Openvscode: Difference between revisions
Jump to navigation
Jump to search
(Created page with "= Overview = Deploy a full-featured '''web-based IDE''' with local AI coder (Llama 3 via Ollama), automation via n8n, secure HTTPS with Nginx & Certbot, and robust system security on a dedicated Ubuntu 24.04 LTS VPS/server. The final product delivers browser access at [https://ide.illuni.in https://ide.illuni.in] with AI chat, code generation, and workflow automation tools.<ref name="1"/><ref name="2"/><ref name="4"/><ref name="6"/> = Requirements = ; OS Ubuntu 24.04 LT...") |
No edit summary |
||
| Line 16: | Line 16: | ||
= System Preparation = | = System Preparation = | ||
== Update System and Install Essentials == | == Update System and Install Essentials == | ||
< | <pre> apt update && apt -y upgrade apt -y install software-properties-common git unzip curl wget tar ufw fail2ban ca-certificates </pre> | ||
apt update && apt -y upgrade | |||
apt -y install software-properties-common git unzip curl wget tar ufw fail2ban ca-certificates | |||
</ | |||
== Harden Security == | == Harden Security == | ||
Configure firewall: | Configure firewall: | ||
< | <pre> ufw allow 22 ufw allow 80 ufw allow 443 ufw enable </pre> | ||
ufw allow 22 | |||
ufw allow 80 | |||
ufw allow 443 | |||
ufw enable | |||
</ | |||
Set up Fail2Ban and enable automatic upgrades: | Set up Fail2Ban and enable automatic upgrades: | ||
< | <pre> systemctl enable --now fail2ban apt install unattended-upgrades dpkg-reconfigure unattended-upgrades </pre> | ||
systemctl enable --now fail2ban | |||
apt install unattended-upgrades | |||
dpkg-reconfigure unattended-upgrades | |||
</ | |||
Use SSH key authentication—disable password login in <code>/etc/ssh/sshd_config</code> (<code>PasswordAuthentication no</code>).<ref name="4"/> | Use SSH key authentication—disable password login in <code>/etc/ssh/sshd_config</code> (<code>PasswordAuthentication no</code>).<ref name="4"/> | ||
| Line 41: | Line 29: | ||
= OpenVSCode Server Installation = | = OpenVSCode Server Installation = | ||
== Create Directory & Download == | == Create Directory & Download == | ||
< | <pre> cd /opt sudo mkdir openvscode-server sudo chown $USER:$USER openvscode-server cd openvscode-server curl -L https://github.com/gitpod-io/openvscode-server/releases/download/openvscode-server-v1.103.1/openvscode-server-v1.103.1-linux-x64.tar.gz -o openvscode-server.tar.gz tar -xzf openvscode-server.tar.gz --strip-components=1 rm openvscode-server.tar.gz </pre> | ||
cd /opt | |||
sudo mkdir openvscode-server | |||
sudo chown $USER:$USER openvscode-server | |||
cd openvscode-server | |||
curl -L https://github.com/gitpod-io/openvscode-server/releases/download/openvscode-server-v1.103.1/openvscode-server-v1.103.1-linux-x64.tar.gz -o openvscode-server.tar.gz | |||
tar -xzf openvscode-server.tar.gz --strip-components=1 | |||
rm openvscode-server.tar.gz | |||
</ | |||
== Create Service User == | == Create Service User == | ||
< | <pre> useradd -m -s /bin/bash vscode chown -R vscode:vscode /opt/openvscode-server </pre> | ||
useradd -m -s /bin/bash vscode | |||
chown -R vscode:vscode /opt/openvscode-server | |||
</ | |||
== Setup systemd Service == | == Setup systemd Service == | ||
Create <code>/etc/systemd/system/openvscode.service</code>: | Create <code>/etc/systemd/system/openvscode.service</code>: | ||
< | <pre> [Unit] Description=OpenVSCode Server After=network.target [Service] Type=simple User=vscode WorkingDirectory=/opt/openvscode-server ExecStart=/opt/openvscode-server/bin/openvscode-server --host 0.0.0.0 --port 3100 --without-connection-token Restart=always RestartSec=3 [Install] WantedBy=multi-user.target </pre> | ||
[Unit] | |||
