shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-03 13:08:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
bfa17c315ec2e5b6f90f7a00fc228ff41a5abc70
coder/cli/testdata/coder_server_--help.golden
T
Danny Kopping 282ab7de34 refactor: load AI providers from the database at startup (#25672) 
Replace the env-based `BuildProviders` with a DB-backed loader. The database is now the single source of truth for runtime provider configuration; env config arrives via `SeedAIProvidersFromEnv` (run at boot) and `BuildProviders` reads it back as `aibridge.Provider` instances. `cli/server.go` and `enterprise/cli/server.go` both call the same path, so aibridged and aibridgeproxyd see the same provider set.

Per-provider `DumpDir` is replaced by a top-level `CODER_AI_GATEWAY_DUMP_DIR` base; each provider's effective dump path is `<base>/<provider name>`.
2026-05-26 15:57:01 +02:00

947 lines
47 KiB
Plaintext
Raw Blame History

coder v0.0.0-devel
USAGE:
coder server [flags]
Start a Coder server
SUBCOMMANDS:
create-admin-user Create a new admin user with the given username,
email and password and adds it to every
organization.
postgres-builtin-serve Run the built-in PostgreSQL deployment.
postgres-builtin-url Output the connection URL for the built-in
PostgreSQL deployment.
OPTIONS:
--allow-workspace-renames bool, $CODER_ALLOW_WORKSPACE_RENAMES (default: false)
Allow users to rename their workspaces. WARNING: Renaming a workspace
can cause Terraform resources that depend on the workspace name to be
destroyed and recreated, potentially causing data loss. Only enable
this if your templates do not use workspace names in resource
identifiers, or if you understand the risks.
--cache-dir string, $CODER_CACHE_DIRECTORY (default: [cache dir])
The directory to cache temporary files. If unspecified and
$CACHE_DIRECTORY is set, it will be used for compatibility with
systemd. This directory is NOT safe to be configured as a shared
directory across coderd/provisionerd replicas.
--default-oauth-refresh-lifetime duration, $CODER_DEFAULT_OAUTH_REFRESH_LIFETIME (default: 720h0m0s)
The default lifetime duration for OAuth2 refresh tokens. This controls
how long refresh tokens remain valid after issuance or rotation.
--default-token-lifetime duration, $CODER_DEFAULT_TOKEN_LIFETIME (default: 168h0m0s)
The default lifetime duration for API tokens. This value is used when
creating a token without specifying a duration, such as when
authenticating the CLI or an IDE plugin.
--disable-chat-sharing bool, $CODER_DISABLE_CHAT_SHARING
Disable chat sharing. Chat ACL checking is disabled and only owners
can access their chats.
--disable-owner-workspace-access bool, $CODER_DISABLE_OWNER_WORKSPACE_ACCESS
Remove the permission for the 'owner' role to have workspace execution
on all workspaces. This prevents the 'owner' from ssh, apps, and
terminal access based on the 'owner' role. They still have their user
permissions to access their own workspaces.
--disable-path-apps bool, $CODER_DISABLE_PATH_APPS
Disable workspace apps that are not served from subdomains. Path-based
apps can make requests to the Coder API and pose a security risk when
the workspace serves malicious JavaScript. This is recommended for
security purposes if a --wildcard-access-url is configured.
--disable-workspace-sharing bool, $CODER_DISABLE_WORKSPACE_SHARING
Disable workspace sharing. Workspace ACL checking is disabled and only
owners can have ssh, apps and terminal access to workspaces. Access
based on the 'owner' role is also allowed unless disabled via
--disable-owner-workspace-access.
--swagger-enable bool, $CODER_SWAGGER_ENABLE
Expose the swagger endpoint via /swagger.
--experiments string-array, $CODER_EXPERIMENTS
Enable one or more experiments. These are not ready for production.
Separate multiple experiments with commas, or enter '*' to opt-in to
all available experiments.
--external-auth-github-default-provider-enable bool, $CODER_EXTERNAL_AUTH_GITHUB_DEFAULT_PROVIDER_ENABLE (default: true)
Enable the default GitHub external auth provider managed by Coder.
--postgres-auth password|awsiamrds, $CODER_PG_AUTH (default: password)
Type of auth to use when connecting to postgres. For AWS RDS, using
IAM authentication (awsiamrds) is recommended.
--postgres-conn-max-idle string, $CODER_PG_CONN_MAX_IDLE (default: auto)
Maximum number of idle connections to the database. Set to "auto" (the
default) to use max open / 3. Value must be greater or equal to 0; 0
means explicitly no idle connections.
--postgres-conn-max-open int, $CODER_PG_CONN_MAX_OPEN (default: 10)
Maximum number of open connections to the database. Defaults to 10.
--postgres-url string, $CODER_PG_CONNECTION_URL
URL of a PostgreSQL database. If empty, PostgreSQL binaries will be
downloaded from Maven (https://repo1.maven.org/maven2) and store all
data in the config root. Access the built-in database with "coder
server postgres-builtin-url". Note that any special characters in the
URL must be URL-encoded.
--ssh-keygen-algorithm string, $CODER_SSH_KEYGEN_ALGORITHM (default: ed25519)
The algorithm to use for generating ssh keys. Accepted values are
"ed25519", "ecdsa", or "rsa4096".
--support-links struct[[]codersdk.LinkConfig], $CODER_SUPPORT_LINKS
Support links to display in the top right drop down menu.
--terms-of-service-url string, $CODER_TERMS_OF_SERVICE_URL
A URL to an external Terms of Service that must be accepted by users
when logging in.
--update-check bool, $CODER_UPDATE_CHECK (default: false)
Periodically check for new releases of Coder and inform the owner. The
check is performed once per day.
AI GATEWAY OPTIONS:
--ai-budget-period month, $CODER_AI_BUDGET_PERIOD (default: month)
Determines when accumulated AI spend resets to zero, aligned to UTC
calendar boundaries. Only "month" is currently supported.
