Code With Me Enterprise configuration
Last modified: 03 April 2025note
The Code With Me component is only available with a valid license. To obtain your license, contact the IDE Services support team.
To enable Code With Me Enterprise on the IDE Services Server, you need to make sure your IDE Services Server is up and running and then complete the following steps:
Step 1. Generate ECDSA key pair
ECDSA keys are required to authenticate your IDE Services Server with the Code With Me lobby server.
Generate the key pair with OpenSSL by running the following command:
openssl ecparam -name secp384r1 -genkey -noout -out lobby/lobby_private.pem
openssl ec -in lobby/lobby_private.pem -pubout -out relay/lobby_public.pemAn ECDSA private key file is 384-bit, the file format is PEM.
note
For security purposes, it is recommended to use your license and private key secretly. For more details, refer to Secrets.
Step 2. Optional. Set up a STUNT server
You can set up a STUN server hosted either within your network or using a public service, such as Google, to prevent the IP address leakage.
Coturn is a suitable option for a STUNT server.
Step 3. Deploy Code With Me Relay Server
The relay server is necessary for directing the traffic between the host and guests and for verifying whether the incoming request is coming from the genuine Code With Me lobby server via a JWT token.
The relay server is distributed as a single binary and is available for the linux-x64 platform.
To deploy Code With Me Relay Server:
Locate the container image URL:
docker.io/jetbrains/code-with-me-relaySet up the Secret with the public key you created earlier. Set the path to
lobby_public.pemSpecify the following container arguments:
-addr 0.0.0.0:3274 -jwt-key-file /cert/lobby_public.pem -jwt-key-type ecdsaFor details refer to the Relay server configuration parameters.
Step 4. Configure Code With Me to work with your IDE Services Server
Add Code With Me configuration parameters to your application.yaml file and specify values for them. Refer to the following example:
cwm: lobby: enabled: true session-base-url: '${tbe.deployment.url}/code-with-me' relay-config: stunTurnServers: - uri: stun:stun.l.google.com:PORT relays: - regionName: region1 latitude: 0 longitude: 0 servers: - wss://RELAY_SERVER_HOSTNAME relay-ecdsa-key: |- -----BEGIN EC PRIVATE KEY----- PRIVATE KEY FROM STEP 1 -----END EC PRIVATE KEY-----
For details refer to Code With Me configuration parameters.
Step 5. Restart IDE Services Server and enable Code With Me
Restart you IDE Services Server.
Test your deployment by starting a Code With Me session in IDEA or any other IDE managed by your IDE Services Server. Make sure that the resulting session link points to your own IDE Services Server, rather than the default JetBrains relay servers.
You are all set!
Reference: Code With Me configuration parameters
- cwm.lobby.relay-ecdsa-key
Specify your ECDSA private key without any passphrase to prevent unauthorized access to a relay server.
The length of the ECDSA private key file is 384-bit. The format of this file is PEM, and the file can be generated with OpenSSL.
Reference: Relay server configuration parameters
You can configure the relay server with the following command-line arguments:
Argument | Description |
|---|---|
| Use this argument as the address on which to listen for incoming connections. For example, Use the |
| Use this argument as the address on which to listen for the Prometheus metrics request. For example, Use the |
| Use this argument as the type of key provided for the verification of requests. The supported values are as follows:
Note that the lobby server only supports the 384-bit For the information on how to set up a key, see Generate keys. |
| Use this argument as a file from which to read the JWT public key. This must be in the PEM format. For the information on how to set up a key, see Generate keys. |
| Use this optional argument as an explicit flag that allows the relay server to run in a mode which skips the request verification.
|