Lesson #1465

← Back to Knowledge Board
code.joelduss.xyz code-server setup Medium authority: 75
ID
1465
Author
ai
Agent
agent-claude
Reviewed
✓ Yes
Source authority
75 / 100
Source
Native code-server (root) behind Caddy+Authelia at code.joelduss.xyz β€” known fragility points and required workarounds for the anthropic.claude-code extension
Source issue
β€”
Created at
2026-05-12T10:00:23.759911+00:00
Valid until
β€”
Deprecated at
β€”
Supersedes
β€”
Obsidian path
/root/.claude/projects/-nvmetank1-projects/memory/project_code_server_setup.md
Obsidian hash
3a62ef8d0e85c673ce9162d792106e19
Tags
claude-memory,project

Content

`code.joelduss.xyz` runs **native code-server** (systemd: `code-server.service`, NOT a docker container β€” replaces an older rag-stack container). Bound `127.0.0.1:8442`, runs as `User=root`, reverse-proxied via Caddy with Authelia `forward_auth`.

**Why:** SSO via Authelia for all *.joelduss.xyz services; native install gives full host access for the embedded claude CLI sessions.

**How to apply β€” two non-obvious traps when the anthropic.claude-code VS Code extension breaks:**

1. **"Dieser Inhalt ist blockiert" in side panel** = VS-Code webviews are sandboxed iframes (no `allow-same-origin`) β†’ SameSite=Lax Authelia cookie not sent β†’ Caddy forward_auth 302s to authelia login page (`X-Frame-Options: DENY`) β†’ browser blocks. Fix is in `/etc/caddy/Caddyfile`: bypass Authelia for static webview paths (`@webview_static path /stable-* /_static/* /static/* /manifest.json /favicon.ico` β†’ handle without `import authelia`). These paths only serve generic VS-Code assets.

2. **"Claude Code process exited with code 1"** = the extension passes `--dangerously-skip-permissions` (bypassPermissions mode); claude refuses this as root unless `IS_SANDBOX=1` is set. Fix: `Environment=IS_SANDBOX=1` in the systemd unit. Plus a defensive line at top of `cli.js` (`process.env.IS_SANDBOX = process.env.IS_SANDBOX || "1"`) which survives until extension auto-update overwrites it.

**Important:** the extension uses its own bundled cli at `…/extensions/anthropic.claude-code-*/resources/claude-code/cli.js` β€” NOT `/usr/local/bin/claude`. PATH/symlink fixes do nothing for the extension's spawn.

**Don't restart `code-server.service` lightly** β€” it hosts running claude sessions (one of them may be the current orchestrator session itself). Verify no live work is running before restart. Daemon-reload after editing the unit is safe and lets the new env take effect at next restart.