--ai-budget-policy highest, $CODER_AI_BUDGET_POLICY (default: highest)
Determines the effective group when a user belongs to multiple groups
with AI budgets. "highest" selects the group with the largest spend
limit, and is currently the only supported value.
--ai-gateway-dump-dir string, $CODER_AI_GATEWAY_DUMP_DIR
Base directory for dumping AI Bridge request/response pairs to disk
for debugging. When set, each provider writes under a subdirectory
named after the provider. Sensitive headers are redacted. Leave empty
to disable.
--ai-gateway-allow-byok bool, $CODER_AI_GATEWAY_ALLOW_BYOK (default: true)
Allow users to provide their own LLM API keys or subscriptions. When
disabled, only centralized key authentication is permitted.
--ai-gateway-anthropic-base-url string, $CODER_AI_GATEWAY_ANTHROPIC_BASE_URL (default: https://api.anthropic.com/)
The base URL of the Anthropic API.
--ai-gateway-anthropic-key string, $CODER_AI_GATEWAY_ANTHROPIC_KEY
The key to authenticate against the Anthropic API.
--ai-gateway-bedrock-access-key string, $CODER_AI_GATEWAY_BEDROCK_ACCESS_KEY
The access key to authenticate against the AWS Bedrock API.
--ai-gateway-bedrock-access-key-secret string, $CODER_AI_GATEWAY_BEDROCK_ACCESS_KEY_SECRET
The access key secret to use with the access key to authenticate
against the AWS Bedrock API.
--ai-gateway-bedrock-base-url string, $CODER_AI_GATEWAY_BEDROCK_BASE_URL
The base URL to use for the AWS Bedrock API. Use this setting to
specify an exact URL to use. Takes precedence over
CODER_AI_GATEWAY_BEDROCK_REGION.
--ai-gateway-bedrock-model string, $CODER_AI_GATEWAY_BEDROCK_MODEL (default: global.anthropic.claude-sonnet-4-5-20250929-v1:0)
The model to use when making requests to the AWS Bedrock API.
--ai-gateway-bedrock-region string, $CODER_AI_GATEWAY_BEDROCK_REGION
The AWS Bedrock API region to use. Constructs a base URL to use for
the AWS Bedrock API in the form of
'https://bedrock-runtime.<region>.amazonaws.com'.
--ai-gateway-bedrock-small-fastmodel string, $CODER_AI_GATEWAY_BEDROCK_SMALL_FAST_MODEL (default: global.anthropic.claude-haiku-4-5-20251001-v1:0)
The small fast model to use when making requests to the AWS Bedrock
API. Claude Code uses Haiku-class models to perform background tasks.
See
https://docs.claude.com/en/docs/claude-code/settings#environment-variables.
--ai-gateway-circuit-breaker-enabled bool, $CODER_AI_GATEWAY_CIRCUIT_BREAKER_ENABLED (default: false)
Enable the circuit breaker to protect against cascading failures from
upstream AI provider overload (503, 529).
--ai-gateway-retention duration, $CODER_AI_GATEWAY_RETENTION (default: 60d)
Length of time to retain data such as interceptions and all related
records (token, prompt, tool use).
--ai-gateway-enabled bool, $CODER_AI_GATEWAY_ENABLED (default: true)
Whether to start an in-memory AI Gateway instance.
--ai-gateway-max-concurrency int, $CODER_AI_GATEWAY_MAX_CONCURRENCY (default: 0)
Maximum number of concurrent AI Gateway requests per replica. Set to 0
to disable (unlimited).
--ai-gateway-openai-base-url string, $CODER_AI_GATEWAY_OPENAI_BASE_URL (default: https://api.openai.com/v1/)
The base URL of the OpenAI API.
--ai-gateway-openai-key string, $CODER_AI_GATEWAY_OPENAI_KEY
The key to authenticate against the OpenAI API.
--ai-gateway-rate-limit int, $CODER_AI_GATEWAY_RATE_LIMIT (default: 0)
Maximum number of AI Gateway requests per second per replica. Set to 0
to disable (unlimited).
--ai-gateway-send-actor-headers bool, $CODER_AI_GATEWAY_SEND_ACTOR_HEADERS (default: false)
Once enabled, extra headers will be added to upstream requests to
identify the user (actor) making requests to AI Gateway. This is only
needed if you are using a proxy between AI Gateway and an upstream AI
provider. This will send X-Ai-Bridge-Actor-Id (the ID of the user
making the request) and X-Ai-Bridge-Actor-Metadata-Username (their
username).
--ai-gateway-structured-logging bool, $CODER_AI_GATEWAY_STRUCTURED_LOGGING (default: false)
Emit structured logs for AI Gateway interception records. Use this for
exporting these records to external SIEM or observability systems.
AI GATEWAY PROXY OPTIONS:
--ai-gateway-proxy-dump-dir string, $CODER_AI_GATEWAY_PROXY_DUMP_DIR
Directory for dumping MITM request/response pairs to disk for
debugging. When set, each proxied request produces .req.txt and
.resp.txt files organized by provider. Sensitive headers are redacted.
Leave empty to disable.
--ai-gateway-proxy-allowed-private-cidrs string-array, $CODER_AI_GATEWAY_PROXY_ALLOWED_PRIVATE_CIDRS
Comma-separated list of CIDR ranges that are permitted even though
they fall within blocked private/reserved IP ranges. By default all
private ranges are blocked to prevent SSRF attacks. Use this to allow
access to specific internal networks.
--ai-gateway-proxy-enabled bool, $CODER_AI_GATEWAY_PROXY_ENABLED (default: false)
Enable the AI Gateway MITM Proxy for intercepting and decrypting AI
provider requests.
