Cs
Application Infrastructure Azure

code-server on Ubuntu 24.04 on Azure User Guide

| Product: code-server on Ubuntu 24.04 LTS on Azure

Overview

code-server (by Coder) runs the full Visual Studio Code editor as a service you reach from any browser. You get the same VS Code experience - the editor, the extension marketplace, the integrated terminal, settings sync and workspace state - hosted on your own cloud VM, so you can develop from a Chromebook, a tablet or a locked-down workstation while the code, tools and compute stay on the server. The cloudimg image installs code-server 4.127.0 as a systemd service running under a dedicated unprivileged coder account, bound to the loopback connector 127.0.0.1:8080 behind an nginx reverse proxy on port 80. nginx is configured with the WebSocket upgrade the IDE requires. All user state - settings, installed extensions and open workspaces - lives on a dedicated Azure data disk, and a unique password is generated on the first boot of every VM. Backed by 24/7 cloudimg support.

What is included:

  • code-server 4.127.0 (the open-source VS Code in the browser) managed by systemd
  • The VS Code web IDE on :80, fronted by nginx with the WebSocket upgrade proxied
  • code-server running as the unprivileged coder user, bound to 127.0.0.1:8080
  • A unique password generated on first boot and recorded in a root-only file (code-server has no username - auth is password-only)
  • A dedicated Azure data disk at /var/lib/code-server holding user settings, installed extensions and workspace state
  • code-server.service + nginx.service as systemd units, enabled and active
  • An unauthenticated /healthz endpoint for Azure Load Balancer health probes
  • 24/7 cloudimg support

Prerequisites

An active Azure subscription, an SSH key pair, and a VNet + subnet in the target region. Standard_B2s (2 vCPU / 4 GiB RAM) is a reasonable starting point; size up for heavier extensions, language servers or multiple concurrent workspaces. NSG inbound: allow 22/tcp from your management network and 80/tcp. code-server serves plain HTTP on port 80; for production, terminate TLS in front of it with your own domain (see Maintenance).

Step 1 - Deploy from the Azure Marketplace

Sign in to the Azure Portal, choose Create a resource, search the Marketplace for code-server by cloudimg, and select Create. On Basics pick your subscription, resource group, region and size; under Administrator account choose SSH public key and paste your key; under Inbound port rules allow SSH (22) and HTTP (80). Review the dedicated data disk on the Disks tab, then Review + create -> Create.

Step 2 - Deploy from the Azure CLI

az vm create \
  --resource-group <your-rg> \
  --name code-server \
  --image <marketplace-image-urn> \
  --size Standard_B2s \
  --admin-username azureuser \
  --ssh-key-values ~/.ssh/id_ed25519.pub \
  --vnet-name <your-vnet> --subnet <your-subnet> \
  --public-ip-sku Standard

az vm open-port --resource-group <your-rg> --name code-server --port 80 --priority 1010

Step 3 - Connect to your VM

ssh azureuser@<vm-public-ip>

Step 4 - Confirm the services are running

systemctl is-active code-server.service nginx.service

Both report active. code-server runs as the dedicated coder user and listens on the loopback connector 127.0.0.1:8080; nginx fronts it on port 80 with the WebSocket upgrade the IDE requires. All user settings, installed extensions and workspace state live on the dedicated Azure data disk mounted at /var/lib/code-server.

code-server.service and nginx.service active, the loopback connector on 8080, and the dedicated data disk mounted at /var/lib/code-server

Step 5 - Retrieve your password

The code-server password is generated uniquely on the first boot of your VM and written to a root-only file:

sudo cat /root/code-server-credentials.txt

This file contains CODE_SERVER_PASSWORD along with the URL to open. code-server has no username - you sign in with the password alone. Store it somewhere safe.

The code-server version and the per-VM credentials file with the generated password and URL

Step 6 - Confirm the health endpoint

nginx serves an unauthenticated health endpoint for load balancers and probes:

curl -s http://localhost/healthz

It returns ok. This endpoint never requires authentication, so it is safe for an Azure Load Balancer health probe.

Step 7 - Verify authentication from the command line

code-server rejects a wrong password and issues a session cookie with a redirect for the per-VM password. Read the password from the credentials file first, then post it to the login endpoint. Because the command embeds your unique password, run it interactively rather than from a script - substitute the value of CODE_SERVER_PASSWORD from Step 5 for <CODE_SERVER_PASSWORD>:

curl -s -o /dev/null -w '%{http_code}\n' -c cookies.txt -X POST --data-urlencode 'password=<CODE_SERVER_PASSWORD>' http://127.0.0.1/login; grep -o 'code-server-session' cookies.txt

A correct password returns 302 and prints code-server-session (the session cookie was set). A wrong password returns 200 and sets no session cookie.

The login round-trip - wrong password rejected, per-VM password returns a 302 and a session cookie

Step 8 - Sign in to the web IDE

Browse to http://<vm-public-ip>/. code-server shows a password prompt; enter the password from Step 5.

The code-server password sign-in page in the browser

Once signed in, you are in a full Visual Studio Code editor running in your browser. Use File -> Open Folder to open a project and start editing.

The Visual Studio Code editor open on a project folder in code-server

Open the Extensions panel from the activity bar to browse and install extensions from the marketplace - language support, linters, themes and more.

Installing extensions from the marketplace in code-server

Open the integrated terminal with Terminal -> New Terminal (or Ctrl+`) to run commands on the VM without leaving the editor.

The integrated terminal open in code-server

Step 9 - Confirm user data lives on the dedicated disk

code-server's user state - settings, installed extensions and workspace/machine state - is stored under XDG_DATA_HOME=/var/lib/code-server on the dedicated Azure data disk, so it survives OS changes and can be resized independently:

findmnt /var/lib/code-server

The mount is backed by a separate Azure data disk captured into the image and re-provisioned on every VM.

Maintenance

  • Password: the per-VM password lives in /etc/code-server/config.yaml (password:). To rotate it, edit that value and run sudo systemctl restart code-server.
  • Extensions: install from the Extensions panel in the IDE, or with code-server --install-extension <publisher.name> run as the coder user; they persist on the data disk.
  • Storage: all user state lives under /var/lib/code-server on the data disk; back up that volume to protect your settings and extensions.
  • Tuning: the service is defined in /etc/systemd/system/code-server.service; after any change run sudo systemctl daemon-reload && sudo systemctl restart code-server.
  • TLS: code-server serves plain HTTP on port 80; front it with TLS (e.g. certbot with your own domain) before production use, since the editor and terminal give full access to the VM.
  • Security patches: unattended-upgrades remains enabled so the OS continues to receive security updates automatically.

Support

cloudimg provides 24/7 expert support for this image. Contact support@cloudimg.co.uk.