code-server on Ubuntu 24.04 on Azure User Guide
Overview
code-server (by Coder) runs the full Visual Studio Code editor as a service you reach from any browser. You get the same VS Code experience - the editor, the extension marketplace, the integrated terminal, settings sync and workspace state - hosted on your own cloud VM, so you can develop from a Chromebook, a tablet or a locked-down workstation while the code, tools and compute stay on the server. The cloudimg image installs code-server 4.127.0 as a systemd service running under a dedicated unprivileged coder account, bound to the loopback connector 127.0.0.1:8080 behind an nginx reverse proxy on port 80. nginx is configured with the WebSocket upgrade the IDE requires. All user state - settings, installed extensions and open workspaces - lives on a dedicated Azure data disk, and a unique password is generated on the first boot of every VM. Backed by 24/7 cloudimg support.
What is included:
- code-server 4.127.0 (the open-source VS Code in the browser) managed by systemd
- The VS Code web IDE on
:80, fronted by nginx with the WebSocket upgrade proxied - code-server running as the unprivileged
coderuser, bound to127.0.0.1:8080 - A unique password generated on first boot and recorded in a root-only file (code-server has no username - auth is password-only)
- A dedicated Azure data disk at
/var/lib/code-serverholding user settings, installed extensions and workspace state code-server.service+nginx.serviceas systemd units, enabled and active- An unauthenticated
/healthzendpoint for Azure Load Balancer health probes - 24/7 cloudimg support
Prerequisites
An active Azure subscription, an SSH key pair, and a VNet + subnet in the target region. Standard_B2s (2 vCPU / 4 GiB RAM) is a reasonable starting point; size up for heavier extensions, language servers or multiple concurrent workspaces. NSG inbound: allow 22/tcp from your management network and 80/tcp. code-server serves plain HTTP on port 80; for production, terminate TLS in front of it with your own domain (see Maintenance).
Step 1 - Deploy from the Azure Marketplace
Sign in to the Azure Portal, choose Create a resource, search the Marketplace for code-server by cloudimg, and select Create. On Basics pick your subscription, resource group, region and size; under Administrator account choose SSH public key and paste your key; under Inbound port rules allow SSH (22) and HTTP (80). Review the dedicated data disk on the Disks tab, then Review + create -> Create.
Step 2 - Deploy from the Azure CLI
az vm create \
--resource-group <your-rg> \
--name code-server \
--image <marketplace-image-urn> \
--size Standard_B2s \
--admin-username azureuser \
--ssh-key-values ~/.ssh/id_ed25519.pub \
--vnet-name <your-vnet> --subnet <your-subnet> \
--public-ip-sku Standard
az vm open-port --resource-group <your-rg> --name code-server --port 80 --priority 1010
Step 3 - Connect to your VM
ssh azureuser@<vm-public-ip>
Step 4 - Confirm the services are running
systemctl is-active code-server.service nginx.service
Both report active. code-server runs as the dedicated coder user and listens on the loopback connector 127.0.0.1:8080; nginx fronts it on port 80 with the WebSocket upgrade the IDE requires. All user settings, installed extensions and workspace state live on the dedicated Azure data disk mounted at /var/lib/code-server.

Step 5 - Retrieve your password
The code-server password is generated uniquely on the first boot of your VM and written to a root-only file:
sudo cat /root/code-server-credentials.txt
This file contains CODE_SERVER_PASSWORD along with the URL to open. code-server has no username - you sign in with the password alone. Store it somewhere safe.

Step 6 - Confirm the health endpoint
nginx serves an unauthenticated health endpoint for load balancers and probes:
curl -s http://localhost/healthz
It returns ok. This endpoint never requires authentication, so it is safe for an Azure Load Balancer health probe.
Step 7 - Verify authentication from the command line
code-server rejects a wrong password and issues a session cookie with a redirect for the per-VM password. Read the password from the credentials file first, then post it to the login endpoint. Because the command embeds your unique password, run it interactively rather than from a script - substitute the value of CODE_SERVER_PASSWORD from Step 5 for <CODE_SERVER_PASSWORD>:
curl -s -o /dev/null -w '%{http_code}\n' -c cookies.txt -X POST --data-urlencode 'password=<CODE_SERVER_PASSWORD>' http://127.0.0.1/login; grep -o 'code-server-session' cookies.txt
A correct password returns 302 and prints code-server-session (the session cookie was set). A wrong password returns 200 and sets no session cookie.

Step 8 - Sign in to the web IDE
Browse to http://<vm-public-ip>/. code-server shows a password prompt; enter the password from Step 5.

Once signed in, you are in a full Visual Studio Code editor running in your browser. Use File -> Open Folder to open a project and start editing.

Open the Extensions panel from the activity bar to browse and install extensions from the marketplace - language support, linters, themes and more.

Open the integrated terminal with Terminal -> New Terminal (or Ctrl+`) to run commands on the VM without leaving the editor.

Step 9 - Confirm user data lives on the dedicated disk
code-server's user state - settings, installed extensions and workspace/machine state - is stored under XDG_DATA_HOME=/var/lib/code-server on the dedicated Azure data disk, so it survives OS changes and can be resized independently:
findmnt /var/lib/code-server
The mount is backed by a separate Azure data disk captured into the image and re-provisioned on every VM.
Maintenance
- Password: the per-VM password lives in
/etc/code-server/config.yaml(password:). To rotate it, edit that value and runsudo systemctl restart code-server. - Extensions: install from the Extensions panel in the IDE, or with
code-server --install-extension <publisher.name>run as thecoderuser; they persist on the data disk. - Storage: all user state lives under
/var/lib/code-serveron the data disk; back up that volume to protect your settings and extensions. - Tuning: the service is defined in
/etc/systemd/system/code-server.service; after any change runsudo systemctl daemon-reload && sudo systemctl restart code-server. - TLS: code-server serves plain HTTP on port 80; front it with TLS (e.g. certbot with your own domain) before production use, since the editor and terminal give full access to the VM.
- Security patches: unattended-upgrades remains enabled so the OS continues to receive security updates automatically.
Support
cloudimg provides 24/7 expert support for this image. Contact support@cloudimg.co.uk.