--ai-gateway-proxy-listen-addr string, $CODER_AI_GATEWAY_PROXY_LISTEN_ADDR (default: :8888)
The address the AI Gateway Proxy will listen on.
--ai-gateway-proxy-cert-file string, $CODER_AI_GATEWAY_PROXY_CERT_FILE
Path to the CA certificate file used to intercept (MITM) HTTPS traffic
from AI clients. This CA must be trusted by AI clients for the proxy
to decrypt their requests.
--ai-gateway-proxy-key-file string, $CODER_AI_GATEWAY_PROXY_KEY_FILE
Path to the CA private key file used to intercept (MITM) HTTPS traffic
from AI clients.
--ai-gateway-proxy-tls-cert-file string, $CODER_AI_GATEWAY_PROXY_TLS_CERT_FILE
Path to the TLS certificate file for the AI Gateway Proxy listener.
Must be set together with AI Gateway Proxy TLS Key File.
--ai-gateway-proxy-tls-key-file string, $CODER_AI_GATEWAY_PROXY_TLS_KEY_FILE
Path to the TLS private key file for the AI Gateway Proxy listener.
Must be set together with AI Gateway Proxy TLS Certificate File.
--ai-gateway-proxy-upstream string, $CODER_AI_GATEWAY_PROXY_UPSTREAM
URL of an upstream HTTP proxy to chain tunneled (non-allowlisted)
requests through. Format: http://[user:pass@]host:port or
https://[user:pass@]host:port.
--ai-gateway-proxy-upstream-ca string, $CODER_AI_GATEWAY_PROXY_UPSTREAM_CA
Path to a PEM-encoded CA certificate to trust for the upstream proxy's
TLS connection. Only needed for HTTPS upstream proxies with
certificates not trusted by the system. If not provided, the system
certificate pool is used.
CHAT OPTIONS:
Configure the background chat processing daemon.
--chat-debug-logging-enabled bool, $CODER_CHAT_DEBUG_LOGGING_ENABLED (default: false)
Force chat debug logging on for every chat, bypassing the runtime
admin and user opt-in settings.
CLIENT OPTIONS:
These options change the behavior of how clients interact with the Coder.
Clients include the Coder CLI, Coder Desktop, IDE extensions, and the web UI.
--cli-upgrade-message string, $CODER_CLI_UPGRADE_MESSAGE
The upgrade message to display to users when a client/server mismatch
is detected. By default it instructs users to update using 'curl -L
https://coder.com/install.sh | sh'.
--hide-ai-tasks bool, $CODER_HIDE_AI_TASKS (default: false)
Hide AI tasks from the dashboard.
--ssh-config-options string-array, $CODER_SSH_CONFIG_OPTIONS
These SSH config options will override the default SSH config options.
Provide options in "key=value" or "key value" format separated by
commas.Using this incorrectly can break SSH to your deployment, use
cautiously.
--web-terminal-renderer string, $CODER_WEB_TERMINAL_RENDERER (default: canvas)
The renderer to use when opening a web terminal. Valid values are
'canvas', 'webgl', or 'dom'.
--workspace-hostname-suffix string, $CODER_WORKSPACE_HOSTNAME_SUFFIX (default: coder)
Workspace hostnames use this suffix in SSH config and Coder Connect on
Coder Desktop. By default it is coder, resulting in names like
myworkspace.coder.
CONFIG OPTIONS:
Use a YAML configuration file when your server launch become unwieldy.
-c, --config yaml-config-path, $CODER_CONFIG_PATH
Specify a YAML file to load configuration from.
--write-config bool
Write out the current server config as YAML to stdout.
EMAIL OPTIONS:
Configure how emails are sent.
--email-force-tls bool, $CODER_EMAIL_FORCE_TLS (default: false)
Force a TLS connection to the configured SMTP smarthost.
--email-from string, $CODER_EMAIL_FROM
The sender's address to use.
--email-hello string, $CODER_EMAIL_HELLO (default: localhost)
The hostname identifying the SMTP server.
--email-smarthost string, $CODER_EMAIL_SMARTHOST
The intermediary SMTP host through which emails are sent.
EMAIL / EMAIL AUTHENTICATION OPTIONS:
Configure SMTP authentication options.
--email-auth-identity string, $CODER_EMAIL_AUTH_IDENTITY
Identity to use with PLAIN authentication.
--email-auth-password string, $CODER_EMAIL_AUTH_PASSWORD
Password to use with PLAIN/LOGIN authentication.
--email-auth-password-file string, $CODER_EMAIL_AUTH_PASSWORD_FILE
File from which to load password for use with PLAIN/LOGIN
authentication.
--email-auth-username string, $CODER_EMAIL_AUTH_USERNAME
Username to use with PLAIN/LOGIN authentication.
EMAIL / EMAIL TLS OPTIONS:
Configure TLS for your SMTP server target.
--email-tls-ca-cert-file string, $CODER_EMAIL_TLS_CACERTFILE
CA certificate file to use.
--email-tls-cert-file string, $CODER_EMAIL_TLS_CERTFILE
Certificate file to use.
--email-tls-cert-key-file string, $CODER_EMAIL_TLS_CERTKEYFILE
Certificate key file to use.
--email-tls-server-name string, $CODER_EMAIL_TLS_SERVERNAME
Server name to verify against the target certificate.
--email-tls-skip-verify bool, $CODER_EMAIL_TLS_SKIPVERIFY
Skip verification of the target server's certificate (insecure).
--email-tls-starttls bool, $CODER_EMAIL_TLS_STARTTLS
Enable STARTTLS to upgrade insecure SMTP connections using TLS.
INTROSPECTION / HEALTH CHECK OPTIONS:
--health-check-refresh duration, $CODER_HEALTH_CHECK_REFRESH (default: 10m0s)
Refresh interval for healthchecks.
