Docker Website (5) Theia

1. About

Theia interface

theia is an open source framework for building web-based cloud tools and IDEs. theia provides a working framework, a module system, and some reusable features like git integration. Theia-based tools can be deployed remotely and accessed through a browser or a desktop application such as Electron. theia is built on top of Typescript, HTML, CSS, LSP (Language Server Protocol) and the Monaco code editor provided by VS Code.
It is an open source framework, not a final product. Developers can build and customize their own IDE or tools based on theia, such as gitpod, modeling tools, etc.
— Google

Build Status  title=  title=

1.1 Advantages

  • A complete multilingual IDE (not just a smart editor) for end users.
  • Supports both desktop and cloud IDEs.
  • Highly consistent with VS Code experience, greatly reducing learning costs.
  • Easy to expand, developers can customize their own IDE.
  • Hosted by the Eclipse Foundation, it is a vendor-neutral project.

1.2 Disadvantages

  • When opening the interface or refreshing the interface for the first time, all plug-ins will be loaded, which takes a long time, 20s~1min.
  • Adding a new plugin requires recompiling the entire IDE.
  • By default, only the nodejs language is supported, and other languages can be installed in the extension, or installed in the command line terminal that comes with theia.
  • Through interface operations, only existing projects or new folders on the server can be opened.
  • Projects cannot be uploaded, but you can execute the git command on the built-in terminal of theia to pull the git project, or you can copy the local project to the remote server by yourself through other commands such as rsync or scp commands.

2. Installation

2.1, official image

implement:

Comment first then view it after your comment is approved. Join QQ Group to display all hidden texts.

Note: Theia itself has no authentication mechanism, anyone with access to Theia can use it. Therefore, this method of deployment is strongly not recommended.

However, login authentication can be done with the help of the ngx_http_auth_digest module.

Download ngx_http_auth_digest:

Bash
1
2
wget https://github.com/atomx/nginx-http-auth-digest/archive/v1.0.0.tar.gz
tar zxvf v1.0.0.tar.gz

When compiling and installing nginx, add parameters:

Bash
1
--add-module=/path/to/nginx-http-auth-digest

Remember to modify /path/to/nginx-http-auth-digest to the actual path!

Generate login password:

Bash
1
2
apt-get install -y apache2-utils
htdigest -c /usr/local/passwd.digest theia admin

in

/usr/local/passwd.digest

is the password file path,

theia is realm and must be consistent with the nginx configuration file mentioned later.
admin is the login user name.

Add the server section in the nginx configuration file:

Nginx
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
server {
     listen 80 default_server;
     auth_digest_user_file /usr/local/passwd.digest;
     auth_digest_shm_size 8m; # the storage space allocated for tracking active sessions
    
     location / {
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";

         auth_digest 'theia';
         auth_digest_timeout 60s; # allow users to wait 1 minute between receiving the
                                     # challenge and hitting send in the browser dialog box
         auth_digest_expires 600s; # after a successful challenge/response, let the client
                                     # continue to use the same nonce for additional requests
                                     # for 600 seconds before generating a new challenge
         auth_digest_replays 60; # also generate a new challenge if the client uses the
                                     # same nonce more than 60 times before the expire time limit

         proxy_pass http://127.0.0.1:3000;
     }
}

in,

  • auth_digest_user_file must be consistent with the password file parameter in the htdigest command that sets the password.
  • auth_digest must be consistent with the realm parameter of the htdigest command that sets the password.
  • proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; These two lines must exist, otherwise the websocket cannot be properly proxied.

This configuration is equivalent to allowing auth_digest_shm_size/((48 + ceil(auth_digest_replays/8))bytes)=(810241024)/(48+8)=149.8k requests per (auth_digest_timeout+auth_digest_expires)=660s, that is, every 660s allows about 149.8k requests. Login authentication expires after 10 minutes.

Finally, start nginx, and a login authentication box will pop up. After entering the user name and password, you can log in and jump to theia interface.

2.2, compile image

Compile:

Bash
1
2
3
git clone https://github.com/theia-ide/theia-apps.git
cd theia-apps/theia-https-docker
docker build . --build-arg app=theia-full -t theiaide/theia-full-sec

start up:

Bash
1
docker run --init -itd -p 10443:10443 -e token=mysecrettoken -v "~/theia/:/home/project:cached" theiaide/theia-full-sec

Set directory permissions:

Bash
1
chown -R 1000 ~/theia/

You can use it happily!

4. Reference

Author
Hsukqi Lee
Posted on

2022-12-06

Edited on

2023-05-21

Licensed under

CC BY-NC-ND 4.0

Comments

Name
Mail
Site
None yet