Description=OpenVSCode Server | |||
After=network.target | |||
[Service] | |||
Type=simple | |||
User=vscode | |||
WorkingDirectory=/opt/openvscode-server | |||
ExecStart=/opt/openvscode-server/bin/openvscode-server --host 0.0.0.0 --port 3100 --without-connection-token | |||
Restart=always | |||
RestartSec=3 | |||
[Install] | |||
WantedBy=multi-user.target | |||
</ | |||
Load and start the service: | Load and start the service: | ||
< | <pre> sudo systemctl daemon-reload sudo systemctl enable --now openvscode sudo systemctl status openvscode ss -tulpn | grep 3100 </pre> | ||
sudo systemctl daemon-reload | |||
sudo systemctl enable --now openvscode | |||
sudo systemctl status openvscode | |||
ss -tulpn | grep 3100 | |||
</ | |||
= Ollama Installation (Local AI Models) = | = Ollama Installation (Local AI Models) = | ||
== Install Ollama == | == Install Ollama == | ||
< | <pre> curl -fsSL https://ollama.com/install.sh | sh </pre> | ||
curl -fsSL https://ollama.com/install.sh | sh | |||
</ | |||
Confirm install: | Confirm install: | ||
< | <pre> ollama --version </pre> | ||
ollama --version | |||
</ | |||
== Pull AI Models == | == Pull AI Models == | ||
< | <pre> /usr/local/bin/ollama pull llama3 /usr/local/bin/ollama pull codellama:7b /usr/local/bin/ollama pull mistral:latest /usr/local/bin/ollama list </pre> | ||
/usr/local/bin/ollama pull llama3 | |||
/usr/local/bin/ollama pull codellama:7b | |||
/usr/local/bin/ollama pull mistral:latest | |||
/usr/local/bin/ollama list | |||
</ | |||
== Configure Ollama as a Service (open to network) == | == Configure Ollama as a Service (open to network) == | ||
Edit <code>/etc/systemd/system/ollama.service</code>: | Edit <code>/etc/systemd/system/ollama.service</code>: | ||
< | <pre> [Unit] Description=Ollama AI Service After=network.target [Service] Type=simple User=root ExecStart=/usr/local/bin/ollama --host 0.0.0.0 --port 11434 serve Restart=always RestartSec=5 [Install] WantedBy=multi-user.target </pre> | ||
[Unit] | |||
Description=Ollama AI Service | |||
After=network.target | |||
[Service] | |||
Type=simple | |||
User=root | |||
ExecStart=/usr/local/bin/ollama --host 0.0.0.0 --port 11434 serve | |||
Restart=always | |||
RestartSec=5 | |||
[Install] | |||
WantedBy=multi-user.target | |||
</ | |||
Reload and start service: | Reload and start service: | ||
< | <pre> sudo systemctl daemon-reload sudo systemctl enable --now ollama sudo systemctl status ollama ss -tulpn | grep 11434 </pre> | ||
sudo systemctl daemon-reload | |||
sudo systemctl enable --now ollama | |||
sudo systemctl status ollama | |||
ss -tulpn | grep 11434 | |||
</ | |||
= Nginx Reverse Proxy with HTTPS (Certbot) = | = Nginx Reverse Proxy with HTTPS (Certbot) = | ||
== Install Nginx == | == Install Nginx == | ||
< | <pre> sudo apt install nginx -y sudo systemctl enable --now nginx sudo systemctl status nginx </pre> | ||
sudo apt install nginx -y | |||
sudo systemctl enable --now nginx | |||
sudo systemctl status nginx | |||
</ | |||
== Configure Reverse Proxy == | == Configure Reverse Proxy == | ||
Create <code>/etc/nginx/sites-available/openvscode.conf</code>: | Create <code>/etc/nginx/sites-available/openvscode.conf</code>: | ||
< | <pre> server { listen 80; server_name ide.illuni.in; location / { proxy_pass http://127.0.0.1:3100; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } </pre> | ||
server { | |||
listen 80; | |||
server_name ide.illuni.in; | |||
location / { | |||
proxy_pass http://127.0.0.1:3100; | |||
proxy_http_version 1.1; | |||
proxy_set_header Upgrade $http_upgrade; | |||
proxy_set_header Connection "Upgrade"; | |||
proxy_set_header Host $host; | |||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |||
} | |||
} | |||
</ | |||
Enable config: | Enable config: | ||
