docs
/
Go to coder.comRequest Support
docs
/
Home
About
Comparison
Feedback
Getting started
Coder for Docker
Administrators
Data scientists
Developers
Workspaces
Create a workspace
Lifecycle
Applications
Auto-start
Dev URLs
Docker in workspaces
Editors and IDEs
Environment variables
Personalization
Preferences
Progressive web apps
SSH access
VS Code extensions
Workspace parameters
Workspace templates
Workspace templates
Workspace template code completion
Images
Import
Tags
Custom image creation
Configure script
Structure
TLS certificates
Deprecate
Embeddable button
Command line
Installation and setup
Remote terminal
File sync
Workspace management
Setup
Architecture
Requirements
Kubernetes
Local preview
K3s
Amazon Elastic Kubernetes Service
Azure Kubernetes Service
Google Kubernetes Engine
Red Hat OpenShift
Installation
Configuration
Air-gapped deployment
Network setup
Coder for Docker
Upgrade
Update considerations
Admin
Access control
Authentication management
Organization roles
User management
User roles
Password reset
Organizations
Org management
Registries
Default registry
Amazon Elastic Container Registry
Azure Container Registry
Google Container Registry
Satellites
Manage satellites
Migrate to satellite deployments
Global access URL configuration
Workspace management
Docker in workspaces
Cluster setup
Images
Management
Extensions
GPU acceleration
IDE installation
Memory provisioning
CPU provisioning
Self-contained workspace builds
Shutdown
SSH configuration
TUN device enablement
Workspace process logging
Workspace providers
Deployment
EC2
Kubernetes
Workspace provider management
Access URL
Account dormancy
Appearance
Audit
Browser security
Dev URLs
Direct workspace connections
Fallback shell
Git integration
Licensing
Telemetry
Templates
Usage metrics
Guides
Admin
Compute resources
Database migration
Helm charts
Image tag names
Logging
OpenID Connect with Azure AD
OpenID Connect with Google
OpenID Connect with Okta
Shared security responsibility
Storage
Usage monitoring
Customization
Git configuration
GPG forwarding
macOS keybindings
Node.js Projects
Tailscale
VNC
Deployment
Coder installation from an archive
Managed code-server Workspaces
Podman
PostgreSQL
Proxies
SAML 2.0 identity brokering
Teardown
Terraform
TLS certificates
Azure DNS
Google Cloud DNS
Cloudflare
Route 53
Configure TLS on Coder for Docker
Hosted beta
Mobile development
Public API
Troubleshooting
Activate JetBrains license in a browser
Admin password reset
Docker
GitHub OAuth integration
Image registry
inotify watcher limit problems
TypeError: Failed to fetch
Vite and HMR
Workspace organization
Changelog
1.28.0
1.28.2
1.28.1
1.27.0
1.27.2
1.27.1
1.26.0
1.26.2
1.26.1
Home
/
Guides
/
TLS certificates

Configure TLS on Coder for Docker

4 min read

Learn how to configure TLS on Coder for Docker

This guide walks you through configuring TLS on your Coder for Docker deployment using a reverse proxy.

Requirements

(Optional) Step 1: Validate the LetsEncrypt DNS

If you already have an TLS certificate, you can skip this step.

This step shows you how to get a free TLS certificate for your domain. Your domain must be set up with a supported DNS provider.

  1. Create a docker-compose.yaml file with the code below (make sure that you replace the URL, DNSPLUGIN, and EMAIL variables with the appropriate values):
version: "3"
services:
  letsencrypt:
    image: linuxserver/letsencrypt
    container_name: letsencrypt
    environment:
      - PUID=1000
      - PGID=1000
      - URL=<your-domain.com>
      - SUBDOMAINS=wildcard
      - VALIDATION=dns
      - DNSPLUGIN="<dns-provider>"
      - EMAIL=eric@coder.com
      - DHLEVEL=4096
    volumes:
      - "~/letsencrypt:/config"
    restart: unless-stopped

Leave the volumes section of the code snippet as-is. Docker will automatically create the ~/letsencrypt folder and populate it with the contents of the container. In this case, the contents will be .ini files for your DNS provider.

  1. Run docker-compose up -d, and navigate to ~/letsencrypt/dns-conf.

  2. Update your DNS provider's .ini file with the requested values.

  3. Restart the container by running docker-compose restart letsencrypt.

You should now see your TLS certificate file in ~/letsencrypt/etc/letsencrypt/live/example.com

Step 2: Configure the Nginx reverse proxy and the Coder container

To properly start the NGINX reverse proxy, you'll need an nginx.conf file present on the host machine.

  1. Create a docker-compose.yaml file if you have not yet done so.

  2. Create an nginx folder in the same directory as your docker-compose.yaml file.

  3. Create an nginx.conf file inside of the nginx directory that includes the following code (make sure that you replace each <your-domain.com> string with your domain):

    If you skipped Step 1, replace the ssl_certificate & ssl_certificate_key paths with the path to your certificate files.

worker_processes  1;

events {
    worker_connections  1024;
}

http {
    default_type  application/octet-stream;
    map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
    }

    server {
        listen       80;
        listen  [::]:80;
        server_name  <your-domain.com>;

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/share/nginx/html;
        }

        location / {
            proxy_pass   http://coder:7080;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
        }
    }

    server {
        listen       443 ssl;
        server_name  <your-domain.com>;
        ssl_certificate      /letsencrypt/etc/letsencrypt/live/<your-domain.com>/cert.pem;
        ssl_certificate_key  /letsencrypt/etc/letsencrypt/live/<your-domain.com>/privkey.pem;
        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;
        location / {
            proxy_pass   http://coder:7080;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
        }
    }

    sendfile        on;
    keepalive_timeout  65;
    proxy_connect_timeout   90;
    proxy_send_timeout      90;
    proxy_read_timeout      90;
}
  1. Add the following code to your docker-compose.yaml file:
nginx:
  container_name: nginx
  hostname: reverse
  image: nginx
  ports:
    - 80:80
    - 443:443
  volumes:
    - "nginx:/etc/nginx"
    - "~/letsencrypt:/letsencrypt/"
coder:
  hostname: coder
  image: codercom/coder:1.27.0
  container_name: coder
  volumes:
    - /var/run/docker.sock:/var/run/docker.sock
    - ~/.coder:/var/run/coder
  ports:
    - 7080:7080
  environment:
    - DEVURL_HOST=*.<your-domain.com>

The ~/letsecnrypt:/letsencrypt/ volume definition is required only if you followed Step 1.

Step 3: Configure and access Coder

Now that NGINX and the Coder containers are configured, run your Docker Compose file:

docker-compose up -d

Finally, in the Coder UI, navigate to Manage > Admin > Infrastructure. and provide your domain name in the Access URL field.

You should now be able to access Coder via your secure domain.

See an opportunity to improve our docs? Make an edit.

Table of contents
Go to coder.comGitHub