Advanced configuration
Add the following configuration to your application.yaml to enable SSL certificates for database access.
warning
Note that these lines have to be with no indent if you use them along with other options.
spring:
r2dbc:
ssl: true
properties.sslMode: VERIFY-FULL
properties.sslRootCert: "<path to PEM certificates in the container>"
The IDE Services Server uses the Logback logging framework, which is configured using SpringFramework.
You can configure logging categories in application.yaml, for example:
logging:
level:
org.springframework.web: debug
org.hibernate: error
You can also point to a custom Logback configuration from a classpath (using the classpath:
prefix) or container (using the file:
prefix). For example, add the following code to your application.yaml to enable a custom Logback configuration:
logging:
config: "classpath:json-logging.xml"
You can track user downloads of IDEs and plugins distributed by IDE Provisioner and collect the recorded data from the server-side logs.
This download logging option is disabled by default. To enable it:
Add the following parameter to your application.yaml file:
tbe.features.log-binary-downloads: true
Make sure the logging level is set to
INFO
in the application.yaml file:logging: level: root: INFO
Add the following parameter to your values.yaml file:
tbe.features.log-binary-downloads: true
Make sure the logging level is set to
INFO
in the values.yaml file:logging: level: root: INFO
To output the log data in JSON format for easier reading:
Add the following property to the application.yaml file:
logging: config: "classpath:json-logging.xml"
Restart your IDE Services Server.
Add the following property to the values.yaml file:
logging: config: "classpath:json-logging.xml"
Restart your IDE Services Server.
For each event when a user downloads either a plugin or an IDE, the following details will be recorded:
User ID, user subject (from IdP), and username
Timestamp
Name, version, and build number of the IDE or
ID and version of the plugin
User details can be found in the "auditId"
line.
{
"@timestamp" : "2024-11-04T09:03:08.656933Z",
"level" : "INFO",
"logger" : "com.jetbrains.tbe.server.sys.BinaryAccessLogger",
"thread" : "reactor-http-nio-15",
"message" : "Requested downloading for IDE: DataGrip, version: 2021.2, build: 212.4746.86",
"mdc" : {
"auditId" : "6d3a606c-d28a-42df-b47f-04ee210e4ba0:f12e3b3d-1234-4bc8-b234-5678e9abcdef:john.smith",
"userId" : "6d3a606c-d28a-42df-b47f-04ee210e4ba0",
"requestId" : "3e0c668e-35a3-424e-bb31-b361bf820a7c"
}
}
If IDE Services fails to locate the IDE that the user is attempting to download, it will log the URL to the IDE binary instead of the IDE details:
"message" : "Requested downloading for IDE under: https://download.jetbrains.com/~urlswitch/datagrip/datagrip-2041.2-aarch64.dmg?fromJetBrainsToolbox"
{
"@timestamp" : "2024-11-04T09:08:24.982065Z",
"level" : "INFO",
"logger" : "com.jetbrains.tbe.server.sys.BinaryAccessLogger",
"thread" : "reactor-tcp-nio-2",
"message" : "Requested downloading plugin with id: com.intellij.mockcss, version: 123, resolved to: localhost",
"mdc" : {
"auditId" : "eda396b7-407b-40ae-93c8-2a53a3cf257c:f12e3b3d-1234-4bc8-b234-5678e9abcdef:john.smith",
"userId" : "eda396b7-407b-40ae-93c8-2a53a3cf257c",
"requestId" : "6c3a0ba3-c5f2-48ee-b6ff-ee7859ed5cd1"
}
}
note
Please note the following logging limitations:
Manual plugin downloads from a marketplace cannot be detected or logged.
IDE Services cannot verify the success of IDE download attempts. If the requested IDE is found and its download starts but is then interrupted or canceled by the user, it will be logged as complete.
You can pass JVM options to the IDE Services Server by using the JAVA_TOOL_OPTIONS
environment variable, for example:
JAVA_TOOL_OPTIONS=" -Dtest.property=42 -ea "
Add the following parameters to the JAVA_TOOL_OPTIONS
environment variable to enable the IPv6 stack:
-Djava.net.preferIPv6Addresses=true
-Djava.net.preferIPv4Stack=false
IDE Services can work in setups that use a forward proxy that attaches the Authorization
header automatically without any additional configuration. It assumes that correct authentication bearer token values will be provided by an external tool managing the network. By default, it will try to communicate with the server without any authentication and will fall back to it if an HTTP response has 401 Unauthorised
or 403 Forbidden
status codes. This means that it is possible for only a subset of users to authenticate using a proxy where others will log in explicitly.
In case you want to run IDE Services Server behind an HTTP proxy, you can configure such a setup in your server configuration file:
spring:
cloud:
gateway:
httpclient:
proxy:
username: 'username'
password: 'password'
type: http
port: 3128
non-proxy-hosts-pattern: ''
host: 'proxy'
- spring.cloud.gateway.httpclient.proxy.username
Specify the username for Netty HttpClient proxy configuration.
- spring.cloud.gateway.httpclient.proxy.password
Specify the password for Netty HttpClient proxy configuration.
- spring.cloud.gateway.httpclient.proxy.port
Specify the port for Netty HttpClient proxy configuration.
Thanks for your feedback!