IDE Services 2024.4 Help

Advanced configuration

Database options

SSL certificates for Postgres Database

Add the following configuration to your application.yaml to enable SSL certificates for database access.

spring: r2dbc: ssl: true properties.sslMode: VERIFY-FULL properties.sslRootCert: "<path to PEM certificates in the container>"

Advanced logging

The IDE Services Server uses the Logback logging framework, which is configured using SpringFramework.

You can configure logging categories in application.yaml, for example:

logging: level: org.springframework.web: debug org.hibernate: error

You can also point to a custom Logback configuration from a classpath (using the classpath: prefix) or container (using the file: prefix). For example, add the following code to your application.yaml to enable a custom Logback configuration:

logging: config: "classpath:json-logging.xml"

Log IDE and Plugin Downloads

You can track user downloads of IDEs and plugins distributed by IDE Provisioner and collect the recorded data from the server-side logs.

This download logging option is disabled by default. To enable it:

  1. Add the following parameter to your application.yaml file:

    tbe.features.log-binary-downloads: true

  2. Make sure the logging level is set to INFO in the application.yaml file:

    logging: level: root: INFO

  1. Add the following parameter to your values.yaml file:

    tbe.features.log-binary-downloads: true

  2. Make sure the logging level is set to INFO in the values.yaml file:

    logging: level: root: INFO

To output the log data in JSON format for easier reading:

  1. Add the following property to the application.yaml file:

    logging: config: "classpath:json-logging.xml"

  2. Restart your IDE Services Server.

  1. Add the following property to the values.yaml file:

    logging: config: "classpath:json-logging.xml"

  2. Restart your IDE Services Server.

For each event when a user downloads either a plugin or an IDE, the following details will be recorded:

  • User ID, user subject (from IdP), and username

  • Timestamp

  • Name, version, and build number of the IDE or

  • ID and version of the plugin

Examples of download logs

User details can be found in the "auditId" line.

{ "@timestamp" : "2024-11-04T09:03:08.656933Z", "level" : "INFO", "logger" : "com.jetbrains.tbe.server.sys.BinaryAccessLogger", "thread" : "reactor-http-nio-15", "message" : "Requested downloading for IDE: DataGrip, version: 2021.2, build: 212.4746.86", "mdc" : { "auditId" : "6d3a606c-d28a-42df-b47f-04ee210e4ba0:f12e3b3d-1234-4bc8-b234-5678e9abcdef:john.smith", "userId" : "6d3a606c-d28a-42df-b47f-04ee210e4ba0", "requestId" : "3e0c668e-35a3-424e-bb31-b361bf820a7c" } }

If IDE Services fails to locate the IDE that the user is attempting to download, it will log the URL to the IDE binary instead of the IDE details:

"message" : "Requested downloading for IDE under: https://download.jetbrains.com/~urlswitch/datagrip/datagrip-2041.2-aarch64.dmg?fromJetBrainsToolbox"
{ "@timestamp" : "2024-11-04T09:08:24.982065Z", "level" : "INFO", "logger" : "com.jetbrains.tbe.server.sys.BinaryAccessLogger", "thread" : "reactor-tcp-nio-2", "message" : "Requested downloading plugin with id: com.intellij.mockcss, version: 123, resolved to: localhost", "mdc" : { "auditId" : "eda396b7-407b-40ae-93c8-2a53a3cf257c:f12e3b3d-1234-4bc8-b234-5678e9abcdef:john.smith", "userId" : "eda396b7-407b-40ae-93c8-2a53a3cf257c", "requestId" : "6c3a0ba3-c5f2-48ee-b6ff-ee7859ed5cd1" } }

Other parameters

JVM options for IDE Services Server

You can pass JVM options to the IDE Services Server by using the JAVA_TOOL_OPTIONS environment variable, for example:

JAVA_TOOL_OPTIONS=" -Dtest.property=42 -ea "

IPv6 stack

Add the following parameters to the JAVA_TOOL_OPTIONS environment variable to enable the IPv6 stack:

-Djava.net.preferIPv6Addresses=true -Djava.net.preferIPv4Stack=false

Forward proxy setups

IDE Services can work in setups that use a forward proxy that attaches the Authorization header automatically without any additional configuration. It assumes that correct OAuth bearer token values will be provided by an external tool managing the network. By default, it will try to communicate with the server without any authentication and will fall back to it if an HTTP-response has 401 Unauthorised or 403 Forbidden status codes. This means that it is possible for only a subset of users to authenticate using a proxy where other will use explicit OAuth login.

Work behind an HTTP proxy

In case you want to run IDE Services Server behind an HTTP proxy, you can configure such a setup in your server configuration file:

spring: cloud: gateway: httpclient: proxy: username: 'username' password: 'password' type: http port: 3128 non-proxy-hosts-pattern: '' host: 'proxy'
spring.cloud.gateway.httpclient.proxy.username

Specify the username for Netty HttpClient proxy configuration.

spring.cloud.gateway.httpclient.proxy.password

Specify the password for Netty HttpClient proxy configuration.

spring.cloud.gateway.httpclient.proxy.type

Specify the pool type for HttpClient to use.

spring.cloud.gateway.httpclient.proxy.port

Specify the port for Netty HttpClient proxy configuration.

spring.cloud.gateway.httpclient.proxy.non-proxy-hosts-pattern

Provide a regular expression for a list of hosts that should be reached directly, bypassing the proxy.

spring.cloud.gateway.httpclient.proxy.host

Specify the hostname for Netty HttpClient proxy configuration.

Last modified: 06 November 2024
Code With Me Enterprise configurationIDE Services installation