Openvscode: Difference between revisions
Jump to navigation
Jump to search
(Created page with "= Overview = Deploy a full-featured '''web-based IDE''' with local AI coder (Llama 3 via Ollama), automation via n8n, secure HTTPS with Nginx & Certbot, and robust system security on a dedicated Ubuntu 24.04 LTS VPS/server. The final product delivers browser access at [https://ide.illuni.in https://ide.illuni.in] with AI chat, code generation, and workflow automation tools.<ref name="1"/><ref name="2"/><ref name="4"/><ref name="6"/> = Requirements = ; OS Ubuntu 24.04 LT...") |
|||
| (12 intermediate revisions by the same user not shown) | |||
| Line 16: | Line 16: | ||
= System Preparation = | = System Preparation = | ||
== Update System and Install Essentials == | == Update System and Install Essentials == | ||
< | <pre> apt update && apt -y upgrade apt -y install software-properties-common git unzip curl wget tar ufw fail2ban ca-certificates </pre> | ||
apt update && apt -y upgrade | |||
apt -y install software-properties-common git unzip curl wget tar ufw fail2ban ca-certificates | |||
</ | |||
== Harden Security == | == Harden Security == | ||
Configure firewall: | Configure firewall: | ||
< | <pre> ufw allow 22 | ||
ufw allow 22 | ufw allow 80 | ||
ufw allow 80 | ufw allow 443 | ||
ufw allow 443 | ufw enable </pre> | ||
ufw enable | |||
</ | |||
Set up Fail2Ban and enable automatic upgrades: | Set up Fail2Ban and enable automatic upgrades: | ||
< | <pre> | ||
systemctl enable --now fail2ban | systemctl enable --now fail2ban | ||
apt install unattended-upgrades | apt install unattended-upgrades | ||
dpkg-reconfigure unattended-upgrades | dpkg-reconfigure unattended-upgrades | ||
</ | </pre> | ||
Use SSH key authentication—disable password login in <code>/etc/ssh/sshd_config</code> (<code>PasswordAuthentication no</code>). | Use SSH key authentication—disable password login in <code>/etc/ssh/sshd_config</code> (<code>PasswordAuthentication no</code>). | ||
= OpenVSCode Server Installation = | = OpenVSCode Server Installation = | ||
== Create Directory & Download == | == Create Directory & Download == | ||
< | <pre> | ||
cd /opt | cd /opt | ||
sudo mkdir openvscode-server | sudo mkdir openvscode-server | ||
cd openvscode-server | cd openvscode-server | ||
curl -L https://github.com/gitpod-io/openvscode-server/releases/download/openvscode-server-v1.103.1/openvscode-server-v1.103.1-linux-x64.tar.gz -o openvscode-server.tar.gz | curl -L https://github.com/gitpod-io/openvscode-server/releases/download/openvscode-server-v1.103.1/openvscode-server-v1.103.1-linux-x64.tar.gz -o openvscode-server.tar.gz | ||
tar -xzf openvscode-server.tar.gz --strip-components=1 | tar -xzf openvscode-server.tar.gz --strip-components=1 | ||
rm openvscode-server.tar.gz | rm openvscode-server.tar.gz | ||
</ | </pre> | ||
== Create Service User == | == Create Service User == | ||
< | <pre> useradd -m -s /bin/bash vscode | ||
useradd -m -s /bin/bash vscode | |||
chown -R vscode:vscode /opt/openvscode-server | chown -R vscode:vscode /opt/openvscode-server | ||
</ | </pre> | ||
== Setup systemd Service == | == Setup systemd Service == | ||
Create <code>/etc/systemd/system/openvscode.service</code>: | Create <code>/etc/systemd/system/openvscode.service</code>: | ||
< | <pre> | ||
[Unit] | [Unit] | ||
Description=OpenVSCode Server | Description=OpenVSCode Server | ||
| Line 74: | Line 67: | ||
[Install] | [Install] | ||
WantedBy=multi-user.target | WantedBy=multi-user.target | ||
</ | |||
</pre> | |||
Load and start the service: | Load and start the service: | ||