< | <pre> ln -sf /etc/nginx/sites-available/openvscode.conf /etc/nginx/sites-enabled/openvscode.conf sudo nginx -t sudo systemctl reload nginx </pre> | ||
ln -sf /etc/nginx/sites-available/openvscode.conf /etc/nginx/sites-enabled/openvscode.conf | |||
sudo nginx -t | |||
sudo systemctl reload nginx | |||
</ | |||
== Install Certbot and Issue SSL == | == Install Certbot and Issue SSL == | ||
< | <pre> sudo apt install certbot python3-certbot-nginx -y sudo certbot --nginx -d "ide.illuni.in" -m "admin@illuni.in" --agree-tos -n sudo systemctl reload nginx </pre> | ||
sudo apt install certbot python3-certbot-nginx -y | |||
sudo certbot --nginx -d "ide.illuni.in" -m "admin@illuni.in" --agree-tos -n | |||
sudo systemctl reload nginx | |||
</ | |||
Certbot automates SSL certificate provisioning and renewal.<ref name="4"/> | Certbot automates SSL certificate provisioning and renewal.<ref name="4"/> | ||
| Line 172: | Line 76: | ||
= Install n8n (Automation Tool) = | = Install n8n (Automation Tool) = | ||
Follow official n8n installation guide for Ubuntu. Example for npm: | Follow official n8n installation guide for Ubuntu. Example for npm: | ||
< | <pre> npm install -g n8n n8n start </pre> | ||
For production, consider running n8n as a systemd service and configuring a reverse proxy. | For production, consider running n8n as a systemd service and configuring a reverse proxy. | ||
| Line 182: | Line 86: | ||
Open a terminal in OpenVSCode as vscode user: | Open a terminal in OpenVSCode as vscode user: | ||
< | <pre> mkdir -p ~/.continue nano ~/.continue/config.json </pre> | ||
mkdir -p ~/.continue | |||
nano ~/.continue/config.json | |||
</ | |||
Paste (replace <code><SERVER_IP></code>): | Paste (replace <code><SERVER_IP></code>): | ||
< | <pre> { "models": [ { "title": "Ollama (Llama 3)", "provider": "ollama", "model": "llama3", "api_base": "http://<SERVER_IP>:11434" } ] } </pre> | ||
Confirm connection: | Confirm connection: | ||
< | <pre> curl http://<SERVER_IP>:11434/api/tags </pre> | ||
curl http://<SERVER_IP>:11434/api/tags | |||
</ | |||
Reload/refresh the Continue extension UI. | Reload/refresh the Continue extension UI. | ||
Revision as of 17:09, 30 August 2025
Overview
Deploy a full-featured web-based IDE with local AI coder (Llama 3 via Ollama), automation via n8n, secure HTTPS with Nginx & Certbot, and robust system security on a dedicated Ubuntu 24.04 LTS VPS/server. The final product delivers browser access at https://ide.illuni.in with AI chat, code generation, and workflow automation tools.<ref name="1"/><ref name="2"/><ref name="4"/><ref name="6"/>
Requirements
- OS
Ubuntu 24.04 LTS (64-bit)
- Hardware
Minimum 8 vCPUs, 12 GB RAM, 100 GB SSD
- Network
Incoming ports 22 (SSH), 80/443 (HTTP/HTTPS)
- Domain
A-record for ide.illuni.in pointed to server IP
- Security
SSH key auth only, UFW firewall, Fail2Ban, unattended-upgrades enabled<ref name="4"/>
System Preparation
Update System and Install Essentials
apt update && apt -y upgrade apt -y install software-properties-common git unzip curl wget tar ufw fail2ban ca-certificates
Harden Security
Configure firewall:
ufw allow 22 ufw allow 80 ufw allow 443 ufw enable
Set up Fail2Ban and enable automatic upgrades:
systemctl enable --now fail2ban apt install unattended-upgrades dpkg-reconfigure unattended-upgrades
Use SSH key authentication—disable password login in /etc/ssh/sshd_config (PasswordAuthentication no).<ref name="4"/>
OpenVSCode Server Installation
Create Directory & Download
cd /opt sudo mkdir openvscode-server sudo chown $USER:$USER openvscode-server cd openvscode-server curl -L https://github.com/gitpod-io/openvscode-server/releases/download/openvscode-server-v1.103.1/openvscode-server-v1.103.1-linux-x64.tar.gz -o openvscode-server.tar.gz tar -xzf openvscode-server.tar.gz --strip-components=1 rm openvscode-server.tar.gz
