IDE Services 2024.4 Help

Code With Me Enterprise configuration

Prerequisites

Before enabling Code With Me Enterprise on the IDE Services Server, make sure the following prerequisites are met:

  1. You have purchased a license for running Code With Me sessions with IDE Services.

  2. If you have a manual setup, make sure you have a deployed relay server that can be accessed from developer machines.

  3. You have an ECDSA private key without any passphrase to prevent unauthorized access to the relay server.

    An ECDSA private key file is 384-bit, the file format is PEM. You can generate such a file with OpenSSL.

    Example:

    openssl ecparam -name secp384r1 -genkey -noout -out lobby/lobby_private.pem openssl ec -in lobby/lobby_private.pem -pubout -out relay/lobby_public.pem

  4. You have checked that your IDE Services Server functions without Code With Me Enterprise enabled.

  5. (Optional) You have a STUN server hosted either inside your network or using a public service, such as Google, to prevent the IP address leakage.

Enable the Code With Me functionality

When all the prerequisites are met, add the following parameters to your application.yaml file and provide values for them:

cwm: lobby: enabled: true session-base-url: '${tbe.deployment.url}/code-with-me' relay-config: stunTurnServers: - uri: stun:stun.l.google.com:PORT relays: - regionName: region1 latitude: 0 longitude: 0 servers: - wss://RELAY_SERVER_HOSTNAME relay-ecdsa-key: |- -----BEGIN EC PRIVATE KEY----- PRIVATE KEY FROM PREREQUISITE 2 -----END EC PRIVATE KEY-----

Reference: Code With Me configuration parameters

cwm.lobby.enabled

Enables the Code With Me Enterprise product in IDE Services.

cwm.lobby.relay-config

Specify the relay server configuration.

cwm.lobby.relay-ecdsa-key

Specify your ECDSA private key without any passphrase to prevent unauthorized access to a relay server.

The length of the ECDSA private key file is 384-bit. The format of this file is PEM, and the file can be generated with OpenSSL.

Once you've provided the necessary configuration parameters, you can start the IDE Services Server.

Configure a relay server

A relay server is responsible for relaying the traffic between the host and guests in cases when the P2P connection does not work or is forbidden. The relay server has a functionality of verifying whether the incoming request is coming from the genuine lobby server via a JWT token.

The relay server is distributed as a single binary and is available for the linux-x64 platform:

ws-relayd [OPTIONS]

The relay server configuration

You can configure the relay server with the following command-line arguments:

Argument

Description

-addr

Use this argument as the address on which to listen for incoming connections.

For example, 127.0.0.1:8099.

Use the :port syntax to listen on all available interfaces. For example, :8099 to listen on all available interfaces at port 8099.

-prometheus-addr

Use this argument as the address on which to listen for the Prometheus metrics request.

For example, 127.0.0.1:4422.

Use the :port syntax to listen on all available interfaces. For example, :4422 to listen on all available interfaces at port 4422.

-jwtKeyType

Use this argument as the type of key provided for the verification of requests.

The supported values are as follows:

  • hmac

  • rsa

  • ecdsa

Note that the lobby server only supports the 384-bit ECDSA keys.

For the information on how to set up a key, see Generate keys.

-jwtKeyFile

Use this argument as a file from which to read the JWT public key. This must be in the PEM format.

For the information on how to set up a key, see Generate keys.

-allow-server-without-authentication

Use this optional argument as an explicit flag that allows the relay server to run in a mode which skips the request verification.

Last modified: 20 August 2024
Object storageAdvanced configuration