Coder server's primary configuration is done via environment variables. For a full list of the options, run coder server --help on the host.


For proof-of-concept deployments, you can set CODER_TUNNEL=true to run Coder on a unique * URL. This is a quick way to allow users and workspaces outside your LAN to connect to Coder.

Access URL

CODER_ACCESS_URL is required if you are not using the tunnel. Set this to the external URL that users and workspaces use to connect to Coder (e.g. This should not be localhost.

Access URL should be a external IP address or domain with DNS records pointing to Coder.

Wildcard access URL

CODER_WILDCARD_ACCESS_URL is necessary for port forwarding via the dashboard or running coder_apps on an absolute path. Set this to a wildcard subdomain that resolves to Coder (e.g. *

If you are providing TLS certificates directly to the Coder server, you must use a single certificate for the root and wildcard domains. Multi-certificate support is planned.

PostgreSQL Database

Coder uses a PostgreSQL database to store users, workspace metadata, and other deployment information. Use CODER_PG_CONNECTION_URL to set the database that Coder connects to. If unset, PostgreSQL binaries will be downloaded from Maven ( and store all data in the config root.

System packages

If you've installed Coder via a system package Coder, you can configure the server by setting the following variables in /etc/coder.d/coder.env:

# String. Specifies the external URL (HTTP/S) to access Coder.

# String. Address to serve the API and dashboard.

# String. The URL of a PostgreSQL database to connect to. If empty, PostgreSQL binaries
# will be downloaded from Maven ( and store all
# data in the config root. Access the built-in database with "coder server postgres-builtin-url".

# Boolean. Specifies if TLS will be enabled.

# String. Specifies the path to the certificate for TLS. It requires a PEM-encoded file.
# To configure the listener to use a CA certificate, concatenate the primary
# certificate and the CA certificate together. The primary certificate should
# appear first in the combined file.

# String. Specifies the path to the private key for the certificate. It requires a
# PEM-encoded file.

To run Coder as a system service on the host:

# Use systemd to start Coder now and on reboot
sudo systemctl enable --now coder

# View the logs to ensure a successful start
journalctl -u coder.service -b

To restart Coder after applying system changes:

sudo systemctl restart Coder

Up Next

See an opportunity to improve our docs? Make an edit.