Create Service User
useradd -m -s /bin/bash vscode chown -R vscode:vscode /opt/openvscode-server
Setup systemd Service
Create /etc/systemd/system/openvscode.service:
[Unit] Description=OpenVSCode Server After=network.target [Service] Type=simple User=vscode WorkingDirectory=/opt/openvscode-server ExecStart=/opt/openvscode-server/bin/openvscode-server --host 0.0.0.0 --port 3100 --without-connection-token Restart=always RestartSec=3 [Install] WantedBy=multi-user.target
Load and start the service:
sudo systemctl daemon-reload sudo systemctl enable --now openvscode sudo systemctl status openvscode ss -tulpn | grep 3100
Ollama Installation (Local AI Models)
Install Ollama
curl -fsSL https://ollama.com/install.sh | sh
Confirm install:
ollama --version
Pull AI Models
/usr/local/bin/ollama pull llama3 /usr/local/bin/ollama pull codellama:7b /usr/local/bin/ollama pull mistral:latest /usr/local/bin/ollama list
Configure Ollama as a Service (open to network)
Edit /etc/systemd/system/ollama.service:
[Unit] Description=Ollama AI Service After=network.target [Service] Type=simple User=root ExecStart=/usr/local/bin/ollama --host 0.0.0.0 --port 11434 serve Restart=always RestartSec=5 [Install] WantedBy=multi-user.target
Reload and start service:
sudo systemctl daemon-reload sudo systemctl enable --now ollama sudo systemctl status ollama ss -tulpn | grep 11434
Nginx Reverse Proxy with HTTPS (Certbot)
Install Nginx
sudo apt install nginx -y sudo systemctl enable --now nginx sudo systemctl status nginx
Configure Reverse Proxy
Create /etc/nginx/sites-available/openvscode.conf:
server { listen 80; server_name ide.illuni.in; location / { proxy_pass http://127.0.0.1:3100; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }
Enable config:
ln -sf /etc/nginx/sites-available/openvscode.conf /etc/nginx/sites-enabled/openvscode.conf sudo nginx -t sudo systemctl reload nginx
Install Certbot and Issue SSL
sudo apt install certbot python3-certbot-nginx -y sudo certbot --nginx -d "ide.illuni.in" -m "admin@illuni.in" --agree-tos -n sudo systemctl reload nginx
Certbot automates SSL certificate provisioning and renewal.<ref name="4"/>
Install n8n (Automation Tool)
Follow official n8n installation guide for Ubuntu. Example for npm:
npm install -g n8n n8n start
For production, consider running n8n as a systemd service and configuring a reverse proxy.
Install and Configure Continue Extension
Access OpenVSCode: Visit https://ide.illuni.in/ Install Continue Extension: In the left sidebar, find the Extensions pane, search for "Continue", and click Install.<ref name="5"/><ref name="2"/> Configure Continue for Ollama:
Open a terminal in OpenVSCode as vscode user:
mkdir -p ~/.continue nano ~/.continue/config.json
Paste (replace <SERVER_IP>):
{ "models": [ { "title": "Ollama (Llama 3)", "provider": "ollama", "model": "llama3", "api_base": "http://<SERVER_IP>:11434" } ] }
Confirm connection:
curl http://<SERVER_IP>:11434/api/tags
Reload/refresh the Continue extension UI.
Final Verification
Open https://ide.illuni.in/ in browser.
Try out code completion, AI chat, and automation workflows.
Confirm secure HTTPS lock; certificates should auto-renew via Certbot.
Ensure only SSH key authentication is allowed; periodic security updates run automatically.
Conclusion
This setup delivers a secure, scalable, browser IDE with local AI coding assistant and workflow automation—all on Ubuntu 24.04 LTS. This workflow is suitable for remote development teams, solo devs, and anyone needing advanced code capabilities balanced with maximum data control and security.
References
<references/>