If you are developing a web application, Spring Boot Actuator auto-configures all
enabled endpoints to be exposed over HTTP. The default convention is to use the id of
the endpoint with a prefix of /actuator as the URL path. For example, health is
exposed as /actuator/health.
![[Tip]](images/tip.png) | Tip |
|---|---|
Actuator is supported natively with Spring MVC, Spring WebFlux and Jersey. |
Sometimes, it is useful to customize the prefix for the management endpoints. For
example, your application might already use /actuator for another purpose. You can
use the management.endpoints.web.base-path property to change the prefix for your
management endpoint, as shown in the following example:
management.endpoints.web.base-path=/manageThe preceding application.properties example changes the endpoint from
/actuator/{id} to /manage/{id} (e.g. /manage/info).
![[Note]](images/note.png) | Note |
|---|---|
Unless the management port has been configured to
expose endpoints using a different
HTTP port, |
Exposing management endpoints by using the default HTTP port is a sensible choice for cloud based deployments. If, however, your application runs inside your own data center, you may prefer to expose endpoints by using a different HTTP port.
You can set the management.server.port property to change the HTTP port, as shown in
the following example:
management.server.port=8081Since your management port is often protected by a firewall and not exposed to the public, you might not need security on the management endpoints, even if your main application is secure. In that case, you should have Spring Security on the classpath, and you can disable management security as follows:
management.security.enabled=false(If you do not have Spring Security on the classpath, there is no need to explicitly disable the management security in this way. Doing so might even break the application.)
When configured to use a custom port, the management server can also be configured with
its own SSL by using the various management.server.ssl.* properties. For example, doing
so lets a management server be available via HTTP while the main application uses HTTPS,
as shown in the following property settings:
server.port=8443 server.ssl.enabled=true server.ssl.key-store=classpath:store.jks server.ssl.key-password=secret management.server.port=8080 management.server.ssl.enabled=false
Alternatively, both the main server and the management server can use SSL but with different key stores, as follows:
server.port=8443 server.ssl.enabled=true server.ssl.key-store=classpath:main.jks server.ssl.key-password=secret management.server.port=8080 management.server.ssl.enabled=true management.server.ssl.key-store=classpath:management.jks management.server.ssl.key-password=secret
You can customize the address that the management endpoints are available on by setting
the management.server.address property. Doing so can be useful if you want to listen
only on an internal or ops-facing network or to listen only for connections from
localhost.
| Note |
|---|---|
You can only listen on a different address if the port is different from the main server port. |
The following example application.properties does not allow remote management
connections:
management.server.port=8081 management.server.address=127.0.0.1