--health-check-threshold-database duration, $CODER_HEALTH_CHECK_THRESHOLD_DATABASE (default: 15ms)
The threshold for the database health check. If the median latency of
the database exceeds this threshold over 5 attempts, the database is
considered unhealthy. The default value is 15ms.
INTROSPECTION / LOGGING OPTIONS:
--enable-terraform-debug-mode bool, $CODER_ENABLE_TERRAFORM_DEBUG_MODE (default: false)
Allow administrators to enable Terraform debug output.
--log-human string, $CODER_LOGGING_HUMAN (default: /dev/stderr)
Output human-readable logs to a given file.
--log-json string, $CODER_LOGGING_JSON
Output JSON logs to a given file.
-l, --log-filter string-array, $CODER_LOG_FILTER
Filter debug logs by matching against a given regex. Use .* to match
all debug logs.
--log-stackdriver string, $CODER_LOGGING_STACKDRIVER
Output Stackdriver compatible logs to a given file.
INTROSPECTION / PROMETHEUS OPTIONS:
--prometheus-address host:port, $CODER_PROMETHEUS_ADDRESS (default: 127.0.0.1:2112)
The bind address to serve prometheus metrics.
--prometheus-aggregate-agent-stats-by string-array, $CODER_PROMETHEUS_AGGREGATE_AGENT_STATS_BY (default: agent_name,template_name,username,workspace_name)
When collecting agent stats, aggregate metrics by a given set of
comma-separated labels to reduce cardinality. Accepted values are
agent_name, template_name, username, workspace_name.
--prometheus-collect-agent-stats bool, $CODER_PROMETHEUS_COLLECT_AGENT_STATS
Collect agent stats (may increase charges for metrics storage).
--prometheus-collect-db-metrics bool, $CODER_PROMETHEUS_COLLECT_DB_METRICS (default: false)
Collect database query metrics (may increase charges for metrics
storage). If set to false, a reduced set of database metrics are still
collected.
--prometheus-enable bool, $CODER_PROMETHEUS_ENABLE
Serve prometheus metrics on the address defined by prometheus address.
INTROSPECTION / STATS COLLECTION / USAGE STATS OPTIONS:
--stats-collection-usage-stats-enable bool, $CODER_STATS_COLLECTION_USAGE_STATS_ENABLE (default: true)
Enable the collection of application and workspace usage along with
the associated API endpoints and the template insights page. Disabling
this will also disable traffic and connection insights in the
deployment stats shown to admins in the bottom bar of the Coder UI,
and will prevent Prometheus collection of these values.
INTROSPECTION / TRACING OPTIONS:
--trace-logs bool, $CODER_TRACE_LOGS
Enables capturing of logs as events in traces. This is useful for
debugging, but may result in a very large amount of events being sent
to the tracing backend which may incur significant costs.
--trace bool, $CODER_TRACE_ENABLE
Whether application tracing data is collected. It exports to a backend
configured by environment variables. See:
https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/protocol/exporter.md.
--trace-honeycomb-api-key string, $CODER_TRACE_HONEYCOMB_API_KEY
Enables trace exporting to Honeycomb.io using the provided API Key.
INTROSPECTION / PPROF OPTIONS:
--pprof-address host:port, $CODER_PPROF_ADDRESS (default: 127.0.0.1:6060)
The bind address to serve pprof.
--pprof-enable bool, $CODER_PPROF_ENABLE
Serve pprof metrics on the address defined by pprof address.
NETWORKING OPTIONS:
--access-url url, $CODER_ACCESS_URL
The URL that users will use to access the Coder deployment.
--docs-url url, $CODER_DOCS_URL (default: https://coder.com/docs)
Specifies the custom docs URL.
--proxy-trusted-headers string-array, $CODER_PROXY_TRUSTED_HEADERS
Headers to trust for forwarding IP addresses. e.g. Cf-Connecting-Ip,
True-Client-Ip, X-Forwarded-For.
--proxy-trusted-origins string-array, $CODER_PROXY_TRUSTED_ORIGINS
Origin addresses to respect "proxy-trusted-headers". e.g.
192.168.1.0/24.
--redirect-to-access-url bool, $CODER_REDIRECT_TO_ACCESS_URL
Specifies whether to redirect requests that do not match the access
URL host.
--samesite-auth-cookie lax|none, $CODER_SAMESITE_AUTH_COOKIE (default: lax)
Controls the 'SameSite' property is set on browser session cookies.
--secure-auth-cookie bool, $CODER_SECURE_AUTH_COOKIE (default: false)
Controls if the 'Secure' property is set on browser session cookies.
--wildcard-access-url string, $CODER_WILDCARD_ACCESS_URL
Specifies the wildcard hostname to use for workspace applications in
the form "*.example.com".
--host-prefix-cookie bool, $CODER_HOST_PREFIX_COOKIE (default: false)
Recommended to be enabled. Enables `__Host-` prefix for cookies to
guarantee they are only set by the right domain. This change is
disruptive to any workspaces built before release 2.31, requiring a
workspace restart.
NETWORKING / DERP OPTIONS:
Most Coder deployments never have to think about DERP because all connections
between workspaces and users are peer-to-peer. However, when Coder cannot
establish a peer to peer connection, Coder uses a distributed relay network
backed by Tailscale and WireGuard.
--block-direct-connections bool, $CODER_BLOCK_DIRECT
Block peer-to-peer (aka. direct) workspace connections. All workspace
connections from the CLI will be proxied through Coder (or custom
configured DERP servers) and will never be peer-to-peer when enabled.
Workspaces may still reach out to STUN servers to get their address
until they are restarted after this change has been made, but new
connections will still be proxied regardless.
--derp-config-path string, $CODER_DERP_CONFIG_PATH
Path to read a DERP mapping from. See:
https://tailscale.com/kb/1118/custom-derp-servers/.
--derp-config-url string, $CODER_DERP_CONFIG_URL
URL to fetch a DERP mapping on startup. See:
https://tailscale.com/kb/1118/custom-derp-servers/.
