If you are developing a Spring MVC application, Spring Boot Actuator will auto-configure
all non-sensitive endpoints to be exposed over HTTP. The default convention is to use the
id
of the endpoint as the URL path. For example, health
is exposed as /health
.
If you use “Spring Security” sensitive endpoints will also be exposed over HTTP. By
default “basic” authentication will be used with the username user
and a generated
password.
Tip | |
---|---|
Generated passwords are logged as the application starts. Search for “Using default password for application endpoints”. |
You can use Spring properties to change the username and passsword and to change the
security role required to access the endpoints. For example, you might set the following
in your application.properties
:
security.user.name=admin security.user.password=secret management.security.role=SUPERUSER
Sometimes it is useful to group all management endpoints under a single path. For example,
your application might already use /info
for another purpose. You can use the
management.contextPath
property to set a prefix for your manangement endpoint:
management.contextpath=/manage
The application.properties
example above will change the endpoint from /{id}
to
/manage/{id}
(e.g. /manage/info
).
Exposing management endpoints using the default HTTP port is a sensible choice for cloud based deployments. If, however, your application runs inside your own data center you may prefer to expose endpoints using a different HTTP port.
The management.port
property can be used to change the HTTP port. Since your management
port is often protected by a firewall, and not exposed to the public, you might also
want to disable management security:
management.port=8081 management.security.enabled=false
You can customize the address that the management endpoints are available on by
setting the management.security.address
property. This can be useful if you want to
listen only on an internal or ops-facing network, or to only listen for connections from
localhost
.
Note | |
---|---|
You can only listen on a different address if the port is different to the main server port. |
Here is an example application.properties
that will not allow remote management
connections:
management.port=8081 management.address=127.0.0.1