Closed johnhorner closed 10 years ago
Coder runs on your local network, and doesn't have a public DNS entry that you could purchase a certificate for. Instead, it uses a self-signed certificate that is created on the device the first time it boots. Unfortunately, a self-signed certificate will cause a browser to produce this warning the first time you connect. :(
So it comes down to a choice:
There are problems with both. I felt a bit better about the second option.
I can see the problem, but if it has to be that way to protect the Coder password there should at least be some mention of it in the documentation/Getting Started Info.
As a user experience it's quite negative: you see a lot of "Setting up is easy, just follow these simple steps" messages, and then in the middle of setting up for the first time there's this offputting and undocumented step.
I would suggest something like:
You will see a warning about Coder's certificate. You should just click "proceed anyway". [Chrome is simply telling you that it can't check Coder's credentials, but in this case it's OK because you're connecting to Coder locally, not over the Internet.]
in the setup instructions.
@johnhorner thanks for the feedback! I've incorporated this language into the getting started section.
I agree that the warning message is a major bummer. Ironically, there would be no scary message if it was unencrypted, and I'd worry about someone running things on an open wifi network. :(
That looks great. Thank you.
When I started Coder for the first time I got a warning screen about security problems and an invalid certificate. This seems like a really bad first impression for a project aimed at people who are new to code.
In Chrome you can just ignore it with one click but in Firefox it's two or more quite scary warning screens.
Is there a reason why Coder uses HTTPS, and uses it in such a way that people see those warnings?