Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Is there a way to host the remote web socket server privately? #2469

Open
zachgalvin opened this issue Nov 9, 2024 · 7 comments
Open

Is there a way to host the remote web socket server privately? #2469

zachgalvin opened this issue Nov 9, 2024 · 7 comments
Assignees

Comments

@zachgalvin
Copy link

In order to get the ML VSCode extension to work in a locked down network, you have to allow the following endpoint:

https://github.com/microsoft/vscode-tools-for-ai/tree/master/azureml_remote_websocket_server/*

According to this documentation:

https://learn.microsoft.com/en-us/azure/machine-learning/how-to-access-azureml-behind-firewall?view=azureml-api-2&tabs=ipaddress%2Cpublic#scenario-visual-studio-code

But in order to limit to just that path, you have to have some proxy or firewall that decrypts traffic so that it can check the path. Is there a way to host the web socket server instead so that you don’t have to do any of that?

@Siglud
Copy link
Member

Siglud commented Nov 11, 2024

So, the problem is the extension need to download this server binary from https://github.com/microsoft/vscode-tools-for-ai/tree/master/azureml_remote_websocket_server/. This is a URL from GitHub with TLS, you cannot decode the HTTP request the limit the server access only when remote host equals github.com and the path match the /microsoft/vscode-tools-for-ai/tree/master/azureml_remote_websocket_server/. Right?

I think the only way is SSL decrypt. Or maybe we move those binary files to the other site belongs to Microsoft can help you easier this work?

@zachgalvin
Copy link
Author

Thanks for the response @Siglud! Yes, that is the problem I’m hitting, and I think those are the two potential solutions, but I’m curious about if we can host the binary files internally because I think that would be easier for me.

I know I could just download all the files at that path and then host them, but how would I tell VSCode to look at my self hosted location rather than trying to go to GitHub? And are there any other caveats with that approach?

@zachgalvin
Copy link
Author

@Siglud and @JerryYangKai any thoughts on if that is an option?

@Siglud
Copy link
Member

Siglud commented Nov 14, 2024

@zachgalvin Sorry, there is no way to customize this setting for now.

@yaoleo34 Could be a feature request.

@yaoleo34
Copy link

@zachgalvin
Is https://github.com/microsoft/vscode-remote-release/issues/9454 similar to the issue that you described here?

@zachgalvin
Copy link
Author

I’m not sure @yaoleo34. Is libstdcpp_path where the path for this is stored? I’m not familiar with the code, but it doesn’t initially appear related.

@Siglud just to confirm, even if there was a custom Microsoft domain for this instead of GitHub, it still wouldn’t work right? Or are you just saying I can’t self host it?

Also, two more questions on this:

  1. Do you know how often we need to pull files from there? If we only need it when we initially install or update, I could temporarily allow GitHub on the firewall during those periods.
  2. If I do have to go down the route of decrypting SSL, do you know if VSCode does any SSL pinning or has plans to? That would prevent the decrypting traffic from working, so just wanted to double check.

@Siglud
Copy link
Member

Siglud commented Nov 15, 2024

@zachgalvin Sorry, I've checked the install script again. I think like @yaoleo34 said, the web socket server also can be pre-installed if you put your binary files in the right place.

First, you need to get last version of the socket server from https://github.com/microsoft/vscode-tools-for-ai/tree/master/azureml_remote_websocket_server

Currently, the last version is v0.2 (this will be referred to as <version>)

Copy the binary file to specific directories.

mkdir -p ~/.azureml_remote_websocket_server/bin/<version>
cd ~/.azureml_remote_websocket_server/bin/<version>

# Download and extract
# wget https://github.com/microsoft/vscode-tools-for-ai/raw/refs/heads/master/azureml_remote_websocket_server/v0.2/azureml_websocket_server.tgz
tar -xzf azureml_websocket_server.tgz  # This creates a folder called "package"
mv package/* ./ && rm -r package

After running this script, start/restart the Remote SSH from Host to Destination and it will skip download and start the socket server directly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants