IDE Services 2025.1 Help

Code With Me Enterprise configuration

To enable Code With Me Enterprise on the IDE Services Server, you need to make sure your IDE Services Server is up and running and then complete the following steps:

  1. Generate ECDSA keys.

  2. Set up a STUNT server (Optional).

  3. Deploy Code With Me Relay Server.

  4. Configure Code With Me to work with IDE Services Server.

  5. Restart IDE Services Server and enable Code With Me.

Step 1. Generate ECDSA key pair

ECDSA keys are required to authenticate your IDE Services Server with the Code With Me lobby server.

Generate the key pair with OpenSSL by running the following command:

openssl ecparam -name secp384r1 -genkey -noout -out lobby/lobby_private.pem openssl ec -in lobby/lobby_private.pem -pubout -out relay/lobby_public.pem

An ECDSA private key file is 384-bit, the file format is PEM.

Step 2. Optional. Set up a STUNT server

You can set up a STUN server hosted either within your network or using a public service, such as Google, to prevent the IP address leakage.

Coturn is a suitable option for a STUNT server.

Step 3. Deploy Code With Me Relay Server

The relay server is necessary for directing the traffic between the host and guests and for verifying whether the incoming request is coming from the genuine Code With Me lobby server via a JWT token.

The relay server is distributed as a single binary and is available for the linux-x64 platform.

To deploy Code With Me Relay Server:

  1. Locate the container image URL: docker.io/jetbrains/code-with-me-relay

  2. Set up the Secret with the public key you created earlier. Set the path to lobby_public.pem

  3. Specify the following container arguments:

    -addr 0.0.0.0:3274 -jwt-key-file /cert/lobby_public.pem -jwt-key-type ecdsa

    For details refer to the Relay server configuration parameters.

Step 4. Configure Code With Me to work with your IDE Services Server

  • Add Code With Me configuration parameters to your application.yaml file and specify values for them. Refer to the following example:

    cwm: lobby: enabled: true session-base-url: '${tbe.deployment.url}/code-with-me' relay-config: stunTurnServers: - uri: stun:stun.l.google.com:PORT relays: - regionName: region1 latitude: 0 longitude: 0 servers: - wss://RELAY_SERVER_HOSTNAME relay-ecdsa-key: |- -----BEGIN EC PRIVATE KEY----- PRIVATE KEY FROM STEP 1 -----END EC PRIVATE KEY-----

For details refer to Code With Me configuration parameters.

Step 5. Restart IDE Services Server and enable Code With Me

  1. Restart you IDE Services Server.

  2. Enable Code With Me for your organization.

  3. Test your deployment by starting a Code With Me session in IDEA or any other IDE managed by your IDE Services Server via the Toolbox App. Make sure that the resulting session link points to your own IDE Services Server, rather than the default JetBrains relay servers.

    You are all set!

Reference: Code With Me configuration parameters

cwm.lobby.enabled

Enables the Code With Me Enterprise product in IDE Services.

cwm.lobby.relay-config

Specify the relay server configuration.

cwm.lobby.relay-ecdsa-key

Specify your ECDSA private key without any passphrase to prevent unauthorized access to a relay server.

The length of the ECDSA private key file is 384-bit. The format of this file is PEM, and the file can be generated with OpenSSL.

Reference: Relay server configuration parameters

You can configure the relay server with the following command-line arguments:

Argument

Description

-addr

Use this argument as the address on which to listen for incoming connections.

For example, 127.0.0.1:8099.

Use the :port syntax to listen on all available interfaces. For example, :8099 to listen on all available interfaces at port 8099.

-prometheus-addr

Use this argument as the address on which to listen for the Prometheus metrics request.

For example, 127.0.0.1:4422.

Use the :port syntax to listen on all available interfaces. For example, :4422 to listen on all available interfaces at port 4422.

-jwtKeyType

Use this argument as the type of key provided for the verification of requests.

The supported values are as follows:

  • hmac

  • rsa

  • ecdsa

Note that the lobby server only supports the 384-bit ECDSA keys.

For the information on how to set up a key, see Generate keys.

-jwtKeyFile

Use this argument as a file from which to read the JWT public key. This must be in the PEM format.

For the information on how to set up a key, see Generate keys.

-allow-server-without-authentication

Use this optional argument as an explicit flag that allows the relay server to run in a mode which skips the request verification.

Last modified: 14 April 2025