Coder does have things talking back to itself. Like workspaces, proxies, and iirc some health checks. So the ACCESS_URL should probably be the internal url for better connections.

I took a look and you are right, we just set the cookie on the domain the user is on. So I think that will be ok.

If I understand correctly, this CODER_OIDC_REDIRECT_URL might work for auth. I am not sure if we use ACCESS_URL for user facing things, so I cannot think off the top of my head what other ramifications this setup has.

Do you have a staging environment that mirrors the one you mention to test my change? If it is sufficient, I think we can get it in. I am having a hard time testing it myself. It does work when I test locally, but I do not have as complicated of a setup.

@Foorack are you able to confirm if my PR is sufficient? Do you have an environment you can deploy this change to and test manually?

@Emyrk Time-constrained, but yes, I can test. I can even make a Docker script which sets up a simple Caddy server with demo mTLS cert.

@Foorack just lmk! Happy to merge it if it solves your needs. I just do not have an easy way to validate the situation you are in. I did some testing on 2 domains and it worked, but my setup was much simplier.

Been super busy, but will try test it within the next few days.