Initial server configuration
In order to configure the Toolbox Enterprise Server, you need to create an application.yaml file. Your server will process and retrieve essential configurations by leveraging the capabilities of SpringFramework.
Within the application.yaml file, you can define a wide range of settings, including secrets, authorization and authentication details, object storage parameters, database and logging options, and more.
The server application is capable of processing multiple configuration files. If you have several versions of application.yaml, Toolbox Enterprise uses the last file in the list to eliminate conflicts. To pass configuration files to the Toolbox Enterprise Server, add the SPRING_CONFIG_ADDITIONAL-LOCATION environment variable and list the necessary files using commas as separators.
Basic configuration
Create and fill in application.yaml following the example below. This example configuration only includes the required parameters.
Secrets
There are different ways to extract passwords from the configuration file:
Using environment variables in the Docker container: You can set the password as an environment variable, such as
S3_SECRET_KEY, and reference it in the Toolbox Enterprise configuration files using the following syntax:secret-key: "${S3_SECRET_KEY}"Utilizing the Spring Boot configuration tree feature: In this scenario, Kubernetes mounts passwords to multiple files, and SpringFramework loads these files as properties. In certain cases, you may need to use
${interpolation}to ensure the correct configuration.To include the secrets from the mounted files, set the
SPRING_CONFIG_ADDITIONAL-LOCATIONenvironment variable with the configuration file paths. You can use a special path likeconfigtree:/secrets/*/for this purpose.
Configuration parameters
Server
This group of properties allows for embedded server configuration. For more information, refer to the Spring Boot documentation.
- server.port
Specify a server HTTP port.
- server.ssl.enabled
Enables SSL support.
- server.ssl.key-store-type
Specify a type of the key store:
JKSorPKCS12.- server.ssl.key-store-password
Provide a password to access the key store.
Code With Me Enterprise
- cwm.lobby.enabled
Enables the Code With Me Enterprise component in Toolbox Enterprise.
- cwm.lobby.license-bundles.license1
Specify your Code With Me Enterprise license as a value.
- cwm.lobby.relay-config
Specify the relay server configuration.
- cwm.lobby.relay-ecdsa-key
Specify your ECDSA private key without any passphrase to prevent unauthorized access to a relay server.
The length of the ECDSA private key file is 384-bit. The format of this file is PEM, and the file can be generated with OpenSSL.
- cwm.lobby.session-base-url
Specify your session base URL.
License Vault
- lv.server.enabled
Enables the License Vault component in Toolbox Enterprise.
- lv.server.token-signing-secret
Used to sign and verify the validity of the JWT token for authorized access to the License Vault API.
Provide a randomly generated string of 32 or more characters. The string should only include Latin characters (a–z, A–Z) and digits (0–9).
- lv.server.registration-token
Used to retrieve license information from JetBrains. Specify the string provided by the Toolbox Enterprise support team.
Offline mode
This group of properties allows you to enable and configure the offline mode capabilities for Toolbox Enterprise.
- tbe.offline.enabled
Allows running the Toolbox Enterprise Server in offline mode.
- tbe.offline.url-mapper-cache-time
Specify the time period, during which Toolbox Enterprise caches mappings in offline.json. The default value is 10 minutes -
10m.- tbe.offline.mapping-path
Specify the location of the offline.json file with mappings in the object storage.
External requests via an authenticated proxy
Use the Spring Cloud Gateway properties to configure traffic routing through a proxy and provide the necessary authentication credentials. For more information, refer to the Spring Cloud Gateway documentation.
- spring.cloud.gateway.httpclient.proxy.username
Specify the username for Netty HttpClient proxy configuration.
- spring.cloud.gateway.httpclient.proxy.password
Specify the password for Netty HttpClient proxy configuration.
- spring.cloud.gateway.httpclient.proxy.type
Specify the pool type for HttpClient to use.
- spring.cloud.gateway.httpclient.proxy.port
Specify the port for Netty HttpClient proxy configuration.
- spring.cloud.gateway.httpclient.proxy.non-proxy-hosts-pattern
Provide a regular expression for a list of hosts that should be reached directly, bypassing the proxy.
- spring.cloud.gateway.httpclient.proxy.host
Specify the hostname for Netty HttpClient proxy configuration.
Toolbox Enterprise deployment
- tbe.deployment.url
Specify a public URL to access Toolbox Enterprise's Web UI. This URL is displayed to the end users in the browser.
- tbe.deployment.allowed-origins
Optional
If necessary, provide a list of CORS origins allowed by the Toolbox Enterprise Server.
Database
- tbe.db.host
Specify a PostgreSQL host.
- tbe.db.database
Specify the name of the PostgreSQL database, to which the Toolbox Enterprise Server should connect and use.
- tbe.db.user
Specify a username to connect to the PostgreSQL database.
- tbe.db.password
Specify a password to connect to the PostgreSQL database.
- tbe.db.repair
Optional
Controls whether the Toolbox Enterprise Server attempts to perform a flyway repair before running database migrations.
Storage type
- tbe.storage.type
Defines the object storage type used for the Toolbox Enterprise Server:
s3orazure. Depending on the specified type, you need to set up a connection to the storage of your choice.
S3 Storage
- tbe.minio.url
Specify a URL to access your S3 bucket.
- tbe.minio.bucket
Specify the name of your S3 bucket.
- tbe.minio.access-key
Provide a unique key to access the S3-compatible storage.
- tbe.minio.secret-key
Provide a secret key to pair with the unique access key.
- tbe.minio.s3-region
Specify a region that you selected during S3 bucket creation. The default value is
us-east-1.- tbe.minio.check-bucket
Checks whether an S3 bucket exists before starting the application.
