Wildcard access URLs unlock Coder's full potential for modern development workflows. While optional for basic SSH usage, this feature becomes essential when teams need web applications, development previews, or browser-based tools. **Wildcard access URLs are essential for many development workflows in Coder** - Web IDEs (code-server, VS Code Web, JupyterLab) and some development frameworks work significantly better with subdomain-based access rather than path-based URLs.

- **Enables port access**: Each application gets a unique subdomain with [port support](https://coder.com/docs/user-guides/workspace-access/port-forwarding#dashboard) (e.g. `8080--main--myworkspace--john.coder.example.com`).

- **Enhanced security**: Applications run in isolated subdomains with separate browser security contexts and prevents access to the Coder API from malicious JavaScript

- **Better compatibility**: Most applications are designed to work at the root of a hostname rather than at a subpath, making subdomain access more reliable

The following tools require wildcard access URL:

- **Vite dev server**: Hot module replacement and asset serving issues with path-based routing

- **React dev server**: Similar issues with hot reloading and absolute path references

- **Next.js development server**: Asset serving and routing conflicts with path-based access

- **JupyterLab**: More complex template configuration and security risks when using path-based routing

- **RStudio**: More complex template configuration and security risks when using path-based routing

`CODER_WILDCARD_ACCESS_URL` is necessary for [port forwarding](port-forwarding.md#dashboard) via the dashboard or running [coder_apps](../templates/index.md) on an absolute path. Set this to a wildcard subdomain that resolves to Coder (e.g. `*.coder.example.com`).

export CODER_WILDCARD_ACCESS_URL="*.coder.example.com"

coder server

Wildcard access URLs require a TLS certificate that covers the wildcard domain. You have several options:

Configure Coder to handle TLS directly using the wildcard certificate:

export CODER_TLS_ENABLE=true

export CODER_TLS_CERT_FILE=/path/to/wildcard.crt

export CODER_TLS_KEY_FILE=/path/to/wildcard.key

See [TLS & Reverse Proxy](../setup/index.md#tls--reverse-proxy) for detailed configuration options.

Use a reverse proxy to handle TLS termination with automatic certificate management:

- [NGINX with Let's Encrypt](../../tutorials/reverse-proxy-nginx.md)

- [Apache with Let's Encrypt](../../tutorials/reverse-proxy-apache.md)

- [Caddy reverse proxy](../../tutorials/reverse-proxy-caddy.md)

You'll need to configure DNS to point wildcard subdomains to your Coder server:

Or alternatively, using a CNAME record:

If you're using [workspace proxies](workspace-proxies.md) for geo-distributed teams, each proxy requires its own wildcard access URL configuration:

export CODER_WILDCARD_ACCESS_URL="*.coder.example.com"

export CODER_WILDCARD_ACCESS_URL="*.sydney.coder.example.com"

export CODER_WILDCARD_ACCESS_URL="*.london.coder.example.com"

Each proxy's wildcard domain must have corresponding DNS records:

In your Coder templates, enable subdomain applications using the `subdomain` parameter:

If workspace applications are not working:

1. Verify the `CODER_WILDCARD_ACCESS_URL` environment variable is configured correctly:

- Check the deployment settings in the Coder dashboard (Settings > Deployment)

- Ensure it matches your wildcard domain (e.g., `*.coder.example.com`)

- Restart the Coder server if you made changes to the environment variable

2. Check DNS resolution for wildcard subdomains:

```bash

dig test.coder.example.com

nslookup test.coder.example.com

```

3. Ensure TLS certificates cover the wildcard domain

4. Confirm template `coder_app` resources have `subdomain = true`

- [Workspace Proxies](workspace-proxies.md) - Improve performance for geo-distributed teams using wildcard URLs

{

"title": "Wildcard Access URL",

"description": "Learn about wildcard access URL in Coder deployments",

"path": "./admin/networking/wildcard-access-url.md"

},