--derp-force-websockets bool, $CODER_DERP_FORCE_WEBSOCKETS
Force clients and agents to always use WebSocket to connect to DERP
relay servers. By default, DERP uses `Upgrade: derp`, which may cause
issues with some reverse proxies. Clients may automatically fallback
to WebSocket if they detect an issue with `Upgrade: derp`, but this
does not work in all situations.
--derp-server-enable bool, $CODER_DERP_SERVER_ENABLE (default: true)
Whether to enable or disable the embedded DERP relay server.
--derp-server-region-name string, $CODER_DERP_SERVER_REGION_NAME (default: Coder Embedded Relay)
Region name that for the embedded DERP server.
--derp-server-stun-addresses string-array, $CODER_DERP_SERVER_STUN_ADDRESSES (default: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302,stun3.l.google.com:19302,stun4.l.google.com:19302)
Addresses for STUN servers to establish P2P connections. It's
recommended to have at least two STUN servers to give users the best
chance of connecting P2P to workspaces. Each STUN server will get it's
own DERP region, with region IDs starting at `--derp-server-region-id
+ 1`. Use special value 'disable' to turn off STUN completely.
NETWORKING / HTTP OPTIONS:
--additional-csp-policy string-array, $CODER_ADDITIONAL_CSP_POLICY
Coder configures a Content Security Policy (CSP) to protect against
XSS attacks. This setting allows you to add additional CSP directives,
which can open the attack surface of the deployment. Format matches
the CSP directive format, e.g. --additional-csp-policy="script-src
https://example.com".
--disable-password-auth bool, $CODER_DISABLE_PASSWORD_AUTH
Disable password authentication. This is recommended for security
purposes in production deployments that rely on an identity provider.
Any user with the owner role will be able to sign in with their
password regardless of this setting to avoid potential lock out. If
you are locked out of your account, you can use the `coder server
create-admin` command to create a new admin user directly in the
database.
--disable-session-expiry-refresh bool, $CODER_DISABLE_SESSION_EXPIRY_REFRESH
Disable automatic session expiry bumping due to activity. This forces
all sessions to become invalid after the session expiry duration has
been reached.
--http-address string, $CODER_HTTP_ADDRESS (default: 127.0.0.1:3000)
HTTP bind address of the server. Unset to disable the HTTP endpoint.
--max-token-lifetime duration, $CODER_MAX_TOKEN_LIFETIME (default: 876600h0m0s)
The maximum lifetime duration users can specify when creating an API
token.
--max-admin-token-lifetime duration, $CODER_MAX_ADMIN_TOKEN_LIFETIME (default: 168h0m0s)
The maximum lifetime duration administrators can specify when creating
an API token.
--proxy-health-interval duration, $CODER_PROXY_HEALTH_INTERVAL (default: 1m0s)
The interval in which coderd should be checking the status of
workspace proxies.
--session-duration duration, $CODER_SESSION_DURATION (default: 24h0m0s)
The token expiry duration for browser sessions. Sessions may last
longer if they are actively making requests, but this functionality
can be disabled via --disable-session-expiry-refresh.
NETWORKING / TLS OPTIONS:
Configure TLS / HTTPS for your Coder deployment. If you're running Coder behind
a TLS-terminating reverse proxy or are accessing Coder over a secure link, you
can safely ignore these settings.
--strict-transport-security int, $CODER_STRICT_TRANSPORT_SECURITY (default: 0)
Controls if the 'Strict-Transport-Security' header is set on all
static file responses. This header should only be set if the server is
accessed via HTTPS. This value is the MaxAge in seconds of the header.
--strict-transport-security-options string-array, $CODER_STRICT_TRANSPORT_SECURITY_OPTIONS
Two optional fields can be set in the Strict-Transport-Security
header; 'includeSubDomains' and 'preload'. The
'strict-transport-security' flag must be set to a non-zero value for
these options to be used.
--tls-address host:port, $CODER_TLS_ADDRESS (default: 127.0.0.1:3443)
HTTPS bind address of the server.
--tls-allow-insecure-ciphers bool, $CODER_TLS_ALLOW_INSECURE_CIPHERS (default: false)
By default, only ciphers marked as 'secure' are allowed to be used.
See
https://github.com/golang/go/blob/master/src/crypto/tls/cipher_suites.go#L82-L95.
--tls-cert-file string-array, $CODER_TLS_CERT_FILE
Path to each certificate for TLS. It requires a PEM-encoded file. To
configure the listener to use a CA certificate, concatenate the
primary certificate and the CA certificate together. The primary
certificate should appear first in the combined file.
--tls-ciphers string-array, $CODER_TLS_CIPHERS
Specify specific TLS ciphers that allowed to be used. See
https://github.com/golang/go/blob/master/src/crypto/tls/cipher_suites.go#L53-L75.
--tls-client-auth string, $CODER_TLS_CLIENT_AUTH (default: none)
Policy the server will follow for TLS Client Authentication. Accepted
values are "none", "request", "require-any", "verify-if-given", or
"require-and-verify".
--tls-client-ca-file string, $CODER_TLS_CLIENT_CA_FILE
PEM-encoded Certificate Authority file used for checking the
authenticity of client.
--tls-client-cert-file string, $CODER_TLS_CLIENT_CERT_FILE
Path to certificate for client TLS authentication. It requires a
PEM-encoded file.
--tls-client-key-file string, $CODER_TLS_CLIENT_KEY_FILE
Path to key for client TLS authentication. It requires a PEM-encoded
file.
--tls-enable bool, $CODER_TLS_ENABLE
Whether TLS will be enabled.
--tls-key-file string-array, $CODER_TLS_KEY_FILE
Paths to the private keys for each of the certificates. It requires a
PEM-encoded file.
