Code-server on a tiny VPS: my iPad-friendly dev setup

In

TL;DR: keep code-server bound to localhost, reverse-proxy it over HTTPS, use a strong password (or Basic Auth in front), and you’re done.

1) Install code-server

curl -fsSL https://code-server.dev/install.sh | sh

# start and enable (system service)
sudo systemctl enable --now code-server@$USER
sudo systemctl status code-server@$USER --no-pager

2) Configure it to listen only on localhost

mkdir -p ~/.config/code-server
cat > ~/.config/code-server/config.yaml <<'YAML'
bind-addr: 127.0.0.1:8080
auth: password
password: "please-change-me-quickly"
cert: false
YAML

# reload after changing config
sudo systemctl restart code-server@$USER

Keep port not exposed publicly. We’ll publish it via Nginx over HTTPS.

3) Reverse proxy with Nginx (subdomain)

I prefer a subdomain like code.example.com—simpler than subpaths.

# /etc/nginx/conf.d/code.conf
server {
    listen 443 ssl http2;
    server_name code.example.com;

    # TLS certs here...
    ssl_certificate     /etc/ssl/your.crt;
    ssl_certificate_key /etc/ssl/your.key;

    # (optional but recommended) Basic Auth in front of code-server
    auth_basic           "Restricted";
    auth_basic_user_file /etc/nginx/.htpasswd;

    location / {
        proxy_pass http://127.0.0.1:8080/;
        proxy_http_version 1.1;
        proxy_set_header Host              $host;
        proxy_set_header Upgrade           $http_upgrade;
        proxy_set_header Connection        $connection_upgrade;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 3600;
    }
}

Create Basic Auth credentials:

sudo apt install -y apache2-utils
sudo htpasswd -c /etc/nginx/.htpasswd coder
sudo nginx -t && sudo systemctl reload nginx

If you must use a subpath like /code/, set proxy_pass http://127.0.0.1:8080/; and run code-server with --base-path /code (or equivalent config). Subdomains are less finicky.

4) iPad usage

  • Open https://code.example.com in Safari, sign in, then “Add to Home Screen” for a nice full-screen PWA.
  • A Bluetooth keyboard makes it feel like desktop VS Code.
    Common shortcuts: Cmd+P (Quick Open), Cmd+Shift+P (Command Palette), Ctrl+` (terminal).

5) Security notes

  • Do not expose :8080 to the Internet.
  • Use long, unique passwords (or keep Basic Auth in front).
  • Consider Cloudflare Access or your SSO if you already use it.
  • Keep code-server updated: sudo systemctl restart code-server@$USER after upgrades.

6) QoL tips

  • Set your Git identity and SSH keys once in the server shell.
  • Install extensions you actually need; the rest can live on your laptop.
  • For big files or terminals that run for hours, bump proxy_read_timeout.

That’s the whole setup. It’s been comfy from my iPad and boringly reliable.

Leave a Reply

Your email address will not be published. Required fields are marked *

Author

1695258481@qq.com

Related Posts

In

My Sensible SSH + Firewall Setup on a Fresh VPS

0) SSH Tool Before you secure your server, the first step is choosing an SSH client. While veterans are familiar with the...