< | <pre> sudo systemctl daemon-reload | ||
sudo systemctl daemon-reload | sudo systemctl enable --now openvscode | ||
sudo systemctl enable --now openvscode | sudo systemctl status openvscode | ||
sudo systemctl status openvscode | ss -tulpn | grep 3100 </pre> | ||
ss -tulpn | grep 3100 | |||
</ | |||
= Ollama Installation (Local AI Models) = | = Ollama Installation (Local AI Models) = | ||
== Install Ollama == | == Install Ollama == | ||
< | <pre> curl -fsSL https://ollama.com/install.sh | sh </pre> | ||
curl -fsSL https://ollama.com/install.sh | sh | |||
</ | |||
Confirm install: | Confirm install: | ||
< | <pre> ollama --version </pre> | ||
ollama --version | |||
</ | |||
== Pull AI Models == | == Pull AI Models == | ||
< | <pre> | ||
/usr/local/bin/ollama pull llama3 | /usr/local/bin/ollama pull llama3 | ||
/usr/local/bin/ollama pull codellama:7b | /usr/local/bin/ollama pull codellama:7b | ||
/usr/local/bin/ollama pull mistral:latest | /usr/local/bin/ollama pull mistral:latest | ||
/usr/local/bin/ollama list | /usr/local/bin/ollama list </pre> | ||
</ | |||
== Configure Ollama as a Service (open to network) == | == Configure Ollama as a Service (open to network) == | ||
Edit <code>/etc/systemd/system/ollama.service</code>: | Edit <code>/etc/systemd/system/ollama.service</code>: | ||
< | <pre> | ||
[Unit] | [Unit] | ||
Description=Ollama AI Service | Description=Ollama AI Service | ||
| Line 119: | Line 106: | ||
[Install] | [Install] | ||
WantedBy=multi-user.target | WantedBy=multi-user.target | ||
</ | </pre> | ||
Reload and start service: | Reload and start service: | ||
< | <pre> sudo systemctl daemon-reload | ||
sudo systemctl daemon-reload | sudo systemctl enable --now ollama | ||
sudo systemctl enable --now ollama | sudo systemctl status | ||
sudo systemctl status ollama | ollama ss -tulpn | grep 11434 </pre> | ||
ss -tulpn | grep 11434 | |||
</ | |||
= Nginx Reverse Proxy with HTTPS (Certbot) = | = Nginx Reverse Proxy with HTTPS (Certbot) = | ||
== Install Nginx == | == Install Nginx == | ||
< | <pre> sudo apt install nginx -y | ||
sudo apt install nginx -y | sudo systemctl enable --now nginx | ||
sudo systemctl enable --now nginx | sudo systemctl status nginx </pre> | ||
sudo systemctl status nginx | |||
</ | |||
== Configure Reverse Proxy == | == Configure Reverse Proxy == | ||
Create <code>/etc/nginx/sites-available/openvscode.conf</code>: | Create <code>/etc/nginx/sites-available/openvscode.conf</code>: | ||
< | <pre> | ||
server { | server { | ||
listen 80; | listen 80; | ||
server_name ide.illuni.in; | server_name ide.illuni.in; | ||
location / { | location / { | ||
proxy_pass http://127.0.0.1:3100; | proxy_pass http://127.0.0.1:3100; | ||
proxy_http_version 1.1; | proxy_http_version 1.1; | ||
proxy_set_header Upgrade $http_upgrade; | proxy_set_header Upgrade $http_upgrade; | ||
proxy_set_header Connection "Upgrade"; | proxy_set_header Connection "Upgrade"; | ||
proxy_set_header Host $host; | proxy_set_header Host $host; | ||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
} | |||
} | } | ||
</pre> | |||
</ | |||
Enable config: | Enable config: | ||
< | <pre> | ||
ln -sf /etc/nginx/sites-available/openvscode.conf /etc/nginx/sites-enabled/openvscode.conf | ln -sf /etc/nginx/sites-available/openvscode.conf /etc/nginx/sites-enabled/openvscode.conf | ||
sudo nginx -t | sudo nginx -t | ||
sudo systemctl reload nginx | sudo systemctl reload nginx </pre> | ||
</ | |||
== Install Certbot and Issue SSL == | == Install Certbot and Issue SSL == | ||
< | <pre>sudo apt install certbot python3-certbot-nginx -y | ||