--tls-min-version string, $CODER_TLS_MIN_VERSION (default: tls12)
Minimum supported version of TLS. Accepted values are "tls10",
"tls11", "tls12" or "tls13".
NOTIFICATIONS OPTIONS:
Configure how notifications are processed and delivered.
--notifications-dispatch-timeout duration, $CODER_NOTIFICATIONS_DISPATCH_TIMEOUT (default: 1m0s)
How long to wait while a notification is being sent before giving up.
--notifications-max-send-attempts int, $CODER_NOTIFICATIONS_MAX_SEND_ATTEMPTS (default: 5)
The upper limit of attempts to send a notification.
--notifications-method string, $CODER_NOTIFICATIONS_METHOD (default: smtp)
Which delivery method to use (available options: 'smtp', 'webhook').
NOTIFICATIONS / EMAIL OPTIONS:
Configure how email notifications are sent.
--notifications-email-force-tls bool, $CODER_NOTIFICATIONS_EMAIL_FORCE_TLS
Force a TLS connection to the configured SMTP smarthost.
DEPRECATED: Use --email-force-tls instead.
--notifications-email-from string, $CODER_NOTIFICATIONS_EMAIL_FROM
The sender's address to use.
DEPRECATED: Use --email-from instead.
--notifications-email-hello string, $CODER_NOTIFICATIONS_EMAIL_HELLO
The hostname identifying the SMTP server.
DEPRECATED: Use --email-hello instead.
--notifications-email-smarthost string, $CODER_NOTIFICATIONS_EMAIL_SMARTHOST
The intermediary SMTP host through which emails are sent.
DEPRECATED: Use --email-smarthost instead.
NOTIFICATIONS / EMAIL / EMAIL AUTHENTICATION OPTIONS:
Configure SMTP authentication options.
--notifications-email-auth-identity string, $CODER_NOTIFICATIONS_EMAIL_AUTH_IDENTITY
Identity to use with PLAIN authentication.
DEPRECATED: Use --email-auth-identity instead.
--notifications-email-auth-password string, $CODER_NOTIFICATIONS_EMAIL_AUTH_PASSWORD
Password to use with PLAIN/LOGIN authentication.
DEPRECATED: Use --email-auth-password instead.
--notifications-email-auth-password-file string, $CODER_NOTIFICATIONS_EMAIL_AUTH_PASSWORD_FILE
File from which to load password for use with PLAIN/LOGIN
authentication.
DEPRECATED: Use --email-auth-password-file instead.
--notifications-email-auth-username string, $CODER_NOTIFICATIONS_EMAIL_AUTH_USERNAME
Username to use with PLAIN/LOGIN authentication.
DEPRECATED: Use --email-auth-username instead.
NOTIFICATIONS / EMAIL / EMAIL TLS OPTIONS:
Configure TLS for your SMTP server target.
--notifications-email-tls-ca-cert-file string, $CODER_NOTIFICATIONS_EMAIL_TLS_CACERTFILE
CA certificate file to use.
DEPRECATED: Use --email-tls-ca-cert-file instead.
--notifications-email-tls-cert-file string, $CODER_NOTIFICATIONS_EMAIL_TLS_CERTFILE
Certificate file to use.
DEPRECATED: Use --email-tls-cert-file instead.
--notifications-email-tls-cert-key-file string, $CODER_NOTIFICATIONS_EMAIL_TLS_CERTKEYFILE
Certificate key file to use.
DEPRECATED: Use --email-tls-cert-key-file instead.
--notifications-email-tls-server-name string, $CODER_NOTIFICATIONS_EMAIL_TLS_SERVERNAME
Server name to verify against the target certificate.
DEPRECATED: Use --email-tls-server-name instead.
--notifications-email-tls-skip-verify bool, $CODER_NOTIFICATIONS_EMAIL_TLS_SKIPVERIFY
Skip verification of the target server's certificate (insecure).
DEPRECATED: Use --email-tls-skip-verify instead.
--notifications-email-tls-starttls bool, $CODER_NOTIFICATIONS_EMAIL_TLS_STARTTLS
Enable STARTTLS to upgrade insecure SMTP connections using TLS.
DEPRECATED: Use --email-tls-starttls instead.
NOTIFICATIONS / INBOX OPTIONS:
--notifications-inbox-enabled bool, $CODER_NOTIFICATIONS_INBOX_ENABLED (default: true)
Enable Coder Inbox.
NOTIFICATIONS / WEBHOOK OPTIONS:
--notifications-webhook-endpoint url, $CODER_NOTIFICATIONS_WEBHOOK_ENDPOINT
The endpoint to which to send webhooks.
OAUTH2 / GITHUB OPTIONS:
--oauth2-github-allow-everyone bool, $CODER_OAUTH2_GITHUB_ALLOW_EVERYONE
Allow all logins, setting this option means allowed orgs and teams
must be empty.
--oauth2-github-allow-signups bool, $CODER_OAUTH2_GITHUB_ALLOW_SIGNUPS
Whether new users can sign up with GitHub.
--oauth2-github-allowed-orgs string-array, $CODER_OAUTH2_GITHUB_ALLOWED_ORGS
Organizations the user must be a member of to Login with GitHub.
--oauth2-github-allowed-teams string-array, $CODER_OAUTH2_GITHUB_ALLOWED_TEAMS
Teams inside organizations the user must be a member of to Login with
GitHub. Structured as: <organization-name>/<team-slug>.
--oauth2-github-client-id string, $CODER_OAUTH2_GITHUB_CLIENT_ID
Client ID for Login with GitHub.
--oauth2-github-client-secret string, $CODER_OAUTH2_GITHUB_CLIENT_SECRET
Client secret for Login with GitHub.
--oauth2-github-default-provider-enable bool, $CODER_OAUTH2_GITHUB_DEFAULT_PROVIDER_ENABLE (default: true)
Enable the default GitHub OAuth2 provider managed by Coder.
