Allow for ports to be public by default #4068
-
I'd like to see an option in Example: "portsAttributes": {
"1234": {
"label": "My public port",
"privacy": "public"
}
} |
Beta Was this translation helpful? Give feedback.
Replies: 16 comments 42 replies
-
there's a |
Beta Was this translation helpful? Give feedback.
-
Hey @wictorwilen, thanks for your feedback. Currently we don't support this. I would love to learn more on your scenario/problem to address with this so that I can capture this in our backlog. Can you please share a bit more context here? :) |
Beta Was this translation helpful? Give feedback.
-
Are there any plans to add this? This is still the most annoying thing with Codespaces. Every time I start it up I have to remember to change all my ports to public before I can start working. |
Beta Was this translation helpful? Give feedback.
-
Hey @treeder! Thanks for following up on this. We've been discussing the right way to implement this considering this is a privacy related functionality wherein public ports are accessible by anyone with a link to that url and supporting a public by default setting means providing a larger surface area for resources to be exposed to the public internet with a potential of users forgetting about that setting and it applying to all their codespaces. As a workaround, you can set this using dotfiles and the gh cli. Add code in one of the files listed (install.sh, install, bootstrap.sh, etc…) that uses the gh cli to change port visibility based on the individual users preference. If the gh cli isn’t already installed in the Codespace, the installation can also be handled in the dotfiles before attempting to change port visibility. That way, every time you create a new codespace, the port visibility will be set to the desired value. Would this address your need in the short term? |
Beta Was this translation helpful? Give feedback.
-
Any progress on this? |
Beta Was this translation helpful? Give feedback.
-
I understand the security concerns holding this up. Perhaps an equally (or more) valuable solution would be some exposure to what ports are forwarded to locally, so that you can have servers communicate with each other programmatically and not need the public ports. Right now the issue we run into is port 3000 may need to talk to port 5000, but if that happens client-side (e.g. on my browser), I need a reliably URI to use for communication. The "githubpreview.dev" links work, but you can't have them talk through private ports because there is a redirect auth thing that will fail. As such we need to make them public. I'd be happy sticking with local ports, but port 3000 and 5000 are unreliable since devcontainers will find any available port if that port is taken (e.g. two codespaces are up) |
Beta Was this translation helpful? Give feedback.
-
GitHub should really just take a page out of Gidpod's playbook. They've had this feature for a long time. You just set in your config file you want it public, then you don't need to deal with it again. |
Beta Was this translation helpful? Give feedback.
-
Just to add use case, in my case I want this because I'm running a small Elasticsearch container along with a React app that needs to access the ES instance. I actually don't necessary want it to be public, but that's the only way to make this work now. |
Beta Was this translation helpful? Give feedback.
-
Lior - do you have the gh cli setup on the image?
My needs for the frontend/backend connection are the same. I don't need it
public either and could use localhost ports, but the locally forwarded
ports are not deterministically detected so I use public ports.
I actually think a more valuable addition to codespaces would be somehow
passing information about port forwarding to some config inside the
container. I studied it a bit but didn't find any way. Surely it's doable,
but I haven't sorted it out yet.
My issues with the public ports are strictly reliability. They sometimes
have ssl issues, sometimes get gateway errors, sometimes hang. It's maybe
5-10% if the time, but it causes 5-10% downtime of the dev team.
On Fri, Sep 2, 2022 at 2:40 PM Lior Brauer ***@***.***> wrote:
Same here, I basically have a frontend and backend app and the only way to
make the frontend app be able to communicate with the backend without
getting a CORS error is to set the backend app's http port to public.
—
Reply to this email directly, view it on GitHub
<#4068 (reply in thread)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAJYYZBNJDFHB3SSINMLTZTV4JJZHANCNFSM454KE4NA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
--
[image: Company logo]
*Bobby Thompson*
Chief Technology Officer
***@***.*** | 913.314.2520 <9133142520>
*Uhray* | uhray.com <https://www.uhray.com/>
1220 Washington St, Ste 200
Kansas City, MO 64105
[image: facebook icon]
<https://www.facebook.com/pages/category/Consulting-Agency/Uhray-452145365121537/>
[image: linkedin icon] <https://www.linkedin.com/company/uhray/>
|
Beta Was this translation helpful? Give feedback.
-
I'm not sure what's up with your setup. I'm roughly doing the same thing
and it does stick. The only difference is I call a bash script that then
calls the gh command. But given you log everything out and it says public,
doesn't sound likely to be the issue to me.
Only other thought I have is if your servers are booting up on start too,
so it's triggering something with the codespace and the port. Nothing on my
machines boot up immediately so I'm not putting anything on say port 3000
for some seconds after boot (once I run commands manually)
As for my recommendation, I haven't thought of how the info would get
passed around, but my point was you'd stick with localhost. But say 3000
forwarded to 3100 on your machine, you'd open localhost:3100. You'd then
need to know what port the backend forwarded to (say 5000 forwarded to
5100).
If this information is present on the machine somehow, you could cause your
3000 server to point the browser at 5100 not 5000.
