05 11:25:56 ubuntu code-server[17012]: ---stdout--- May 05 11:25:56 ubuntu code-server[17012]: -----BEGIN PRIVATE KEY----- May 05 11:25:56 ubuntu code-server[17012]: MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDBtlEnZLssezit May 05 11:25:56 ubuntu code-server[17012]: ...................... May 05 11:25:56 ubuntu code-server[17012]: 85ApfDxbNKRPXB24sszXjhWI3A== May 05 11:25:56 ubuntu code-server[17012]: -----END PRIVATE KEY----- May 05 11:25:56 ubuntu code-server[17012]: ---stderr--- May 05 11:25:56 ubuntu code-server[17012]: code: 0
Screenshot/Video
No response
Does this issue happen in VS Code?
Are you accessing code-server over HTTPS?
Notes
This could be related: https://githubhot.com/repo/Chocobozzz/PeerTube/issues/4901, Ubuntu 22.04 LTS Server was running OpenSSL Version 3.0.2.