--oauth2-github-device-flow bool, $CODER_OAUTH2_GITHUB_DEVICE_FLOW (default: false)
Enable device flow for Login with GitHub.
--oauth2-github-enterprise-base-url string, $CODER_OAUTH2_GITHUB_ENTERPRISE_BASE_URL
Base URL of a GitHub Enterprise deployment to use for Login with
GitHub.
OIDC OPTIONS:
--oidc-group-auto-create bool, $CODER_OIDC_GROUP_AUTO_CREATE (default: false)
Automatically creates missing groups from a user's groups claim.
--oidc-allow-signups bool, $CODER_OIDC_ALLOW_SIGNUPS (default: true)
Whether new users can sign up with OIDC.
--oidc-allowed-groups string-array, $CODER_OIDC_ALLOWED_GROUPS
If provided any group name not in the list will not be allowed to
authenticate. This allows for restricting access to a specific set of
groups. This filter is applied after the group mapping and before the
regex filter.
--oidc-auth-url-params struct[map[string]string], $CODER_OIDC_AUTH_URL_PARAMS (default: {"access_type": "offline"})
OIDC auth URL parameters to pass to the upstream provider.
--oidc-client-cert-file string, $CODER_OIDC_CLIENT_CERT_FILE
Pem encoded certificate file to use for oauth2 PKI/JWT authorization.
The public certificate that accompanies oidc-client-key-file. A
standard x509 certificate is expected.
--oidc-client-id string, $CODER_OIDC_CLIENT_ID
Client ID to use for Login with OIDC.
--oidc-client-key-file string, $CODER_OIDC_CLIENT_KEY_FILE
Pem encoded RSA private key to use for oauth2 PKI/JWT authorization.
This can be used instead of oidc-client-secret if your IDP supports
it.
--oidc-client-secret string, $CODER_OIDC_CLIENT_SECRET
Client secret to use for Login with OIDC.
--oidc-email-domain string-array, $CODER_OIDC_EMAIL_DOMAIN
Email domains that clients logging in with OIDC must match.
--oidc-email-field string, $CODER_OIDC_EMAIL_FIELD (default: email)
OIDC claim field to use as the email.
--oidc-group-field string, $CODER_OIDC_GROUP_FIELD
This field must be set if using the group sync feature and the scope
name is not 'groups'. Set to the claim to be used for groups.
--oidc-group-mapping struct[map[string]string], $CODER_OIDC_GROUP_MAPPING (default: {})
A map of OIDC group IDs and the group in Coder it should map to. This
is useful for when OIDC providers only return group IDs.
--oidc-ignore-email-verified bool, $CODER_OIDC_IGNORE_EMAIL_VERIFIED
Ignore the email_verified claim from the upstream provider.
--oidc-ignore-userinfo bool, $CODER_OIDC_IGNORE_USERINFO (default: false)
Ignore the userinfo endpoint and only use the ID token for user
information.
--oidc-issuer-url string, $CODER_OIDC_ISSUER_URL
Issuer URL to use for Login with OIDC.
--oidc-name-field string, $CODER_OIDC_NAME_FIELD (default: name)
OIDC claim field to use as the name.
--oidc-group-regex-filter regexp, $CODER_OIDC_GROUP_REGEX_FILTER (default: .*)
If provided any group name not matching the regex is ignored. This
allows for filtering out groups that are not needed. This filter is
applied after the group mapping.
--oidc-scopes string-array, $CODER_OIDC_SCOPES (default: openid,profile,email)
Scopes to grant when authenticating with OIDC.
--oidc-user-role-default string-array, $CODER_OIDC_USER_ROLE_DEFAULT
If user role sync is enabled, these roles are always included for all
authenticated users. The 'member' role is always assigned.
--oidc-user-role-field string, $CODER_OIDC_USER_ROLE_FIELD
This field must be set if using the user roles sync feature. Set this
to the name of the claim used to store the user's role. The roles
should be sent as an array of strings.
--oidc-user-role-mapping struct[map[string][]string], $CODER_OIDC_USER_ROLE_MAPPING (default: {})
A map of the OIDC passed in user roles and the groups in Coder it
should map to. This is useful if the group names do not match. If
mapped to the empty string, the role will ignored.
--oidc-username-field string, $CODER_OIDC_USERNAME_FIELD (default: preferred_username)
OIDC claim field to use as the username.
--oidc-sign-in-text string, $CODER_OIDC_SIGN_IN_TEXT (default: OpenID Connect)
The text to show on the OpenID Connect sign in button.
--oidc-icon-url url, $CODER_OIDC_ICON_URL
URL pointing to the icon to use on the OpenID Connect login button.
--oidc-signups-disabled-text string, $CODER_OIDC_SIGNUPS_DISABLED_TEXT
The custom text to show on the error page informing about disabled
OIDC signups. Markdown format is supported.
--dangerous-oidc-skip-issuer-checks bool, $CODER_DANGEROUS_OIDC_SKIP_ISSUER_CHECKS
OIDC issuer urls must match in the request, the id_token 'iss' claim,
and in the well-known configuration. This flag disables that
requirement, and can lead to an insecure OIDC configuration. It is not
recommended to use this flag.
PROVISIONING OPTIONS:
Tune the behavior of the provisioner, which is responsible for creating,
updating, and deleting workspace resources.
--provisioner-force-cancel-interval duration, $CODER_PROVISIONER_FORCE_CANCEL_INTERVAL (default: 10m0s)
Time to force cancel provisioning tasks that are stuck.
--provisioner-daemon-poll-interval duration, $CODER_PROVISIONER_DAEMON_POLL_INTERVAL (default: 1s)
Deprecated and ignored.
--provisioner-daemon-poll-jitter duration, $CODER_PROVISIONER_DAEMON_POLL_JITTER (default: 100ms)
Deprecated and ignored.
