Installing Code-Server with Podman on AWS (PART 1)

This article was originally published on October 3, 2024, on https://www.borislam.com

Background

Code-server is an open-source project that enables developers to run Visual Studio Code (VS Code) on a remote server. This setup is particularly useful for developers who want to access their development environment from anywhere, using just a browser. Podman is a container management tool that is gaining popularity.

In this guide, we will walk you through the process of setting up code-server on an AWS EC2 instance using Podman. We will also cover some recommended steps for configuring AWS services like Application Load Balancer (ALB) and AWS Certificate Manager (ACM) for a production-ready setup.

Why Podman?

For this tutorial, I have chosen to use Ubuntu as the operating system and Podman as the container runtime. Here's why:

• Podman is a daemonless container engine that can run with less memory compared to other container runtimes like Docker. This makes it an excellent choice for resource-constrained environments.
• Podman is secure because it runs containers as non-root users by default and thus enhancing isolation
• Docker Compatibility: Podman is highly compatible with Docker as it supports Docker images, containers, and commands.

I chose Ubuntu Linux for this setup because it works well with Podman, which can be easily installed from the Ubuntu package repository. Amazon Linux is also a good option but installing Podman on it would be more complicated. If you decide to install Code-server on Amazon Linux, Docker would be a better choice

Possible Use Cases and Architecture

Code-server on AWS EC2 with Podman provides benefits for various use cases:

• Small Teams of Developers: Ideal for small teams needing a standardized development environment. Each developer uses isolated code-server instances on the cloud.
• Standardized Development Environment: Teams want to customize plugins and build a new container image to ensure developers work with the same tools and configurations.
• Cost-Effective: Achieve cost saving by using code-server on EC2 with Podman, allowing for smaller instances without sacrificing performance.
• Scalability: Easily scale code-server instances as your team grows. You can quickly spinning up new instances or upgrading existing ones with the use of AWS ALB.

Installation Steps

1. Launch EC2 Instance

• Open EC2 Console
• Click "Launch Instance"
• Configure the following:

~ Name: AppServerPodman

~ AMI: Ubuntu Server (latest LTS version) (see figure below)

~ Instance type: t2.micro (or larger based on your needs - see figure below)

~ Key pair: Create or select existing

~ Create security group with:

- SSH (Port 22) from your IP

- Custom TCP (Port 8080) from ALB security group

~ Storage: Default (or increase based on needs)

• Click "Launch Instance"

2. Initial Setup on EC2

First, connect to the EC2 instance. Then, update the system and install Podman:

sudo apt-get update
sudo apt-get install -y podman        

2. Directory Configuration

Create necessary directories for code-server:

mkdir -p ~/.config/code-server
mkdir -p ~/project

# Set proper permissions
chmod 755 ~/.config/code-server
chmod 755 ~/project        

3. Create Configuration File

Create and configure the code-server config file (config.yaml) under your server directory:

bind-addr: 0.0.0.0:8080
auth: password
password: some_password
cert: false
        

4. Run Code-Server Container

Launch code-server using Podman:

podman run -d \
  --user $(id -u):$(id -g) \
  --name code-server \
  -p 8080:8080 \
  -v "$HOME/project:/home/coder/project:Z" \
  -v "$HOME/.config/code-server:/home/coder/.config/code-server:Z" \
  docker.io/codercom/code-server:latest        

5. Set Up Systemd Service

Configure code-server to run as a systemd service:

mkdir -p ~/.config/systemd/user/
cd ~/.config/systemd/user
podman generate systemd --new --files --name code-server
podman stop code-server
systemctl --user daemon-reload
systemctl --user start container-code-server.service

# Enable service to start at boot
systemctl --user enable container-code-server.service        

6. Acquire Certificate in ACM and DNS Setup (Recommended)

For production use, it's recommended to:

• Add a public certificate in AWS Certificate Manager (ACM)
• Configure an Application Load Balancer (ALB) to handle HTTPS traffic
• Set up proper security groups and networking rules

• In AWS Certificate Manager (ACM):

~ Click "Request Certificate"

~ Choose "Request public certificate

~ "Enter your domain name (e.g., code.example.com)

~ Choose "DNS validation"

~ Click "Request"

• In your DNS provider's console:

~ Add the CNAME record provided by ACM

~ Wait for certificate validation (can take up to 30 minutes)

7. Create ALB and Target Group

A. Create Target Group:

~ Go to EC2 Console > Target Groups

~ Click "Create target group"

~ Choose "Instances" as target type

~ Name: AppServerProtocol: HTTP

~ Port: 8080

~ VPC: Select your VPC

• Configure Health check settings:

~ Path: /

~ Healthy threshold: 2

~ Unhealthy threshold: 2

~ Timeout: 5 seconds

~Interval: 30 seconds

~ Register your EC2 instance - AppServerPodman (which is your code-server)

• Click "Create target group"

B. Create Application Load Balancer:

~ Go to EC2 Console > Load Balancers

~ Click "Create load balancer"

~ Choose "Application Load Balancer"

• Configure basic settings:

~ Name: code-server-alb

~ Scheme: Internet-facing

~ IP address type: IPv4

• Configure Network mapping:

~ VPC: Select your VPC

~ Select at least two public subnets

• Create new security group:

~ Allow HTTPS (443) from anywhere

~ Allow HTTP (80) from anywhere

• Configure Listeners:

~ HTTP (80): Action: Redirect to HTTPS

~ HTTPS (443):Protocol: HTTPS

- Select your ACM certificate

- Forward to AppServer target group

• Click "Create ALB"

Important Notes

• Make sure to replace some_password with a strong password
• The project directory is mounted at /home/coder/project inside the container
• All files in the project directory will persist even if the container is removed

Testing

After setup, you can access code-server by:

• Using the EC2 instance's public IP: http://your-ec2-ip:8080
• If configured with ALB: https://your-domain-name
• Happy coding now!

Security Considerations

• Always use HTTPS in production environments
• Configure proper security groups to limit access
• Use strong passwords
• Consider implementing additional authentication methods

Troubleshooting

If you encounter issues:

• Check the container logs: podman logs code-server
• Verify the service status: systemctl --user status container-code-server.service
• Ensure ports are properly opened in your security groups
• Check system logs for any errors: journalctl --user -u container-code-server.service

Conclusion and Summary

Running code-server on AWS EC2 with Podman is a great solution for small teams of developers. It's cost-effective, scalable, and secure. However, keep in mind:

• You should use HTTPS to protect your code-server instances.
• Local password authentication is a drawback, but it can be overcome by integrating with other AWS services (e.g., Cognito) to improve security. I will discuss this further in the next article

Overall, code-server on Podman and EC2 is a great choice for small teams of developers who need a flexible and secure development environment.