A lightweight, security-driven cloud development environment server written in Go. This is a powerful alternative to Gitpod with enhanced security features and modern architecture.
- Container-based Workspaces: Each workspace runs in an isolated Docker container
- Web-based IDE: Full-featured IDE accessible through your browser
- Git Integration: Built-in Git support with clone, commit, push, and pull operations
- Real-time Collaboration: Multiple users can work on the same workspace simultaneously
- Terminal Access: Full terminal access within workspace containers
- File Management: Complete file system operations through the web interface
- Sandboxed Environments: Each workspace runs in a secure, isolated container
- Encrypted Connections: All communications are encrypted using TLS
- JWT Authentication: Secure token-based authentication
- Rate Limiting: Built-in protection against abuse and DDoS attacks
- Input Validation: Comprehensive input sanitization and validation
- Security Headers: Proper security headers for all HTTP responses
- Audit Logging: Complete audit trail of all security events
- Multi-user Support: Support for multiple users with proper access controls
- Workspace Management: Create, start, stop, and delete workspaces
- Resource Limits: Configurable CPU, memory, and disk limits per workspace
- Monitoring: Built-in metrics and health checks
- Scalability: Kubernetes-ready for horizontal scaling
βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ
β Web Browser ββββββ Nginx/Ingress ββββββ CloudDev API β
βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ
β
βββββββββββββββββββββββββββΌββββββββββββββββββββββββββ
β β β
βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ
β PostgreSQL β β Redis β β Docker Engine β
β (Database) β β (Cache) β β (Containers) β
βββββββββββββββββββ βββββββββββββββββββ βββββββββββββββββββ
- Backend: Go 1.21+ with Gin web framework
- Database: PostgreSQL 15+
- Cache: Redis 7+
- Containerization: Docker
- Orchestration: Kubernetes (optional)
- Frontend: HTML5, CSS3, JavaScript (embedded in Go binary)
- Security: JWT tokens, bcrypt password hashing, TLS encryption
- Go: 1.21 or higher
- Docker: 20.10 or higher
- PostgreSQL: 15 or higher
- Redis: 7 or higher
-
Clone the repository:
git clone <repository-url> cd clouddev-server
-
Start the services:
docker-compose up -d
-
Access the application:
- Open your browser and navigate to
http://localhost:8080 - Default admin credentials:
admin@clouddev.local/admin123
- Open your browser and navigate to
-
Install dependencies:
go mod download
-
Set up the database:
createdb clouddev psql clouddev < schema.sql -
Configure environment variables:
export DB_HOST=localhost export DB_USER=your_db_user export DB_PASSWORD=your_db_password export JWT_SECRET=your-secret-key
-
Run the server:
go run main.go
The server can be configured using environment variables:
DB_HOST: Database host (default: localhost)DB_PORT: Database port (default: 5432)DB_NAME: Database name (default: clouddev)DB_USER: Database userDB_PASSWORD: Database passwordDB_SSL_MODE: SSL mode (default: disable)
REDIS_HOST: Redis host (default: localhost)REDIS_PORT: Redis port (default: 6379)REDIS_PASSWORD: Redis password (optional)REDIS_DB: Redis database number (default: 0)
JWT_SECRET: JWT signing secret (required)TLS_CERT_PATH: Path to TLS certificateTLS_KEY_PATH: Path to TLS private keyENABLE_SANDBOX: Enable container sandboxing (default: true)RATE_LIMIT: Requests per minute per IP (default: 100)
PORT: Server port (default: 8080)ENVIRONMENT: Environment (development/production)LOG_LEVEL: Log level (debug/info/warn/error)STORAGE_PATH: Workspace storage path (default: ./data)
POST /api/v1/auth/register
POST /api/v1/auth/login
POST /api/v1/auth/logout
GET /api/v1/auth/meGET /api/v1/workspaces # List workspaces
POST /api/v1/workspaces # Create workspace
GET /api/v1/workspaces/:id # Get workspace