- tbe.minio.use-s3-auto-configuration
If selected, the Toolbox Enterprise Server uses the values of environment variables propagated from AWS to access your S3 bucket.
- tbe.minio.max-retries
Specify a number of tries to connect to your S3 bucket when starting the application.
- tbe.minio.retry-base-delay
Set the standard amount of time to wait before trying again to connect to your S3 bucket.
- tbe.minio.max-backoff-time
Set the maximum amount of time to wait before trying again to connect to your S3 bucket.
- tbe.minio.checksum-validation
Disables the checksum validation when executing requests to S3.
Azure
In order to connect to Azure object storage, you need to provide either a connection string or a combination of the account name, key, and endpoint.
- tbe.azure.connection-string
Provide a connection string to authorize requests to Azure storage.
- tbe.azure.container
Specify the name of the Azure container to connect.
- tbe.azure.account-key
Provide an account key to authorize requests to Azure storage.
- tbe.azure.account-name
Provide an account name to authorize requests to Azure storage.
- tbe.azure.endpoint
Provide the blob service endpoint to access the Azure server.
OAuth2 Provider
- tbe.auth.login-url
Provide a URL for logging in via your selected OAuth2 provider.
- tbe.auth.token-url
Provide a URL for obtaining an authorization token on the side of your OAuth2 provider.
- tbe.auth.jwt-certs-url
Specify a URL to the JSON Web Key (JWK) set that is used to validate JSON Web Tokens (JWT).
- tbe.auth.client-id
Specify a public identifier for Toolbox Enterprise that you set when configuring your OAuth2 provider.
- tbe.auth.client-secret
Specify a secret for Toolbox Enterprise that you set when configuring your OAuth2 provider.
- tbe.auth.required-scopes
Define scopes that will be available to Toolbox Enterprise when accessing a user account.
- tbe.auth.root-admin-emails
List emails of users that will receive admin rights.
- tbe.auth.root-admin-subjects
List OAuth2 subjects (ids) that will receive admin rights.
Mandatory for: Space.
- tbe.auth.login-url-prompt-param
Defines whether the user should be prompted with a login dialog. Specify one of the following:
login: use this value to show the login dialog to the user.none: use this value to skip showing the login dialog to the user.
Available for: OneLogin.
- tbe.auth.use-id-token-as-access-token
Allows for using id tokens to authenticate users.
Available for: Google.
Binary downloads
- tbe.download.cdn-redirect-mode
Defines how Toolbox Enterprise processes requests to download IDEs coming from the Toolbox App.
Possible values:
redirect_to_service: specify this option if you want to send requests directly to the binary source, such as JetBrains Marketplace or your object storage. Use this option only if the binary source is accessible from developer machines.handle_redirects: specify this option if you want to use the Toolbox Enterprise Server as a proxy for requests to the binary source. Use this option if developer machines don't have direct access to the binary source (for example, if you use any proxy service for your object storage). The Toolbox Enterprise Server will handle redirects in this case.
- tbe.download.feed-cache-time
Specify the time period for storing the Toolbox App metadata as cache.
Plugin installation from IDEs
- tbe.ij-plugins.cdn-redirect-mode
Defines how Toolbox Enterprise processes requests to download plugins coming from an IDE.
Possible values:
redirect_to_service: specify this option if you want to send requests directly to the binary source, such as JetBrains Marketplace or your object storage. Use this option only if the binary source is accessible from developer machines.handle_redirects: specify this option if you want to use the Toolbox Enterprise Server as a proxy for requests to the binary source. Use this option if developer machines don't have direct access to the binary source (for example, if you use any proxy service for your object storage). The Toolbox Enterprise Server will handle redirects in this case.
Plugin installation from Toolbox App
- tbe.tbe-ij-plugin.tbe-plugin-repository-type
Specify the source for obtaining plugins. Possible values:
TBE: specify this option if you want Toolbox Enterprise to install plugins from the local plugin repository. Use this option when working in offline mode.MARKETPLACE: specify this option if you want Toolbox Enterprise to look for plugins externally in the marketplace.
- tbe.tbe-ij-plugin.cdn-redirect-mode
Defines how Toolbox Enterprise processes requests to download plugins coming from the Toolbox App.
Possible values:
redirect_to_service: specify this option if you want to send requests directly to the binary source, such as JetBrains Marketplace or your object storage. Use this option only if the binary source is accessible from developer machines.handle_redirects: specify this option if you want to use the Toolbox Enterprise Server as a proxy for requests to the binary source. Use this option if developer machines don't have direct access to the binary source (for example, if you use any proxy service for your object storage). The Toolbox Enterprise Server will handle redirects in this case.
Logging
- logging.level.root
Set the highest logging level to display in the logs (for root).
You can change the logging level of any package. To disable logging, set
WARNas a value.
MDC. Advanced logging options
- tbe.mdc.request-id
Provide an ID of the request to the Toolbox Enterprise Server.
- tbe.mdc.audit-id
Provide an ID of the party that sends the request.
Spring
- spring.r2dbc.pool.max-size
Set the maximum size of the R2DBC connection pool. Defaults to 20.
For more details, refer to the R2DBC pool documentation.
- spring.r2dbc.pool.max-idle-time
Set the maximum idle time of the connection in the pool. Negative values indicate no timeout. Defaults to 30 minutes. This value is used as an interval for background eviction of idle connections unless configuring
backgroundEvictionInterval.For more details, refer to the R2DBC pool documentation.
API documentation
- springdoc.api-docs.enabled
Enables Swagger for your server.