Advanced configuration
Last modified: 09 December 2024Database options
SSL certificates for Postgres Database
Add the following configuration to your application.yaml to enable SSL certificates for database access.
warning
Note that these lines have to be with no indent if you use them along with other options.
spring:
r2dbc:
ssl: true
properties.sslMode: VERIFY-FULL
properties.sslRootCert: "<path to PEM certificates in the container>"Advanced logging
The IDE Services Server uses the Logback logging framework, which is configured using SpringFramework.
You can configure logging categories in application.yaml, for example:
logging:
level:
org.springframework.web: debug
org.hibernate: errorYou can also point to a custom Logback configuration from a classpath (using the classpath: prefix) or container (using the file: prefix). For example, add the following code to your application.yaml to enable a custom Logback configuration:
logging:
config: "classpath:json-logging.xml"Log IDE and Plugin Downloads
You can track user downloads of IDEs and plugins distributed by IDE Provisioner and collect the recorded data from the server-side logs.
This download logging option is disabled by default. To enable it:
Add the following parameter to your application.yaml file:
tbe.features.log-binary-downloads: trueMake sure the logging level is set to
INFOin the application.yaml file:logging: level: root: INFO
Add the following parameter to your values.yaml file:
tbe.features.log-binary-downloads: trueMake sure the logging level is set to
INFOin the values.yaml file:logging: level: root: INFO
To output the log data in JSON format for easier reading:
Add the following property to the application.yaml file:
logging: config: "classpath:json-logging.xml"Restart your IDE Services Server.
Add the following property to the values.yaml file:
logging: config: "classpath:json-logging.xml"Restart your IDE Services Server.
For each event when a user downloads either a plugin or an IDE, the following details will be recorded:
User ID, user subject (from IdP), and username
Timestamp
Name, version, and build number of the IDE or
ID and version of the plugin
Examples of download logs
User details can be found in the "auditId" line.
{
"@timestamp" : "2024-11-04T09:03:08.656933Z",
"level" : "INFO",
"logger" : "com.jetbrains.tbe.server.sys.BinaryAccessLogger",
"thread" : "reactor-http-nio-15",
"message" : "Requested downloading for IDE: DataGrip, version: 2021.2, build: 212.4746.86",
"mdc" : {
"auditId" : "6d3a606c-d28a-42df-b47f-04ee210e4ba0:f12e3b3d-1234-4bc8-b234-5678e9abcdef:john.smith",
"userId" : "6d3a606c-d28a-42df-b47f-04ee210e4ba0",
"requestId" : "3e0c668e-35a3-424e-bb31-b361bf820a7c"
}
}If IDE Services fails to locate the IDE that the user is attempting to download, it will log the URL to the IDE binary instead of the IDE details:
"message" : "Requested downloading for IDE under: https://download.jetbrains.com/~urlswitch/datagrip/datagrip-2041.2-aarch64.dmg?fromJetBrainsToolbox"{
"@timestamp" : "2024-11-04T09:08:24.982065Z",
"level" : "INFO",
"logger" : "com.jetbrains.tbe.server.sys.BinaryAccessLogger",
"thread" : "reactor-tcp-nio-2",
"message" : "Requested downloading plugin with id: com.intellij.mockcss, version: 123, resolved to: localhost",
"mdc" : {
"auditId" : "eda396b7-407b-40ae-93c8-2a53a3cf257c:f12e3b3d-1234-4bc8-b234-5678e9abcdef:john.smith",
"userId" : "eda396b7-407b-40ae-93c8-2a53a3cf257c",
"requestId" : "6c3a0ba3-c5f2-48ee-b6ff-ee7859ed5cd1"
}
}note
Please note the following logging limitations:
Manual plugin downloads from a marketplace cannot be detected or logged.
IDE Services cannot verify the success of IDE download attempts. If the requested IDE is found and its download starts but is then interrupted or canceled by the user, it will be logged as complete.
Other parameters
JVM options for IDE Services Server
You can pass JVM options to the IDE Services Server by using the JAVA_TOOL_OPTIONS environment variable, for example:
JAVA_TOOL_OPTIONS=" -Dtest.property=42 -ea "
IPv6 stack
Add the following parameters to the JAVA_TOOL_OPTIONS environment variable to enable the IPv6 stack:
-Djava.net.preferIPv6Addresses=true
-Djava.net.preferIPv4Stack=falseForward proxy setups
IDE Services can work in setups that use a forward proxy that attaches the Authorization header automatically without any additional configuration. It assumes that correct authentication bearer token values will be provided by an external tool managing the network. By default, it will try to communicate with the server without any authentication and will fall back to it if an HTTP response has 401 Unauthorised or 403 Forbidden status codes. This means that it is possible for only a subset of users to authenticate using a proxy where others will log in explicitly.
Work behind an HTTP proxy
In case you want to run IDE Services Server behind an HTTP proxy, you can configure such a setup in your server configuration file:
spring:
cloud:
gateway:
httpclient:
proxy:
username: 'username'
password: 'password'
type: http
port: 3128
non-proxy-hosts-pattern: ''
host: 'proxy'- spring.cloud.gateway.httpclient.proxy.username
Specify the username for Netty HttpClient proxy configuration.
- spring.cloud.gateway.httpclient.proxy.password
Specify the password for Netty HttpClient proxy configuration.
- spring.cloud.gateway.httpclient.proxy.port
Specify the port for Netty HttpClient proxy configuration.