--provisioner-daemon-psk string, $CODER_PROVISIONER_DAEMON_PSK
Pre-shared key to authenticate external provisioner daemons to Coder
server.
--provisioner-daemons int, $CODER_PROVISIONER_DAEMONS (default: 3)
Number of provisioner daemons to create on start. If builds are stuck
in queued state for a long time, consider increasing this.
RETENTION OPTIONS:
Configure data retention policies for various database tables. Retention
policies automatically purge old data to reduce database size and improve
performance. Setting a retention duration to 0 disables automatic purging for
that data type.
--api-keys-retention duration, $CODER_API_KEYS_RETENTION (default: 7d)
How long expired API keys are retained before being deleted. Keeping
expired keys allows the backend to return a more helpful error when a
user tries to use an expired key. Set to 0 to disable automatic
deletion of expired keys.
--audit-logs-retention duration, $CODER_AUDIT_LOGS_RETENTION (default: 0)
How long audit log entries are retained. Set to 0 to disable (keep
indefinitely). We advise keeping audit logs for at least a year, and
in accordance with your compliance requirements.
--connection-logs-retention duration, $CODER_CONNECTION_LOGS_RETENTION (default: 0)
How long connection log entries are retained. Set to 0 to disable
(keep indefinitely).
--workspace-agent-logs-retention duration, $CODER_WORKSPACE_AGENT_LOGS_RETENTION (default: 7d)
How long workspace agent logs are retained. Logs from non-latest
builds are deleted if the agent hasn't connected within this period.
Logs from the latest build are always retained. Set to 0 to disable
automatic deletion.
TELEMETRY OPTIONS:
Telemetry is critical to our ability to improve Coder. We strip all personal
information before sending data to our servers. Please only disable telemetry
when required by your organization's security policy.
--telemetry bool, $CODER_TELEMETRY_ENABLE (default: false)
Whether telemetry is enabled or not. Coder collects anonymized usage
data to help improve our product.
TEMPLATE BUILDER OPTIONS:
--disable-template-builder bool, $CODER_DISABLE_TEMPLATE_BUILDER
Disable the template builder feature for guided template creation.
When disabled, all /api/v2/templatebuilder/* endpoints return 404.
--template-builder-registry-url string, $CODER_TEMPLATE_BUILDER_REGISTRY_URL (default: https://registry.coder.com)
The base URL of the module registry used by the template builder for
module source paths.
USER QUIET HOURS SCHEDULE OPTIONS:
Allow users to set quiet hours schedules each day for workspaces to avoid
workspaces stopping during the day due to template scheduling.
--allow-custom-quiet-hours bool, $CODER_ALLOW_CUSTOM_QUIET_HOURS (default: true)
Allow users to set their own quiet hours schedule for workspaces to
stop in (depending on template autostop requirement settings). If
false, users can't change their quiet hours schedule and the site
default is always used.
--default-quiet-hours-schedule string, $CODER_QUIET_HOURS_DEFAULT_SCHEDULE (default: CRON_TZ=UTC 0 0 * * *)
The default daily cron schedule applied to users that haven't set a
custom quiet hours schedule themselves. The quiet hours schedule
determines when workspaces will be force stopped due to the template's
autostop requirement, and will round the max deadline up to be within
the user's quiet hours window (or default). The format is the same as
the standard cron format, but the day-of-month, month and day-of-week
must be *. Only one hour and minute can be specified (ranges or comma
separated values are not supported).
WORKSPACE PREBUILDS OPTIONS:
Configure how workspace prebuilds behave.
--workspace-prebuilds-reconciliation-interval duration, $CODER_WORKSPACE_PREBUILDS_RECONCILIATION_INTERVAL (default: 1m0s)
How often to reconcile workspace prebuilds state.
⚠️ DANGEROUS OPTIONS:
--dangerous-allow-path-app-sharing bool, $CODER_DANGEROUS_ALLOW_PATH_APP_SHARING
Allow workspace apps that are not served from subdomains to be shared.
Path-based app sharing is DISABLED by default for security purposes.
Path-based apps can make requests to the Coder API and pose a security
risk when the workspace serves malicious JavaScript. Path-based apps
can be disabled entirely with --disable-path-apps for further
security.
--dangerous-allow-path-app-site-owner-access bool, $CODER_DANGEROUS_ALLOW_PATH_APP_SITE_OWNER_ACCESS
Allow site-owners to access workspace apps from workspaces they do not
own. Owners cannot access path-based apps they do not own by default.
Path-based apps can make requests to the Coder API and pose a security
risk when the workspace serves malicious JavaScript. Path-based apps
can be disabled entirely with --disable-path-apps for further
security.
ENTERPRISE OPTIONS:
These options are only available in the Enterprise Edition.
--browser-only bool, $CODER_BROWSER_ONLY
Whether Coder only allows connections to workspaces via the browser.
--derp-server-relay-url url, $CODER_DERP_SERVER_RELAY_URL
An HTTP URL that is accessible by other replicas to relay DERP
traffic. Required for high availability.
--external-token-encryption-keys string-array, $CODER_EXTERNAL_TOKEN_ENCRYPTION_KEYS
Encrypt OIDC and Git authentication tokens with AES-256-GCM in the
database. The value must be a comma-separated list of base64-encoded
keys. Each key, when base64-decoded, must be exactly 32 bytes in
length. The first key will be used to encrypt new values. Subsequent
keys will be used as a fallback when decrypting. During normal
operation it is recommended to only set one key unless you are in the
process of rotating keys with the `coder server dbcrypt rotate`
command.
--scim-auth-header string, $CODER_SCIM_AUTH_HEADER
Enables SCIM and sets the authentication header for the built-in SCIM
server. New users are automatically created with OIDC authentication.
———
Run `coder --help` for a list of global options.
Reference in New Issue View Git Blame Copy Permalink