Fwiw - if you're never at risk of two codespaces, the above would likely
work and you just hardcode 3000. That's not my scenario since the biggest
value of codespaces for me was to pop up multiple
Likely the port forwarding is occurring on your local machine not the
codespaces so it would need to get passed back. I have not dug deep enough
yet, but to me it's an incredibly limiting feature of containerized dev
environments to not easily connect to servers to talk to each other.
On Sat, Sep 3, 2022 at 1:35 PM Lior Brauer ***@***.***> wrote:
hey @rthomps7 <https://github.com/rthomps7>, thanks for the reply!
Regarding your described idea:
I actually think a more valuable addition to codespaces would be somehow
passing information about port forwarding to some config inside the
container.
I wonder how would that work? Because when I want to test my app in
codespaces, I open a tab with the frontend app (on port 3001) which loads
fine with a url pattern of xxxx-3001.githubpreview.dev, but when the
browser makes requests to the backend app, it's on a different subdomain
(due to different port), so ends with xxxx-3000.githubpreview.dev, and
the request is rejected due to a CORS issue (that is only resolved if the
3000 port is manually set to public). Not sure any configs could circumvent
this, unless codespaces changes its internal header/CORS settings to
automatically allow all calls between ports of the same codespace.
To your first question - I do have the gh cli setup on the image. My
devcontainer.json file contains the forwardPorts property to make sure
they are forwarded from the get-go (port 3000). Then I have a little script
file that I call in postAttachCommand that runs the gh codespace ports
visibility 3000:public -c $CODESPACE_NAME command.
I verified it is being called successfully by looking at the container
creation.log file (CMD+Shift+P -> 'Codespaces: View Creating Log') and I
even print out the port statuses there to make sure they turned public (gh
codespaces ports -c $CODESPACE_NAME).
Everything looks in order, but when I run the show ports command in the
Codespace terminal (again with gh codespaces ports -c $CODESPACE_NAME) it
shows it as private and not public. If I manually change it to public, it
will stick. But I want it to already be public using the postAttachCommand
script.
My suspicion is this is a timing issue, where the ports are forwarded, set
to public (by my script) but then somewhere after that and before I gain
control in the codesapce, the ports are reset.
—
Reply to this email directly, view it on GitHub
<#4068 (reply in thread)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAJYYZENNDQC2BN3UCE4KXDV4OK65ANCNFSM454KE4NA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
--
[image: Company logo]
*Bobby Thompson*
Chief Technology Officer
***@***.*** | 913.314.2520 <9133142520>
*Uhray* | uhray.com <https://www.uhray.com/>
1220 Washington St, Ste 200
Kansas City, MO 64105
[image: facebook icon]
<https://www.facebook.com/pages/category/Consulting-Agency/Uhray-452145365121537/>
[image: linkedin icon] <https://www.linkedin.com/company/uhray/>
|
Beta Was this translation helpful? Give feedback.
-
To anyone following this thread, I actually got it working consistently, but with kind of a hacky solution. Sharing here if anyone was looking for working solution (copied my answer from another question):
( {
"forwardPorts": [3000, 3001]
}
( {
"forwardPorts": [3000, 3001],
"postAttachCommand": "/bin/bash .devcontainer/setup.sh",
}
( echo "gh codespace ports -c $CODESPACE_NAME" >> ~/.bashrc This basically works consistently, but is kind of hacky. (Also, if your codespace users use zsh instead, you need to do the same for the Hope this helps! |
Beta Was this translation helpful? Give feedback.
-
One reason for this feature is that currently CORS does not work with private ports. The API port always needs to be made public. See this discussion: https://github.com/orgs/community/discussions/15351 |
Beta Was this translation helpful? Give feedback.
-
https://docs.github.com/en/codespaces/developing-in-codespaces/forwarding-ports-in-your-codespace Follow this doc for code space. |
Beta Was this translation helpful? Give feedback.
-
How is this still not a thing? A year and a half since this discussion started. Seems like one tiny little setting could enable this. We know it's already there since I have to do it every single time I open a codespace, but can't we just have the ability to save that setting? |
Beta Was this translation helpful? Give feedback.
-
I recently had the same problem and managed to get it running as follows. Create a shell script file (e.g., #!/bin/bash
# Function to change port visibility
change_port_visibility() {
local port=$1
local visibility=$2
gh codespace ports visibility $port:$visibility -c $CODESPACE_NAME
}
# Usage: change_port_visibility <port> <visibility>
change_port_visibility $1 $2 This script takes two arguments: the port number and the desired visibility.
Replace The
With these configurations, the After that, you can check with Note: In the Tab Ports, It remains private. But again, you can check with the previous command in terminal. I write about it in Spanish in my blog Automate the visibility of Ports in your Codespaces with a Bash Script |
Beta Was this translation helpful? Give feedback.
-
I can't say for sure, but all of a sudden it seems to have started remembering when you set a port to be public. Can anyone else confirm this on their end? |
Beta Was this translation helpful? Give feedback.
Hey @wictorwilen, thanks for your feedback. Currently we don't support this. I would love to learn more on your scenario/problem to address with this so that I can capture this in our backlog. Can you please share a bit more context here? :)