50. Monitoring and Management over HTTP

50. Monitoring and Management over HTTP
Prev	Part IV. Spring Boot Actuator: Production-ready features	Next

If you are developing a Spring MVC application, Spring Boot Actuator auto-configures all enabled endpoints to be exposed over HTTP. The default convention is to use the id of the endpoint with a prefix of /application as the URL path. For example, health is exposed as /application/health.

50.1 Customizing the Management Endpoint Paths

Sometimes, it is useful to customize the prefix for the management endpoints. For example, your application might already use /application for another purpose. You can use the management.endpoints.web.base-path property to change the prefix for your management endpoint, as shown in the following example:

management.endpoints.web.base-path=/manage

The preceding application.properties example changes the endpoint from /application/{id} to /manage/{id} (e.g. /manage/info).

	Note
	Unless the management port has been configured to expose endpoints using a different HTTP port, `management.endpoints.web.base-path` is relative to `server.context-path`. If `management.server.port` is configured, `management.endpoints.web.base-path` is relative to `management.server.servlet.context-path`.

50.2 Customizing the Management Server Port

Exposing management endpoints by using the default HTTP port is a sensible choice for cloud based deployments. If, however, your application runs inside your own data center, you may prefer to expose endpoints by using a different HTTP port.

You can set the management.server.port property to change the HTTP port, as shown in the following example:

management.server.port=8081

Since your management port is often protected by a firewall and not exposed to the public, you might not need security on the management endpoints, even if your main application is secure. In that case, you should have Spring Security on the classpath, and you can disable management security as follows:

management.security.enabled=false

(If you do not have Spring Security on the classpath, there is no need to explicitly disable the management security in this way. Doing so might even break the application.)

50.3 Configuring Management-specific SSL

When configured to use a custom port, the management server can also be configured with its own SSL by using the various management.server.ssl.* properties. For example, doing so lets a management server be available via HTTP while the main application uses HTTPS, as shown in the following property settings:

server.port=8443
server.ssl.enabled=true
server.ssl.key-store=classpath:store.jks
server.ssl.key-password=secret
management.server.port=8080
management.server.ssl.enabled=false

Alternatively, both the main server and the management server can use SSL but with different key stores, as follows:

server.port=8443
server.ssl.enabled=true
server.ssl.key-store=classpath:main.jks
server.ssl.key-password=secret
management.server.port=8080
management.server.ssl.enabled=true
management.server.ssl.key-store=classpath:management.jks
management.server.ssl.key-password=secret

50.4 Customizing the Management Server Address

You can customize the address that the management endpoints are available on by setting the management.server.address property. Doing so can be useful if you want to listen only on an internal or ops-facing network or to listen only for connections from localhost.

	Note
	You can only listen on a different address if the port is different from the main server port.

The following example application.properties does not allow remote management connections:

management.server.port=8081
management.server.address=127.0.0.1

50.5 Disabling HTTP Endpoints

If you do not want to expose endpoints over HTTP, you can set the management port to -1, as shown in the following example:

management.server.port=-1

50.6 HTTP Health Endpoint Format and Access Restrictions

The information exposed by the health endpoint varies, depending on whether it is accessed anonymously and whether the enclosing application is secure. By default, when accessed anonymously in a secure application, any details about the server’s health are hidden and the endpoint indicates whether the server is up or down.

The following example shows a summarized HTTP response (default for anonymous request):

$ curl -i localhost:8080/health
HTTP/1.1 200
X-Application-Context: application
Content-Type: application/vnd.spring-boot.actuator.v2+json;charset=UTF-8
Content-Length: 15

{"status":"UP"}

The following example shows a summarized HTTP response for status "DOWN" (notice the 503 status code):

$ curl -i localhost:8080/health
HTTP/1.1 503
X-Application-Context: application
Content-Type: application/vnd.spring-boot.actuator.v2+json;charset=UTF-8
Content-Length: 17

{"status":"DOWN"}

The following example shows a detailed HTTP response:

$ curl -i localhost:8080/health
HTTP/1.1 200 OK
X-Application-Context: application
Content-Type: application/vnd.spring-boot.actuator.v2+json;charset=UTF-8
Content-Length: 221

{
  "status" : "UP",
  "diskSpace" : {
    "status" : "UP",
    "total" : 63251804160,
    "free" : 31316164608,
    "threshold" : 10485760
  },
  "db" : {
    "status" : "UP",
    "database" : "H2",
    "hello" : 1
  }
}

Prev	Up	Next
49. Endpoints	Home	51. Monitoring and Management over JMX