PUT /api/v1/workspaces/:id # Update workspace
DELETE /api/v1/workspaces/:id # Delete workspace
POST /api/v1/workspaces/:id/start # Start workspace
POST /api/v1/workspaces/:id/stop # Stop workspace
GET /api/v1/workspaces/:id/logs # Get workspace logsGET /api/v1/ide/:workspace_id # Access IDE
GET /api/v1/ide/:workspace_id/files/*path # Get file/directory
PUT /api/v1/ide/:workspace_id/files/*path # Save file
DELETE /api/v1/ide/:workspace_id/files/*path # Delete file
POST /api/v1/ide/:workspace_id/terminal # Create terminalGET /api/v1/ws/:workspace_id?token=<jwt_token>docker build -t clouddev/server:latest .docker run -d \
--name clouddev-server \
-p 8080:8080 \
-e DB_HOST=your-db-host \
-e DB_USER=your-db-user \
-e DB_PASSWORD=your-db-password \
-e JWT_SECRET=your-secret-key \
-v /var/run/docker.sock:/var/run/docker.sock \
clouddev/server:latest-
Apply the deployments:
kubectl apply -f k8s/
-
Check the status:
kubectl get pods -n clouddev
-
Access the service:
kubectl port-forward service/clouddev-service 8080:80 -n clouddev
- Change default admin password
- Generate secure JWT secret
- Enable TLS/HTTPS
- Configure proper firewall rules
- Set up database backups
- Enable audit logging
- Configure monitoring and alerting
- Update allowed origins for CORS
- Set resource limits for containers
- Enable container security scanning
- Container Isolation: Each workspace runs in an isolated Docker container
- Network Security: Containers use dedicated networks with restricted access
- File System Security: Read-only root filesystem where possible
- User Security: Non-root users in containers
- Input Validation: All user inputs are validated and sanitized
- Rate Limiting: Protection against brute force and DDoS attacks
- Security Headers: Comprehensive HTTP security headers
- Audit Logging: All security events are logged for analysis
The server provides a health check endpoint:
GET /healthPrometheus metrics are available at:
GET /metricsKey metrics include:
- HTTP request duration and count
- Active WebSocket connections
- Container creation/deletion events
- Authentication attempts
- Security events
go test ./...go test -cover ./...docker-compose -f docker-compose.test.yml up --abort-on-container-exitclouddev-server/
βββ main.go # Application entry point
βββ internal/ # Internal packages
β βββ auth/ # Authentication service
β βββ config/ # Configuration management
β βββ container/ # Container orchestration
β βββ git/ # Git integration
β βββ ide/ # IDE service
β βββ workspace/ # Workspace management
βββ pkg/ # Public packages
β βββ logger/ # Logging utilities
β βββ models/ # Data models
β βββ security/ # Security middleware
β βββ websocket/ # WebSocket handling
βββ web/ # Static web assets
βββ k8s/ # Kubernetes manifests
βββ schema.sql # Database schema
βββ Dockerfile # Docker build file
βββ docker-compose.yml # Docker Compose configuration
- Create the feature in the appropriate package
- Add tests for the feature
- Update the API documentation
- Add configuration options if needed
- Update the database schema if required
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests
- Submit a pull request
This project is licensed under the MIT License - see the LICENSE file for details.
- Documentation: Check this README and code comments
- Issues: Report bugs and feature requests via GitHub issues
- Security: Report security issues privately to the maintainers
- Enhanced IDE features (syntax highlighting, autocomplete)
- More workspace templates
- Backup and restore functionality
- Enhanced collaboration features
- Plugin system for IDE extensions
- Team workspaces
- Resource usage analytics
- Advanced Git workflows
- AI-powered coding assistance
- Multi-cloud deployment
- Enterprise SSO integration
- Advanced security features
CloudDev Server - Lightweight, Secure, and Powerful Cloud Development Environment