149 lines
5.5 KiB
Plaintext
149 lines
5.5 KiB
Plaintext
[[actuator.monitoring]]
|
|
== Monitoring and Management Over HTTP
|
|
If you are developing a web application, Spring Boot Actuator auto-configures all enabled endpoints to be exposed over HTTP.
|
|
The default convention is to use the `id` of the endpoint with a prefix of `/actuator` as the URL path.
|
|
For example, `health` is exposed as `/actuator/health`.
|
|
|
|
TIP: Actuator is supported natively with Spring MVC, Spring WebFlux, and Jersey.
|
|
If both Jersey and Spring MVC are available, Spring MVC is used.
|
|
|
|
NOTE: Jackson is a required dependency in order to get the correct JSON responses as documented in the API documentation ({spring-boot-actuator-restapi-docs}[HTML] or {spring-boot-actuator-restapi-pdfdocs}[PDF]).
|
|
|
|
|
|
|
|
[[actuator.monitoring.customizing-management-server-context-path]]
|
|
=== Customizing the Management Endpoint Paths
|
|
Sometimes, it is useful to customize the prefix for the management endpoints.
|
|
For example, your application might already use `/actuator` for another purpose.
|
|
You can use the configprop:management.endpoints.web.base-path[] property to change the prefix for your management endpoint, as the following example shows:
|
|
|
|
[source,yaml,indent=0,subs="verbatim",configprops,configblocks]
|
|
----
|
|
management:
|
|
endpoints:
|
|
web:
|
|
base-path: "/manage"
|
|
----
|
|
|
|
The preceding `application.properties` example changes the endpoint from `/actuator/\{id}` to `/manage/\{id}` (for example, `/manage/info`).
|
|
|
|
NOTE: Unless the management port has been configured to <<actuator#actuator.monitoring.customizing-management-server-port,expose endpoints by using a different HTTP port>>, `management.endpoints.web.base-path` is relative to `server.servlet.context-path` (for servlet web applications) or `spring.webflux.base-path` (for reactive web applications).
|
|
If `management.server.port` is configured, `management.endpoints.web.base-path` is relative to `management.server.base-path`.
|
|
|
|
If you want to map endpoints to a different path, you can use the configprop:management.endpoints.web.path-mapping[] property.
|
|
|
|
The following example remaps `/actuator/health` to `/healthcheck`:
|
|
|
|
[source,yaml,indent=0,subs="verbatim",configprops,configblocks]
|
|
----
|
|
management:
|
|
endpoints:
|
|
web:
|
|
base-path: "/"
|
|
path-mapping:
|
|
health: "healthcheck"
|
|
----
|
|
|
|
|
|
|
|
[[actuator.monitoring.customizing-management-server-port]]
|
|
=== Customizing the Management Server Port
|
|
Exposing management endpoints by using the default HTTP port is a sensible choice for cloud-based deployments.
|
|
If, however, your application runs inside your own data center, you may prefer to expose endpoints by using a different HTTP port.
|
|
|
|
You can set the configprop:management.server.port[] property to change the HTTP port, as the following example shows:
|
|
|
|
[source,yaml,indent=0,subs="verbatim",configprops,configblocks]
|
|
----
|
|
management:
|
|
server:
|
|
port: 8081
|
|
----
|
|
|
|
NOTE: On Cloud Foundry, by default, applications receive requests only on port 8080 for both HTTP and TCP routing.
|
|
If you want to use a custom management port on Cloud Foundry, you need to explicitly set up the application's routes to forward traffic to the custom port.
|
|
|
|
|
|
|
|
[[actuator.monitoring.management-specific-ssl]]
|
|
=== Configuring Management-specific SSL
|
|
When configured to use a custom port, you can also configure the management server with its own SSL by using the various `management.server.ssl.*` properties.
|
|
For example, doing so lets a management server be available over HTTP while the main application uses HTTPS, as the following property settings show:
|
|
|
|
[source,yaml,indent=0,subs="verbatim",configprops,configblocks]
|
|
----
|
|
server:
|
|
port: 8443
|
|
ssl:
|
|
enabled: true
|
|
key-store: "classpath:store.jks"
|
|
key-password: "secret"
|
|
management:
|
|
server:
|
|
port: 8080
|
|
ssl:
|
|
enabled: false
|
|
----
|
|
|
|
Alternatively, both the main server and the management server can use SSL but with different key stores, as follows:
|
|
|
|
[source,yaml,indent=0,subs="verbatim",configprops,configblocks]
|
|
----
|
|
server:
|
|
port: 8443
|
|
ssl:
|
|
enabled: true
|
|
key-store: "classpath:main.jks"
|
|
key-password: "secret"
|
|
management:
|
|
server:
|
|
port: 8080
|
|
ssl:
|
|
enabled: true
|
|
key-store: "classpath:management.jks"
|
|
key-password: "secret"
|
|
----
|
|
|
|
|
|
|
|
[[actuator.monitoring.customizing-management-server-address]]
|
|
=== Customizing the Management Server Address
|
|
You can customize the address on which the management endpoints are available by setting the configprop:management.server.address[] property.
|
|
Doing so can be useful if you want to listen only on an internal or ops-facing network or to listen only for connections from `localhost`.
|
|
|
|
NOTE: You can listen on a different address only when the port differs from the main server port.
|
|
|
|
The following example `application.properties` does not allow remote management connections:
|
|
|
|
[source,yaml,indent=0,subs="verbatim",configprops,configblocks]
|
|
----
|
|
management:
|
|
server:
|
|
port: 8081
|
|
address: "127.0.0.1"
|
|
----
|
|
|
|
|
|
|
|
[[actuator.monitoring.disabling-http-endpoints]]
|
|
=== Disabling HTTP Endpoints
|
|
If you do not want to expose endpoints over HTTP, you can set the management port to `-1`, as the following example shows:
|
|
|
|
[source,yaml,indent=0,subs="verbatim",configprops,configblocks]
|
|
----
|
|
management:
|
|
server:
|
|
port: -1
|
|
----
|
|
|
|
You can also achieve this by using the configprop:management.endpoints.web.exposure.exclude[] property, as the following example shows:
|
|
|
|
[source,yaml,indent=0,subs="verbatim",configprops,configblocks]
|
|
----
|
|
management:
|
|
endpoints:
|
|
web:
|
|
exposure:
|
|
exclude: "*"
|
|
----
|