Remote Control

Fundamentally, remote control boils down to three methods: VPN, direct port opening, and tunneling.

Cloudflared SSH

Previously, I used Cloudflared to proxy many services, but these were front-end/back-end services. You can also use Cloudflared to proxy SSH traffic. The steps are simple: just create a new domain for SSH in the web interface. Afterward, you can SSH to this domain to access the mini PC. Combined with VSCode Remote SSH, it’s very convenient for remote development.

The downside is both the mini PC and the access terminal need Cloudflared installed. Also, since the mini PC is now publicly accessible, use key-based authentication only.

brew install cloudflared

Modify ~/.ssh/config:

Host ssh.example.com
    ProxyCommand /opt/homebrew/bin/cloudflared access ssh --hostname %h

Additionally, create an Application in Cloudflare for the SSH domain and enable Browser rendering settings to SSH directly from a web browser. It’s very convenient, but make sure to enable protection.

Browser rendering settings

code-server

code-server is a web-based VSCode. If you enter any GitHub repository and press the period key (English keyboard), GitHub shows a web VSCode for viewing code. I’m not sure what deploying a web IDE does. Perhaps to avoid accessing your own server at work and getting caught (since it uses HTTPS instead of SSH, companies don’t usually monitor it).

services:
  code-server:
    image: ghcr.io/coder/code-server:latest
    container_name: code-server
    restart: unless-stopped
    environment:
      - PASSWORD=yourpassword
      - PUID=1000
      - PGID=1000
    volumes:
      - ./config:/home/coder/.config/code-server
      - ./projects:/home/coder/projects
    # ports:
    #   - "8080:8080"
    networks:
      - cloudflared

networks:
  cloudflared:
    external: true

VSCode Tunnel

This is VSCode’s native proxy tool, not Docker-based. In short, code-server renders the Electron frontend on the mini PC, while Tunnel just forwards data, reducing mini PC pressure. If you want to develop in containers, Tunnel has better Dev Containers support, which is my current approach.

Installation is simple. Download the CLI and extract:

curl -Lk 'https://code.visualstudio.com/sha/download?build=stable&os=cli-alpine-x64' --output vscode_cli.tar.gz
tar -xf vscode_cli.tar.gz
./code tunnel

Then login with GitHub, and you can develop directly in VSCode’s domain.

Add to Systemd for auto-start:

Create a new config file:

sudo vim /etc/systemd/system/vscode-tunnel.service

Fill in:

[Unit]
Description=VSCode Tunnel
After=network.target

[Service]
Type=simple
User=kyxie
WorkingDirectory=<path_to>/vscode
ExecStart=<path_to>/vscode/code tunnel
Restart=always
RestartSec=5

[Install]
WantedBy=default.target

Reload systemd:
```
sudo systemctl daemon-reload
```

Enable auto-start:

sudo systemctl enable vscode-tunnel.service
sudo systemctl start vscode-tunnel.service

Wireguard

Wireguard is a lightweight VPN built into Linux. Configuration is the most complex compared to others, but it can do the most. See: OpenWrt Wireguard Configuration | Kunyang’s Blog.

Since my desktop and mini PC are both at home, with Wireguard I can directly access the home network. Combined with Wake On Lan, I can conveniently wake the desktop and remote desktop it, or SSH into the mini PC.

The downside is Wireguard configuration can be unstable. If DDNS doesn’t update home IP quickly or the ISP blocks UDP traffic, you might not connect.

Cloudflared SSH#

code-server#

VSCode Tunnel#

Wireguard#

Cloudflared SSH

code-server

VSCode Tunnel

Wireguard