sudo apt install certbot python3-certbot-nginx -y | sudo certbot --nginx -d "ide.illuni.in" -m "admin@illuni.in" --agree-tos -n | ||
sudo certbot --nginx -d "ide.illuni.in" -m "admin@illuni.in" --agree-tos -n | sudo systemctl reload nginx </pre> | ||
sudo systemctl reload nginx | |||
</ | |||
Certbot automates SSL certificate provisioning and renewal. | Certbot automates SSL certificate provisioning and renewal. | ||
= Install n8n (Automation Tool) = | = Install n8n (Automation Tool) = | ||
Follow official n8n installation guide for Ubuntu. Example for npm: | Follow official n8n installation guide for Ubuntu. Example for npm: | ||
< | <pre> npm install -g n8n n8n start </pre> | ||
For production, consider running n8n as a systemd service and configuring a reverse proxy. | For production, consider running n8n as a systemd service and configuring a reverse proxy. | ||
| Line 182: | Line 162: | ||
Open a terminal in OpenVSCode as vscode user: | Open a terminal in OpenVSCode as vscode user: | ||
< | <pre> mkdir -p ~/.continue | ||
mkdir -p ~/.continue | nano ~/.continue/config.json </pre> | ||
nano ~/.continue/config.json | |||
</ | |||
Paste (replace <code><SERVER_IP></code>): | Paste (replace <code><SERVER_IP></code>): | ||
< | <pre> | ||
{ | |||
"models": [ | |||
{ | |||
"title": "Ollama (Llama 3)", | |||
"provider": "ollama", | |||
"model": "llama3", | |||
"api_base": "http://<SERVER_IP>:11434" | |||
} | |||
] | |||
} | |||
</pre> | |||
Confirm connection: | Confirm connection: | ||
< | <pre> curl http://<SERVER_IP>:11434/api/tags </pre> | ||
curl http://<SERVER_IP>:11434/api/tags | |||
</ | |||
Reload/refresh the Continue extension UI. | Reload/refresh the Continue extension UI. | ||
| Line 208: | Line 196: | ||
= Conclusion = | = Conclusion = | ||
This setup delivers a '''secure, scalable, browser IDE''' with local AI coding assistant and workflow automation—all on Ubuntu 24.04 LTS. This workflow is suitable for remote development teams, solo devs, and anyone needing advanced code capabilities balanced with maximum data control and security. | This setup delivers a '''secure, scalable, browser IDE''' with local AI coding assistant and workflow automation—all on Ubuntu 24.04 LTS. This workflow is suitable for remote development teams, solo devs, and anyone needing advanced code capabilities balanced with maximum data control and security. | ||
Latest revision as of 17:19, 30 August 2025
Overview
Deploy a full-featured web-based IDE with local AI coder (Llama 3 via Ollama), automation via n8n, secure HTTPS with Nginx & Certbot, and robust system security on a dedicated Ubuntu 24.04 LTS VPS/server. The final product delivers browser access at https://ide.illuni.in with AI chat, code generation, and workflow automation tools.<ref name="1"/><ref name="2"/><ref name="4"/><ref name="6"/>
Requirements
- OS
Ubuntu 24.04 LTS (64-bit)
- Hardware
Minimum 8 vCPUs, 12 GB RAM, 100 GB SSD
- Network
Incoming ports 22 (SSH), 80/443 (HTTP/HTTPS)
- Domain
A-record for ide.illuni.in pointed to server IP
- Security
SSH key auth only, UFW firewall, Fail2Ban, unattended-upgrades enabled<ref name="4"/>
System Preparation
Update System and Install Essentials
apt update && apt -y upgrade apt -y install software-properties-common git unzip curl wget tar ufw fail2ban ca-certificates
Harden Security
Configure firewall:
ufw allow 22 ufw allow 80 ufw allow 443 ufw enable
Set up Fail2Ban and enable automatic upgrades:
systemctl enable --now fail2ban apt install unattended-upgrades dpkg-reconfigure unattended-upgrades
Use SSH key authentication—disable password login in /etc/ssh/sshd_config (PasswordAuthentication no).
OpenVSCode Server Installation
Create Directory & Download
cd /opt sudo mkdir openvscode-server cd openvscode-server curl -L https://github.com/gitpod-io/openvscode-server/releases/download/openvscode-server-v1.103.1/openvscode-server-v1.103.1-linux-x64.tar.gz -o openvscode-server.tar.gz tar -xzf openvscode-server.tar.gz --strip-components=1 rm openvscode-server.tar.gz
Create Service User
useradd -m -s /bin/bash vscode chown -R vscode:vscode /opt/openvscode-server
Setup systemd Service
Create /etc/systemd/system/openvscode.service:
[Unit] Description=OpenVSCode Server After=network.target [Service] Type=simple User=vscode WorkingDirectory=/opt/openvscode-server ExecStart=/opt/openvscode-server/bin/openvscode-server --host 0.0.0.0 --port 3100 --without-connection-token Restart=always RestartSec=3 [Install] WantedBy=multi-user.target
Load and start the service:
sudo systemctl daemon-reload sudo systemctl enable --now openvscode sudo systemctl status openvscode ss -tulpn | grep 3100
Ollama Installation (Local AI Models)
Install Ollama
curl -fsSL https://ollama.com/install.sh | sh
Confirm install:
ollama --version
Pull AI Models
/usr/local/bin/ollama pull llama3 /usr/local/bin/ollama pull codellama:7b /usr/local/bin/ollama pull mistral:latest /usr/local/bin/ollama list
Configure Ollama as a Service (open to network)
Edit /etc/systemd/system/ollama.service:
[Unit] Description=Ollama AI Service After=network.target [Service] Type=simple User=root ExecStart=/usr/local/bin/ollama --host 0.0.0.0 --port 11434 serve Restart=always RestartSec=5 [Install] WantedBy=multi-user.target
Reload and start service:
sudo systemctl daemon-reload sudo systemctl enable --now ollama sudo systemctl status ollama ss -tulpn | grep 11434
Nginx Reverse Proxy with HTTPS (Certbot)
Install Nginx
sudo apt install nginx -y sudo systemctl enable --now nginx sudo systemctl status nginx
Configure Reverse Proxy
Create /etc/nginx/sites-available/openvscode.conf:
server {
listen 80;
server_name ide.illuni.in;
location / {
proxy_pass http://127.0.0.1:3100;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Enable config:
ln -sf /etc/nginx/sites-available/openvscode.conf /etc/nginx/sites-enabled/openvscode.conf sudo nginx -t sudo systemctl reload nginx
Install Certbot and Issue SSL
sudo apt install certbot python3-certbot-nginx -y sudo certbot --nginx -d "ide.illuni.in" -m "admin@illuni.in" --agree-tos -n sudo systemctl reload nginx
Certbot automates SSL certificate provisioning and renewal.
Install n8n (Automation Tool)
Follow official n8n installation guide for Ubuntu. Example for npm:
npm install -g n8n n8n start
For production, consider running n8n as a systemd service and configuring a reverse proxy.
Install and Configure Continue Extension
Access OpenVSCode: Visit https://ide.illuni.in/ Install Continue Extension: In the left sidebar, find the Extensions pane, search for "Continue", and click Install.<ref name="5"/><ref name="2"/> Configure Continue for Ollama:
Open a terminal in OpenVSCode as vscode user:
mkdir -p ~/.continue nano ~/.continue/config.json
Paste (replace <SERVER_IP>):
{
"models": [
{
"title": "Ollama (Llama 3)",
"provider": "ollama",
"model": "llama3",
"api_base": "http://<SERVER_IP>:11434"
}
]
}
Confirm connection:
curl http://<SERVER_IP>:11434/api/tags
Reload/refresh the Continue extension UI.
Final Verification
Open https://ide.illuni.in/ in browser.
Try out code completion, AI chat, and automation workflows.
Confirm secure HTTPS lock; certificates should auto-renew via Certbot.
Ensure only SSH key authentication is allowed; periodic security updates run automatically.
Conclusion
This setup delivers a secure, scalable, browser IDE with local AI coding assistant and workflow automation—all on Ubuntu 24.04 LTS. This workflow is suitable for remote development teams, solo devs, and anyone needing advanced code capabilities balanced with maximum data control and security.